Privacy policy

Last updated: February 7, 2025

This Privacy Policy explains how Droplet Hitech Design Oy (Lastu), Business ID 2423768-6, located at Nahkatehtaankatu 2, 90130 Oulu, Finland (“Lastu,” “we,” or “us”), processes personal data of users (“you” or “user”) who visit our website at lastu.co (the “Site”) or use our other services (collectively, the “Services”), including participation in our marketing and advertising activities on social media platforms (Facebook, Google, TikTok, X, YouTube, Instagram). By using the Site or our Services, you agree to this Privacy Policy. If you do not agree, please refrain from using the Site or our Services.

1. Data Controller and Contact Information

Droplet Hitech Design Oy (Lastu), Business ID 2423768-6, Nahkatehtaankatu 2, 90130 Oulu, Finland

Email: info@lastu.co

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at the above details.

2. Personal Data We Collect

We collect and process different categories of personal data necessary to provide our Services and comply with applicable laws.

a) Data you provide directly to us: We may collect information such as your name, address, phone number, email address, payment information, and other details when you register an account, place orders, fill in forms, contact customer service, or participate in our promotions.

b) Data collected automatically: When you visit our Site or use our Services, we may automatically gather information about your device and online activities, including your IP address, device type, operating system, browser type and version, cookies, and the pages you visit. This information helps us understand how the Site is used and improve our Services.

c) Data obtained from third parties: We may receive information from payment processors, shipping and logistics partners, analytics and advertising partners (such as Facebook, Google, TikTok, X, YouTube, Instagram), and other platforms that may collect and share data with us through cookies, pixels, and other tracking technologies.

3. Purposes of Processing

We use the collected data for several purposes:


Providing and maintaining our Services: We need your data to process orders, deliver products, manage your account, provide customer support, and handle returns, exchanges, and refunds.

Payment processing: We process payment information to ensure the security and fulfillment of your transactions.

Marketing and advertising: We may send you marketing communications by email, text message, social media, or other channels. We may also use cookies, pixels, and other tracking technologies to serve targeted ads on various platforms (including Facebook, Google, TikTok, X, YouTube, Instagram).

Site optimization and analytics: We collect usage data (e.g., page views, clicks, session duration) to improve our Site, Services, and overall user experience.

Security and fraud prevention: We may process personal data to detect, investigate, and prevent fraud, illegal activities, or violations of our Terms of Service.

Legal compliance: We may process and retain your data as required by law, such as complying with accounting obligations or responding to requests from authorities.


4. Legal Bases

We primarily process personal data to fulfill a contract with you (for example, when you place an order), based on your consent (e.g., for newsletters or certain direct marketing activities), or to pursue our legitimate interests (e.g., marketing analytics, maintaining the Site). We may also process your data to comply with legal obligations, such as accounting or consumer protection laws.

5. Cookies and Other Tracking Technologies

We use cookies, pixels, and similar technologies to ensure the proper functioning of our Site, personalize content and advertisements, and analyze Site usage. You can manage cookie preferences in your browser settings. Please note that disabling cookies may affect the functionality of the Site.

6. Disclosure of Personal Data

We may disclose personal data to:


Payment and logistics partners: To process and deliver your orders.

IT service providers and analytics partners: For hosting, security, and data analytics.

Advertising and marketing partners: Including Facebook, Google, TikTok, X, YouTube, Instagram, and others that help us provide targeted advertising or measure campaign effectiveness.

Authorities and other parties: If required by law or if necessary to assert, defend, or resolve legal claims.

We do not sell your personal data to third parties.


7. International Data Transfers

Your data may be transferred outside the EU/EEA if our service providers operate in those regions. In such cases, we ensure an adequate level of data protection by using the EU Standard Contractual Clauses or other appropriate safeguards when required by law.

8. Data Security

We maintain technical and organizational measures to protect your personal data against unauthorized access, alteration, or destruction. However, please note that no method of transmission or electronic storage is entirely secure. We encourage you to also take steps to protect your own devices and login credentials.

9. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. For example, we may need to keep certain transaction data for accounting purposes. When the data is no longer needed, we delete or anonymize it in a secure manner.

10. Your Rights as a Data Subject

You have certain rights under applicable data protection laws, including:


The right to request access to your personal data.

The right to request rectification or deletion of your personal data.

The right to object to or restrict the processing of your personal data.

The right to withdraw your consent if processing is based on consent.

The right to data portability if the processing is based on your consent or a contract.

To exercise these rights, please contact us at info@lastu.co. We may ask you to provide additional information to verify your identity.


11. Children’s Privacy

Our Services are not directed at children under the age of 16, and we do not knowingly collect personal data from such individuals without parental consent. If we become aware that we have collected data from a child under 16 without appropriate consent, we will promptly delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version is always available on our Site. We encourage you to review the Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions regarding this Privacy Policy, wish to exercise your data protection rights, or have any complaints about the way we process your personal data, please email us at info@lastu.co or write to us at Droplet Hitech Design Oy (Lastu), Nahkatehtaankatu 2, 90130 Oulu, Finland. We strive to respond to all requests and inquiries in a reasonable time frame and in accordance with applicable law.