Privacy Policy | Data Protection

Controller and contact

The controller responsible for processing is Phunlaxxthunmare, Mannerheimintie 14–20, 00100 Helsinki, Finland. You can reach the privacy desk at assist@phunlaxxthunmare.world or by telephone on +358 20 132 1407. Written enquiries should include enough context for us to verify identity proportionately before disclosing information.

Postal address Mannerheimintie 14–20, 00100 Helsinki, Finland

Response aim We acknowledge privacy requests within three business days where possible.

Categories of personal data

Depending on how you interact with us, we may process identifiers and contact details (name, email address, telephone number), message content you send through forms or email, technical connection data such as approximate location derived from IP address, browser type, device identifiers, timestamps, and referral URLs, account or order references when services are purchased, payment confirmation metadata supplied by payment processors (not full card numbers stored on this site), and consent records including cookie preferences stored locally in your browser.

Special categories

We do not ask you to provide health data. If you voluntarily include sensitive information in a message, we treat it under heightened care and delete it when retention no longer serves the stated purpose unless law requires longer storage.

Purposes and lawful bases

We process data to respond to enquiries and fulfil contractual steps you request (Article 6(1)(b) GDPR), to operate and secure the website, analyse aggregated traffic, and improve navigation (Article 6(1)(f) GDPR, balanced against your rights), to comply with accounting, tax, and regulatory obligations (Article 6(1)(c) GDPR), and to send optional updates about seasonal lists or events where you have opted in (Article 6(1)(a) GDPR). Where legitimate interests are relied upon, you may object under the conditions set out in applicable law.

Advertising and online measurement

If we use online advertising platforms (for example, Google Ads), those services may process technical data such as device identifiers or conversion signals when you have consented to analytics or marketing cookies, or when the platform relies on a lawful basis independent of our site. We configure campaigns to respect EU/EEA requirements and our cookie policy. You can withdraw consent for optional cookies at any time through the cookie banner or your browser settings.

Retention periods

General enquiry emails are retained for up to twenty-four months after the last substantive message unless a longer period is needed for active projects, disputes, or statutory claims. Accounting records follow Finnish bookkeeping timelines. Server logs are rotated within ninety days except where temporarily extended for security investigations. Cookie consent logs are kept for twelve months from the last update. Marketing consents remain until withdrawn.

Security measures

We implement access controls, authentication for administrative interfaces, encryption in transit where supported by infrastructure providers, segmentation between environments, and confidentiality commitments from staff and subprocessors. We assess vendors before onboarding and review access periodically. No security practice eliminates all risk; we respond to incidents according to documented procedures and regulatory duties.

International transfers

Where data is processed outside the European Economic Area, we ensure appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or supplementary measures as required by case law. Copies of relevant transfer mechanisms can be requested in abstract form where commercial confidentiality allows.

Your rights

You may request access, rectification, erasure, restriction of processing, data portability, and objection to processing based on legitimate interests or direct marketing. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. You may lodge a complaint with the Office of the Data Protection Ombudsman (Finland) or another EU supervisory authority. Automated decision-making that produces legal effects is not used on this site.

Cookies and similar technologies

Optional analytics and marketing tools activate only with your consent where required. Strictly necessary technologies support security and preference storage. Details appear in the cookies policy, including category descriptions and storage durations.

Children

The website is not directed at children under sixteen. We do not knowingly collect personal data from children without appropriate authority. If you believe information was collected in error, contact us for prompt review and deletion where appropriate.

Changes to this policy

We update this policy when our processing operations or legal requirements change. Material changes will be reflected here, and where necessary we will provide additional notice. Continued use after an update may be subject to specific consent rules depending on the change involved.