Legal

Privacy Policy

This policy explains what personal data we collect, how we use it, and the rights you hold under applicable data protection law.

Last updated:

1. Data controller

The data controller responsible for processing your personal data is:

Phomvexnoighod
Merkniementie 94, 09120 Lohja, Finland
Phone: +358 50 5575563
Email: touch@phomvexnoighod.world

2. What data we collect

We collect the following categories of personal data:

  • Contact enquiry data: name, email address, and the message content you submit via our contact form.
  • Usage data: anonymised information about how visitors interact with our website, collected via analytics cookies where consent has been given. This may include browser type, pages visited, and general geographic region.
  • Cookie preferences: your cookie consent choices, stored locally in your browser via localStorage.

We do not intentionally collect special category personal data, payment data, or data from children under the age of 13.

3. Legal basis for processing

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Consent (Art. 6(1)(a) GDPR): for contact form data, where you actively confirm processing before submission.
  • Consent (Art. 6(1)(a) GDPR): for analytics and marketing cookies, where you actively opt in via the cookie consent banner.
  • Legitimate interest (Art. 6(1)(f) GDPR): for basic website security, abuse prevention, and maintaining technical logs strictly necessary for service reliability.

4. Purposes of processing

We use your personal data for the following purposes:

  • To respond to enquiries submitted through the contact form.
  • To analyse website usage in aggregate form to improve content and user experience (analytics cookies, with consent).
  • To comply with legal obligations where applicable.

We do not use your data for automated decision-making or profiling.

5. Data retention

Contact enquiry data is retained for a maximum of 12 months from the date of submission, after which it is securely deleted, unless a longer retention period is required by law.

Security and technical logs are retained for up to 90 days, unless needed longer for incident investigation or legal compliance.

Analytics data, where collected, is retained in aggregated or pseudonymised form and configured not to exceed 13 months where technically applicable.

Cookie preference records stored in localStorage remain on your device until you clear your browser data or change preferences.

6. Data sharing and transfers

We do not sell, rent, or trade your personal data with third parties for commercial purposes.

We may share data with trusted service providers who assist with website operation (such as hosting or analytics), under data processing agreements that require them to protect your data in line with applicable law.

Where data is transferred outside the European Economic Area, appropriate safeguards are in place in accordance with Chapter V of the GDPR (such as Standard Contractual Clauses and transfer impact assessments where required).

7. Your rights under GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right of access (Art. 15): you may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): you may request correction of inaccurate data.
  • Right to erasure (Art. 17): you may request deletion of your personal data, subject to applicable legal obligations.
  • Right to restriction of processing (Art. 18): you may request that we limit how we process your data.
  • Right to data portability (Art. 20): you may request your data in a structured, commonly used format.
  • Right to object (Art. 21): you may object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at the details provided in Section 1. We will respond within 30 days.

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu): tietosuoja.fi.

8. Cookies

We use strictly necessary cookies and local storage technologies required for website operation. Non-essential cookies (including analytics and marketing) are only activated after your opt-in consent. For details, please read our Cookie Policy.

9. Security measures

We take appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or loss. We use HTTPS to help protect data in transit.

10. Supervisory authority and complaints

If you believe your data has been processed unlawfully, you may lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), Ratapihantie 9, 6th floor, 00520 Helsinki, Finland, or via tietosuoja.fi.

11. Changes to this policy

We may update this Privacy Policy periodically. The date at the top of this page indicates when it was last revised. We encourage you to review this page occasionally to stay informed.