Privacy Policy
Register name
Qaicu website visitor register.
Controller of the register
Finanerd Oy
Posteljooninkatu 37
15160 Lahti, Finland
Finanerd Oy, with Juhamatti Hyyppä acting as the data controller.
Data Protection Officer
The Data Protection Officer provides additional information about data protection at Finanerd Oy. The Data Protection Officer is an internal expert within the organization who monitors the processing of personal data and assists with compliance regarding data protection regulations.
lauri.mantysaari@finanerd.fi
Purpose and Basis of Personal Data Processing
The purpose of maintaining the website visitor register is to collect visitor statistics on Finanerd Oy’s website using the Google Analytics tool. Processing is based on the data subject’s consent.
Additionally, log data is collected on the website to ensure the security of Finanerd Oy’s website. The information (such as IP address) gathered is used only in the event of a fault or for investigations of data breaches. The basis for processing is legitimate interest, where the collection and use of personal data are justified by general web security practices.
Categories of Personal Data
Data Recipients and Recipient Groups
Personal data is accessible solely to the limited, authorized staff of the company providing the website maintenance server.
Contents of the Register
The personal data file contains the following information:
- IP address
- Time of website visit
- Pages visited by the visitor
Regular Sources of Information
Data is obtained from customer activity during visits to the organization’s website.
Data Retention Period
Analytics data is retained for 90 days.
Regular Data Disclosures and Transfers Outside EU/EEA
Data in the register is used only by those responsible for the website and, if using external service providers, also by their authorized personnel. Data will not be disclosed to parties outside the website or to partners except in cases of data breaches or similar incidents.
Google Analytics cookies are used on the website, and the data may be transferred and stored on servers that are located outside the EU and EEA.
Principles of Register Security
Only designated employees of the site and companies acting on its behalf may use the website maintenance server. Each authorized user has an individual username and password. The system is protected by a firewall, safeguarding it against external access. Protection and processing of the register complies with data protection laws, authority regulations, and good data management practices.
Data Protection in Contact Requests
Finanerd Oy collects, processes, and uses personal data that may identify individuals. The data provided is initially stored in the WordPress system database, from which it is deleted after 90 days. The message sent is deleted from the recipient’s inbox and the email trash within 90 days.
The requested personal data consists of an email address. The purpose of processing is to enable responses to messages. Processing is based on the consent given. Only those personnel whose role requires them to handle such data will do so, and all handlers are bound by confidentiality.
The provided data is not supplemented with information from other sources. Personal data is not transferred outside the EU or to international organizations. Data is retained as long as necessary to respond to the message.
Sales and Marketing
We process the contact details of potential business customers to promote our business operations.
The processing is based on legitimate interest (GDPR Article 6(1)(f)). We assess that the services we offer are relevant to the data subject’s professional duties or position, and that the communication does not cause undue prejudice to the individual’s privacy.
We collect data for the register from public sources (such as company websites, trade registers, and LinkedIn). We utilize the Zefram service for data analysis and targeting. Typically collected data includes name, job title, company, email address, and phone number.
We use the following service providers to process data:
- Pipedrive: A Customer Relationship Management (CRM) system where we maintain sales process stages and contact information.
- Brevo: A communication platform used for sending newsletters, invitations, and marketing messages.
We ensure through contractual means that all our service providers comply with GDPR requirements. Regarding data transfers, we take into account potential transfers outside the EU/EEA by utilizing the European Commission’s Standard Contractual Clauses (SCC) or other legal transfer mechanisms.
Data Subject Rights
Right of access: The data subject has the right to check what data is held in the register. Requests must be made in writing to the contact person listed for the site or register, in Finnish or English, and must be signed. The data subject has the right to prohibit processing and disclosure of data for direct marketing, distance sales, market/survey research by contacting customer services.
Right to data portability: The data subject may request to transfer their data from one system to another via the register’s contact person.
Right to rectification: Any incorrect, unnecessary, incomplete, or outdated personal data must be rectified, deleted, or supplemented. Correction requests must be made in writing and signed, specifying what is to be corrected and why; corrections are made without undue delay. Notification of correction is also given to those who provided or received erroneous data. If a correction request is denied, a written justification is provided; this can be reviewed by the Data Protection Ombudsman.
Right to restrict processing: The data subject may request restriction of processing, for example, if the personal data is incorrect. Contact the responsible person for the register.
Right to object: The data subject may request access to or correction/deletion of their personal data. Requests should be directed to the register’s contact person. Data cannot be deleted from company/organization contacts during their period of acting as contact.
Right to lodge a complaint with the supervisory authority: If the data subject believes the processing of personal data has violated the GDPR, they may lodge a complaint with the supervisory authority, also in the country of permanent residence or work.
Contact details for the national supervisory authority:
Tietosuojavaltuutetun toimisto
PL 800
Ratapihantie 9
00521 Helsinki
p. 029 56 66700
tietosuoja@om.fi
www.tietosuoja.fi