Koti Puhtaaksi Oy undertakes to comply with the data protection and personal legislation in force in
Finland. This means the EU’s General Data Protection Regulation (GDPR) and other laws and regulations
that govern the processing of personal data.
We process personal information in accordance with good information management and data processing
practices, and company personnel are required to keep all personal information strictly confidential.
This privacy statement describes how Koti Puhtaaksi Oy handles the personal data of website visitors.
For the purposes of this description, the term “registered” refers to all natural persons whose personal
data are on the registrar’s website visitor register.
Sahera Koti Puhtaaksi Oy
Postitorvenkatu 16
33840 Tampere
Business-ID: 2395527-2
Tuomas Mäkelä
[email protected]
Koti Puhtaaksi Oy’s website visitor register
Visitors to the website kotipuhtaaksi.fi
Personal information is used by Koti Puhtaaksi Oy
To improve services
To target ads to the right audiences
To improve the user experience of the website
Business planning and development
We process personal data based either on the consent given by the website visitor through a cookie query
or on a legitimate interest, in which case the processing is necessary to fulfill the legitimate
interests of the data controller.
The following information can be stored in the register and processed. Not all of the information below
may be available for each user.
IP-address
The time of the site visit
Information about site usage, such as duration, pages viewed, and other measurable events
Personal information may be collected directly from the data subject himself during the visit to the website. Automatic decision-making, such as profiling, is not used in the processing of personal data covered by this report.
Personal data will be processed for 365 days from the last visit to the website, as recommended by the
European Commission.
We will take all reasonable steps to ensure that personal information that is inaccurate, incorrect or
out of date for the purposes of processing is rectified or deleted without delay.
We have taken appropriate technical and organizational actions to protect personal information from
accidental or unlawful loss, disclosure, misuse, alteration, destruction or unauthorized access.
Access to the personal register is limited by access rights so that only those employees who have the
right to do so on behalf of their work and who need the information in the course of their duties have
access to it. The staff is comprehensively trained and instructed in the proper processing of personal
data and all those who process personal data have a duty of confidentiality with regard to all personal
data.
The equipment and information systems used to process personal data shall be adequately technically
protected and access to them shall be protected by appropriate methods, including personal user IDs.
If, despite security measures, a security breach occurs which is likely to have a negative impact on the
data protection of data subjects, we will notify the competent authorities and the data subjects
concerned as soon as possible, if required by the applicable data protection law.
The processing and storage of personal data is outsourced to external service providers. We use
well-known contractors with whom the requirements of the EU Data Protection Regulation and other
legislation have been taken into account.
We may transfer some personal data outside the EU / EEA due to the technical implementation of data
processing when using external service providers (Meta and Google) under a cooperation agreement between
us. These transfers will be made securely in accordance with and within the limits set by data
protection law.
Personal data shall not be disclosed outside the controller or the service providers processing or
storing the data in such a way that the data can be identified as an individual user except as required
by law or regulation; to protect the rights of the controller or third parties.
The data subject has the right to inspect the data concerning him in the register and to request the
correction of any incorrect, incomplete or outdated data. The inspection request can be made free of
charge once a year. Requests for inspection and correction must be addressed to the contact person in
the personal register, whose contact details can be found at the beginning of this leaflet. The right to
a request of all persons requesting information shall be verified before the request is processed.
Requests for inspections shall be answered within one month of the request.
The data subject has the right at any time to withdraw any consent he or she has previously given to the
processing of the data. Thereafter, his personal data will not be processed unless there is another
legal basis for processing them. However, the withdrawal of consent shall not affect the lawfulness of
the processing carried out before its withdrawal.
In addition, the data subject may request the transfer of his or her personal data to another controller
if necessary. The data subject has the right to request a restriction on the processing of his or her
personal data or to object to the processing of personal data concerning him or her on certain grounds.
The data subject has the right at any time to lodge a complaint with the supervisory authority
concerning matters relating to the processing of his or her personal data.
This Privacy Statement was last revised / updated on September 23, 2024.
Koti Puhtaaksi Oy monitors changes in data protection legislation and wishes to continuously develop its
business and therefore reserves the right to update this data protection statement.
Customer Acquisition Register
Calmfinnland is committed to adhering to all applicable data protection and privacy laws in Finland,
including the EU General Data Protection Regulation (GDPR) and other relevant legislation governing the
processing of personal data.
We ensure that personal information is managed according to best practices and handled confidentially by
our personnel. This Privacy Statement outlines how Calmfinnland processes personal data in its customer
acquisition activities. In this document, the term “registered” refers to all individuals whose personal
data is included in our customer acquisition register.
Calmfinnland
Postitorvenkatu 16
33840 Tampere, Finland
Business ID: 2395527-2
CONTACT PERSON FOR DATA PROTECTION MATTERS
Tuomas Mäkelä
Email: [email protected]
NAME OF THE REGISTER
Calmfinnland’s Customer Acquisition Register
This register includes:
Individuals and representatives of organizations with whom a customer relationship is being established.
