Legal

Privacy Policy

Last updated: March 1, 2026

1. Data Controller

Data Projector
123 Business Street
Your City
Finland

We process your personal data in accordance with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).

2. Purposes and Legal Basis for Processing

We process your personal data for the following purposes:

  • Service delivery: To provide our data transformation and reporting services, manage your account, and communicate with you about your requests. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
  • Contact requests: To handle inquiries, contact form submissions, and meeting bookings. Legal basis: Your consent or performance of pre-contractual steps (Art. 6(1)(a) or (b) GDPR).
  • Newsletter/subscription: To send marketing communications if you have subscribed. Legal basis: Your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time.
  • Legal obligations: To comply with accounting, tax, and other legal obligations. Legal basis: Legal obligation (Art. 6(1)(c) GDPR).
  • Legitimate interests: To improve our services, ensure security, and defend legal claims. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR), where our interest is not overridden by your rights.

3. Categories of Personal Data

We may process:

  • Contact data: name, email address, phone number, company name
  • Account and usage data: login credentials, service usage, appointment dates
  • Business data: descriptions, spreadsheets, database connections you provide for our services
  • Technical data: IP address, browser type, device information (e.g. via cookies and logs)

4. Recipients of Personal Data

We may share your data with:

  • Service providers (e.g. hosting, email, calendar) who process data on our behalf under data processing agreements
  • Authorities when required by law
  • Professional advisors (e.g. lawyers, auditors) where necessary

We do not sell your personal data to third parties.

5. International Transfers

Your data may be processed within the EU/EEA. If we transfer data to countries outside the EU/EEA, we ensure appropriate safeguards (e.g. adequacy decision, Standard Contractual Clauses) as required by GDPR.

6. Retention Periods

We retain your data only as long as necessary for the purposes stated above:

  • Contact requests: typically up to 2 years unless a longer retention is required for legal or contractual reasons
  • Account and service data: for the duration of the contract and as required for legal/accounting obligations (e.g. 7 years for accounting records under Finnish law)
  • Marketing consent: until you withdraw consent or object
  • Logs and technical data: as needed for security and troubleshooting, typically up to 12 months

7. Your Rights

Under the GDPR, you have the right to:

  • Access (Art. 15): Obtain confirmation as to whether we process your data and a copy of it
  • Rectification (Art. 16): Request correction of inaccurate data
  • Erasure (Art. 17): Request deletion of your data in certain circumstances
  • Restriction of processing (Art. 18): Request that we limit how we use your data
  • Data portability (Art. 20): Receive your data in a structured, machine-readable format where applicable
  • Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
  • Withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time

To exercise these rights, please contact us. You also have the right to lodge a complaint with the supervisory authority:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
P.O. Box 800, 00531 Helsinki, Finland
tietosuoja.fi

8. Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Essential: Session management, authentication, security
  • Functional: Storing preferences (e.g. theme, language)
  • Analytics: Understanding how visitors use our site (where we use such tools, we ensure appropriate safeguards)

You can manage cookies through your browser settings. Blocking essential cookies may affect site functionality.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in line with Art. 32 GDPR.

10. Children

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us.

11. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via our website or by email where appropriate.

12. Contact

For privacy-related questions or to exercise your rights, please contact us.