Privacy policy

This Privacy Policy describes how novakata.com (the “Site”, “we”, “our” or “us”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual as “Personal Information”. See the list below for details:

Device information

  • Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what products you view, search terms, and how you interact with the Site.

  • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.

  • Source of collection: collected automatically using cookies, log files, web beacons, tags, or pixels.

  • Disclosure: may be shared with our hosting platform (Squarespace).

Order information

  • Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card tokens, not full card numbers), email address, and phone number.

  • Purpose of collection: to provide products to you, process your payment information, arrange shipping, provide invoices/order confirmations, communicate with you, screen orders for fraud, and, in line with your preferences, provide you with information or offers.

  • Source of collection: collected from you.

  • Disclosure: shared with our payment providers (Squarespace Payments, Stripe, PayPal, Klarna, Apple Pay, Afterpay/Clearpay) and with our printing and shipping partner Prodigi (and its logistics providers such as FedEx, UPS, DPD, or local postal services).

Customer support information

  • Examples: your name, contact details, and the content of your messages.

  • Purpose of collection: to provide customer support.

  • Source: collected from you.

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you. For example:

  • We use Squarespace to power our online store. You can read more about how Squarespace uses your Personal Information here: https://www.squarespace.com/privacy

  • We use Prodigi to fulfill print orders and arrange delivery. You can read more here: https://www.prodigi.com/privacy-and-cookie-policy/

  • We use Stripe, PayPal, and Klarna as payment processors. Please check their respective privacy notices.

  • We may also share Personal Information to comply with legal obligations, respond to lawful requests (such as subpoenas or court orders), or to protect our rights.

Using Personal Information

We use your Personal Information to provide our services, including:

  • Offering products for sale

  • Processing payments

  • Shipping and fulfilling orders

  • Providing customer support

  • Communicating with you about new products, services, or offers (if you have subscribed)

Lawful Basis

Pursuant to the General Data Protection Regulation (GDPR), if you are a resident of the European Economic Area (EEA), we process your Personal Information under the following lawful bases:

  • Your consent

  • The performance of the contract between you and the Site

  • Compliance with our legal obligations (for example, bookkeeping)

  • To protect your vital interests

  • For our legitimate interests, which do not override your fundamental rights and freedoms

Retention

We will retain your Personal Information for as long as necessary to fulfill the purposes described above, unless a longer retention period is required by law.

  • Order and invoice data: at least 6 years (up to 10 years depending on accounting requirements in Finland).

  • Marketing data (newsletter subscriptions): until you withdraw consent or unsubscribe, and up to 2 years after your last interaction.

  • Customer support messages: up to 2 years.

You may request erasure of your data at any time (see “Your Rights”).

Automatic Decision-Making

We do not engage in fully automated decision-making that has a significant legal or other effect on you.
Our payment processors (e.g., Stripe, Klarna, PayPal) may use limited automated decision-making to prevent fraud, such as:

  • Temporary denylist of IP addresses associated with failed transactions

  • Temporary denylist of payment cards associated with denylisted IP addresses

These measures are in place to protect against fraud and do not have a significant impact on your rights.

Your Rights (GDPR)

If you are a resident of the EEA, you have the right to:

  • Access the Personal Information we hold about you

  • Request correction, updating, or erasure of your data

  • Request portability of your data to another service

  • Object to certain processing, including direct marketing

  • Withdraw consent at any time (where consent was the lawful basis)

To exercise these rights, please contact us using the details below. We will respond within 30 days as required by law.

Your Personal Information will initially be processed in the EEA, but may be transferred outside of Europe (for example, to the United States or other countries where Squarespace, Prodigi, or payment providers operate). Such transfers are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards.

Cookies

A cookie is a small piece of data stored on your device when you visit the Site.

  • We use cookies provided by Squarespace and our service providers to ensure the Site functions properly, remember your preferences, and to perform analytics.

  • Some cookies are essential for the operation of the Site. Others, such as for analytics or marketing, can be disabled in your browser settings.

At present, we do not use a third-party cookie consent manager. By continuing to browse the Site, you consent to the use of cookies.

Do Not Track

Please note that because there is no consistent industry standard on how to respond to “Do Not Track” signals, we do not alter our data collection and use practices when we detect such a signal.

Changes

We may update this Privacy Policy from time to time to reflect changes to our practices, operations, or legal obligations. Updates will be posted on this page with a revised “Last updated” date.

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact:

Katariina Viktoria Kirsanova
Business ID: 3369018-3
Pietari Kalmin katu 1 A 110
00560 Helsinki, Finland
Email: katariina.kirsanova@gmail.com

If you are not satisfied with our response, you have the right to lodge your complaint with your local data protection authority.

Last updated: September 2025