Privacy Policy

Register and Privacy Statement (GDPR)

This is Futotec's register and privacy statement in accordance with the EU General Data Protection Regulation (GDPR). Prepared on 15.04.2026. Updated on 14.05.2026.

 

1. Data Controller

Futotec

Konepajankatu 20, 65100 Vaasa

Business ID: 3612220-2

futotec.store@gmail.com

 

2. Contact Person for Register Matters

Onni Luoma

045 867 4255

 

3. Name of Register

Futotec customer and online service user register

 

4. Legal Basis and Purpose of Processing Personal Data

The processing of personal data is based on the processing grounds set out in Article 6 of the EU General Data Protection Regulation (EU 2016/679):

  • consent of the data subject (Article 6.1.a)
  • a contract to which the data subject is a party (Article 6.1.b)
  • legitimate interest of the data controller for customer relationship management and business operations (Article 6.1.f)

The purpose of processing personal data is:

  • managing customer relationships
  • contacting customers
  • providing services
  • invoicing
  • developing business

Data is not used for automated decision-making or profiling.

 

5. Data Content of the Register

The data stored in the register includes:

  • name
  • position
  • company / organization
  • contact information (phone number, email address, address)
  • website addresses
  • IP address and cookie information
  • social media identifiers and profiles
  • information about ordered services and their changes
  • billing information
  • other information related to the customer relationship and services

Data is retained for the duration of the customer relationship and for 6–10 years in accordance with the Accounting Act.

The IP addresses and cookies of website visitors are processed based on legitimate interest to ensure data security and to analyze website usage. Consent for third-party cookies will be requested separately if necessary.

 

6. Regular Sources of Information

Information stored in the register is obtained from the customer, e.g., from messages sent via web forms, by email, phone, through social media services, from contracts, customer meetings, and other situations where the customer provides their information.

Information on contact persons of companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.

 

7. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA

Data is not regularly disclosed to external parties without the customer's consent, unless required by law.

Data is not transferred outside the EU or EEA.

 

8. Principles of Register Protection

The processing of the register is carried out with due care, and the data processed by information systems is appropriately protected. When register data is stored on internet servers, the physical and digital data security of their hardware is ensured appropriately.

The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are treated confidentially. Access to the data is granted only to those individuals whose job duties require it.

 

9. Right of Access and Right to Request Correction of Data

Every person in the register has the right to check their data stored in the register and to demand the correction of any incorrect information or the completion of incomplete information. If a person wishes to check the data stored about them or request a correction, the request must be sent in writing to the data controller.

The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the timeframe stipulated in the EU Data Protection Regulation (generally within one month).

 

10. Other Rights Related to the Processing of Personal Data

A person in the register has the right to request the deletion of their personal data from the register ("right to be forgotten"). Likewise, data subjects have otherrights according to the EU General Data Protection Regulation, such as the restriction of personal data processing in certain situations. Requests must be sent in writing to the data controller.

The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the timeframe stipulated in the EU Data Protection Regulation (generally within one month).