Chiphronglexiron

Privacy

Privacy Policy

This Privacy Policy describes how Chiphronglexiron collects, uses, stores, and protects personal data when you interact with our website, send us a message, or otherwise engage with our studio in Helsinki. We apply the EU General Data Protection Regulation and Finnish national rules that complement it.

We process personal data only for defined purposes, keep it for proportionate periods, and apply technical and organisational measures that match the sensitivity of the information. We do not sell personal data and we do not use automated decision-making that produces legal effects concerning you.

A concise description of our business, what we provide, and what we do not claim—useful for consumers and advertising partners—is published on our transparency page.

Categories of personal data

  • Identity and contact data: name, email address, phone number if you provide it, company name if relevant.
  • Communication content: the body of messages you submit through forms or email threads.
  • Technical data: IP address, approximate location derived at regional level, browser type, device category, operating system hints, referring URL, pages viewed, timestamps.
  • Cookie and consent records: preferences for optional analytics and marketing, timestamps, and version identifiers for legal text.
  • Transactional data: order references, delivery details, and payment metadata if you purchase services or goods from us through a separate flow.

Purposes and legal bases

Purpose Legal basis (GDPR)
Answering enquiries and preparing quotations Article 6(1)(b) steps prior to contract, or Article 6(1)(f) legitimate interests in professional communication
Operating, securing, and improving the website Article 6(1)(f) legitimate interests in security, reliability, and product improvement
Optional analytics or marketing technologies Article 6(1)(a) consent
Compliance with tax, accounting, or regulatory duties Article 6(1)(c) legal obligation
Establishing or defending legal claims Article 6(1)(f) legitimate interests

Retention

Contact form and email correspondence: up to twenty-four months after the last substantive message unless a dispute, warranty, or statutory duty requires longer retention. Technical server logs: typically rotated within ninety days unless an incident investigation is active. Accounting records: retained according to Finnish bookkeeping rules, commonly six years from the end of the accounting period. Consent logs: up to five years from withdrawal to demonstrate compliance, unless a regulator specifies otherwise.

Recipients and international transfers

We use processors for hosting, email delivery, analytics when consented, customer relationship tooling, and payment services where applicable. Processors may only process data on documented instructions. If data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses, adequacy decisions, or another approved mechanism, supplemented by assessments where required.

Security measures

We implement access control, authentication, separation of environments, encrypted transport where supported, logging and monitoring, vulnerability awareness, and contractual confidentiality for staff and vendors. We review controls when our stack changes or when we onboard material new processing.

Your rights

You may request access, rectification, erasure, restriction of processing, and data portability where applicable. You may object to processing based on legitimate interests, taking into account overriding grounds. You may withdraw consent for optional processing at any time. You may lodge a complaint with the Office of the Data Protection Ombudsman (Finland) or another EU supervisory authority. To exercise rights, email us with enough detail to locate your records.

Profiling

We do not conduct behavioural profiling that produces legal or similarly significant effects. Optional marketing tools, if enabled with consent, may measure engagement in aggregate or pseudonymous form according to vendor configuration.

Children

Our services are aimed at adults and professional clients. We do not knowingly collect data from children without appropriate authority. If you believe we received a child’s data in error, contact us for deletion.

Third-party websites

Links to other sites are provided for convenience. Their privacy practices are governed by their own notices. Please review them before submitting personal data.

Updates

We revise this Privacy Policy when processing activities or legal requirements change. The hero date reflects the day you are viewing for orientation; substantive revisions are described in the body text. Previous versions are available on request.

Baseline publication: April 2026. Chiphronglexiron, Helsinki.