Privacy Policy
Privacy Policy and Register Description
This is the register and privacy policy of the Company in accordance with the EU General Data Protection Regulation (GDPR).
Prepared on 04 December 2025. Last updated on 04 December 2025.
1. Data Controller
Juha Karesluoto
Hepohaankuja 8
21420 Lieto
Finland
2. Contact Person Responsible for the Register
Juha Karesluoto
Email: purosta79@gmail.com
Phone: +358 50 022 6227
3. Name of the Register
The company’s customer register, marketing register, stakeholder register, website user register, membership register, employee register, etc.
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is:
- the data subject’s consent (documented, voluntary, specific, informed and unambiguous)
- a contract to which the data subject is a party
- legal obligation (specify which)
- performance of a task carried out in the public interest (specify basis), or
- the legitimate interest of the data controller (e.g. customer relationship prior to a contract, employment relationship, membership)
The purpose of processing personal data is to maintain contact with customers, manage customer relationships, carry out marketing, etc.
The data is not used for automated decision-making or profiling.
5. Data Content of the Register
The data stored in the register may include:
name, position, company/organization, contact details (phone number, email address, address), website URLs, IP address of the network connection, social media profiles/usernames, information about ordered services and their changes, billing information, and other data related to the customer relationship and purchased services.
If there are multiple groups of data subjects (e.g. customer register and marketing register), they should be listed along with their main data content.
Where possible, the retention period of the data should also be stated. Indicate if the data is anonymized after a certain period.
IP addresses of website visitors and cookies necessary for the functioning of the service are processed on the basis of legitimate interest, for example to ensure data security and to collect statistical data on website visitors, where they can be considered personal data. Consent is requested separately where required for third-party cookies.
6. Regular Sources of Information
The data stored in the register is obtained from the customer, for example through messages sent via website forms, email, phone calls, social media services, contracts, customer meetings, and other situations where the customer provides their information.
Contact details of representatives of companies and other organizations may also be collected from public sources such as websites, directories, and other companies.
7. Regular Disclosure of Data and Transfers Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer.
Data may also be transferred by the data controller outside the EU or EEA.
Data will not be transferred to the United States without the explicit consent of the data subjects.
If personal data is disclosed to third parties, list the recipients or groups of recipients (including processors/subcontractors), the purposes of processing, and the legal basis for transfers outside the EU.
8. Principles of Data Protection
Due care is taken in processing the register, and data processed using information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the hardware is properly ensured. The data controller ensures that stored data, server access rights, and other data critical to the security of personal data are handled confidentially and only by employees whose job duties require it.
9. Right of Access and Right to Rectification
Every person in the register has the right to check the data stored about them and to request correction of inaccurate data or completion of incomplete data.
If a person wishes to review or request correction of their data, the request must be submitted in writing to the data controller. The data controller may request proof of identity if necessary. The data controller will respond within the time limits set by the EU data protection regulation (generally within one month).
10. Other Rights Related to the Processing of Personal Data
A person in the register has the right to request the deletion of their personal data from the register (“right to be forgotten”). Data subjects also have other rights under the EU General Data Protection Regulation, such as the restriction of processing in certain situations.
Requests must be submitted in writing to the data controller. The data controller may request proof of identity if necessary. The data controller will respond within the time limits set by the EU data protection regulation (generally within one month).