Privacy Policy

Date last updated: 18-02-2025

1. Background

At VeryU, accessible from https://itsveryu.com and the related mobile application, one of our main priorities is the privacy of our customers and website visitors. This privacy policy (“Privacy Policy”) contains types of personal data (“Personal Data”) that is collected and processed by VeryU and how we use it. Personal data includes any information which may be used to identify an individual. Under GDPR Personal Data means any information relating to an identified or identifiable natural person.

VeryU Oy is the controller (“Controller”) of Personal Data if not mentioned otherwise.

It is important to us that you feel safe with how we handle your Personal Data. We take measures to ensure that your Personal Data is protected and that the processing of your Personal Data is carried out in accordance with applicable data protection regulations and our internal policies and procedures.

2. From where do we collect your Personal Data

We collect your data primarily from yourself. We also may collect your Personal Data in the following ways:

Personal Data that you give to us by way of creating an account, uploading images and information to our application and using the application.

Personal Data that we collect or generate automatically when you visit our application, it will automatically collect some Personal Data about you and your visit; or when you use or interact with our IT systems (for example, when you log in to our network or send an email which is retained in our IT systems).

3. When and why we process your Personal Data

We process your Personal Data for the following purposes:

  • to provide, operate and maintain our services, application and website
  • to improve, personalize and expand our services, application and website
  • to give you recommendations regarding style or stores
  • to develop new services, features and functionality
  • to communicate with you
  • to send you emails

We do not use your Personal Data for automatic decision-making as described in GDPR Article 22(1).

Registering for an Account and Account Management:

Categories of personal data

Regarding stores:

  • Business name and ID number
  • Contact person(s)
  • Address
  • Location
  • Email address
  • Phone number
  • Banking information

Regarding users:

  • Username
  • Location
  • Email address
  • Banking information
  • Profile picture

Storage period: Your Personal Data will be stored for 5 years after your last login onto your account.

Legal basis

Performance of a contract (GDPR art. 6(1)(b))

Usage of the application and sales

We might collect the following groups of Personal Data in the context of the use of the application and sales.

Categories of Personal Data

Linked to the account:

  • Images uploaded in the image similarity function
  • Queries/searches
  • Favorite items
  • Booked items
  • Items shoppers are seeking (wishlist and saved items)
  • Liked and disliked items
  • Viewed items and stores
  • Favorite stores
  • List of friends
  • Bought items and their characteristics
  • Environmental metrics linked to the purchase of items through the application
  • Amount of money spent using the application

Storage period: Your Personal Data will be stored for 5 years after your last login onto your account. For data subjects who don’t have an account, the storage period is 2 years after the last use session has ended.

Legal basis

Performance of a contract (GDPR art. 6(1)(b)) for a data subject with an account

Legitimate interest (GDPR art. 6(1)(f)) for a data subject without an account. In this case the legitimate interest is the availability of the service.

Customer communication

We might collect the following groups of Personal Data in the context of communicating with our customers.

Categories of Personal Data

  • Name
  • Email address
  • Telephone number
  • Contents of the message and possible attachments

Storage period: Your Personal Data will be stored for 5 years after your last login onto your account. For data subjects who don’t have an account, the storage period is 2 years after the communication has ended.

Legal basis

Performance of a contract (GDPR art. 6(1)(b)) for a data subject with an account

Legitimate interest (GDPR art. 6(1)(f)) for a data subject without an account. In this case the legitimate interest is carrying out customer service.

4. Recipients that we share your Personal Data with

Where necessary, we share your Personal Data with others. The recipient is the data controller for the processing of your Personal Data, unless we have stated otherwise.

We share your Personal Data with:

  1. Service providers

In order to fulfil the purposes of the processing of your Personal Data, we share Personal Data with service providers that we have engaged. These service providers provide IT services to us (such as operation, technical support and maintenance of IT systems). The service providers may only process your Personal Data for these purposes and in accordance with our instructions and not for their own purposes.

We are the data controller for the processing of Personal Data that the service providers carry out on our behalf.

  1. Stores in the application

In order to fulfil the purposes of the processing of your Personal Data, we share your username with stores that you purchase an item from. This transfer of Personal Data is based on legitimate interests of the parties involved.

  1. Other recipients

In certain cases we share, if necessary, your Personal Data with other recipients for certain purposes (e.g. to fulfil legal obligations and to handle and defend legal claims). Examples of recipients are external advisors, authorities, courts, the police and potential buyers or sellers of the company.

5. Where we process Personal Data

We always aim to store and process Personal Data in the EU/EEA.

However, some of our service providers are located outside the EU/EEA and in such cases Personal Data is processed outside the EU/EEA. In order to ensure the protection of Personal Data, we ensure that appropriate safeguards are in place with respect to those service providers that process your Personal Data outside the EU/EEA.

If you have any questions about the countries to which your Personal Data is transferred and the safeguards applicable to the transfer or would like a copy of the safeguards and information, if available, please contact us using the following contact details specified in Section 8.

6. Your Rights

Under data protection regulations you have certain rights in relation to the processing of your Personal Data. We process your Personal Data to the extent necessary in order to fulfil your rights. Please submit requests for exercising your rights by contacting us at team@veryu.fi.

You have the right to:

  1. Access your Personal Data

You have the right to access Personal Data we process about you. You may request a copy of your Personal Data by sending us a request. We will provide you with it unless we have lawful reasons not to share this data or if sharing the data would adversely affect the rights and freedoms of others.

  1. Update your Personal Data

Furthermore, you have the right to request that incorrect or incomplete Personal Data is corrected or completed.

  1. Withdraw consent

To the extent we rely on your consent to process Personal Data you have the right to at any time withdraw your consent.

  1. Object to the processing of Personal Data

You have the right to object to the processing of your Personal Data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your Personal Data where the processing is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your Personal Data is necessary in order to manage or defend legal claims.

  1. Delete your Personal Data

Under certain circumstances you have the right to request that your Personal Data is deleted. However, we cannot delete your Personal Data if we for example are obligated under law to keep the data.

  1. Restrict the use of your Personal Data

You have the right under certain circumstances to request that the processing of your Personal Data is restricted. If the processing of your Personal Data has been restricted we may only, besides storing the data, process your Personal Data with your consent, in order to establish, exercise or defend legal claims or to defend rights of others.

  1. Transfer your Personal Data (data portability)

Finally, you have the right to request a copy of the Personal Data that we store about you in a structured, commonly used and machine-readable format (data portability). The right to data portability, compared to the right to access, only comprises such Personal Data you yourself have provided and which we process based on certain legal grounds, e.g. your consent.

7. We may update this Privacy Policy

We may occasionally update this information, e.g. if we process Personal Data for new purposes, collect additional categories of Personal Data or share Personal Data with other recipients. In such a case we will notify you in an appropriate way. The latest version of the information is always published on this page.

8. Contact

If you have any questions regarding the processing of your Personal Data, please do not hesitate to contact us. See below for contact details. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority within your jurisdiction.

VeryU Oy

3471062-5

E-mail: team@veryu.fi