KIMMO EKLUND OY PRIVACY POLICY

Last Updated: March 11, 2025

1. INTRODUCTION

Kimmo Eklund Oy ("we," "our," or "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our services.

This policy has been developed in accordance with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws.

2. DATA CONTROLLER

Kimmo Eklund Oy acts as the data controller for the personal data described in this policy. Our contact details are:

Kimmo Eklund Oy
Joensuunkatu 7e
24100 SALO
Finland
Email: privacy@kimmoeklund.fi

3. DATA PROTECTION OFFICER

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions regarding this privacy policy. If you have any questions about this privacy policy or our privacy practices, please contact our DPO at:

Email: privacy@kimmoeklund.fi
Phone: +358-40-8020714

4. PERSONAL DATA WE COLLECT

We collect and process the following personal data:

Names, phone numbers and email addresses: We collect details when communicating with current and potential customers.
Contract information: We store signed contracts which contain personal details of our customers and business partners.

5. HOW WE COLLECT YOUR PERSONAL DATA

We collect personal data through the following methods:

Direct interactions: You may provide us with your email address when you fill in forms, correspond with us by email, or otherwise interact with our services.
Direct business interactions: We collect personal data when entering into contracts with customers and business partners.

6. HOW WE USE YOUR PERSONAL DATA

We use your contact details for the following purposes:

Purpose	Legal Basis	Retention Period
To provide our services	Performance of a contract with you	Duration of the customer relationship plus 2 years
To manage our relationship with you	Legitimate interests	Duration of the customer relationship plus 2 years
To send service-related communications	Performance of a contract with you	Duration of the customer relationship plus 2 years
To fulfill contractual obligations	Performance of a contract with you	6 years after end of the fiscal year when contract has expired

7. PROCESSORS OF YOUR PERSONAL DATA

We use the following data processor to handle personal data on our behalf:

Proton AG (Switzerland): Our sole data processor that provides email services and secure storage infrastructure for all personal data.

Our data processor is required to take appropriate security measures to protect your personal data and to process it only according to our instructions. We have a data processing agreement in place with Proton AG to ensure GDPR compliance.

8. INTERNATIONAL TRANSFERS

We store all personal data with Proton AG in Switzerland, a country that has been recognized by the European Commission as providing an adequate level of data protection. This means your data receives a similar level of protection as it would within the EEA.

9. DATA SECURITY

We have implemented appropriate security measures to protect your personal data:

All data is stored in encrypted form with Proton AG in Switzerland. Proton AG does not have access to decrypt the data.
We limit the access to your personal data to those employees who have a business need to process it.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10. YOUR LEGAL RIGHTS

Under the GDPR, you have the following rights regarding your personal data:

Right to access: You have the right to request copies of your personal data.
Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
Right to erasure: You have the right to request that we delete your personal data under certain circumstances.
Right to restrict processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
Right to data portability: You have the right to request that we transfer your personal data to another organization or directly to you under certain circumstances.
Right to object: You have the right to object to our processing of your personal data under certain circumstances.
Rights related to automated decision-making: You have rights related to automated decision-making and profiling.

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided above.

11. COOKIES AND ANALYTICS

Our website does not use cookies, tracking, or any analytics technologies. We do not collect any automated information about your browsing behavior.

12. MARKETING

We do not engage in email marketing activities. Any emails you receive from us will be strictly related to:

Responding to your inquiries
Communications regarding our business relationship
Information about our services that you have specifically requested
Contract-related communications

13. CHANGES TO THE PRIVACY POLICY

We keep our privacy policy under regular review and will place any updates on this webpage. This privacy policy was last updated on March 11, 2025.

14. COMPLAINTS

You have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.