Skip to content

Privacy Policy – Website Visitor Register

Last Updated: 11 June 2025

Data Controller

Ahooy Creative Oy (Business ID: 1800528-0)
Kauppakatu 12
70100 Kuopio, Finland

Contact Person for Register-Related Matters

Hanna Kivijärvi
hanna.kivijarvi@ahooy.fi

Legal Basis for Processing

Legitimate interest

Purpose of Processing Personal Data

The purpose of this register is to ensure the security of the company’s website.
The collected data (IP address) is only used in the event of technical issues or investigations of security breaches.
The legal basis is legitimate interest, and for cookies and similar tracking technologies, consent is used.

Basis of Legitimate Interest

The controller must process personal data to perform business-related tasks. In this context, the processing cannot necessarily be justified by legal obligation or a contract with the individual.

The controller has conducted a balancing test and determined that legitimate interest is a suitable legal basis, taking into account the nature, scope, and impact on the rights and freedoms of the data subjects.

It has been assessed that the processing based on legitimate interest does not cause serious harm to the rights and freedoms of the individuals (data subjects).

Categories of Personal Data Involved

  • IP address
  • Visit time
  • Visited pages

Recipients and Categories of Recipients

Only authorized personnel of the company providing the website hosting service.

Consent

Consent is given through a banner on the website and can be withdrawn via the “cookie settings” section.

Contents of the Register

The personal data register contains the following information:

  • IP address
  • Time of website visit
  • Pages visited by the user

Regular Sources of Data

The data is obtained from the customer’s website visits to the organization’s website.

Data Retention Period

The data is not routinely deleted.

Regular Disclosures of Data

The register data is used only by the company, except when using external service providers, in which case it is accessible to them.
The data is not disclosed outside the company or to its partners, except in cases involving data breaches or similar incidents.

Transfers of Data Outside the EU or EEA

The register data is not regularly transferred outside the EU or EEA.

However, it is possible that non-EU/EEA service providers are used, or their cloud infrastructure is located outside the EU/EEA. In such cases, Standard Contractual Clauses (SCCs) are used as a legal basis for data transfers. Additional safeguards are also implemented, such as internal policies (e.g., pseudonymization) and possibly a Transfer Impact Assessment (TIA) if required.

If the service provider is certified under the EU–U.S. Data Privacy Framework (DPF), it will be used as the transfer mechanism during its validity.

Data Security Principles – B: Electronic Material

Only designated employees of the organization and its authorized contractors have access to the website hosting server.
Each user has a personal username and password. All users have signed a confidentiality agreement.
The system is protected by a firewall, which blocks external access attempts.
The processing and protection of the register’s data comply with data protection legislation, regulatory requirements, and good data handling practices.

Cookies

We use cookies on our website. A cookie is a small text file sent to and stored on the user’s device. Cookies do not harm the user’s device or files.
The primary purpose of cookies is to improve and personalize the visitor’s experience on the site and to analyze and enhance the site’s functionality and content.
Data collected via cookies may also be used for targeting communication and marketing, as well as optimizing marketing efforts.
Visitors cannot be identified solely based on cookies. However, data obtained via cookies may be linked to information provided by the user in other contexts, such as when filling out a form on our site.

Cookies collect the following information:

  • Visitor’s IP address
  • Time of visit
  • Pages viewed and viewing durations
  • Visitor’s browser type

Your Rights

Right to Refuse Cookies

You can disable cookies at any time via the cookie banner on our website. Some browsers also allow you to disable cookies and delete stored cookies.
Disabling cookies may affect the functionality of the site.

Right of Access

You have the right to access your personal data stored in the register.
Requests must be sent from an identifiable email address to the contact point of the data controller.

Right to Data Portability

When legitimate interest is the legal basis for processing, the data subject does not have the right to data portability.

Right to Rectification

Any inaccurate, unnecessary, incomplete, or outdated personal data in the register must be corrected, deleted, or completed.
Requests must be sent from an identifiable email address.
The request must specify which data should be corrected and why.
Corrections will be made without undue delay.
Information about the correction will be communicated to the original data provider or recipient of the incorrect data.
If the request is denied, a written explanation will be provided. The individual may submit the denial to the Data Protection Ombudsman for review.

Right to Restriction of Processing

You may request a restriction of data processing, e.g., if the data is incorrect.
Requests must be sent from an identifiable email address.

Right to Object

You have the right to request access, rectification, or deletion of your personal data.
Requests must be sent from an identifiable email address.
If you are acting as a contact person for a company or organization, your data cannot be deleted during this period.

Right to Lodge a Complaint with a Supervisory Authority

If you believe your data has been processed in violation of data protection regulations, you have the right to file a complaint with a supervisory authority.
You may also file a complaint in the EU member state of your habitual residence or place of work.

Finnish Supervisory Authority Contact Info:

Office of the Data Protection Ombudsman
P.O. Box 800, Ratapihantie 9, 00521 Helsinki, Finland
Phone: +358 29 56 66700
Email: tietosuoja@om.fi
Website: www.tietosuoja.fi

Other Rights Related to Personal Data

You have the right to object to the use of your data for direct marketing and other promotional purposes, to request anonymization of data where applicable, and the right to be completely forgotten.