Privacy Policy

1. Controller

Controller
Svanfield Oy
Rasimäentie 10, 02580 Siuntio
stefan.svanfeldt@svanfield.fi
Business-ID: 2898982-6

Representative of controller
Stefan Svanfeldt
Rasimäentie 10, 02580 Siuntio
stefan.svanfeldt@svanfield.fi

2. Name of the register

Svanfield Oy contact register.

3. Purpose of the processing of personal data

Personal data is collected when the user voluntarily submits information through the contact forms on the website.
The collected data is processed for the following purposes:

  • To receive and handle inquiries submitted via the contact form
  • To respond to and communicate with the user
  • To provide support or requested information
  • To ensure the security of the website and prevent malicious activity using security tools such as Wordfence, which may process technical data such as IP addresses.
  • To protect the website from spam and abuse using services such as Google reCAPTCHA, which may process technical data such as IP address and user interaction data.

Personal data will not be used for marketing purposes or shared with third parties without the user’s consent.

4. Legal basis for processing personal data

The processing of personal data is based on the following legal grounds in accordance with the General Data Protection Regulation (GDPR):

  • Consent: The user provides their personal data voluntarily by submitting the contact form and thereby consents to the processing of their data for the purpose of responding to their inquiry.
  • Legitimate interest: Processing is also necessary for the legitimate interest of responding to user inquiries and maintaining communication related to the services provided on the website.

5. Data content of the register (categories of personal data processed)

The register may contain the following personal data provided by the user through the contact forms:

  • Name
  • Email address
  • Telephone number (if provided)
  • Message content
  • Reason for contact (if provided)

6. Regulatory sources of information

Personal data is collected directly from the data subject through the contact forms on the website.

7. Retention period of personal data

Personal data is retained only for as long as necessary to process and respond to the inquiry.
Data will be deleted within a reasonable period after the matter has been resolved, unless further retention is required by law.

8. Recipients (categories of recipients) of personal data and regular transfers of data

Personal data will not be disclosed to third parties for marketing purposes.
Data may be processed by service providers necessary for the operation of the website (such as hosting providers, security services, and spam protection tools), in accordance with applicable data protection legislation.

9. Transfer of data outside the EU or EEA

Personal data may be transferred outside the EU or EEA, for example when using third-party services such as Google reCAPTCHA. In such cases, appropriate safeguards are applied in accordance with the GDPR, such as standard contractual clauses.

10. Principles for the protection of the register

Access to databases and systems containing personal data is only possible with personal usernames and passwords, which are issued separately. The controller has limited access rights and authorisations to information systems and other storage platforms so that only persons necessary for the lawful processing of the data have access to and can process the data. In addition, access events to the databases and systems are recorded in the log files of the controller’s IT system.
The controller’s employees and other persons are committed to maintaining confidentiality and secrecy with regard to information obtained in connection with the processing of personal data.

11. Rights of the data subject

The data subject has the following rights under the EU General Data Protection Regulation:

1. the right to obtain confirmation from the controller that personal data concerning him or her are being processed or not being processed and, if such personal data are being processed, the right of access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or are to be disclosed; (iv) where possible, the envisaged period of retention of the personal data or, if that is not possible, the criteria for determining that period; (v) the data subject’s right to obtain from the controller the rectification or erasure of personal data concerning him or her or the restriction of the processing of personal data or to object to such processing; (vi) the right to submit a complaint to a supervisory authority; (vii) where the personal data are not collected from the data subject, any available information on the origin of the data (Article 15 of the GDPR). This basic information described in (i)-(vii) is provided to the data subject on this form
2. the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal (Article 7 of the GDPR)
3. the right to demand that the controller rectify, without undue delay, inaccurate or incomplete personal data concerning the data subject and the right to have incomplete personal data completed, inter alia, by providing further explanations, taking into account the purposes for which the data were processed. (Article 16 of the GDPR)
4. the right to have the controller erase personal data concerning the data subject without undue delay, provided that (i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws the consent on which the processing was based and there is no other lawful basis for the processing; (iii) the data subject objects on grounds relating to his or her particular personal situation and there is no legitimate ground for the processing or the data subject objects to the processing for direct marketing purposes; (iv) the personal data have been unlawfully processed; or (v) the personal data must be erased in order to comply with a legal obligation under EU or national law to which the controller is subject. (Article 17 of the GDPR)
5. the right to have processing limited by the controller if (i) the data subject contests the accuracy of the personal data, in which case the processing is limited for a period of time within which the controller can verify its accuracy; (ii) the processing is unlawful and the data subject objects to the erasure of the personal data and
requests instead the restriction of their use; (iii) the controller no longer needs the personal data concerned for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims; or (iv) the data subject has objected to the processing of personal data on grounds relating to his or her particular situation, pending verification whether the legitimate grounds of the controller override those of the data subject. (Article 18 of the GDPR)
6. the right to receive personal data relating to him or her which the data subject has provided to the controller in a structured, commonly used and machine-readable form and the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent within the meaning of the regulation and the processing is carried out automatically (Article 20 of the GDPR)
7. the right to file a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the EU General Data Protection Regulation. (Article 77 of the GDPR).

Requests concerning the exercise of the rights of the data subject shall be addressed to the contact person of the controller mentioned in section 1.

Scroll to Top