Privacy policy

Last updated: June 20, 2026

This Privacy Policy explains how Gravox Oy, operating under the brand Gravoks, collects, uses, stores, and shares personal data when you visit gravoks.com, place an order, create an account, subscribe to marketing, or contact us.

This policy should be read together with our Cookie Policy, Terms of Service, Shipping Policy, Payment Policy, and Return and Refund Policy.

1. Data Controller

The data controller responsible for your personal data is:

Legal company name: Gravox Oy
Brand: Gravoks
Business ID: 2611939-2
VAT number: FI26119392
Address: Höyläämötie 3 A, 00380 Helsinki, Finland
Email: support@gravoks.com
Phone: +358 9 682 4666
Business hours: Monday–Friday, 9:00 AM–5:00 PM Finland time

2. Personal Data We Collect

Depending on how you interact with Gravoks, we may collect your name, email address, telephone number, billing and delivery addresses, customer-account details, order information, payment status, delivery details, return or refund information, and customer-support correspondence.

We may also collect technical information such as your IP address, browser, device type, operating system, language settings, pages viewed, shopping-cart activity, cookie identifiers, approximate location, and website-performance information.

Payments are processed by Shopify and approved payment providers. Gravox Oy does not directly store complete payment-card numbers or card security codes.

Please do not send passwords, complete payment-card information, identification documents, or unnecessary sensitive information by email.

3. How We Collect Information

We collect personal data directly from you when you place an order, create an account, contact customer support, request a return or refund, submit a form, or subscribe to marketing.

Some information is collected automatically through cookies, server logs, Shopify technologies, and installed applications.

We may also receive information from Shopify, payment providers, delivery companies, fraud-prevention services, analytics providers, advertising platforms, and other service providers connected to our store.

4. How We Use Personal Data

We may use personal data to process orders, confirm payments, arrange delivery, provide tracking information, handle returns and refunds, respond to customer inquiries, maintain customer accounts, prevent fraud, secure our website, comply with legal and accounting requirements, and improve our services.

Where permitted, we may also use personal data to send marketing communications and measure advertising or website performance.

Our legal bases for processing may include performance of a contract, compliance with legal obligations, our legitimate interests, and your consent where required.

You may unsubscribe from promotional emails at any time by using the unsubscribe link or contacting support@gravoks.com.

5. Cookies

We use cookies and similar technologies to operate and secure the website, maintain shopping-cart and checkout sessions, remember privacy choices, prevent fraud, measure website performance, and support analytics or advertising.

Strictly necessary cookies may operate without consent. Non-essential analytics and advertising cookies will only be used where the required consent has been obtained.

You can manage non-essential cookies through the cookie banner or preference controls available on our website.

Please review our Cookie Policy for further information.

6. How We Share Personal Data

We do not sell personal data for monetary consideration.

We may share necessary personal data with Shopify, payment providers, delivery companies, customer-support tools, email providers, analytics services, fraud-prevention providers, accounting or legal advisers, and other service providers that support our business.

We may also disclose information where required by law, requested by a competent authority, necessary to prevent fraud, or required to protect our legal rights.

If Gravox Oy is involved in a merger, sale, restructuring, or transfer of business assets, relevant personal data may be shared with professional advisers and transaction parties in accordance with applicable law.

7. International Data Transfers

Shopify and some service providers may process personal data outside Finland or the European Economic Area.

Where required, international transfers will rely on an appropriate legal mechanism, such as a European Commission adequacy decision, Standard Contractual Clauses, or another legally recognized safeguard.

8. Data Retention

We retain personal data only for as long as reasonably necessary for the purpose for which it was collected.

Order, payment, invoice, refund, and accounting information may be retained for the period required by tax, accounting, consumer-protection, and other applicable laws.

Customer-support records may be retained while a matter is active and for a reasonable period afterward. Marketing information is generally retained until you unsubscribe, withdraw consent, or the information is no longer required.

When personal data is no longer needed, it will be deleted, anonymized, or securely restricted unless further retention is required by law.

9. Data Security

We use reasonable technical and organizational measures intended to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, or destruction.

No online transmission or storage system can be guaranteed to be completely secure. You are responsible for protecting your account credentials and contacting us if you believe your account has been compromised.

10. Your Data-Protection Rights

Subject to applicable law, you may have the right to request access to your personal data, correct inaccurate information, request deletion, restrict processing, object to certain processing, receive portable data, and withdraw consent.

You may object at any time to the use of your personal data for direct marketing.

To exercise a privacy right, contact support@gravoks.com and clearly explain your request. We may request reasonable information to verify your identity.

You also have the right to lodge a complaint with a competent data-protection authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.

11. Children’s Privacy

Our website is intended for a general adult shopping audience and is not specifically directed at children.

We do not knowingly request personal data directly from children who cannot lawfully provide it without the authorization of a parent or guardian.

Contact us if you believe a child has provided personal data to us inappropriately.

12. Third-Party Services

Our website may contain links to third-party websites, payment services, social networks, or applications.

These services have their own privacy policies. Gravox Oy is not responsible for the independent privacy practices of third parties.

13. Policy Updates

We may update this Privacy Policy when our services, applications, service providers, business practices, or legal obligations change.

The updated version will be published on this page with a revised “Last updated” date.

14. Contact Information

For questions about this Privacy Policy, our use of personal data, or your privacy rights, contact:

Legal company name and data controller: Gravox Oy
Brand: Gravoks
Business ID: 2611939-2
VAT number: FI26119392
Email: support@gravoks.com
Phone: +358 9 682 4666
Business hours: Monday–Friday, 9:00 AM–5:00 PM Finland time
Address: Höyläämötie 3 A, 00380 Helsinki, Finland