Privacy policy

Crimppi Oy’s privacy policy

Data Controller

Crimppi Oy (2275552-7).

Contact details for matters concerning the register:

Purpose and justification for the use of personal information

Personal data is processed for the handling and administration of customer relationships matters (offering, selling, delivering, and invoicing products and services as well as handling support requests and reclamations).

We do not disclose the data to third parties.

Categories of personal data to be processed

  • Basic information and contact information of the person (first name, last name, e-mail address, telephone number, employer, and job title)

Regular sources of information

Personal information is collected from the data subjects themselves.

Personal data retention period

The data will be stored as long as necessary depending on to the purpose for which the data was collected (e.g. customer relationship, solutions/services offered, and newsletter subscription).

At the minimum, the data is retained for the time period specified by law.

The information will not be disclosed to third parties. However, the data may be disclosed in accordance with the the authorities’ requests for the disclosure of legal information.

Data transfer outside the EU or EEA

Personal information will not usually be transferred outside the EU or EEA. However, some of the products and services require the transfer of data outside the EU. These include

  • Website analytics: Google Analytics and Microsoft Clarity (USA)
  • Newsletter: Mailchimp (USA)

Principles of registry protection

Databases containing personal data are kept on a server that is stored in locked premises that can only be accessed by designated and authorized persons. The server is protected by a firewall and tehnical protection.

Databases and systems can only be accessed with a personal username and password. The controller has restricted the access to information systems and other storage platforms so that the data can only be accessed by persons who are needed for the legal processing of the data.

The controller’s employees and other persons have committed to following professional confidentiality and keeping the information they receive confidential.

The data subject’s rights

The data subject has the following rights under the EU’s General Data Protection Regulation:

  • Right of access: the data subject has a right to inspect their own data and request that any errors be corrected.
  • Right to object: the data subject has the right to object to the processing of data if the data have been processed unlawfully or without a permission.
  • Right to erasure: the data subject has the right to request the erasure of their own personal information as long as the data to be erased are not necessary for the performance of the controller’s duties.
  • Right to data portability: if a data subject’s information needs to be transferred under the Data Protection Act, the data subject has the right to have their personal data transferred to them electronically, so that they can send the data to another controller.
  • Right to appeal: the data subject has the right to make a complaint to a Data Protection Supervisor if the data subject considers that the controller has violated the existing Data Protection Legislation in the processing of their personal data.


The website uses the following cookies: