NordicTyres

Privacy Policy

Updated 4 April 2026

1. Data Controller

NordicTyres Pääskyntie 4, 40320 Jyväskylä, Finland Email: info@nordictyres.fi Phone: +358 10 323 5757

2. Privacy Contact

For any questions about personal data processing, contact us at info@nordictyres.fi or through the contact form.

3. What Data We Collect

We collect the following personal data: Customer Account • Email address (required for login and communication) • Password (stored securely as a bcrypt hash — we never see or store your password in plain text) • Name (optional) • Phone number (optional) Orders • Name, email, phone number (order contact details) • Product, pricing, and payment information related to the order • Any notes or messages provided by the customer during checkout • Payment is made on pickup or on-site — we do not process online payment information Technical Data • Session identifier (httpOnly cookie for secure login) • Cookie preferences (consent information) Contact Form • Name, email address, and message (sent by email to customer service — not stored in a database) • Vehicle registration number (optional) We do not collect unnecessary data. We do not use tracking or marketing cookies without your explicit consent.

4. Purposes of Processing

• Creating and managing customer accounts • Processing, fulfilling, and tracking orders • Sending order confirmations and status notifications by email • Customer service and responding to enquiries • Email verification and password reset • Technical operation and security of the service

5. Legal Bases

Contract — Your data is processed when you create an account or place an order. Processing is necessary for the performance of a contract. • Legitimate interest — Service security, fraud prevention, and technical maintenance. • Consent — Marketing and analytics cookies (Google Tag Manager) are only processed based on your consent via the cookie banner.

6. Recipients of Data

Your personal data may be shared with: • Email service — Order confirmations and account notifications (transactional emails) • Google Tag Manager / Google Analytics — Only with your consent via the cookie banner • Service providers — Technical hosting and maintenance • Google reCAPTCHA — Spam protection on the contact form. Google may process your IP address and browser information as part of this service. We do not sell or share your data with third parties for marketing purposes.

7. Retention Periods

Customer account — Retained as long as the account is active. You can request deletion at any time. • Orders — Under Finnish accounting legislation, order and payment data is retained for at least 6 years. • Session data — Session cookies expire after 30 days. Old sessions are automatically removed. • Password reset tokens — Expire after 1 hour. • Email verification tokens — Expire after 24 hours.

8. Your Rights

Under the EU General Data Protection Regulation (GDPR), you have the following rights: • Right of access — The right to know what data we hold about you. • Right to rectification — You can update your name, phone number, and email address on the settings page. • Right to erasure — You can request deletion of your account and associated data. • Right to restriction — You can request restriction of processing of your data. • Right to data portability — The right to receive your data in a structured format. • Right to object — The right to object to processing based on legitimate interest. • Right to withdraw consent — You can change your cookie preferences at any time. To exercise your rights, contact info@nordictyres.fi. We will respond within 30 days. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi).

9. Account Deletion

You can request deletion of your account by contacting customer service via email (info@nordictyres.fi) or the contact form. We will delete your account and associated personal data. Order and payment data subject to accounting legislation will be retained as required by law.

10. Security

We protect your personal data with appropriate technical and organisational measures: • Passwords are stored as bcrypt hashes — never in plain text • Sessions use HMAC-signed httpOnly cookies • Changing your password automatically signs out all other sessions • Connections are encrypted (HTTPS) • Login attempts are rate-limited to prevent abuse

11. Cookies

We use the following cookies: • nt_session — Session cookie for login (httpOnly, 30 days). Necessary. • NEXT_LOCALE — Remembers your language preference (1 year). Necessary. • cookie-consent — Remembers your cookie preferences. Necessary. • Google Tag Manager — Analytics and measurement. Loaded only with your consent. You can manage your cookie preferences through the cookie banner on the website.