Nordic Shipping App Privacy Policy

Woolman produces, develops and administrates an application; Nordic Shipping App to be integrated to e-commerce platforms. Woolman collects, stores and processes personal data of Data Subjects in accordance with EU General Data Protection Regulation, GDPR and national privacy legislation. We are executing clearly defined data protection processes, documentation, policies and data processing actions.

1. Data Controller

Woolman, business ID: 2817702-7

2. Data contact point

Woolman, Hannikaisenkatu 20, 40100 Jyväskylä, Finland. Contacts and requests regarding data control and personal data are answered at  

3. Name of register

Nordic Shipping App register

4. Basis for processing personal data

The legitimate basis for processing personal data is a contractual relation between Woolman and e-commerce Merchant, who has acquired the Nordic Shipping Application (NSA) add-on. NSA add-on processes personal data of e-commerce customers and forwards them to shipping companies to ensure product deliveries. Processing of personal data can be outsourced within the corporation or to third parties in compliance with EU data protection regulation and national legislation.

5. Data register content

The NSA add-on processes delivery recipient’s or authorized third parties (i.e. deliveries to third parties) personal data that is essential to perform the service.

The register may contain following data:

  • recipient´s or authorized person´s first name and last name
  • street address, zip code, city, state, country, telephone number and e-mail address for sending notices of arrival and making the delivery
  • prospective additional delivery address
  • prospective other information related to delivery

6. Storage period of data

Data will be stored only for as long as the data controller has legitimate need for in regard of purposes of the processing. Per se data will be stored for as long as completing the delivery requires. When personal data is no longer needed for the purpose of processing, and no later than after six (6) months of delivery, all data and backup files will automatically be deleted from register. 

7. Regular sources of data

NSA add-on is an independent application that the e-commerce Merchant can integrate onto their e-commerce platform through contractual relation. Add-on applications commit to comply with e-commerce platforms´ own terms, instructions and agreements, that the Merchants have accepted when establishing their e-commerce on these platforms. Currently NSA add-on is in compliance of the following e-commerce platforms terms and agreements: Shopify inc. ( Through contractual relation with the e-commerce Merchant, the NSA add-on is granted legitimate access to Merchant’s e-commerce platform. The NSA add-on collects the personal data described in this privacy policy and forwards it to shipping companies.

We use cookies. We may collect the following “cookie” information: your IP address, when you visited, pages you visited and the duration, browser. You may change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies.

8. Regular transfers of data within EU of outside of EEA

Personal data is processed by Woolman or third parties working on behalf of Woolman. No other transfers of personal data will be carried out. Third parties may be e-commerce platform providers with whom e-commerce Merchants are in contractual relation with. Personal information may be transferred or admitted with consent from the customer into temporary records. The data in these registers will only be handled for a specific purpose with clearly defined instructions.  

Data will be admitted to authorities as required by law or in legal proceedings, such as investigating and preventing malpractice.

Data can, when necessary, be transferred outside of EU or EEA in compliance of the EU Data Protection Regulation and national legislation. Woolman  reserves the right to transfer all data, including personal data to a third party in corporate acquisition, merger or other business arrangement.

9. Joint controllers with Facebook

We have conducted separate documentation on our joint controller role with Facebook and you can read it here.

10. Principles of protecting the register

All personal information stored is confidential. Personal data is only processed in technical transfers through secure interfaces. Only persons for whom it is imperative due to their job description to have access to systems will have the right to process personal data. Data is stored in systems that are protected with high technical protection measures, and access is limited with user control and identification.

11. Rights of the registered Data Subject

Woolman is in compliance with Data Subjects rights when in regard of Nordic Shipping App as follows:

Right of access and rectification
Data Subject has the right to ask for rectification of inaccurate information. This should be performed in writing according to section 2 in this document. Data Subject has the right to obtain what information is recorded and processed about them. Requests regarding personal data should be performed according to section 2 in this document. The reply to request will be delivered when the authenticity of the person is confirmed.

Right to prohibit processing
The Data Subject has the right to prohibit Data Controller processing their information for the purposes of direct marketing and sales by informing the Data Controller according to section 2 in this document.

Right to erasure
The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay. Requests regarding personal data should be performed according to section 2 in this document.

Right to be forgotten
Data Subject has the right to be forgotten. Then all personal information of the Data Subject will be erased from Woolman's Nordic Shipping App add-on immediately and indefinitely, unless there is legitimate ground for maintaining them. If a Data Subject wishes to apply their right to be forgotten, requests should be performed according to section 2 in this document.

Right to data portability 
The Data Subject has the right to receive their personal data in a structured, commonly used and machine-readable format. The following applies only to data the Data Subject has provided.  Requests regarding personal data should be performed according to section 2 in this document. The reply to request will be delivered when the authenticity of the person is confirmed.

Right to restriction of processing
The data subject has the right to obtain from the controller restriction of processing. This would apply to a situation where Data Subject is waiting for Woolman´s reply to requests of rectification or erasure. Request should be performed according to section 2 in this document. 

Right to lodge a complaint
Data Subject has the right to lodge a complaint with the competent supervisory authority about the way Data Controller processes their personal data. Complaint is lodged with the supervisory authority, who in Finland is The Office of the Data Protection Ombudsman (

12. Changes to our Privacy Policy

Woolman is developing continuously and reserves the right to make changes or updates to this Privacy Policy at any time. Changes may also be made on grounds of changing legislation. All changes are effective immediately upon posting. Woolman Inc. encourages Data Subject to periodically review this page for the latest information on our privacy policies.