Privacy policy

This Privacy Policy has been modified latest on: 12th June 2026

This Privacy Policy describes how Renow Oy ("we", "us", or "our") collects, uses and discloses your personal data when you visit or use our services or make a purchase from our website or otherwise communicate with us related to the Renow online store (collectively, the "Services"). For the purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, a website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.

1 DATA CONTROLLER

Renow Oy, Business ID 3322228-3 (“Renow”)

Address: Sörnäisten Rantatie 25, 00500 Helsinki

2 CONTACT DETAILS FOR PRIVACY MATTERS

Email: privacy@renow.ai

3 PURPOSES OF PROCESSING AND LEGAL BASIS FOR PROCESSING

3.1 The purposes of the processing and the legal basis for the processing are the following:

a) We use your personal data to provide you with the Services in order to perform our contract with you or in order to take steps at your request prior to entering into a contract. This includes processing your payments, providing you with customer support, fulfilling your orders, sending notifications related to your account, purchases, returns, exchanges or other transactions, creating and managing your account, arranging for shipping, and facilitating returns and exchanges. The legal basis for this processing is the contract between you and us, or the necessity to take steps at your request prior to entering into a contract.

b) We use your personal data for marketing and promotional purposes, such as to send marketing, advertising, and promotional communications, for example by email, text message, or postal mail, and to show you advertisements for products or services. This may include using your personal data to better tailor the Services and advertising for you. When consent is required for these actions according to the legislation, '’consent’' is the legal basis for the processing personal data for this purpose. If the legislation does not require consent for these actions, the legal basis for this processing is our legitimate interest.

c) We use your personal data to prevent abuses and to detect, investigate or take action regarding possible fraudulent, illegal, or malicious activity. The legal basis for this processing is our legal obligation or our legitimate interest.

d) Creating statistics and analyses on the use of the Services, our website and social media channels, as well as the development of our Services and business, and enabling you to post reviews. The legal basis for this processing is our legitimate interest. Once this personal data is anonymized, it no longer constitutes personal data.

3.2 If consent is the legal basis for the processing of personal data

a) Should your consent be the legal basis for the processing and you withdraw the given consent, the withdrawal of the consent does not affect the lawfulness of the processing based on the consent before its withdrawal.

4 COOKIES

4.1 Like many websites, we use cookies on our website. For specific information about the cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies. We use cookies to power and improve our website and our services (including to remember your actions and preferences), to run analytics and better understand user interaction with the services (in our legitimate interests to administer, improve and optimize the services). We may also permit third parties and service providers to use cookies on our website to better tailor the services, products and personalized and non-personalized advertising on our website and other websites such as Google (https://business.safety.google/privacy/).

4.2 Please keep in mind that removing or blocking cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available.

5 CATEGORIES OF PERSONAL DATA

The following personal data can be processed by us:

(a) Contact details and identifying information:

(i) Name

(ii) Email address

(iii) Address

(iv) Country

(v) Phone number

(vi) Language

(b) Order information:

(i) Name

(ii) Billing address

(iii) Shipping address

(iv) Information on products ordered

(v) Payment confirmation

(i) Username

(ii) Password

(iii) Security questions

(iv) Your reviews and other content generated by you

(d) Customer support information:

(i) Communication with customer support

(ii) Information you choose to include in communication with us

(e) User provided information

(i) Information you provide when you submit ratings, comments or respond to surveys

(f) Usage data:

(i) IP address

(ii) Device and device identification number

(iii) Browser type and version

(iv) Internet service provider

(v) Date and time you used the Services

(vi) Sites visited and the session duration

(vii) From where you followed the link to the Services

(viii) Other information on your interaction with the Services

6 SOURCES OF PERSONAL DATA

You are the primary source of personal data. Other possible sources:

(a) Companies supporting our website and Services, such as Shopify;

(b) Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, billing address) to process your payment in order to fulfil your orders and provide you with products or services you have requested, in order to perform our contract with you;

7 RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Personal data may be processed by our sub-processors who process the personal data on our behalf to provide services to us (e.g., ICT management, cloud services payment processing, data analytics, customer support, cloud storage, deliveries and shipping). The possible sub-processors are:

(i) Amazon Web Services EMEA SARL (https://aws.amazon.com/blogs/security/new-global-aws-data-processing-addendum/)

(ii) Amazon Data Services Sweden AB (https://aws.amazon.com/blogs/security/new-global-aws-data-processing-addendum/)

(iii) Shopify International Limited (https://www.shopify.com/fi/legal/dpa#v-i-i-appendices)

(iv) Shopify Inc. (https://www.shopify.com/fi/legal/dpa#v-i-i-appendices) Shopify Sweden AB (https://www.shopify.com/fi/legal/dpa#v-i-i-appendices)

(v) Bugsnag Inc. (https://smartbear.com/legal/data-processing-addendum/)

(vi) Cloudflare, Inc. (https://www.cloudflare.com/cloudflare-customer-dpa/)

(vii) Google Cloud Canada Corporation (https://cloud.google.com/privacy; https://cloud.google.com/terms/data-processing-addendum)

(viii) Celonis SE and all subsidiaries (https://www.celonis.com/legal/terms-and-conditions/celonis-services)

(ix) Sendinblue, a simplified joint-stock company registered with the Paris Trade and Companies Register under number 498 019 298 with its registered office at 106 boulevard Haussmann 75008 Paris (“Brevo“) (https://www.brevo.com/legal/termsofuse/)

(x) Our affiliated companies, who perform services to us or on our behalf.

8 TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES

8.1 We use international cloud services or other service providers defined in Section 7 in the processing of personal data, and the personal data may be transferred to countries outside the EU/EEA (“Third Countries”) in connection with those services. If personal data is transferred outside the EU or EEA, the legal basis for the transfer of the personal data to Third Countries is the Binding Corporate Rules, the European Commission’s Standard Contractual Clauses for the transfer of personal data to processors established in third countries (“Standard Contractual Clauses”), the EU-U.S. Data Privacy Framework, alternative data export mechanisms for the lawful transfer of personal data (as recognized under EU data protection laws) or another legal basis. Please see further information in Section 7 behind the links to the service providers’ pages and data processing terms.

9 PERIOD FOR WHICH PERSONAL DATA WILL BE STORED

9.1 We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy.

9.2 For the personal data we process, the retention period or the criteria for determining the retention period is defined based on law and the purpose of use. Some personal data may be used for multiple purposes, in which case the actual retention period is determined by the longest applicable retention time or criteria. If one or more of the shorter retention periods have already expired, the personal data will only be used for the purposes that require a longer processing time.

9.3 The personal data can be processed for longer than the pre-defined time periods, if the personal data in question is necessary for the establishment, exercise or defence of legal claims.

10 METHODS HOW REGISTER IS SECURED

The personal data processed by us is secured by using the following methods and principles:

(a) Locks at our premises;

(b) Firewall, anti-malware and spam filtering systems of our communication networks and other software and hardware that protect the security of communication networks;

(d) Personal user rights that can be traced in the systems;

(e) Limited number of superusers;

(f) Training of our personnel; and

(g) Our policies and guidelines relating to personal data matters.

Please be aware that any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.

11 RIGHT OF ACCESS

11.1 You have the right to get information on what personal data is being processed by us, or information that no such personal data is being processed.

11.2 Where such personal data is being processed by us, we will provide you with a copy of the personal data and the following information:

(a) The purposes of the processing;

(b) The categories of personal data concerned;

(d) The period for which the personal data will be stored;

(e) The existence of the right to request from us the rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to the processing of such personal data;

(f) The right to lodge a complaint to the supervisory authority and the contact details of the supervisory authority;

(g) Communication of the personal data undergoing processing and of any available information as to its source; and

(h) The significance and envisaged consequences of such processing, at least in the case of measures which produce legal effects concerning you or significantly affects you and which are based solely on automated processing intended to evaluate certain personal aspects relating to you or to analyse or predict in particular your performance at work, economic situation, location, health, personal preferences, reliability or behaviour.

11.3 For any further copies requested by you, we may charge a reasonable fee based on administrative costs.

12 RIGHT TO DATA PORTABILITY

On your request, if we process the personal data based on your consent or based on a contract with you and if the processing is carried out by automated means:

(a) We will provide you with the personal data which you have provided to us, in a structured, commonly used and machine-readable format;

(b) On your request and if technically feasible, we transmit the personal data in the same format directly to another controller.

13 RECTIFICATION AND RIGHT TO LODGE COMPLAINT WITH SUPERVISORY AUTHORITY

13.1 We will, on your request, without undue delay correct, erase or supplement the personal data in case of erroneous, unnecessary, incomplete or obsolete personal data taking into account the purpose of the processing, including by way of supplementing a corrective statement.

13.2 If we do not take such action on your request, we will inform you without delay and at the latest within one (1) month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. Please note that you may bring the matter to be handled by the local supervisory authority.

13.3 You have the right to lodge complaints to the local supervisory authority. The contact details of the Finnish supervisory authority are:

https://tietosuoja.fi/en/office-of-the-data-protection-ombudsman

14 RIGHT TO OBJECT PROCESSING

You have the right to object, on grounds relating to your particular situation, to the processing of your personal data which is based on either of the following legal basis for processing: (i) when the processing has been found necessary for the purposes of our legitimate interests or (ii) when the processing is necessary for the performance of a task carried out in the public interest. You however do not have the right to object, if we demonstrate compelling legitimate grounds for the processing which override your interests or fundamental rights and freedoms, or if we need to process the personal data for the establishment, exercise or defence of legal claims.

15 RIGHT TO RESTRICTION OF PROCESSING

15.1 ‘Restriction of processing’ means the marking of the stored personal data with the aim of limiting its use in the future.

15.2 If you request, we must restrict the processing in the following situations:

(a) The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;

(b) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(c) We no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or

(d) You have objected to the processing, but verification whether our legitimate grounds override those of yours is still ongoing.

15.3 In the situations listed above, we can only process the personal data:

(a) With your consent or for the establishment, exercise or defence of legal claims;

(b) For the protection of the rights of another natural or legal person;

(d) To store the personal data.

16 RIGHT TO BE FORGOTTEN

16.1 You have the right to have your personal data erased on your request if one of the following grounds applies:

(a) The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

(b) You withdraw the consent on which the processing is based and where there is no other legal ground for the processing;

(d) The personal data has been processed unlawfully; or

(e) The personal data has to be erased for compliance with a legal obligation in the European Union law or in a European Union Member State law to which we are subject.

16.2 However, we do not have to erase the personal data to the extent we still need to process the personal data:

(a) For exercising the right of freedom of expression and information;

(b) For compliance with a legal obligation which requires processing by the European Union or the European Union Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

(d) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with legal requirements; or

(e) For the establishment, exercise or defence of legal claims.

17 AUTOMATED DECISION-MAKING AND PROFILING

We utilize automated processing of your personal data (profiling) to analyze your purchase history, email clicks, and website behavior. The purpose of this is to better understand your preferences and purchasing habits using artificial intelligence tools (such as large language models) so that we can provide you with tailored product recommendations and targeted marketing.

You have the right at any time to object to the processing of your personal data for direct marketing and related profiling (see Section 14).

However, we do not make automated decisions under Article 22 of the GDPR that would have legal or similarly significant effects on you.

Privacy policy

Quick links

Main Categories

Cart

Subtotal:

Get in Touch

Privacy policy