MAIN
MENU

Main navigation image, Saila Härkki portrait

Saila Härkki Design Oy

3263246-7

[email protected]

© SAILA HÄRKKI DESIGN 2025

PRIVACY POLICY

This is a statement on the processing of your personal data pursuant to the EU's General Data Protection Regulation (679/2016).


Updated 26.06.2025.

Controller

Saila Härkki Design Oy

3263246-7

Nahkatehtaankatu 3, 33270 TAMPERE

+358 50 572 9886

[email protected]


Communication regarding privacy matters

Saila Härkki

+358 50 572 9886

[email protected]

We request that data subjects contact the person listed hereinabove for all questions related to the processing of personal data and situations related to the exercising of your rights.

Basis and purpose of processing personal data

The legal basis for the processing of personal data is:

  • The consent to the processing of personal data provided by the data subject
  • The contractual relationship between the data subject and controller
  • Fulfilment of the controller’s statutory obligations
  • The controller’s legitimate interest

The purposes of processing personal data include communication with customers, maintaining the customer relationship, marketing, analyzing website usage, improving the service, and enhancing the user experience, as well as collecting statistical data through cookies and analytics tools to understand how the website is used.

Personal data being processed

The controller only collects personal data concerning the data subjects that is essential and relevant for the purposes explained in this privacy statement.

The following data concerning the data subjects is processed:

IP addresses of website visitors and cookies necessary for the functioning of the service are processed based on legitimate interest, for example, to ensure information security and to collect statistical data on website visitors, in cases where such data may be considered personal data. Consent is requested separately for third-party cookies when required.

Cookies and Analytics

The website uses cookies and similar technologies to enhance the user experience and to analyze site usage. Cookies are small text files stored on a user's device. Some of these cookies are essential for the operation of the site, while others are used for analytics purposes.

The analytics cookies used on this website include:

  • _ga (Duration: 1 year 1 month 4 days)
    Set by Google Analytics to calculate visitor, session, and campaign data and track site usage. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
  • ga* (Duration: 1 year 1 month 4 days)
    Set by Google Analytics to store and count page views.
  • hjSessionUser* (Duration: 1 year)
    Set by Hotjar to ensure that data from subsequent visits to the same site is attributed to the same user ID, which is unique to the site.
  • hjSession* (Duration: 1 hour)
    Set by Hotjar to ensure data from the same visit session is attributed to the same user ID.

These cookies are used to collect statistical data about website usage, such as the number of visitors, bounce rate, and traffic sources, to help improve the service and user experience.

Consent for Analytics Cookies

Use of Google Analytics and Hotjar cookies is based on the user's consent, which is requested upon visiting the website. Users can manage or withdraw their consent at any time via the cookie settings interface on the website.

Rights of the data subject

Right to request access to personal data

The data subject has the right to receive confirmation regarding whether personal data concerning them is being processed and, if it is, the right to receive a copy of their personal data.

Right to rectification

The data subject has the right to request that inaccurate and erroneous personal data concerning them be rectified. The data subject also has the right to supplement incomplete personal data by submitting the required additional information.

Right to erasure

The data subject has the right to request erasure of personal data concerning them if

a. the personal data is no longer required for the purposes for which they were collected;

b. the data subject withdraws their consent which the processing of personal data was based on, and no other legal basis exists for the processing; or

c. the personal data has been unlawfully processed.

Right to restriction of processing

The data subject has the right to restrict the processing of personal data concerning them if

a. the data subject contests the accuracy of their personal data;

b. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; or

c. the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.

Right to object

The data subject has the right to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning them.

The controller shall no longer process the data subject's personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent

The data subject has the right to withdraw the consent they have provided for the processing, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to data portability

The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller.

Right to lodge a complaint with a supervisory authority

The office of the Data Protection Ombudsman, operating under the Ministry of Justice, is the national supervisory authority for personal data matters. You have the right to bring your case to the supervisory authority if you consider that the processing of personal data concerning you is in violation of applicable law.


Regular Sources of Information

The information stored in the register is obtained from the customer, for example, through messages sent via web forms, by email, by phone, through social media services, from contracts, customer meetings, and other situations in which the customer provides their information.

Information about contact persons of companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.


Disclosure of Personal Data

Personal data will not be disclosed to third parties unless required by law. In exceptional cases, data may be disclosed, for example, to authorities as required by law.


Regular Disclosures and Transfers of Data Outside the EU or EEA

Data is not regularly disclosed to third parties. Data may be published to the extent agreed upon with the customer.

Data may also be transferred by the data controller outside the EU or EEA. Data will not be transferred to the United States without the explicit consent of the data subjects.

Principles of Register Protection

Care is taken in the processing of the register, and data handled through information systems is appropriately protected. When register data is stored on internet servers, both the physical and digital security of the equipment is ensured appropriately. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are treated confidentially and only by employees whose job duties include such processing.

Changes to the Privacy Policy

The data controller continuously develops its operations and may therefore need to amend and update its privacy policy as necessary. Changes may also be based on amendments to data protection legislation. If the changes involve new purposes for processing personal data or otherwise constitute significant changes, the data controller will inform about them in advance and request consent if required.