PURPOSE AND LEGAL BASIS OF DATA PROCESSING
We process personal data for:
Marketing purposes.
Sharing information about services and events.
Building and maintaining customer relationships.
The processing is carried out based on the individual’s consent or our legitimate interest in providing
information and services.
The following types of data may be stored and processed:
Contact Information: Name, email address, phone number, and postal code.
Interaction History: Call recordings, emails, messages, and notes.
Marketing Details: Participation in promotional activities or campaigns.
Other Information: Data voluntarily provided by the individual or their organization.
Not all the above data may be collected for every individual.
Personal data is collected primarily:
Directly from individuals or their organizations.
From public sources or previous customer interactions.
Personal data is stored only as long as necessary for the stated purposes or as required by law. Data
will be deleted when no longer needed, or at the request of the individual. Call recordings are
automatically deleted 90 days after the call.
Efforts are made to correct or remove outdated or incorrect data promptly.
We prioritize the confidentiality and security of your personal data by implementing the following
measures:
Access to data is limited to authorized personnel whose duties require it.
All personnel handling data are bound by confidentiality agreements.
Data systems are secured with robust technical safeguards, including usernames, regularly updated
passwords, and encryption.
In the unlikely event of a data breach, affected individuals and relevant authorities will be notified
promptly, in compliance with applicable laws.
We may outsource data processing and storage to trusted external service providers to enhance service
efficiency. These partners comply with GDPR requirements and use the data strictly for the purposes
defined by Calmfinnland.
When necessary, data may be transferred outside the EU/EEA, using secure methods in line with legal
requirements, to service providers like Freshdesk, Meta, and Google.
Personal data is never shared with third parties for their own use unless required by law or for
safeguarding our legal rights.
As an individual, you have the following rights concerning your personal data:
Access and Correction: You can request to view your data or have it corrected if inaccurate.
Withdrawal of Consent: You can withdraw your consent at any time.
Restriction and Objection: You can request restrictions on data processing or object to certain uses.
Data Portability: You may request a transfer of your data to another organization.
Lodging Complaints: If you have concerns about data processing, you can file a complaint with the
appropriate data protection authority.
Requests should be sent to the contact person listed above. Responses to requests will be provided
within one month.
This Privacy Statement was last updated on January 18, 2025.
Calmfinnland regularly monitors changes in data protection laws and reserves the right to update this
statement as needed to reflect our evolving practices and services.
Calmfinnland is dedicated to complying with the data protection and privacy laws applicable in Finland,
including the EU General Data Protection Regulation (GDPR) and other relevant laws governing personal
data processing.
We handle personal information with professionalism, adhering to best practices in data management. All
personnel at Calmfinnland are required to maintain the confidentiality of personal data.
This privacy statement explains how Calmfinnland manages the personal data of its customers. In this
context, “registered” refers to any individual whose personal data is included in the customer register
of the controller.
Calmfinnland
Postitorvenkatu 16
33840 Tampere, Finland
Business ID: 2395527-2
CONTACT PERSON ON PERSONAL DATA REGISTRY MATTERS
Tuomas Mäkelä
Email: [email protected]
NAME OF THE REGISTER
Calmfinnland’s Customer Register
Customers and representatives of customer organizations
PURPOSE AND LEGAL BASIS OF PERSONAL DATA PROCESSING
Personal data is processed by Calmfinnland for the following purposes:
Creating, managing, and developing customer relationships
Targeting customer communication and marketing activities
Providing services and managing service deliveries
The processing is based on a contract (when processing is necessary to fulfill or prepare for a contract
involving the data subject or their organization) or a legitimate interest (when there is an existing
customer relationship).
The register may include the following data (not all categories apply to every individual):
Contact and Identification Information: Name, personal ID number, email address, phone number,
organization, and billing information
Customer Information: Service agreements, customer numbers, customer types, statuses, payment details,
service preferences, cleaning instructions, support requests, and feedback
Marketing and Promotions Data: Participation in promotional activities and targeted marketing efforts
Other Data Provided: Information shared by the data subject or their organization
History and Changes: Details about updates and historical records
Personal data is primarily obtained directly from the individual or their organization. Data may also be
sourced from:
Public sources
Systems managed by Calmfinnland in connection with prior interactions
No automated decision-making or profiling is used for processing personal data.
Personal data is processed for the duration of the customer or contractual relationship and for
approximately 18 months after its conclusion. The retention period ensures compliance with legal
obligations and business requirements.
Upon request, personal data is deleted unless legal or contractual obligations necessitate its
retention. Outdated or incorrect data is corrected or removed promptly.
We prioritize the confidentiality and security of customer data. Measures include:
Limiting access to authorized personnel based on their job requirements
Training staff on secure and proper handling of personal data, with confidentiality obligations
Protecting systems and equipment using technical safeguards such as unique usernames, regularly updated
passwords, and encryption
Securely storing physical records in locked areas and ensuring proper disposal of sensitive material
In the event of a data breach, affected individuals and relevant authorities will be promptly informed
as required by law.
