Privacy Policy

Pekicomp Ltd Oy (operating under the brand name AMANIC)
Business ID: 1038573-3
Registered address: Tehtaantie 24 H 25, 60100 Seinäjoki, Finland
Contact: info@projectamanic.store

Last updated: 29 April 2026

This Privacy Policy explains how Pekicomp Ltd Oy ("AMANIC", "we", "us", "our") collects, uses, stores and shares your personal data when you visit projectamanic.store, place an order, sign up to our marketing list or contact us. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).

1. Data controller

The data controller for the personal data described in this policy is:

Pekicomp Ltd Oy
Business ID: 1038573-3
Tehtaantie 24 H 25, 60100 Seinäjoki, Finland
Email: info@projectamanic.store

If you have any questions about this policy or wish to exercise your data protection rights, please contact us at the email address above.

2. Categories of personal data we collect

Depending on how you interact with us, we collect the following categories of data:

Contact and identification data: name, billing address, shipping address, phone number, email address.

Order and transaction data: order history, products viewed and added to cart, returns, exchanges, refunds, payment confirmation references (we never see or store your full card details — these are handled by the payment provider).

Account data: if you create an account, your username, hashed password, saved preferences and addresses.

Communication data: the content of emails, contact form messages and customer support conversations you exchange with us.

Marketing data: email and SMS subscription status, marketing consent records, engagement with our marketing messages (opens, clicks).

Technical and usage data: IP address, device type, browser type and version, operating system, referring website, pages viewed on our site, time spent, click and scroll behaviour, session recordings (where consent is given).

Review data: any review or rating you submit, including the name you choose to display.

3. Sources of personal data

We collect personal data from the following sources:

  • Directly from you when you place an order, create an account, subscribe to our list, contact us, or submit a review.
  • Automatically from your device through cookies and similar technologies (only after you have given consent for non-essential categories — see Section 8).
  • From our service providers, for example payment processors and shipping carriers (delivery confirmations, fraud signals).

4. Why we process your data and on what legal basis

We only process your data when we have a valid legal basis under GDPR Article 6:

Order processing and customer service — processing and shipping your order, handling returns, exchanges and refunds, and providing customer support related to your order. Legal basis: performance of a contract (GDPR 6(1)(b)).

Bookkeeping and legal compliance — keeping accounting records, tax reporting, and fulfilling consumer law obligations. Legal basis: legal obligation (GDPR 6(1)(c)).

Email and SMS marketing — sending you newsletters, drop announcements and promotional messages. Legal basis: consent (GDPR 6(1)(a)). You can withdraw consent at any time via the unsubscribe link in any email or by replying STOP to any SMS.

Personalised advertising on Meta and TikTok — showing you relevant ads on Facebook, Instagram and TikTok based on your activity on our site. Legal basis: consent (GDPR 6(1)(a)) given via the cookie banner.

Site analytics and conversion tracking — analysing how visitors use our site, recording sessions to improve usability, measuring which marketing channels drive sales. Legal basis: consent (GDPR 6(1)(a)) given via the cookie banner.

Security and fraud prevention — detecting fraudulent orders, securing the site, defending against legal claims. Legal basis: legitimate interest (GDPR 6(1)(f)) — running an online store securely.

Reviews and product feedback — collecting and displaying customer reviews. Legal basis: consent (GDPR 6(1)(a)) when you choose to leave a review.

You are not legally required to give us your data, but we cannot fulfil orders, deliver products or run our store without certain core data (name, address, email, payment details).

5. Service providers and third parties (data processors)

We work with the following service providers who process personal data on our behalf. Each operates under a Data Processing Agreement (DPA) with us as required by GDPR Article 28.

Store and payments

  • Shopify Inc. (Canada / USA) — e-commerce platform that hosts our store, processes orders and supports customer accounts. Includes Shopify Payments, Shopify Forms, Shopify Flow and Shopify Inbox / Messaging.
  • Klarna Bank AB (Sweden, EU) — buy-now-pay-later and payment processing.
  • PayPal (Europe) S.à r.l. (Luxembourg, EU) — payment processing.

Shipping and logistics

  • Matkahuolto (Finland, EU) — parcel delivery within Finland, Estonia and Sweden.
  • Posti Group Oyj (Finland, EU) — parcel delivery within the rest of Europe.
  • Shipit (Finland, EU) — checkout-stage delivery method selection.

Marketing and customer engagement

  • Omnisend (operated by Soundest Limited, UK / EU servers) — email marketing, SMS marketing, automation and customer segmentation.
  • Meta Platforms Inc. (USA) — advertising on Facebook and Instagram, Meta Pixel for conversion tracking.
  • TikTok Technology Limited / ByteDance (Ireland / USA / China) — advertising on TikTok, TikTok Pixel for conversion tracking.
  • Google LLC (USA) — Google Shopping product feed, advertising and conversion tracking, delivered via Simprosys Google Shopping Feed.

