Privacy Policy

1. Data Controller

Name: Mainostoimisto Aate Oy
Business ID: 2814000-5
Address: Varastokatu 3 A, 33100 Tampere
Email: toimisto@aate.fi

2. Personal Data Processed

We collect and process the following information:

  • Basic Information: Company name, Business ID (Y-tunnus), and the contact person’s name and title.
  • Contact Details: Email address, phone number, and billing address.
  • Service Information: Ordered visibility packages, contract duration, and invoicing history.
  • Marketing Information: Information regarding marketing permissions and opt-outs, as well as interests in our services.

3. Purposes of Processing and Legal Basis

The processing of personal data is based on the following grounds:

  • Purpose Category: Performance of a contract;
    Legal Basis (GDPR): Contract;
    Description: Delivery of visibility packages, customer service, and invoicing.
  • Purpose Category: Legal obligation;
    Legal Basis (GDPR): Legal obligation;
    Description: Compliance with accounting and tax legislation.
  • Purpose Category: Marketing and upselling;
    Legal Basis (GDPR): Legitimate interest;
    Description: Direct marketing related to the Ketjuton.fi service, providing information about new services, and upselling.
  • Purpose Category: Analytics;
    Legal Basis (GDPR): Legitimate interest;
    Description: Development of the service and improvement of the user experience.

4. Retention Period

We retain the data only for as long as is necessary to fulfill the purposes defined in this policy:

  • Customer Relationship: Data is retained for the duration of the customer relationship.
  • Marketing: Data is retained for direct marketing purposes until the Customer opts out of marketing or requests the deletion of their data.
  • Accounting: Receipts are retained for six (6) years from the end of the financial year.

5. Disclosures and Transfers of Data

Data may be disclosed within Mainostoimisto Aate Oy or to selected subcontractors (e.g., invoicing software providers, email marketing platforms). We do not sell or rent your data to third parties. As a general rule, data is not transferred outside the EU/EEA area.

6. Data Subject Rights

You have the right to:

  • Access the personal data concerning you.
  • Correct inaccurate data.
  • Object to direct marketing at any time by sending a message to the controller’s email.
  • Request the erasure of data (the right to be forgotten), unless otherwise required by law.
  • Restrict or object to the processing of your data.

7. Information Security

We use appropriate technical and organizational security measures (such as passwords, access control, and firewalls) to protect personal data against unauthorized access, alteration, or destruction.