Privacy Policy

This Privacy Policy has been drafted in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

• Name: Clarito Oy

• Business ID: 3604828-4

• Address: Hedelmäkatu 12 C, 33270 Tampere, Finland

• Email: contact@clarito.fi

• Phone: +358 40 716 5669

2. Contact Person for Data Protection Matters

• Name: Clarito Oy / Customer Service

• Email: contact@clarito.fi

3. Name of the Register

Customer and Contact Register.

4. Purpose and Legal Basis for Processing Personal Data

Data is collected and processed for the following purposes:

• Responding to contact requests: Processing messages sent via the contact form.

• Managing customer relationships: Providing quotes and delivering services.

• Legal Basis: Processing is based on taking steps at the request of the data subject prior to entering into a contract or the legitimate interest of the controller (managing customer service).

5. Content of the Register

We collect only necessary information through the website form:

• First and last name

• Email address

• Phone number (if provided)

• Message content

• Timestamp and IP address (for technical verification and security)

6. Regular Sources of Information

Information is obtained solely from the data subjects themselves when they fill out and submit the contact form on the website.

7. Regular Disclosure of Data

Data is not disclosed to third parties for marketing purposes. Data may be disclosed to:

• Authorities to fulfill statutory obligations.

• Technical service providers (e.g., email server or website hosting providers) acting as data processors on behalf of the company.

8. Transfer of Data Outside the EU or EEA

Data is not primarily transferred outside the EU or EEA. If global cloud services are used (such as Google Workspace or Microsoft 365), we ensure the provider is committed to the EU Commission's Standard Contractual Clauses (SCCs).

9. Principles of Data Security

• Manual Material: We do not print contact form data. If printed, it is stored in a locked space.

• Electronic Material: Data is protected by user-specific IDs, strong passwords, and two-factor authentication where applicable. The website uses a secure SSL/TLS connection (https).

10. Data Retention Period

We retain contact information for as long as necessary to respond to the inquiry or manage the customer relationship. If the contact does not lead to a business relationship, data is deleted after 12 months, unless law requires longer retention (e.g., Accounting Act).

11. Rights of the Data Subject

The data subject has the right to:

• Access the data stored about them.

• Request the correction of incorrect data.

• Request the deletion of their data ("right to be forgotten").

• Object to the use of their data for direct marketing.

• Lodge a complaint with a supervisory authority (the Data Protection Ombudsman).