theFirma

Contact us ->
FI
Menu

Privacy Policy

This is theFIRMA’s privacy policy and data register statement in accordance with the EU General Data Protection Regulation (GDPR). Prepared on November 24, 2025. Last updated on November 24, 2025.

Name of the Register

This privacy policy applies to the company’s customer and contact register.

Data Controller

Data Controller
theFIRMA
Joukahaisenkatu 3, Turku University of Applied Sciences, ICT-City
20520 Turku

Person Responsible for the Register
Roope Lehtinen
roope.lehtinen@turkuamk.fi

What Information We Collect

theFIRMA collects only necessary personal data for processing contact requests:

  • Name
  • Email
  • Phone number
  • Message and its content (contact form)
  • Server technical log data

theFIRMA does not collect analytics data, marketing profiles, or tracking data collected through cookies.

Sources of Information

  • Information provided by the user (contact form)
  • Technically collected information (security and error logs)

Purposes for Which Information Is Used

  • Processing and responding to contact requests
  • Legal obligations
  • Ensuring service operation and data security

theFIRMA does not use information for marketing or automated decision-making.

Legal Basis for Data Processing

  • Consent: the user provides their information voluntarily through the contact form
  • Legitimate interest: processing of server technical log data to ensure service security
  • Legal obligations: accounting and regulatory requirements when dealing with invoiced customers

To Whom Information Is Disclosed

Personal data is processed only by theFIRMA and its service providers:

  • Web hosting service
  • Email service
  • Accounting (only for paying customers)

Processors handle information only to the extent necessary to perform their duties. Information is not sold to third parties.

Data Transfer Outside the EU or EEA

theFIRMA does not transfer personal data outside the EU/EEA.

The website uses an embedded Google Maps feature, which may transfer the user’s IP address to Google. Google processes data according to its own terms.

Google may transfer data outside the EU/EEA, and such transfers are based on safeguards approved by the EU (such as standard contractual clauses).

Data Retention Period

Data is retained only as long as necessary for the purposes described in this policy:

  • Contact form data: 12 months
  • Customer data: duration of the customer relationship
  • Invoicing data: 6 years
  • Server log data: 1-12 months

Data Protection

Personal data is processed in secure systems accessible only to those employees and partners who have the right to access it due to their duties. Data transmission is protected with SSL/TLS encryption.

Rights of the Data Subject

  • right to access data
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to withdraw consent
  • right to lodge a complaint with the data protection authority

Requests can be sent to: roope.lehtinen@turkuamk.fi

Scroll to Top