Privacy Policy

Last updated:

This Privacy Policy explains how we collect and use personal data when you visit purifyshoulderin.click or contact us. It is prepared in accordance with Regulation (EU) 2016/679 (GDPR), the Finnish Data Protection Act (Tietosuojalaki, 1050/2018), and other applicable EU and Finnish privacy legislation.

1. Data Controller

The data controller responsible for your personal data is:

Purifyshoulderin
Ruijankeino 2, 99830 Saariselkä, Finland
Phone: +358 40 1559700
Email: connectuse@purifyshoulderin.click
Domain: purifyshoulderin.click

We have not appointed a Data Protection Officer (DPO), as we do not carry out large-scale processing of special categories of data. For privacy matters, use the contact details above.

2. Scope

This policy applies to visitors of our website and to individuals who contact us through the contact form or by email or phone. It does not apply to third-party websites linked from our pages; those services have their own privacy policies.

3. Personal Data We Collect

We may collect the following personal data:

  • Contact form data: Name, email address, and the content of your message when you use our contact form.
  • Technical data: IP address, browser type, operating system, referral URL, pages visited, and visit timestamps — collected automatically via server logs.
  • Cookie data: Cookie preferences stored in your browser's local storage. See our Cookie Policy for details.

We do not intentionally collect special categories of personal data under GDPR Article 9 (such as health data). Please do not include medical or health information in your messages unless necessary; if you do, we will process it only to respond to your enquiry and will delete it when no longer needed.

4. Legal Basis for Processing

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR) (EU) 2016/679:

  • Consent (Art. 6(1)(a) GDPR): When you submit the contact form and tick the consent checkbox, or when you consent to optional cookies.
  • Legitimate interests (Art. 6(1)(f) GDPR): For technical server logs necessary to maintain site security, prevent abuse, and ensure reliable operation.
  • Steps at your request (Art. 6(1)(b) GDPR): To handle pre-contractual enquiries when you contact us about our informational content.
  • Legal obligation (Art. 6(1)(c) GDPR): Where required by Finnish or EU law (for example, retention for accounting or legal claims).

5. Purposes of Processing

We process your data for the following purposes:

  • To respond to enquiries submitted via the contact form.
  • To maintain the technical security and operation of this website.
  • To understand aggregated site usage patterns (where analytics cookies are accepted).
  • To comply with our legal obligations.
  • To measure aggregated site usage where you have accepted analytics cookies (see our Cookie Policy).

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes described:

  • Contact form enquiries: Up to 12 months from the date of receipt, unless an ongoing relationship requires longer retention.
  • Technical server logs: Up to 90 days, then automatically deleted.
  • Cookie consent records: Stored in your browser's local storage until you clear it or withdraw consent.

7. Data Processors and Sharing

We do not sell your personal data. We may share data only as described below:

  • Hosting and infrastructure providers: Process server logs and store website files on our behalf under written data processing agreements (Article 28 GDPR).
  • Content delivery and font providers: When you load pages, technical requests may be sent to CDNs (for example, Cloudflare for Font Awesome) and Google Fonts. See our Cookie Policy for details.
  • Legal authorities: Where required by Finnish law, court order, or competent authority request.

8. International Transfers

We aim to keep personal data within the European Economic Area (EEA). If a processor transfers data outside the EEA (for example, a US-based CDN), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or equivalent mechanisms required under Chapter V GDPR. You may request more information about safeguards by contacting us.

9. Your Rights Under GDPR and Finnish Law

You have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate data.
  • Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten") where no legitimate purpose remains.
  • Right to restriction (Art. 18): Request that we limit processing of your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Withdraw any consent you have given at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us using the details in Section 1. We will respond without undue delay and, in any event, within one month (extendable by two further months where necessary under Article 12(3) GDPR). We may ask you to verify your identity before responding.

If you believe our processing violates applicable law, you have the right to lodge a complaint with the supervisory authority:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Lintulahdenkuja 4, 00530 Helsinki, Finland
Website: tietosuoja.fi

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include HTTPS encryption for all data in transit, restricted access to data systems, and regular security reviews.

11. Children's Privacy

This website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted data, contact us and we will delete it without undue delay.

12. Changes to This Policy

We may update this Privacy Policy when our practices or legal requirements change. The “last updated” date at the top shows when the policy was last revised. Material changes will be reflected on this page; we encourage you to review it periodically.

13. Contact

For any privacy-related questions or to exercise your rights, contact us at:
Purifyshoulderin, Ruijankeino 2, 99830 Saariselkä, Finland
Email: connectuse@purifyshoulderin.click