Privacy Policy

1. Controller

Controller
Svanfield Oy
Rasimäentie 10, 02580 Siuntio
ingrid.svanfeldt@svanfield.fi
Business-ID: 2898982-6

Contact person:
Ingrid Svanfeldt
Rasimäentie 10, 02580 Siuntio
ingrid.svanfeldt@svanfield.fi

2. Purpose of the processing of personal data

This website does not collect personal data through forms or user accounts.
However, certain technical data may be processed automatically when visiting the website. This includes:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and timestamps

This data is used for:

  • Ensuring website functionality
  • Maintaining security and preventing abuse

3. Legal basis for processing

Processing is based on:

  • Legitimate interest (Article 6(1)(f) GDPR): Ensuring the security, functionality, and reliability of the website

4. Categories of personal data

Only technical data may be processed, such as:

  • IP addresses
  • Server log data
  • Security-related event data

5. Sources of data

Data is collected automatically from:

  • The user’s browser/device
  • Server logs
  • Security systems (e.g. Wordfence security plugin, which may process IP addresses for threat detection)

6. Retention period

Technical data is stored only as long as necessary for:

  • Security monitoring
  • System maintenance

Logs are typically retained for a limited period (e.g. 30–90 days) unless longer retention is required for security investigations or legal obligations. Data is regularly deleted or anonymised.

7. Recipients of data

Data may be processed by:

  • Hosting providers
  • Security service providers

Data is not used for marketing and is not sold to third parties.

8. Transfer of data outside the EU or EEA

Some service providers may operate outside the EU/EEA. In such cases, data transfers are protected using appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)

9. Data protection principles

Appropriate technical and organisational measures are used, including:

  • Access control
  • Secure servers
  • Logging and monitoring

10. Rights of the data subject

The data subject has the following rights under the EU General Data Protection Regulation:

1. The right to obtain confirmation as to whether personal data concerning the data subject is being processed and, if so, access to the personal data and related information (Article 15 GDPR).
2. The right to request rectification of inaccurate or incomplete personal data (Article 16 GDPR).
3. The right to request erasure of personal data under certain conditions (Article 17 GDPR).
4. The right to restrict processing under certain conditions (Article 18 GDPR).
5. The right to object to processing based on legitimate interest (Article 21 GDPR).
6. The right to data portability where applicable (Article 20 GDPR).
7. The right to lodge a complaint with a supervisory authority (Article 77 GDPR), without prejudice to any other administrative or judicial remedy.

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).

Requests concerning the exercise of these rights shall be addressed to the contact person mentioned in section 1.

Scroll to Top