Privacy policy

Spinnova Oy (hereinafter “Company”) respects your privacy. This Privacy Policy informs you of privacy practices relating to the website (hereinafter ”Website”) provided by the Company. The term “Personal Data” comprises all information which allows or facilitates the identification of an individual.

1. Data Controller and Processors

Data controller means the party with overall responsibility for data processing. Data processor means a party that processes data on behalf of and under the control of a data controller, subject to an agreement between the two.

For the Personal Data processed in connection with the Website, the data controller is the Company. The Company uses the following processors to provide the Website subject to separate agreements with said processors:

Cloud service provider (currently DigitalOcean)
Newsletter provider (currently Campaign Monitor)
Content Management Software (currently Craft CMS)

Personal data is not transferred, or processed by Company or its sub-processors outside the EU/EEC.

2. Personal Data and Legal Basis for Processing

Personal Data is processed in connection with the Website in compliance with the provisions of the EU General Data Protection Regulation (”GDPR”) and relevant national privacy legislation. Personal Data will only be processed for purposes made known to you and for which there is a legal basis for processing in accordance with applicable privacy laws and regulations.

Specifically, the following categories of Personal Data are processed in connection with Website:

Category of Personal Data	Legal basis	Removal (i.e. period after which Personal Data will either be removed or permanently anonymised
Name, email, phone number of persons using the contact form on the Website	Performance of contract between the person who used the contact form and the Company, i.e. keeping track of, and answering the contact request/email (GDPR Article 6(1)(b)) The legitimate interests of the controller, i.e. providing information about the Company in the form of a newsletter to people who have used the contact form (GDPR Article 6(1)(f)	At the latest three years after the contact form was used
IP address of visitors to the website	The legitimate interests of the controller (GDPR Article 6(1)(f), i.e. carrying out error detection and repair, and detecting and preventing misuse of the Website with respect to invidiual Website visitors	At the latest three years after the visit to the Website

3. Security

Your Personal Data will be protected by reasonable security safeguards against accidental loss, unauthorised processing, the destruction of, or use or modification of, or unauthorised disclosure of your Personal Data. Company employs appropriate technical and organisational security measures in order to protect your Personal Data. The safeguards Company employs, such as limiting its personnel’s and subcontractors’ access to personal data and encryption of data, are proportionate to the likelihood and severity of any potential harms or threats, the sensitivity of the Personal Data, and the context in which it is held as well as development of security technologies.

4. Your rights as data subject

Under the GDPR, you as a data subject have the following rights with regards to Personal Data, as more closely specified in Articles 15-21 of the GDPR:

Right of access: you have the right to request confirmation of whether your personal data is processed in relation to the Website, and access to that personal data
Right of rectification: you have to the right to request the data controller to rectify any inaccurate or incomplete personal data concerning you held by or processed in relation to the Website
Right of erasure: you have the right to request that personal data concerning you is erased where it is no longer necessary for the purpose for which it was collected or processed, where you object to the processing and there are no overriding legitimate grounds for processing, where your personal data is being unlawfully processed, or where personal data must be erased in order to comply with relevant legislation
Right of restriction: you have the right to request restriction of processing of your personal data where the accuracy of the personal data is contested, where processing is unlawful or where the personal data is no longer needed by the data controller but you legitimately oppose the erasure of the personal data, or where you object to the processing and it has not yet been verified whether legitimate grounds exist for the processing
Right to object: you have the right to object to processing of any of your Personal Data processed subject to GDPR Article 6(1)(f) in connection with the Website, in which case the data controller shall be required to demonstrate compelling legitimate grounds for the processing in order to continue processing said Personal Data
Right of data portability: you have the right to receive the personal data concerning you and to transmit the personal data to another controller for personal data processed pursuant to GDPR Article 6(1)(b)

5. Contact information regarding data privacy matters

Company is committed to ensuring that the Personal Data it processes is accurate, complete, and kept up-to-date to the extent necessary for the relevant purpose. If you wish to rectify inaccuracies or delete Personal Information relating to you, or otherwise wish to exercise your rights as data subject, or if you have any questions, comments or concerns about this privacy policy, or if you wish to make a complaint about Company’s handling of your Personal Information or a possible breach of privacy laws then please contact Company at: info@spinnova.com.

Furthermore, you always have the right to contact, or complain to the relevant data protection authority with regards to the processing of personal data in connection with the Website. In Finland, the relevant authority is the Data Protection Ombudsman: https://tietosuoja.fi/etusivu

For privacy protection purposes, you may be asked to provide proof of identification and other relevant details.

6. Changes to the Privacy Policy

This Privacy Policy may change from time to time by posting an updated version on Company’s Website, thereby superseding earlier versions. If there are changes that materially alter its privacy practices, Company may also notify you by other means, such as by email or by posting a notice on Company’s Website and / or social media pages in reasonable time prior to the date that the changes take effect.