GDPR / EU

Privacy policy

This notice explains what personal data we process, why we process it, and what rights visitors and clients have under applicable data protection law.

Complete the remaining legal company details before launch. The privacy framework is ready, but some identifying information is still environment-driven.

Data controller

Company: nordicwebs.fi

Email: hello@nordicwebs.fi

Privacy contact: hello@nordicwebs.fi

Address: Somero, Finland

Additional register details should be completed before the site goes live.

Regulatory summary

GDPR Articles 12-14 require a clear and easily accessible privacy notice at the latest when personal data is collected.
EU e-Commerce transparency rules require online service providers to present identifying and contact information in an easily discoverable way.
The Finnish Traficom cookie guidance emphasizes that non-essential storage or access on the user device requires consent, while strictly necessary technical functions are exempt.
According to Vercel documentation, Web Analytics does not use third-party cookies and provides aggregated analytics, but consent-gating remains the safer implementation choice for an EU-facing marketing site.

What data we process

Contact requests and quote inquiries

GDPR Art. 6(1)(b) - steps prior to entering into a contract

We process inquiries in order to respond to requests, prepare quotations, and document agreed next steps.

Retention: Stored for up to 12 months after the latest active exchange, unless the discussion leads to a contract or a longer statutory retention duty.

name
company
email
message content
timestamp

Security, logs, and service continuity

GDPR Art. 6(1)(f) - legitimate interest

We detect errors, prevent abuse, and maintain the security and continuity of the service.

Retention: Technical logs are typically retained for 30 days, and longer only when a security incident or legal obligation requires it.

server logs
IP address or derivative identifier
error and load data
basic browser and device information

Website analytics

GDPR Art. 6(1)(a) - consent

We improve structure, content, and performance only after the visitor has opted into analytics.

Retention: Vercel Web Analytics is activated only after consent. According to the provider documentation, it does not use third-party cookies and short-lived visitor hashing expires within roughly 24 hours.

page URL without query parameters
referrer
country- or city-level location
device type, browser, and operating system

Authentication and client area (if enabled later)

GDPR Art. 6(1)(b) - performance of a contract

If a protected client area is introduced, we process account and session data to enable secure access.

Retention: Account data is retained for the duration of the client relationship and deleted or anonymized once there is no legal or operational reason to keep it.

authentication data
session identifiers
account metadata

Recipients and processors

Vercel

Role: hosting, content delivery, and analytics after consent

Data categories: server and performance logs, site requests, anonymized analytics, and technical diagnostics

Resend

Role: delivery of contact form emails

Data categories: name, email, company, message content, and associated metadata

Supabase

Role: authentication and any future protected application data

Data categories: user accounts, session details, and potential protected application data

If personal data is processed outside the EEA, transfers must rely on GDPR-compliant safeguards such as Standard Contractual Clauses or another valid transfer basis. Review your providers’ DPA and sub-processor lists before launch.

Your rights

the right to access your personal data
the right to rectify inaccurate data
the right to erasure where a legal basis for deletion exists
the right to restrict processing
the right to object to processing based on legitimate interest
the right to data portability where applicable
the right to withdraw analytics consent at any time
the right to lodge a complaint with a supervisory authority

You can exercise your rights by contacting hello@nordicwebs.fi. If you believe we process your data unlawfully, you may lodge a complaint with Tietosuojavaltuutetun toimisto.