1. Data Controller
The Data Controller responsible for your personal data is:
Alexandras Hair
Business ID: 3336092-6
Skarpansvägen 29 D
22100 Mariehamn, Åland
Finland
Email: [email protected]
Phone: +358 18 537 420
For all privacy-related inquiries, please contact us at the email address above. We will respond within 30 days of receiving your request.
2. Information We Collect
2.1 Information You Provide Directly
- Contact Information: Full name, email address, phone number, and company name when you submit our contact form, request a quote, or communicate with us.
- Project Details: Descriptions of your project requirements, budget preferences, and technical specifications shared through forms or correspondence.
- Communication Records: Emails, messages, and other communications exchanged with our team.
2.2 Information Collected Automatically
- Device Information: Browser type and version, operating system, device type, screen resolution.
- Usage Data: Pages visited, time spent on pages, click patterns, referring URLs, navigation paths.
- Network Data: IP address, approximate geographic location (city/region level), Internet Service Provider.
- Cookie Data: Information collected through cookies and similar technologies as described in our Cookie Policy.
2.3 Information We Do Not Collect
We do not collect sensitive personal data including racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, or biometric data unless explicitly provided by you for project-specific purposes with your express consent.
3. Legal Bases for Processing (GDPR)
We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):
| Processing Activity | Legal Basis |
|---|
| Responding to contact form submissions and quote requests | Performance of a contract / Pre-contractual measures (Art. 6(1)(b)) |
| Sending project updates and communications | Legitimate interest (Art. 6(1)(f)) |
| Processing payments and invoices | Performance of a contract (Art. 6(1)(b)) |
| Website analytics and performance monitoring | Consent (Art. 6(1)(a)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Legal compliance and dispute resolution | Legal obligation (Art. 6(1)(c)) / Legitimate interest (Art. 6(1)(f)) |
4. Purpose of Processing
- Service Delivery: To respond to inquiries, provide quotes, and deliver our app and game development services.
- Communication: To send project updates, respond to support requests, and maintain business relationships.
- Website Improvement: To analyze site usage, improve user experience, and optimize content.
- Legal Compliance: To comply with applicable Finnish, EU, and international laws and regulations.
- Security: To detect, prevent, and respond to fraud, security incidents, and technical issues.
- Marketing: To send promotional materials — only with your explicit consent, which you may withdraw at any time.
5. Data Retention
We retain personal data only as long as necessary for the stated purposes or as required by law. Specific retention periods:
| Data Category | Retention Period |
|---|
| Contact form submissions | 24 months from last communication, unless a contract is established |
| Client project data | Duration of contract + 5 years for legal compliance |
| Communication records | 3 years from last communication |
| Invoices and financial records | 6 years as required by Finnish Accounting Act |
| Website analytics data | 26 months (anonymized after 14 months) |
| Marketing consent records | Duration of consent + 3 years |
| Cookie data | As specified in our Cookie Policy |
Data is retained only as long as necessary for stated purposes or required by law. Upon expiration, data is securely deleted or anonymized.
6. International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). If we transfer personal data outside the EEA to countries without an adequate level of data protection, we implement the following safeguards:
- Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses as the primary mechanism for cross-border data transfers.
- Data Processing Agreements: All third-party processors are bound by data processing agreements with appropriate safeguards.
- Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission.
You may request a copy of applicable Standard Contractual Clauses by contacting [email protected].
7. Third-Party Sharing
We do not sell personal data. We do not share data for advertising purposes.
We may share your data with the following categories of third parties, solely for the purposes described in this Policy:
- Service Providers: Hosting providers, email services, analytics platforms, and CRM systems that assist in operating our business.
- Professional Advisors: Lawyers, accountants, and auditors where necessary for legal compliance or business operations.
- Legal Authorities: When required by law, regulation, legal process, or governmental request.
All third-party processors are bound by contractual obligations to process data only as instructed and to maintain appropriate security measures.
8. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:
- Right of Access (Art. 15): You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data.
- Right to Rectification (Art. 16): You have the right to request correction of inaccurate personal data and completion of incomplete data.
- Right to Erasure / Right to Be Forgotten (Art. 17): You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
- Right to Restriction of Processing (Art. 18): You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data.
- Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
- Right to Object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes at any time.
- Right to Withdraw Consent (Art. 7(3)): Where processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
- Right to Lodge a Complaint (Art. 77): You have the right to lodge a complaint with a supervisory authority. In Finland, the competent authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). For Åland-specific matters, contact the Åland Data Inspection Board.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
9. Your Rights Under CCPA
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request disclosure of categories and specific pieces of personal information collected about you.
- Right to Delete: Request deletion of personal information collected, subject to certain exceptions.
- Right to Opt-Out: Opt-out of the sale of your personal information. We do not sell personal data.
- Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Limit Use of Sensitive Personal Information.
To submit a CCPA request, contact [email protected] or call +358 18 537 420.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL) and at rest (AES-256)
- Regular security assessments and vulnerability testing
- Access controls and role-based permissions
- Employee training on data protection and security best practices
- Incident response procedures and breach notification protocols
- Secure data backup and disaster recovery systems
Disclaimer: While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected individuals and relevant authorities in the event of a data breach as required by applicable law.
11. Children's Privacy
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website and updating the "Last Updated" date. We encourage you to review this Policy periodically.
13. Contact Us
Alexandras Hair
Business ID: 3336092-6
Skarpansvägen 29 D
22100 Mariehamn, Åland, Finland
Email: [email protected]
Phone: +358 18 537 420