REGISTRY AND PRIVACY POLICY (GDPR)

This privacy notice has been prepared in accordance with the EU General Data Protection Regulation (GDPR) and the Data Protection Act (1050/2018).

Date of creation: April 23, 2026
Last updated: April 23, 2026

1. Data Controller

Smile Company Oy
Business ID: 3183167-5
Address: Riihitie 5, 00330 Helsinki
Email: [email protected]
Phone: 050 573 7444

2. Data Protection Officer

Name: Ilkka Mäentakanen
Email: [email protected]

3. What this leaflet covers

This Privacy Policy applies to the RÄNDÖM website, the personal data collected in connection with it, as well as communication via the website, any newsletter subscriptions, analytics, and other processing of personal data related to the use of the site.

4. What personal data do we process?

We may process the following personal data depending on the features available on the website:

  • name
  • email address
  • phone number
  • organization or employer
  • the content of the message or contact request
  • any information related to a request for proposals or a request for collaboration
  • Newsletter subscription information and marketing consents
  • IP address, browser, and device information
  • log and usage data regarding website usage
  • information collected through cookies or similar technologies
    other information that the user provides to us

5. Where does the information come from?

We primarily obtain personal data from:

from the individual themselves, for example via a contact form, email, or newsletter subscription at
automatically when using the website, for example, based on log and cookie data
if necessary, from our service providers who provide technical services for the website, analytics, forms, hosting, or email marketing

6. For what purposes do we process data and on what legal basis

We process personal data for the following purposes:

  • Responding to inquiries and managing customer relationships or collaborative discussions
    Legal basis: legitimate interest or steps taken prior to entering into a contract.
  • Technical operation of the website, data security, and prevention of misuse
    Legal basis: legitimate interest.
  • Sending newsletters or other electronic marketing materials to
    Legal basis: consent, where consent is required.
  • Website analytics and service development
    Legal basis: consent, if the analytics are based on cookies or other non-essential identifiers. If genuinely cookie-free analytics that minimize the use of personal data are used, the legal basis may in some situations be legitimate interest, but this must be assessed on a case-by-case basis.
  • Compliance with legal obligations
    Legal basis: statutory obligation.

If the processing is based on a legitimate interest, our interest is to maintain a functional, secure, and appropriate website, handle inquiries appropriately, and improve our services.

7. Is information disclosed to third parties?

We may disclose or provide personal data to the following parties to the extent necessary:

  • website hosting and technical service providers
  • providers of website maintenance and development services
  • providers of analytics and cookie tools
  • newsletter or email service providers
  • authorities, if required by law

We do not sell personal information to third parties.

8. Is data transferred outside the EU or the EEA?

Personal data may be transferred outside the European Union or the European Economic Area if the technical service provider we use processes the data outside the EU/EEA.

In such cases, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or other legal grounds for data transfer recognized under data protection legislation.

Services used: Google Analytics

9. How long do we retain data?

We retain personal data only for as long as necessary for the purposes described in this policy or for as long as required by law.

10. Rights of the Data Subject

In accordance with applicable data protection laws, you have the right to:

  • to find out whether we are processing your personal data
  • access your personal information
  • request a correction of incorrect information
  • request the deletion of data
  • request a restriction on processing
  • object to processing in certain situations
  • transfer data from one system to another when applicable
  • withdraw consent at any time to the extent that the processing is based on consent
  • file a complaint with the regulatory authority

If your data is processed for direct marketing purposes, you have the right to object to such processing without having to provide any specific reasons. Requests from data subjects must be responded to without undue delay and, as a rule, within one month of receiving the request.

11. Right to file a complaint with the supervisory authority

If you believe that the processing of your personal data violates applicable data protection laws, you have the right to file a complaint with the Office of the Data Protection Ombudsman.

Office of the Data Protection Ombudsman
P.O. Box 800, 00521 Helsinki
www.tietosuoja.fi

12. Cookies

This website may use cookies and similar technologies to enable the website to function, improve the user experience, provide analytics, and for potential marketing purposes.

Essential cookies may be set without separate consent when they are necessary for the technical operation of the service. However, consent for analytics, statistical, and marketing cookies is requested, if necessary, via a cookie banner or settings tool.

13. Is providing this information mandatory?

Providing the information requested in the contact form is generally necessary so that we can respond to your message or process your request.

Subscribing to the newsletter is optional.

Essential technical information may be necessary to ensure the secure and proper functioning of the website.

14. Is automated decision-making or profiling used?

We do not use automated decision-making based on personal data that would have legal effects or similarly significant effects on the data subject.

15. Data Protection

We protect personal data using appropriate technical and organizational measures. These may include, for example, access control, password protection, log data, technical protection of services, staff training, and limiting the processing of personal data to only those individuals who have a legitimate need for it based on their work.

16. Changes to this document

We may update this Privacy Policy if there are changes to the website’s operations, the processing of personal data, or applicable laws. The most recent version will be posted on this page.