top of page

LAAVAT
PRIVACY NOTICE

Last updated: November 20, 2025

​

At LAAVAT, one of our main priorities is our customers' privacy. We are committed to protecting your personal data in accordance with applicable privacy legislation, including the General Data Protection Regulation (GDPR).

​

Through this privacy policy, LAAVAT Oy informs the general public and data subjects about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of the rights to which they are entitled.

​

This policy applies to all personal data processed by LAAVAT Oy in connection with our website, services, and business activities. We may update this policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website with a new "Last updated" date. If changes significantly affect your rights, we may provide additional notice, such as via email if we have your contact details. We encourage you to review this policy periodically.

​

Data Controller

​

LAAVAT Oy is the data controller for all personal data we collect and process. We do not sell your personal data to third parties. However, we may share it with trusted service providers (data processors) who assist us in operating our business, such as website hosting, email services, or analytics providers, under strict confidentiality agreements and only to the extent necessary.

​

In all data protection-related matters, you can contact us using the following information:

LAAVAT Oy contact@laavat.com Kaivotie 5, 33480 Ylöjärvi, Finland Business ID: 2836220-6

 

We have not appointed a Data Protection Officer (DPO) as our processing activities do not require one under GDPR Article 37. For any privacy inquiries, please contact us directly at the above email.

​

Collecting Personal Data

​

Personal data means any information relating to an identified or identifiable natural person, such as a name, identification number, location data, or online identifier.

We collect personal data primarily when you engage in business with us or interact with our website. This includes:

  • Contact information you provide voluntarily, such as names, email addresses, phone numbers, or other details submitted via contact forms, inquiries, or during service provision.

  • Automatically collected data through website logging, including internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamps, referring/exit pages, and possibly the number of clicks. This data is not linked to personally identifiable information unless required for security purposes.

 

We do not collect sensitive personal data (e.g., data revealing racial or ethnic origin, political opinions, health, or biometric data) unless it is strictly necessary for a specific purpose and with your explicit consent.

Sources of data include direct submissions from you and automated collection via our website. We do not collect personal data from third-party sources.

​

Disclosure of personal data to LAAVAT is voluntary, but if you choose not to provide it, we may not be able to provide our services, respond to inquiries, or fulfill contracts.

​

How We Use and Process Personal Data

​

We process your personal data only for specified, explicit, and legitimate purposes, and we do not process it further in a manner incompatible with those purposes.

The legal bases for processing under GDPR are:

  • Your consent for one or more specific purposes (e.g., marketing communications).

  • Performance of a contract with you or pre-contractual steps at your request.

  • Compliance with legal obligations (e.g., tax or accounting requirements).

  • Our legitimate interests (e.g., website analytics, fraud prevention, or improving services), provided these do not override your rights and freedoms.

 

Specific purposes include:

  • Responding to your inquiries and providing our services.

  • Managing and fulfilling business contracts.

  • Analyzing website trends, administering the site, tracking user movements, and gathering demographic information to improve user experience.

  • Sending administrative emails or updates related to our services (with opt-out options where applicable).

  • Complying with legal requirements or defending legal claims.

 

We do not engage in automated decision-making or profiling that produces legal effects or significantly affects you.

​

Data Retention

​

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, including for the duration of our business relationship, to comply with legal obligations (e.g., accounting records for up to 10 years under Finnish law), or to resolve disputes. For example:

  • Contact form data is retained for up to 2 years or until the inquiry is resolved.

  • Log data is retained for up to 1 year for analytics and security purposes.

 

Once no longer needed, data is securely deleted or anonymized. Criteria for determining retention include the amount, nature, and sensitivity of the data, potential risks, and legal requirements.

​

Sharing and Disclosure of Personal Data

​

We may share your personal data with:

  • Service providers (e.g., IT hosting, email platforms, or analytics tools) acting as processors on our behalf, bound by data processing agreements ensuring GDPR compliance.

  • Public authorities if required by law (e.g., for tax or regulatory purposes).

  • Professional advisors (e.g., lawyers or auditors) under confidentiality.

 

We do not sell your data or share it for third-party marketing without your consent. All sharing is limited to what is necessary.

​

International Transfers

Our operations are primarily within the EU/EEA. If we transfer data outside the EEA (e.g., to non-adequate countries via service providers), we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other mechanisms to protect your data. For details on specific transfers, contact us.

​

Protection of Personal Data

​

Protecting your personal data is crucial. We implement appropriate technical and organizational measures to prevent unauthorized access, loss, destruction, or alteration, including encryption, access controls, secure servers, and regular security assessments. Our personnel are trained on data protection, and we maintain secure information systems and offices.

​

In the event of a data breach posing a risk to your rights, we will notify you and the relevant supervisory authority as required by GDPR.

​

Your Rights

​

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: Obtain confirmation of processing and a copy of your data.

  • Right to rectification: Correct inaccurate or incomplete data.

  • Right to erasure ("right to be forgotten"): Delete data in certain circumstances, such as when no longer necessary.

  • Right to restrict processing: Limit processing in specific cases, like contesting accuracy.

  • Right to data portability: Receive your data in a structured, machine-readable format and transmit it to another controller.

  • Right to object: Oppose processing based on legitimate interests or for direct marketing.

  • Right to withdraw consent: At any time, without affecting prior lawfulness.

  • Rights related to automated decision-making: Not applicable, as we do not use this.

 

To exercise these rights, contact us at contact@laavat.com. We will respond within one month (extendable if complex). Requests are free unless manifestly unfounded or excessive.

You also have the right to lodge a complaint with a supervisory authority, such as the Finnish Data Protection Ombudsman (tietosuoja.fi) or your local authority if in another EU country.

​

Children's Privacy

​

Our website and services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete it promptly. Parents or guardians discovering such data should contact us.

​

Cookies

​

Our website uses cookies to enhance functionality and user experience. Cookies are small text files stored on your device.

​

We use:

  • Essential cookies: Necessary for site operation (e.g., session management).

  • Analytics cookies: To collect aggregated data on site usage (e.g., via tools like Google Analytics) for trends and improvements.

 

You can manage cookies via your browser settings or our cookie consent banner (if implemented). Accepting cookies is optional, but declining may limit site functionality. For more details, see our Cookie Policy [link if separate; otherwise integrate].

​

Third-Party Privacy Policies

​

This policy does not apply to third-party websites or services linked from our site. We recommend reviewing their privacy policies. For example, if we use third-party analytics or advertising, their practices (e.g., data collection for targeted ads) are governed by their policies. You can opt out of certain tracking via browser settings or tools like Google Analytics opt-out.

​

We do not control these third parties and are not responsible for their content or practices.

​

bottom of page