Privacy Notice

Date created: January 1, 2023
Last updated: June 18, 2025

1. Data Controller

Name: Hanhinen.net Consulting Oy
Address: Nellimintie 4179C, 99860 Ivalo, Finland
Email: info@hanhinen.net

2. Data Protection Officer

Name: Rasmus Hanhinen
Email: rasmus@hanhinen.net

3. Name of the Register

Customer and Marketing Register

4. Purpose and Legal Basis for Processing

We process personal data for the following purposes and legal bases:

  • Consent (e.g. for marketing communications)
  • Contract performance (e.g. client relationship management)
  • Legitimate interest (e.g. website operation, security, analytics)

Legitimate interest is based on the controller’s need to ensure the technical functionality and security of its website. A balancing test has been carried out to ensure minimal impact on the data subject and alignment with reasonable expectations.

5. Categories of Personal Data

We may collect and process the following categories of data:

  • Name
  • Position
  • Company / Organization
  • Contact details: phone number, email address
  • Website addresses
  • IP address and cookie data
  • Social media profiles
  • Details of services ordered and changes
  • Billing details
  • Other information related to the customer relationship

6. Retention Period

Personal data is retained only as long as necessary for the defined purposes:

  • Contact form data: up to 12 months
  • Client-related data: 6 years in accordance with accounting law
  • Marketing consents: until withdrawn
  • Log files and IP addresses: up to 24 months

7. Source of Personal Data

  • Directly from the data subject (e.g. contact forms, email, phone)
  • Public sources (e.g. company websites, directories)

8. Recipients of Personal Data

Personal data is not regularly disclosed to third parties. However, it may be shared with the following categories of recipients when necessary:

  • IT service providers (e.g. website platforms, hosting)
  • Financial partners (e.g. accountant)
  • Communication and marketing providers
  • Web analytics providers (e.g. Google Analytics)

All third-party processors are bound by appropriate data processing agreements (DPA).

9. Transfers Outside the EU/EEA

Personal data may be transferred outside the EU/EEA (e.g. to Google LLC servers). In such cases, appropriate safeguards are used, including Standard Contractual Clauses (SCC) approved by the European Commission.

Google Analytics use is limited to anonymized IP tracking and requires user consent via a cookie banner.

10. Rights of the Data Subject

You have the following rights under the GDPR:

  • Right to access your data
  • Right to rectify or complete your data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing in certain cases
  • Right to object to processing based on legitimate interest
  • Right to data portability
  • Right to withdraw your consent at any time
  • Right to lodge a complaint with a supervisory authority

11. Withdrawing Consent

If your personal data is processed based on consent, you may withdraw it at any time by contacting the controller at rasmus@hanhinen.net.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with the Finnish supervisory authority:

Office of the Data Protection Ombudsman
P.O. Box 800, 00531 Helsinki, Finland
https://tietosuoja.fi/en/

13. Obligation to Provide Personal Data

Providing personal data is voluntary, but some services or responses (e.g. contact form replies) may not be available without certain information (e.g. email address).

14. Automated Decision-Making and Profiling

Hanhinen.net Consulting Oy does not use your personal data for automated decision-making or profiling.

15. Data Security

Systems and registers are protected by usernames and passwords. Data is stored on secure servers with restricted access only for personnel whose work requires it. Logs, updates, and protection mechanisms are regularly reviewed and maintained.

en_USEN
fiFI en_USEN
Scroll to Top