Miista applies European standards when it comes to data (the GDPR regulations).
And we apply this to all our customers, regardless of where you live. (In terms of EU jargon, we treat all of you as data subjects.)
First, it's important for you to understand what personal data is in terms of European regulations (GDPR). It is any data from which a person can be identified, including your email address, a cookie (read more about them below), your location data, or anything associated with you, for example, anything you looked at online, or anything you bought.
This is a much wider definition of personal data than in US law which is limited to your name, age and financial information.
Sensitive personal data
In terms of European regulations, there’s a special class of personal data, referred to as sensitive personal data. That’s data concerning someone’s race, ethnic origin, political views, religious or philosophical believes; trade-union membership, health, or sex life.
Miista does not collect or hold or - importantly - try and infer any such data. It also does not work with data processors (see below) who do.
Miista the data collector
In terms of GDPR Miista - in most cases - act as what is called a data collector. A data collector is an entity which the data subject (you) is transacting with and therefore trusting their personal data to. As a merchant, Miista is considered a data collector.
You also need to know what a data processor is. It is any company that is storing and/or processing the data on behalf of a data collector. Our eCommerce platform, Shopify, is a data processor.
It is our responsibility as a data collector to ensure that any company that is processing the data of our EU customers (and in our case everybody) is compliant with GDPR.
There are many things that a data processor needs to comply with, like only processing data to the extent entrusted to them by Miista.
In other words, a data processor can’t take the data Miista is sharing and opportunistically do something with it. If we share cookie data (see below) with Facebook to show you a pair of shoes, they can not use it for another purpose.
They must erase or return data back to us on request at the end of a service contract. And any processor is responsible for ensuring that they are employing “appropriate technical and organisational measures” to secure personal information in their possession.
Here is a list of the data processors we use:
- Shopify (the cloud-based software that powers our online shops);
- Klaviyo and Mailchimp (for our email lists);
- Facebook and Instagram (for advertising);
- Google Analytics for (for analytics);
We checked. All of these claim to be GDPR complaint. All of these may take data outside of the European Economic Area for processing. To be able to do this they need to have Privacy Shield Verification. Again we checked. All of them have it.
How we collect data
- We collect data to be able to complete a transaction and keep you informed about a purchase. (When your shoes ship for example). This is not the same as a marketing email.
- We do not assume a transaction with our business implies consent.
- We require opt-in (and not opt out) for permission to send you emails about new products, sample sales or news.
Cookies (See our policy of the use of personal data further down this page)
About Miista’s cookies
Cookies are files sent by web servers to web browsers, and stored by the web browsers.
The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers.
There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.
How we get permission:
Cookies on our website
Miista uses the following cookies on this website, for the following purposes:
Shopping cart cookie – so we can add stuff to your cart. Read more here.
[Other] third-party cookies
When you use this website, you may also be sent the following third party cookies, which may be used for the following purposes:
To be able to serve Facebook and Instagram ads, including so-called remarketing ads of products you looked at but did not buy.
You can control how Facebook uses this data by following this link.
Read more about Facebook and cookies here.
Most browsers allow you to refuse to accept cookies.
In Internet Explorer, you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.
In Firefox, you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.
Blocking cookies will have a negative impact upon the usability of some websites including this one. If you struggle buying from our site because of disabled cookies, contact us.
Personal information collection
Miista collects and uses the following kinds of personal information:
- information about your use of this website;
- information that you provide for the purpose of registering or buying with the website;
- information about transactions carried out over this website;
- information that you provide for the purpose of subscribing to the website services including our emails;
- when you make a comment or leave a product review, or send a picture for publishing in the Miistas section;
- Information that is publicly available, we may for example embed YouTube Videos or Instagram pictures.
Using personal information
Miista may use your personal information to:
- send to you products that you purchase;
- personalise the website for you;
- enable your access to and use of the website services;
- publish information about you on the website;
- supply to you services that you purchase – like shopping vouchers;
- send to you statements and invoices;
- collect payments from you (although we don’t actually ask for Payment information – PayPal deals with that for us); and
- send you marketing communications (to try and sell you more shoes!)
In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, Miista may disclose your personal information to the extent (and only to that extent) that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend Miista’s legal rights.
Securing your data
Miista will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
Miista will store all the personal information you provide securely.
We do not collect or store Payment Details at all.
Updating this statement
This website contains links to other websites. Miista is not responsible for the privacy policies or practices of any third party you visit from a link found on Miista.
Questions, requests, deletions or feedback
You can also at any time request us to delete your data using the same form.