Privacy Notice

Data Controller (hereinafter the Company)

Artpiha Oy
Visamäentie 33
13100 Hämeenlinna, Finland
Business ID: 2891179-7

Kristian Parviainen
kristian@artpiha.fi
+358 50 410 3776

This is a combined register description and notice, in accordance with the Personal Data Act and the EU General Data Protection Regulation (GDPR), for the Company's customers, potential customers, and website users.
In this policy, we explain how we process your data. We collect personal data necessary for managing the customer relationship, such as the customer's name and contact details, as well as service usage data. We collect personal data from the data subject themselves, and possibly from other publicly available registers. We process your data as securely as possible. Please familiarize yourself with this policy and contact us if you have any questions.

Purpose and Basis of Personal Data Processing

Personal data is processed primarily for managing, maintaining, and developing the customer relationship between the Company and the data subject. The basis for processing the data is the controller's legitimate interest, meaning the Company's business need to process data in connection with managing customer relationships or developing potential customer relationships. Among other things, we process the following personal data: name, phone number, email address, and company name. We may also process IP addresses in connection with website use, which helps us identify user needs and improve our services. If we collect data from the website, we use an appropriate cookie consent request, giving users the option to decline cookies.

We only collect data that is necessary and ensure that data processing is justified, appropriate, and necessary for the defined purposes of use. Personal data is not used for automated decision-making or profiling without the explicit consent of the data subject.

Rights of the Data Subject

The data subject has the right to check what data concerning them has been stored in the personal data register. They may request that we correct or complete inaccurate data.
In addition, the data subject has the right to demand the correction or deletion of incorrect or outdated data, or the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with applicable data protection law.

The data subject has the right to withdraw previously given consent for data processing or to file a complaint with the supervisory authority if they feel that we are processing personal data in violation of applicable data protection law. More information on the activities of the Data Protection Ombudsman can be found at: https://tietosuoja.fi. In addition, the data subject has the right to prohibit the use of their data for direct marketing purposes.

Requests concerning the data subject's rights must be sent in writing or by email to the Company's address above. We will respond to the request within one (1) month.

Sources of Information

The data of customers and potential customers is collected with consent directly from them. Data is collected through the website's contact form, during website visits, and in personal or digital interactions. We may also obtain data from publicly available sources, such as company websites or other business registers.

Possible Disclosures of Data

As a rule, data is not disclosed to outside parties. Data may be disclosed to third parties for the purpose of providing the service. A third party has the right to use the data only for the purpose of fulfilling the assignment. Where possible, we have chosen secure, Europe-based data centers as the storage location for your data. Some of the service providers we use may back up data outside the EU/EEA to the United States. Some of the aforementioned service providers may back up data outside the EU/EEA to the United States in certain situations, such as emergencies or backup needs. Data backup ensures that data remains safe even in situations where the primary servers are malfunctioning.

Register Protections

Only predetermined personnel who need to process the data in order to provide the service have access to it. They are bound by a confidentiality agreement. We use subcontractors that have been verified as reliable. Databases and backups are protected by technical means and are kept in locked and guarded facilities.

Duration of Data Processing

Personal data is processed for as long as necessary to manage the customer relationship or other legitimate connection. Statutory obligations, such as accounting and tax requirements, may require data to be retained for longer, in which case the data is not destroyed but retained for as long as required by law. When personal data is no longer needed for these purposes, it is securely deleted or anonymized so that the individual can no longer be identified.

After the end of the customer relationship, personal data is retained for a maximum of 10 years from the end of the customer relationship. Personal data may be retained longer than this if applicable legislation or the Company's contractual obligations require a longer retention period.

Right to Make Changes

We reserve the right to make changes to this register description should changes in legislation or the Company's internal practices require it. We review our policy regularly to ensure that it corresponds to current data protection practices. Data subjects will be notified of significant changes as necessary, in an appropriate manner, for example by publishing an updated policy on our website. We recommend that data subjects check the policy from time to time for possible updates.

Cookies Used by Our Website

If we use cookies on the site, we will notify you via a cookie pop-up notice. Website visitors have the option to decline cookies in connection with the cookie notice. A cookie is a small text file sent to and stored on the user's computer, which allows the website administrator to recognize frequent visitors, facilitate visitor login, and enable the compilation of aggregate visitor data. This feedback helps us continuously improve the content of our site. Cookies do not damage users' computers or files. We use them so that we can provide our customers with information and services tailored to their individual needs.

Content Embedded or Linked from Other Websites

The website may contain embedded content or links to other websites (for example, videos, social media content, images, articles, booking systems, forms that open on another page, etc.). Opening embedded content from other websites, or moving from the site to content on another website, is comparable to the visitor visiting the third party's website themselves. These websites may collect data, use cookies, embed third-party tracking cookies, and monitor interaction with the embedded content. We are not responsible for the content of these websites or their privacy practices.

If third-party cookies are used on the site, you can read more about them in the site's cookie policy and find more information on how to decline cookies in the cookie settings.