Some personal data processing is outsourced to trusted service providers. Agreements with these
providers comply with the GDPR and ensure data is used only for defined purposes.
Data may be transferred outside the EU/EEA when using external providers (e.g., Freshdesk, Meta, Google)
under strict compliance with data protection laws.
Personal data is never shared with external entities for their independent use unless legally mandated
or necessary to protect the rights of the controller or third parties.
Individuals have the following rights regarding their personal data:
Access and Rectification: Request access to or correction of incorrect or incomplete data.
Withdrawal of Consent: Withdraw consent at any time, halting further processing unless legally
justified.
Restriction and Objection: Request processing restrictions or object to processing based on specific
circumstances.
Data Portability: Request data transfer to another organization if applicable.
Complaint Filing: Lodge a complaint with the supervisory authority regarding data handling practices.
Requests for access, correction, or other rights must be submitted to the contact person mentioned
above. Responses will be provided within one month of the request.
This Privacy Statement was last revised on January 18, 2025.
Calmfinnland continuously monitors changes in privacy laws and may update this statement to reflect its
evolving practices.
Calmfinnland is committed to adhering to Finland’s data protection and privacy laws, including the EU
General Data Protection Regulation (GDPR) and other applicable regulations governing the processing of
personal data.
We process personal data in compliance with good data management and privacy practices, and our team
strictly upholds confidentiality regarding all personal information.
This privacy statement outlines how Calmfinnland handles personal data for recruitment purposes. The
term “registered” refers to individuals whose personal information is included in the recruitment
register maintained by Calmfinnland.
Calmfinnland
Postitorvenkatu 16
33840 Tampere, Finland
Business ID: 2395527-2
Contact for Data Registry Matters
Tuomas Mäkelä
Email: [email protected]
Name of the Register
Calmfinnland Recruitment Register
Groups of Registered Individuals
Job applicants
Employees
Purpose and Legal Basis for Processing Personal Data
Personal data is collected and processed solely for recruitment activities at Calmfinnland. The legal
basis for processing this data is the explicit consent provided by the data subject.
The following data may be included in the register, although not all data categories will apply to every
individual:
Contact Information:
Name, email address, phone number, and postal code.
Job Application Data:
Cover letters, resumes (CVs), job application details, and job search status.
Recruitment-Related Data:
Interview notes, communications, and video interview recordings.
Additional Information:
Any other details provided voluntarily by the data subject.
Historical Data:
Updates or changes to the above information.
Personal data is collected directly from the individual. Automated decision-making, including profiling,
is not used in processing this data.
Retention of Personal Data
Automatic Deletion:
Personal data will be deleted 920 days after the final recruitment decision or the last interaction, as
per the time limits specified by the Equality and Non-Discrimination Act and the statute of limitations
for employment-related offenses.
Deletion Upon Request:
If a data subject requests deletion, their personal data will be removed within 30 days of the request.
Accuracy:
Calmfinnland ensures that inaccurate, incomplete, or outdated data is corrected or deleted promptly.
We prioritize the confidentiality and security of personal data in the recruitment register. Measures to
protect this data include:
Access to the register is restricted to authorized personnel whose roles require access.
Employees handling personal data receive training and are bound by strict confidentiality obligations.
Technical safeguards, such as personal usernames and regularly updated passwords, protect data systems.
Secure methods are used to destroy material containing personal data.
If a security breach occurs, we will notify the relevant authorities and affected individuals, as
required by data protection laws.
External Service Providers:
Personal data processing and storage may be outsourced to trusted service providers. Calmfinnland
ensures these providers comply with GDPR and other data protection laws.
Data Transfers Outside the EU/EEA:
In some cases, data may be transferred outside the EU/EEA for technical reasons, such as using external
service providers (e.g., Omnisend). These transfers are conducted securely and in compliance with data
protection laws.
Data Disclosure:
Personal data will not be disclosed to third parties or used for purposes other than those specified,
except where required by law or to protect the rights of Calmfinnland or third parties.
Data subjects have the following rights regarding their personal data:
Access and Rectification:
Request access to their data.
Request corrections to inaccurate, incomplete, or outdated data.
Data Deletion:
Withdraw consent at any time, after which their data will not be processed unless legally required.
Data Portability:
Request the transfer of their personal data to another controller.
Restrict or Object:
Restrict the processing of their data or object to certain processing activities.
File Complaints:
Lodge a complaint with the supervisory authority regarding the handling of their data.
Requests for access or corrections must be sent to the contact person listed above. Verification of
identity will be conducted before processing such requests, and responses will be provided within 30
days.
This privacy statement was last updated on September 23, 2024.
Calmfinnland continuously monitors changes in data protection laws and aims to enhance its practices
accordingly. We reserve the right to update this statement as necessary.