Privacy Policy
Updated: November 2025
1. Controller and Contact Information
FHATAL Oy ("we")
Email: support@fhatal.com
Business ID: 3546336-3
2. Scope
This policy applies to the fhatal.com website, its forms, and potential support channels where we collect personal data for customer relationship management, sales, communication, and site development.
3. Purposes and Legal Bases (GDPR Art. 6)
| Purpose | Examples | Legal Basis |
|---|---|---|
| Responding to inquiries and customer communication | Contact form messages, quote requests, support requests | Pre-contractual measures or legitimate interest; if marketing consent, then consent |
| Service production and development | Usage statistics, error logs, performance improvement | Legitimate interest; legal obligation if applicable |
| Marketing communication | News, updates, campaigns | Consent; you can withdraw at any time |
| Security and prevention of misuse | reCAPTCHA verification, logs, fraud prevention | Legitimate interest and legal obligations |
4. Data Categories
- Contact Information: name, email, message content (Formspree form)
- Usage Data: page views, events, referral sources, rough location (city/country in GA4 with IP anonymization), device and browser info
- Technical Data: IP address and device identifiers may technically constitute personal data; anonymized in GA4; reCAPTCHA assesses risk signals
- Cookie Data and Similar Identifiers: essential and analytics cookies, such as _ga and _ga_*
5. Cookies and Consent Management
We use only essential cookies by default. Analytics only activate if you provide consent in the cookie banner. You can change your choice at any time via the "Manage Cookies" link in the footer.
| Category | Description | Example | Retention |
|---|---|---|---|
| Essential | Basic site functions and security (e.g., spam prevention with reCAPTCHA) | _GRECAPTCHA (reCAPTCHA) | Session–persistent (Google may set both) |
| Analytics (Consent) | Measuring usage and service development. Loads only with approval. | _ga (2 yrs), _ga_XXXX (2 yrs) | Typically 2 years; you can delete from browser |
Note: Exact names and durations may change with provider updates. We update the table as needed.
6. Recipients and Processors
| Service | Role | Purpose | Location & Transfer Basis |
|---|---|---|---|
| Formspree (formspree.io) | Processor | Forwards contact form messages to our email | EU/USA; transfers protected e.g., by SCCs per provider terms |
| Google reCAPTCHA v2 | Independent Controller | Spam and abuse prevention in forms | Global; transfers protected per Google terms and SCCs |
| Google Analytics 4 (Consent Mode v2) | Processor | Usage measurement and development only with consent; IP anonymized | Global; SCCs + settings per EU requirements |
7. International Transfers
If personal data is transferred outside the EU/EEA, we ensure protection by using EU Standard Contractual Clauses (SCC) and additional safeguards where necessary.
8. Retention Periods
- Form Messages (Formspree): retained as long as required for handling the matter and potentially for accounting/defense of claims
- GA4 Event Data: typical retention 14 months or less within the scope of your consent
- Technical Logs: short cycle for security and debugging needs
9. Your Rights
- Access to data and copy (GDPR Art. 15)
- Rectification (Art. 16) and Erasure (Art. 17)
- Restriction of processing (Art. 18) and Data portability (Art. 20)
- Right to object when processing is based on legitimate interest (Art. 21)
- Withdrawal of consent at any time (does not affect processing before withdrawal)
- Right to lodge a complaint with a supervisory authority: Office of the Data Protection Ombudsman, tietosuoja.fi
How to exercise your rights: send a request to support@fhatal.com. We may request reasonable verification of your identity.
10. Profiling and Automated Decisions
We do not make automated decisions or profiling that would have legal effects on you. GA4-level aggregate statistics do not target individuals.
11. Security
- Encryption (HTTPS) in transit, restricted access to environments
- Minimization: we collect only what is necessary
- Regular updates and vulnerability fixes
12. Children's Data
The services are not directed to children under 13. We do not knowingly collect personal data from children.
13. Changes to Policy
We may update this policy. We will notify of significant changes on the site and update the "Updated" date at the top of this page.
14. Platform Specific Details
Formspree Form
- Endpoint: https://formspree.io/f/xpwdvkpy
- Processing: your name, email address, and message are forwarded to us
- Legal Basis: pre-contractual measures / legitimate interest; if you request marketing, then consent
Google reCAPTCHA v2
- Site key: 6LezslMrAAAAAIf39D1hiKx8BZFqnbSbbTRPHq5t
- Purpose: prevention of misuse and spam in forms (essential)
- Role: Google usually acts as an independent controller for the reCAPTCHA service
Google Analytics 4 + Consent Mode v2
- Measurement ID: G-4DDZ42L1R1
- Loading Logic: scripts load only after you accept analytics in the cookie banner
- IP Anonymization: enabled; reporting at event level without direct identification
15. Cookie Management (Guide)
You can change your consent at any time by clicking the "Manage Cookies" link in the footer. Browser-specific deletion:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
16. Contact for Exercising Rights
All privacy matters: support@fhatal.com
Annex A – Cookie List
| Name | Service | Description | Duration | Category |
|---|---|---|---|---|
| _GRECAPTCHA | Google reCAPTCHA | Risk analysis for abuse prevention | Session / persistent | Essential |
| _ga | Google Analytics 4 | User distinction (analytics) | 2 years | Analytics (Consent) |
| _ga_XXXX | Google Analytics 4 | Session state tracking | 2 years | Analytics (Consent) |