This privacy policy applies to the processing of personal data that we collect or you submit when you visit VILAMYLLY.FI. Vila Mylly/ Kekäle OY is the data controller of the personal data covered by this privacy policy.


It is our mission to give you a great fashion experience right from the moment you start browsing our many styles, to the time that you actually receive your order. As part of your shopping experience with us, we want to ensure you that we protect and respect your privacy and handle all your personal data with care.

Below you can read more about how and why we collect and store your personal data – and who we share it with as well as how you can exercise your privacy rights.


  1. Collecting & using your personal data
  2. Sharing personal data
  3. Transferring data outside the EU
  4. How long do we store your data?
  5. Your rights


Fulfilment of your order

To handle your order, we need some information from you. When you place an order with us, you provide us with your name, address, email, payment method and, of course, which products you wish to purchase. We use the information to fulfil your order including sending an order confirmation and packing and delivering your order.

Customer Service

When you contact our customer service, we will register the personal data that you provide to us. Our customer service has access to all information about your order, so we can help you in the best possible way, whether you have questions about the status of your order, or if you need to return an item.

Improvement of your user experience

We constantly strive to give you the very best user and shopping experience on our website. We do that in different ways, but an important part of it is by tracking your browsing behaviour on our site as well as our social media platforms in order for us to improve the user friendliness, layout, functionalities, and overall experience of the site. We do that by using cookies. We also use your browsing data to recommend you products that we think you might like on the site.]

You can read more about our use of cookies .

Fraud prevention

We use the personal data submitted by you when you place an order for fraud detection and fraud prevention purposes. For those purposes we may also receive additional information from our payment solution partners.

Regulatory requirements

We use and store your personal data in order to comply with regulatory requirements, e.g. bookkeeping regulations.

Legal bases for collecting and using your personal data

We collect and use your personal data on the following legal bases:

  1. Our performance of a contract, cf. article 6, 1 (b)
  • Fulfilment of your order
  1. Our legitimate interest, cf. GDPR article 6, 1 (f)
  • Customer service, including communication regarding delivery
  • Improvement of your user experience
  • [Fraud detection and prevention]
  • Analysis, user experience and development based on cookies
  1. Our legal obligations, cf. article 6, 1 (c)
  • Regulatory requirements


In order to provide our services, we share personal data with our partners. We only share your data when this is allowed by law and all our partners are committed to keeping your data safe. Some of our partners are “data controllers” and others are “data processors”.

Data controllers

The below described partners are data controllers meaning that they are directly responsible for the processing of your data. We only share personal data to the extent it is required for performance of their services, e.g. shipping.

When you complete an order, your payment is handled by our payment solution partners such as NETS or MobilePay. These partners are data controllers. In order to be able to offer you these payment options, we will pass certain aspects of your personal information, such as contact and order details, in order for the payment providers to assess whether you qualify for their payment options and to tailor the payment options for you. You can find more information about these provider, including their terms and conditions and privacy policies on their websites.

When your order is packed and ready to ship, we share your name, address, email and phone number with our carrier partners to fulfil your delivery. Your email and phone number are also used to contact you by our delivery partner in relation to shipment and delivery of your order.


Data processors

The partners described below are data processors who are only allowed to process personal data on behalf of us and according to our instructions.

Our technical service providers process your personal data when they have access to our databases or store personal data in their applications. These service providers include, for example, hosting providers and providers of our website platform.

Other situations where we share data

If we are obliged by law, a court decision or a decision of another authority, we will share personal data with the relevant authority or third party. We also report fraud incidents to the relevant law enforcement authorities.


Some of our partners including their group companies handle your personal data outside the EU. In such case we will always ensure that your personal data is covered by an adequate level of data protection. Unless otherwise stated, the data transfer is safeguarded by the EU Commission’s Standard Contractual Clauses. The partners listed below have entities located outside the EU:

  • Shopify group companies in USA, Australia, India, Japan, Singapore, New Zeeland and Canada (transfer to Canada, Japan and New Zeeland is safeguarded by the European Commission’s adequacy decision 2002/2/EC)


In addition, some of our partners may use external subcontractors (sub-processors) located outside the EU. In such case, our partner is obligated to keep your personal data safeguarded. If you want specific information about these external sub-processors, please contact vifin406078@bestseller.com.


We only store your personal data for as long as it is necessary to fulfill the purpose for which it was collected, to establish, defend or exercise legal claims or to comply with regulatory requirements, e.g. bookkeeping regulations in the countries where we operate. When this is no longer the case, the information will be deleted. 

You can also request us to delete personal data. We will comply with such request unless we are obligated to store the information for regulatory reasons or unless the information is relevant due to a pending legal case/dispute.  


When we collect and use your personal data you have a number of privacy rights. If you wish to exercise any of your rights, please submit our online request form which is available HERE.

You can read more about your various rights below:

Right of access

One of the most important rights that you have is the right to request access to the data that we have registered on you. If you request access, we will provide you with a copy of your personal data.

Right to be forgotten

Another important right in terms of your relationship with us is that you have the right to be forgotten, meaning you can file a request asking that we delete the data that we have registered on you. We may not be able to delete all your personal data as we are required to continue to store certain data in order to comply with legal requirements or to establish, defend or exercise legal claims.

Right to object

You are entitled to object to the processing of your personal data on certain grounds. For example, you can object to the processing of your personal data for direct marketing purposes, including profiling.

Right to rectification

If you believe that the data we have registered on you is inaccurate or incomplete, please let us know and we will make sure to update your information.

Right to restriction

In combination with some of your other rights you can also request that we restrict the use of your personal data, e.g. instead of full erasure or during our assessment of your objection. 

Right to data portability

You can file a request asking us to supply you with the personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit the data directly to a specific recipient.


If you wish to lodge a complaint about how we handle your personal data, you can always contact us. You can also file a complaint with your local data supervisory authority.