Loading…

Privacy Policy

Effective: 21 October 2025 · Last updated: 13 April 2026 · Maatti Labs Oy

1. Data Controller

Maatti Labs Oy (Business ID: 3599862-4)
Email: [email protected]

2. Purposes of Processing Personal Data

  • Handling enquiries (contact forms, demo requests, support requests)
  • Customer relationship management (quotes, contracts, invoicing, support)
  • Service and website development (usability, error logs, analytics)
  • Marketing communications based on consent (newsletters, event summaries)
  • Security and fraud prevention (logs, access control)
  • Legal obligations (bookkeeping, authority requests)

3. Legal Bases for Processing (GDPR Article 6)

  • Contract (responding to demo requests, delivering the service)
  • Legitimate interests (maintaining customer relationships, service development, security)
  • Consent (cookies and profiling, newsletters)
  • Legal obligation (Accounting Act, authority requests)

4. Personal Data Processed

Depending on the situation, we may process:

  • Basic details: name, company, position, contact information (email, phone)
  • Messages and form responses: message content, attachments, demo-related needs
  • Contract and billing data: business ID, billing address, payment details
  • Technical data: IP address, browser and device identifiers, cookie identifiers, session and log data
  • Usage data: page visits, events, error reports, consent history
  • Support cases: tickets, chat and call logs, possible recordings and summaries

Special categories of personal data (GDPR Article 9) are not collected without a specific need and consent.

5. Data Sources

  • Directly from you via forms, email, phone or chat
  • Technically via the website and server infrastructure (logs, cookies)
  • From company representatives via public sources (e.g. business registers) to verify contact details

6. Cookies and Analytics

We use necessary cookies to ensure website functionality, and consent-based analytics cookies to develop the website.

  • Google Analytics — we collect statistical information about website usage (page loads, visitor numbers, traffic sources) to develop the service. Data is processed by Google LLC. Analytics is activated only with your consent.
  • Manage consent via the cookie banner — can be changed at any time

7. Recipients and Processors

Trusted service providers process personal data on our behalf and in accordance with our instructions. These include hosting and cloud services, telecommunications operators, email and support systems, analytics services, and integration platforms.

We conclude Data Processing Agreements (DPA) with processors. Data is disclosed to authorities only as required by law. Further details available on request.

8. Transfers Outside the EU/EEA

For transfers outside the EU/EEA (e.g. global cloud services), we use GDPR-compliant safeguards such as EU Standard Contractual Clauses (SCC) and additional protections where necessary. For more information: [email protected].

9. Retention Periods

Data is retained only for as long as necessary:

  • Form messages and tickets: typically 24 months from the last contact, unless law requires otherwise
  • Customer and contract data: for the duration of the relationship and 6–10 years under the Accounting Act
  • Analytics cookies: for the duration of consent and a maximum of 13 months
  • Technical logs: typically 12–24 months for security purposes

Retention periods are reviewed regularly and unnecessary data is deleted or anonymised.

10. Rights of Data Subjects

Under the GDPR, you have the right to:

  • Access your data and receive a copy
  • Rectify incorrect or incomplete data
  • Erase data ("right to be forgotten") when conditions are met
  • Restrict processing in certain situations
  • Port data from one system to another where the basis is consent or contract and processing is automated
  • Object to processing based on legitimate interests (including direct marketing)
  • Withdraw consent at any time (does not affect prior processing)

Send your request to [email protected]. We respond within approximately one month.

11. Automated Decision-Making and Profiling

We do not engage in automated decision-making with legal effects. We may use aggregated analytics to develop the service and personalise content based on your consent.

12. Data Security

Personal data is protected by organisational and technical measures (access controls, encryption in transit and at rest, logging, least-privilege principle, regular backups). Processors commit to equivalent protections.

13. Minors

The website and services are primarily intended for business customers. We do not knowingly collect data from minors. If such a situation is identified, please contact us for deletion.

14. Third-Party Sites and Embeds

The website may contain links or embeds from third-party sites (videos, maps). We are not responsible for their privacy practices — please consult their own policies.

15. Changes to this Policy

We update this policy as necessary. Significant changes will be announced on the website. Version history available on request.

16. Right to Lodge a Complaint

You have the right to lodge a complaint with the data protection authority if you consider that your data has been processed unlawfully:

Office of the Data Protection Ombudsman (Finland)www.tietosuoja.fi
PO Box 800, 00521 Helsinki · Tel. 029 56 66700

17. Contact

For privacy matters: [email protected]. We handle requests without undue delay.