Privacy Policy
This privacy policy describes how StudioMaiju Oy (Business ID: 3379259-3) processes personal data, what personal data the company collects, the purposes for which data is used, the entities to which data may be disclosed, and how the data subject can influence the processing. This privacy policy complies with the European Union General Data Protection Regulation (GDPR).
We reserve the right to make changes and updates to this privacy policy. The latest version was published on October 3, 2023.
i. Contact Information
Data Controller
Company: StudioMaiju Oy
Business ID: 3379259-3
Contact Person or Data Protection Officer
Name: Maiju Salminen
Email: maiju@studiomaiju.com
Phone Number: +358404149925
Address: Hilda Flodinin kuja 2, 00300 Helsinki
ii. Processing of Personal Data and Purpose
2.1. Legal Basis for Processing Personal Data
We always process your personal data lawfully, fairly, and transparently. We collect and process information about you only if we have a legal basis for doing so.
The processing of personal data is based on legal obligations. We collect and use your information only if:
You have given us permission to use the data for a specific purpose.
It is necessary to fulfill a contract of which you are a party, or to take certain actions at your request before entering into a contract.
iii. Purpose and Legal Basis for Processing Personal Data
3.1. We collect and process personal data for the following purposes:
- For customer relationships.
- For customer service.
- For customer communication.
- For maintaining customer and partnership relationships.
- For booking and ordering products and/or services.
- For providing, maintaining, developing, and ensuring the quality of services/products.
3.2. Personal data is collected from:
Individuals or companies that provide the information.
3.3. The company processes the following information:
- Personal or company information.
- Contact information.
- Billing or payment information.
- Correspondence and communications.
iv. Regular Disclosures and Data Transfers
4.1. We exercise care in the storage and processing of data, ensuring data security through firewalls, passwords, and various generally accepted technical methods. Manually maintained materials are stored in locked facilities inaccessible to unauthorized individuals. Data storage and processing take place through service providers known for their security. Data is protected by strictly limited access rights and is processed only for the purpose for which it was collected. All personal data is handled confidentially.
4.2. As a general rule, we do not disclose or transfer data to third parties without separate consent. Exceptions may include legal obligations related to legislation or authorities, whose legality is always examined on a case-by-case basis. Another exception may be the transfer of data based on a service provider's or subcontractors' agreement, who may process data to perform the service. In these cases, the proper and lawful processing of personal data is ensured through contracts and, if necessary, confidentiality agreements.
4.3. Data is not routinely disclosed to other parties. Since the platform used for website design is located in the USA, the information entered into the contact form may be transferred outside the EU or EEA. You can read more in Showit's own privacy policy here: https://showit.com/privacy/
v. Retention of Personal Data
5.1. Personal data is retained for the duration of the customer relationship. After the retention period ends, the data is either deleted or anonymized. Data can also be deleted upon the customer's request after the termination of the relationship. We reserve the right to notify separately either a shorter or longer retention period.
5.2. Personal data cannot be used for profiling. We do not use personal data for automated decision-making.
vi. Data Subject's Rights
6.1. The data subject has the right to access their own information and review it. They can request the information to be provided in writing or electronically.
6.2. Correction and Deletion of Data
The data subject has the right to request the correction of incorrect or inaccurate information and to request the deletion of their data.
6.3. Data Review
The data controller actively ensures the removal, correction, and completion of incorrect, unnecessary, incomplete, or outdated personal data in accordance with the purpose of processing.
6.4. Data Transfer
The data subject has the right to request the transfer of their data to another data controller. They can also request the restriction of the processing of their personal data in certain situations.
6.5. Objection to Data Use
The data subject has the right to object to the use of their data for certain purposes. They can prohibit the disclosure and processing of their data for direct marketing purposes.
6.6. Withdrawal of Consent
If the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time. This does not affect processing that occurred before the withdrawal.
6.7. Requests for Data Subject Rights
All requests related to data subject rights are made electronically and addressed to the data protection officer. Identity is verified before the data is provided. Requests are processed within a reasonable time, no later than one month from the date of the request and identity verification. If a request cannot be granted, the data subject is notified in writing."