1. Controller
Suxem Oy
- Email: info@suxem.fi
- Website: https://suxem.fi
- Helsinki, Finland
Suxem Oy is the data controller responsible for the processing of your personal data as described in this Privacy Policy.
2. Scope
This Privacy Policy applies to all websites, platforms, and digital services owned, operated, or managed by Suxem Oy, including:
- suxem.fi (company website)
- All customer websites built and hosted through the Suxem Website Engine platform
- Any subdomains, staging environments, or related digital properties
3. Legal Basis for Processing
We process personal data based on the following legal grounds under the EU GDPR and Finnish data protection legislation:
| Legal Basis | Application |
|---|---|
| Consent (Art. 6(1)(a)) | Newsletter subscriptions, optional cookies, marketing |
| Contract performance (Art. 6(1)(b)) | Service delivery, audit requests, customer communications |
| Legitimate interest (Art. 6(1)(f)) | Security monitoring, fraud prevention, service improvement |
| Legal obligation (Art. 6(1)(c)) | Tax records, regulatory compliance, law enforcement |
4. Personal Data We Collect
4.1 Data You Provide Directly
- Contact information: name, email, phone, company name
- Form submissions: audit requests, contact inquiries
- Communications: messages, feedback, support requests
4.2 Data Collected Automatically
- Technical data: IP address, browser type, OS, device type
- Usage data: pages visited, time spent, navigation paths
- Connection data: ISP, approximate geographic location (city/country)
- Security data: user agent strings, request timestamps
4.3 Data from Third Parties
- Service providers: payment processors, email delivery
- Public sources: business registries, public company info
5. Purposes of Processing
- Service delivery — processing requests, delivering services
- Communication — confirmations, updates, responses
- Security — protecting against unauthorized access and abuse
- Rate limiting — preventing abuse of services
- Analytics — understanding usage to improve services
- Legal compliance — meeting regulatory obligations
- Business operations — invoicing, record-keeping
- Platform improvement — developing and improving services
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Audit requests | 5 years from submission |
| Contact form submissions | 2 years from submission |
| Security logs | 12 months |
| Rate limiting data | 1 hour (in-memory) |
| Analytics data | 26 months |
| Contractual records | 10 years after contract end |
| Marketing consent records | Duration of consent + 3 years |
7. Data Recipients and Transfers
7.1 Service Providers
| Provider | Purpose | Location |
|---|---|---|
| Hosting (Domainhotelli) | Website hosting and delivery | Finland/EU |
| Database provider | Data storage | Finland/EU |
| Email (server mail) | Transactional email | Finland/EU |
7.2 International Transfers
Where data is transferred outside the EEA, we ensure protection through:
- EU Standard Contractual Clauses (SCCs)
- EU-US Data Privacy Framework (where applicable)
- Adequacy decisions by the European Commission
We do not sell personal data to third parties.
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your data |
| Restriction | Restrict processing in certain circumstances |
| Portability | Receive data in a machine-readable format |
| Objection | Object to processing based on legitimate interest |
| Withdraw consent | Withdraw consent at any time |
Submit requests to: info@suxem.fi. We respond within 30 days.
Right to Lodge a Complaint
Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Lintulahdenkuja 4, 00530 Helsinki, Finland
Email: tietosuoja@om.fi — Website: tietosuoja.fi
10. Security Measures
- TLS/HTTPS encryption for all data in transit
- Role-based access control, principle of least privilege
- Rate limiting against brute-force and abuse
- Server-side input validation
- Parameterized queries, encrypted database connections
- Security event logging and anomaly detection
- 72-hour breach notification to supervisory authority (Art. 33 GDPR)
11. Children's Privacy
Our services are not directed at individuals under 16. We do not knowingly collect personal data from children. If we become aware of such collection without parental consent, we will delete it promptly.
12. Third-Party Links
Our websites may contain links to third-party services. We are not responsible for their privacy practices. Review their policies before providing personal data.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Material changes will be communicated through a prominent notice on our website.
14. Contact
For questions regarding this Privacy Policy or our data processing:
- Suxem Oy
- Email: info@suxem.fi
- Website: https://suxem.fi
- Helsinki, Finland
This Privacy Policy is governed by Finnish law and the EU General Data Protection Regulation (GDPR).