Privacy Policy - Customer and Marketing Register
This is a privacy policy in accordance with the EU General Data Protection Regulation (GDPR) for customers, potential customers, and website users of Droneca Oy.
Created: 8.7.2025
Last updated: 8.7.2025
1. Data Controller
Droneca Oy, Tengströminkatu 49, 68620 Pietarsaari, Finland
Contact person for register matters: Jukka Hellén, CEO
2. Data Subjects
The register processes information about the following groups of individuals:
• Customers (current and former)
• Potential customers
• Website users
• Newsletter subscribers
• Cooperation partners
3. Purpose and Basis for Processing Personal Data
Personal data is processed for the following purposes:
• Managing, maintaining, and developing customer relationships
• Service delivery and invoicing
• Responding to contact requests
• Marketing and communications (e.g., newsletters, targeted advertising) [If applicable, based on consent or legitimate interest]
• Analyzing and developing website functionality
• Fulfilling legal obligations
The legal basis for processing is primarily:
• Performance of a contract (customer relationship)
• Legitimate interest of the data controller (e.g., direct marketing, website development)
• Consent given by the data subject (e.g., newsletter, cookies)
• Legal obligation
4. Information Stored in the Register
Depending on the purpose of use, the following information may be stored in the register:
• Basic information: Name, contact details (email address, phone number, address)
• Company information: Company name, business ID, position/title in the company
• Customer relationship information: Contract details, order and billing information, customer feedback, contacts
• Marketing-related information: Direct marketing permissions and prohibitions, areas of interest
• Website usage information: IP address, browser and device information, cookie information, usage data (e.g., visit duration, pages viewed)
• Other information: Information provided by the data subject (e.g., through forms)
5. Duration of Processing
Personal data is stored only as long as necessary to fulfill the purposes defined in this policy, unless legislation requires longer storage (e.g., accounting law).
• Customer data is stored for the duration of the customer relationship and thereafter for a reasonable period (6 years) for possible complaints or legal claims.
• Information in the marketing register is stored until the person withdraws their consent or objects to the processing of their data for marketing, or until the information is determined to be outdated (e.g., verification every 26 months).
• Website analytics data is typically stored for 26 months.
Information is deleted from the registers when there is no longer a legal basis for storing it.
6. Regular Disclosure of Information and Transfer of Data Outside the EU or EEA
Information is generally not disclosed to external parties. However, information may be disclosed to:
• Authorities when required by law.
• Carefully selected service providers (data processors) who process data on behalf of the data controller and according to their instructions (e.g., IT service providers, marketing tools, payment services, collection agencies).
Data may be transferred outside the EU or European Economic Area (EEA) if necessary for the technical implementation of services. In such cases, we ensure an adequate level of data protection through mechanisms required by legislation, such as using standard contractual clauses approved by the European Commission or by ensuring that the transfer takes place to a country whose level of data protection the Commission has determined to be adequate, or through other lawful transfer bases.
7. Cookies
Our website uses cookies and other similar technologies to improve user experience, analyze website usage, and target marketing.
A cookie is a small text file that the browser stores on the user's device. We use both session-specific and persistent cookies.
You can manage cookie settings in your browser settings. Please note that blocking cookies may affect the functionality of the website.
8. Principles of Register Protection
The data security and confidentiality of personal data are ensured through appropriate technical and organizational measures.
• Data is stored in protected systems that are secured by firewalls, passwords, and other technical means.
• Access to data is restricted only to those employees and service providers for whom it is necessary to perform work tasks.
• Staff and service providers are bound by confidentiality obligations.
• Manual material is stored in locked premises.
9. Rights of the Data Subject
The data subject has the following rights:
• Right of access to data (right of inspection): The right to check what information about them has been stored in the register.
• Right to rectification of data: The right to demand correction of incorrect or incomplete information.
• Right to erasure of data ("right to be forgotten"): The right to request deletion of their data under certain conditions (e.g., if the data is no longer needed for the original purpose or if the processing was based on consent that is withdrawn).
• Right to restriction of processing: The right to request restriction of the processing of their data in certain situations.
• Right to object: The right to object to the processing of their data on grounds relating to their particular situation when the processing is based on legitimate interest. The right to object to direct marketing.
• Right to data portability: The right to receive the data they have provided in machine-readable format and transfer it to another data controller when the processing is based on consent or contract.
• Right to withdraw consent: If processing is based on consent, the right to withdraw consent at any time.
• Right to lodge a complaint with a supervisory authority: The right to lodge a complaint with the Data Protection Ombudsman if they consider that the processing of their personal data infringes data protection legislation.
Requests regarding the exercise of rights should be sent in writing to the contact person mentioned in section 1.
10. Changes to This Privacy Policy
We reserve the right to update this privacy policy as our operations develop or legislation changes. We recommend that you regularly familiarize yourself with the content of the policy. When necessary, we will inform about changes on our website or directly to the data subjects.