Data Processing

Updated: February 8, 2026

FHATAL Oy complies with the EU General Data Protection Regulation (GDPR) and other applicable privacy regulations in the processing of personal data. This document supplements our Privacy Policy and provides more detailed information on data processing.

Legal Basis for Processing

We process your personal data on the following legal bases (GDPR Art. 6):

Consent (GDPR 6(1)(a))

We use consent for sending marketing communications and for the use of non-essential cookies.

Contract (GDPR 6(1)(b))

We process your data to fulfill customer contracts and deliver services.

Legal Obligation (GDPR 6(1)(c))

We process your data to meet the requirements of accounting and tax legislation.

Legitimate Interest (GDPR 6(1)(f))

We process your data based on our legitimate interests in website security, fraud prevention, and business development.

Data Categories and Sources

Data collected directly from you:

  • Contact information (name, email, phone number)
  • Company information (company name, industry, Business ID)
  • Communication content (contact forms, emails)
  • Project information (requirements, documentation)

Automatically collected data:

  • Technical data (IP address, browser type, operating system)
  • Usage data (site visits, clicks)
  • Device data (device type, screen resolution)

Recipients of Data

We may share your personal data with the following categories:

  • Hosting providers: For server and infrastructure maintenance
  • IT service providers: For technical support and maintenance
  • Legal authorities: In situations required by law

All service providers are in a contractual relationship with us and are bound by the same privacy regulations.

International Data Transfers

We strive to keep your data within the EU/EEA. If data is transferred outside the EU/EEA, we ensure appropriate protection using EU Commission-approved Standard Contractual Clauses (SCCs) or other GDPR-compliant transfer mechanisms.

Retention Periods

Customer Data

We retain customer data for the duration of the customer relationship and 10 years after its end in accordance with the Accounting Act.

Contact Information

We retain data collected via contact forms for 2 years, unless a customer relationship is formed.

Technical Logs

We retain technical log data for security reasons for a maximum of 6 months.

Security Measures

We protect your personal data with the following measures:

  • SSL/TLS encryption in data transmission
  • Database encryption
  • Access control and restriction of access rights
  • Regular security updates and audits
  • Staff training on data privacy
  • Data breach management process

Data Subject Rights

You have the following rights under the GDPR:

Right of Access (GDPR 15)

Right to obtain a copy of your personal data being processed

Rectification (GDPR 16)

Right to request correction of inaccurate data

Right to Erasure (GDPR 17)

"Right to be forgotten" under certain conditions

Restriction of Processing (GDPR 18)

Right to restrict the processing of your data under certain conditions

Data Portability (GDPR 20)

Right to receive your data in a structured format and transfer it to another

Right to Object (GDPR 21)

Right to object to processing based on legitimate interest

Withdrawal of Consent

Right to withdraw consent at any time

Right to Lodge a Complaint (GDPR 77)

Right to lodge a complaint with the Data Protection Ombudsman

To exercise your rights, please contact: support@fhatal.com

Notification of Data Breaches

If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, in accordance with GDPR Article 34.

Updates

This document may be updated to reflect changing practices and legal requirements. Updates will be published on this page with an updated date.

Contact Information

Controller:
FHATAL Oy
Email: support@fhatal.com