Analytics and site optimisation

  • Microsoft Corporation (USA) — Microsoft Clarity for session recordings and heatmaps.

Reviews

  • Trustpilot A/S (Denmark, EU) — review collection and display.

Operational tools and integrations

  • Make (Celonis SE / Integromat) (EU) — workflow automation between apps.
  • AOV.ai (USA) — cart drawer and average order value optimisation.
  • Section Store — page section templates.
  • GetSiteControl (GSC) — countdown timers and on-site widgets.
  • SEOAnt / Channelwill (SEOWILL) — SEO optimisation tooling.
  • Anthropic, PBC (USA) — AI assistant integration via the Claude MCP connector, used by us internally to assist with store operations and analytics.

We do not sell your personal data to anyone.

6. International data transfers

Some of our service providers process data outside the European Economic Area (EEA), particularly in the United States. When this happens, we rely on one of the following safeguards as required by GDPR Articles 44–49:

  • the EU-US Data Privacy Framework, where the provider is certified
  • Standard Contractual Clauses (SCCs) approved by the European Commission, where the provider is not certified
  • supplementary safeguards such as encryption, pseudonymisation, and access controls

You can request more information about these safeguards by emailing us at info@projectamanic.store.

7. How long we retain your data

We only keep your personal data for as long as it is needed for the purpose it was collected for, or as required by law:

Order data, invoices and accounting records are kept for 6 years from the end of the financial year, as required by the Finnish Accounting Act.

Customer account data is kept until you delete your account, after which it is deleted within 30 days.

Email and SMS marketing data is kept until you unsubscribe, after which it is deleted within 30 days.

Customer support emails are kept for 2 years from the last contact.

Marketing analytics and pixel data follows the provider's default retention: approximately 14 months for Meta, 26 months for Google, and 13 months for TikTok.

Microsoft Clarity session recordings are retained for 30 days.

Reviews are kept indefinitely while we operate the store, unless you request deletion.

Cookie consent records are kept for 1 year.

After the retention period ends, data is either deleted or fully anonymised.

8. Cookies and tracking technologies

When you visit our site, we use cookies and similar technologies. Cookies fall into the following categories:

Strictly necessary — these enable basic site functionality (cart, checkout, login, security). These are always active and do not require consent.

Functional — these remember your preferences (language, currency).

Analytics — Microsoft Clarity for session recordings and behavioural analytics.

Marketing — Meta Pixel, TikTok Pixel, Google Ads conversion tracking, Omnisend tracking.

When you first visit the site, our cookie consent banner [KERRO MIKÄ APP — esim. "Pandectes GDPR Compliance" / "Consentmo GDPR Compliance"] lets you accept, reject or customise which categories you allow. You can change your choice at any time by clicking the cookie settings link in the footer of our site.

9. Your rights under GDPR

You have the following rights regarding your personal data, which you can exercise free of charge by emailing info@projectamanic.store:

  • Right of access — receive a copy of the personal data we hold about you.
  • Right to rectification — have inaccurate or incomplete data corrected.
  • Right to erasure ("right to be forgotten") — have your data deleted, subject to legal retention obligations.
  • Right to restriction — limit how we process your data.
  • Right to data portability — receive your data in a structured, machine-readable format and transfer it to another controller.
  • Right to object — object to processing based on legitimate interest.
  • Right to withdraw consent — at any time, without affecting the lawfulness of past processing.
  • Right not to be subject to automated decision-making — we do not make decisions that have legal or similarly significant effects on you using only automated processing.

We respond to all requests within one month of receiving them. We may extend this by two months for complex requests and will let you know if we need to do so.

For security reasons, we may need to verify your identity before responding to a request.

10. Right to lodge a complaint

If you believe we have not handled your data in line with GDPR, you have the right to lodge a complaint with the Finnish supervisory authority:

Tietosuojavaltuutetun toimisto (Office of the Data Protection Ombudsman)
PO Box 800, 00531 Helsinki, Finland
www.tietosuoja.fi
tietosuoja@om.fi
+358 29 566 6700

We would, however, appreciate the opportunity to address your concerns directly first — please contact info@projectamanic.store.

11. Data security

We protect your data using appropriate technical and organisational measures, including:

  • HTTPS / TLS encryption across the entire site
  • access controls and authentication for our admin tools
  • DPAs with all service providers
  • regular review of access permissions
  • vetting of new tools before integration

In the unlikely event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the Office of the Data Protection Ombudsman as required by GDPR Articles 33 and 34.

12. Children

Our store is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The "Last updated" date at the top of this page will reflect the latest version. For material changes, we will notify you by email or with a prominent notice on our site before the change takes effect.