1 WhatShouldYouGet.com is the Data Controller – How do you contact us?
WhatShouldYouGet.com is the data controller responsible for handling the personal data that we have collected from you.
2 Purpose with and use of your personal data and the legal basis for the use of your data
We use your Personal Data in the following ways:
2.1.2 The purpose is:
126.96.36.199 to gather statistics to analyze trends, about our user movements and use of our website, so we better can tailor our Services to our users’ needs
188.8.131.52 to be able to give you recommendations to products on our website that we think you might be interested in, and
184.108.40.206 to carry out marketing of our products to you, including marketing via Facebook and Google, and
220.127.116.11 to improve the security of our website
2.1.3 The legal basis for processing is the EU General Data Protection Regulation (Henceforth “GDPR”) art 6 (1) (f) and your personal data will only be processed if you have given your consent to the processing of your personal data with this specific purpose.
2.2 When you order a product or communicate with us on our website, we collect the information you provide us, e.g. your name, address, email address, phone number, payment information, time of purchase, which products you purchase or may return, shipment information and the IP address for which you make the order.
2.2.2 The purpose is:
18.104.22.168 to create a customer account and to deliver the products you have ordered as well as our agreement with you
22.214.171.124 to handle your rights to return and to complain
126.96.36.199 to prevent fraud, and
188.8.131.52 to fulfill any legal requirement including the Finnsih Accounting law and Annual report law
2.2.3 The legal basis for processing is GDPR art 6 (1) (b) (184.108.40.206-2), art 6 (1)(c)(220.127.116.11), and art 6 (1)(f)(18.104.22.168) and the Finnish accounting law paragraph 10.
2.3 If you sign up for our newsletter, we collect information regarding your name, email address, IP address, and your phone number if you provide us with it. We collect information regarding when you signed up for our newsletter, when you unsubscribe from our newsletter and information about where and when you open our newsletter.
2.3.2 The purpose is:
22.214.171.124 to send you the newsletter
126.96.36.199 to construct statistic to optimize our newsletters and to carry out marketing of our services, and
188.8.131.52 to document your consent to receive the newsletter
2.3.3 The legal basis for processing is the EU GDPR art 6 (1) (f)
2.4 If you provide us feedback or contact us, we will collect your name and e-mail address, as well as any other content included in the e-mail, to send you a reply
2.4.2 The purpose is:
184.108.40.206 to send you an answer on your feedback or mail, and
220.127.116.11 to process any complaint about a product failure
2.4.3 The legal basis for processing is the EU GDPR art 6 (1) (f).
2.5 If you post content on our Website such as a review, the information contained in your posting will be stored in our servers and other users will be able to see it, along with your first name and last initial. The information that you provide will be visible to others, including anonymous visitors to the Site
2.5.2 The purpose is:
18.104.22.168 to document who the author of the review is
2.5.3 The legal basis for processing is the EU GDPR art 6 (1) (f).
2.6 When you visit our Facebook page, you shall be aware of that we make use of Facebook´s analysis tool “Page insight” to obtain statistics over visitors and to gain insights on visitors use of our Facebook page, including the number of likes, who likes our posts, number of page visitors and interactions with our page, the reach of our post and other insights.
In connection to this, Facebook collects information as a data controller together with us. When you visit our Facebook page, you will gain access to information regarding the processing of these data. For more information, follow this link https://www.facebook.com/legal/terms/information_about_page_insights_data
We have entered an agreement with Facebook regarding the shared responsibility of the data. You can read the agreement via this link https://www.facebook.com/legal/terms/page_controller_addendum
3 Categories of personal data we process
We process the following data about you:
4 Legitimate interests we pursue with processing your personal data
As described above, parts of our processing of your personal data are carried out based on a legitimate interest according to GDPR Article 6 (1)(F). Our legitimate interest in using your personal data to carry out marketing activities, improve our website, improve the security of our website and prevent fraud, have been balanced concerning your interests, basic rights and freedom rights to secure our use of your data do not exceed these. If you want to learn more about how we have balanced our use of your data according to this paragraph, please contact us on one of the methods stated in section 1.
5 Transfer of your data to receivers outside of EU/EEA
We will transfer your personal data to data processors established outside of the EU/EEA.
Four of these data processors, Google Analytics v/Google LLC., ActiveCampaign LLC, Pinterest Inc, and Facebook Inc. is established in the USA. The necessary guarantees for transferring data to the USA are secured through data processor certification under EU-U.S. Privacy Shield, according to EU GDPR article 45.
Copy of Google LLC’s certification can be found via this link:
Copy of ActiveCampaign LLC’s certification can be found via this link:
Copy of Pinterest Inc´s certification can be found via this link:
Copy of Facebook Inc´s certification can be found via this link: :
6 Storage of your personal data
Information collected when you make an order on our website as described in section 2.2 will normally be deleted after 2 years after the calendar year in which you make your order. However, information can be stored for a longer period if we have a legitimate need for longer storage, e.g. if it is necessary to store the data for a legal requirement can be determined, be in evidence, or defend the legal requirement. Also, the information will be stored if storage is necessary to fulfill a legal requirement. Furthermore, accounting records will be stored for 5 years from the ending of the calendar year in which you order has been made, for us to fulfill the requirements of the Finnish accounting law.
Information collected when you sign up for our newsletter will be deleted when you withdraw your consent unless we have any other reason for using your data.
If you decide to delete your customer account, we will delete all data we have stored about you.
Information collected in connection to you making a post on our website will be deleted after 3 years unless we have another reason for using your information.
Information collected when you give us feedback or contact us per mail will be deleted after 1 year unless we have another reason for using your information.
7 The right to withdraw your consent
If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. To do this, please contact us via the contact information stated in section 1.
Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent
8 Your rights regarding the use of your information
According to GDPR you have several rights regarding our use of your personal data.
To exercise any of these rights, please contact us.
Right to obtain access to the information
You can request access to the personal information we use about you as well as other information we process.
Right to get untrue information corrected
You have the right to get any untrue information about you corrected.
Right to get data deleted
On special occasions, you have the right to get information about you deleted before we normally would delete such data.
You may change any of your Personal Data in your account by contacting us. You may request deletion of your Personal Data by us, and we will use commercially reasonable efforts to honor your request, but please note that we may be required to keep such information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). We may also retain your information for fraud or similar purposes.
Right to restricted processing
In some cases, you have the right to get the processing of your personal data restricted. If you have the right to get the use of your personal data restricted, we cannot process personal data about you in the future – except storage – without your consent unless we as a result of any legal requirement are required to do so or to protect a person or important public interests.
Right to object
In some cases, you can object to our or legal processing of your personal data. You can also object to the processing of your personal data to direct marketing.
Right to portability of your data
In some cases, you have the right to receive your personal information in a structured, widely used, and machine-readable format as well as get access to any personal data that we have transferred to a third-party.
9 Complain to a data protection authority
You have the right to complain to a data protection authority about our collection and use of your personal information.