Tietosuojaseloste
Privacy Policy – Customer and Marketing Register
This is a privacy policy in accordance with the EU General Data Protection Regulation (GDPR) for Droneca Oy customers, potential customers, and website visitors.
Created: 8 July 2025
Last updated: 8 July 2025
1. Data Controller
Droneca Oy, Tengströminkatu 49, 68620 Pietarsaari, Finland
Contact person for register matters: Jukka Hellén, CEO
2. Data Subjects
The register processes data relating to the following groups of persons:
Customers (current and former)
Potential customers
Website visitors
Newsletter subscribers
Business partners
3. Purposes and Legal Basis for Processing
Personal data is processed for the following purposes:
Managing, maintaining, and developing the customer relationship
Delivering services and invoicing
Responding to contact requests
Marketing and communications (e.g. newsletters, targeted advertising) [where applicable, based on consent or legitimate interest]
Analysing and developing website functionality
Fulfilling statutory obligations
The legal basis for processing is generally:
Performance of a contract (customer relationship)
Legitimate interests of the data controller (e.g. direct marketing, website development)
Consent of the data subject (e.g. newsletter, cookies)
Statutory obligation
4. Data Recorded in the Register
The following data may be recorded depending on the purpose:
Basic information: Name, contact details (email address, phone number, address)
Company information: Company name, business ID, position/title within the company
Customer-related data: Contract information, order and invoicing data, customer feedback, contacts
Marketing-related data: Direct marketing permissions and prohibitions, interests
Website usage data: IP address, browser and device information, cookie data, usage data (e.g. visit duration, pages viewed)
Other data: Information provided directly by the data subject (e.g. via forms)
5. Retention Period
Personal data is retained only for as long as necessary for the purposes set out in this policy, unless legislation requires longer retention (e.g. the Accounting Act).
Customer data is retained for the duration of the customer relationship and thereafter for a reasonable period (e.g. 6 years) in case of complaints or legal claims.
Data in the marketing register is retained until the person withdraws their consent, objects to processing for marketing purposes, or until the data is deemed outdated (reviewed every 26 months).
Website analytics data is typically retained for 26 months.
Data is deleted from the registers when there is no longer a lawful basis for retaining it.
6. Regular Disclosure of Data and Transfer Outside the EU/EEA
Data is not generally disclosed to third parties. However, data may be disclosed to:
Authorities where required by law.
Carefully selected service providers (data processors) who process data on behalf of and in accordance with the instructions of the data controller (e.g. IT providers, marketing tools, payment services, debt collection companies).
Data may be transferred outside the EU or the European Economic Area (EEA) if this is necessary for the technical implementation of the services. In such cases, an adequate level of protection is ensured through mechanisms required by law, such as the use of standard contractual clauses approved by the European Commission or by ensuring that the transfer takes place to a country whose level of data protection the Commission has deemed adequate.
7. Cookies
Our website uses cookies and similar technologies to improve the user experience, analyse website usage, and target marketing. A cookie is a small text file that the browser saves on the user's device. We use both session and persistent cookies. You can manage cookie settings in your browser settings. Please note that blocking cookies may affect website functionality.
8. Principles of Register Security
The security and confidentiality of personal data is ensured through appropriate technical and organisational measures.
Data is stored in secure systems protected by firewalls, passwords, and other technical measures.
Access to data is restricted to only those employees and service providers who need it to perform their duties.
Staff and service providers are bound by a duty of confidentiality.
Manual material is stored in locked premises.
9. Rights of the Data Subject
The data subject has the following rights:
Right of access: The right to check what data has been recorded in the register.
Right to rectification: The right to request correction of inaccurate or incomplete data.
Right to erasure ("right to be forgotten"): The right to request erasure of data under certain conditions (e.g. if the data is no longer needed for its original purpose or if processing was based on consent that is withdrawn).
Right to restriction of processing: The right to request restriction of the processing of data in certain situations.
Right to object: The right to object to the processing of data on grounds relating to the data subject's particular situation, where processing is based on legitimate interest. The right to object to direct marketing.
Right to data portability: The right to receive data provided by the data subject in a machine-readable format and to transfer it to another data controller, where processing is based on consent or contract.
Right to withdraw consent: Where processing is based on consent, the right to withdraw it at any time.
Right to lodge a complaint with a supervisory authority: The right to lodge a complaint with the Data Protection Ombudsman if the data subject considers that the processing of their personal data violates data protection legislation.
Contact details of the Data Protection Ombudsman: www.tietosuoja.fi
Requests to exercise rights must be sent in writing to the contact person mentioned in section 1.
10. Changes to This Privacy Policy
We reserve the right to update this privacy policy as our operations develop or legislation changes. We recommend reviewing the policy regularly. Where necessary, changes will be communicated on our website or directly to data subjects.