Add organization

    Privacy Policy — SuomiGuide | GDPR & Cookies

    Last updated: 9 November 2025


    Domain: SuomiGuide

    This Policy explains how SuomiGuide (“we”, the “Service”) processes users’ personal data in accordance with Regulation (EU) 2016/679 (GDPR) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).

    1) Data Controller

    SuomiGuide
    E-mail: suomiguidefin@gmail.com

    2) Data we collect

    Account data: e-mail, password hash (with salt), display name/username.
    Contact forms: message text and the reply e-mail you provide.
    Cookies & technical data: IP address, device/browser type, referrer URL, timestamps, technical identifiers (the minimum necessary for site operation, security, and analytics/marketing — see our Cookie Policy).
    — We do not request payment, passport, or other special categories of data under Art. 9 GDPR.

    3) Legal bases & purposes of processing

    (a) Contract necessity (Art. 6(1)(b) GDPR): registration, login, e-mail confirmation, password reset.
    (b) Legitimate interests (Art. 6(1)(f) GDPR): ensuring site operation, abuse prevention, information security, system logging. We perform a balancing test; details available upon request.
    (c) Consent (Art. 6(1)(a) GDPR): analytics and marketing cookies, personalised ads, subscriptions. You can withdraw consent at any time via the “Cookie settings” banner.
    (d) Legal obligations (Art. 6(1)(c) GDPR): accounting requirements, responses to lawful requests from public authorities.

    4) Cookies and similar technologies

    Non-essential cookies/identifiers (e.g., for analytics and marketing) are set only after your consent. Exceptions: storage/access strictly necessary for (i) the transmission of a communication over a network or (ii) providing a service you explicitly requested (e.g., cart/session). Legal basis: Section 205 of the Act on Electronic Communications Services (917/2014).
    Consent management: a cookie banner on first visit; a persistent link to “Cookie settings” is available at all times.
    — For details, see our separate Cookie Policy.

    5) Who we share data with

    Hosting/infrastructure: data centre in the EU/EEA.
    Web analytics: Google Analytics 4 (subject to consent). Typical retention on the provider side: 2 or 14 months (free version settings).
    Marketing: Google Ads/DoubleClick, Meta Ads (subject to consent).
    Processors act under a data processing agreement (Art. 28 GDPR). We do not sell personal data to third parties.

    6) International transfers

    — If a provider participates in the EU-US Data Privacy Framework, we rely on the EU Commission adequacy decision (Art. 45 GDPR). Otherwise, we use Standard Contractual Clauses (SCCs) and additional safeguards (encryption, access limitations).

    7) Storage periods

    Account: as long as you use the Service; upon account deletion, data are deleted or anonymised.
    Security logs: typically up to 90 days (minimum necessary).
    Cookies: until expiry or your withdrawal/deletion.
    Analytics/marketing: generally up to 14 months (on the provider side, per the chosen settings).

    8) Security

    We apply technical and organisational measures, including HTTPS encryption, salted password hashing, least-privilege access control, regular system updates, and incident monitoring.

    9) Your GDPR rights

    You have the right to access, rectification, erasure, restriction, data portability, to object to processing based on legitimate interests, and to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).
    Submit requests to: suomiguidefin@gmail.com. We respond without undue delay and usually within one month.

    10) Children’s data

    The Service is not directed at children under 13. For “information society services” offered directly to a child, consent is valid if the child is 13+; younger children require the consent of a parent/guardian (Tietosuojalaki 1050/2018, Section 5).

    11) Updates to this Policy

    The date above indicates the latest version. For material changes, we will post a notice on the website and/or inform registered users.

    12) Contacts & complaints

    Privacy inquiries and rights requests: suomiguidefin@gmail.com.
    You also have the right to lodge a complaint with the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto):
    Visiting address: Lintulahdenkuja 4, 00530 Helsinki
    Postal address: P.O. Box 800, 00531 Helsinki, Finland
    Switchboard: +358 29 566 6700
    E-mail: tietosuoja@om.fi

    13) Finland-specific provisions

    — Processing of the Finnish personal identity code (henkilötunnus) is separately regulated; we do not request or process it in our Service.
    — Rules for cookies and other device-access technologies are set out in Act 917/2014 (Section 205).

    14) Notes on third parties

    Google Analytics 4: user/event data retention in the free version is configurable to 2 or 14 months (Admin settings; see Google Help).