Privacy Policy

At Painttis.fi Ky, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and handle your personal information when you visit our website or use our services.

We are committed to transparency in our data practices and ensuring compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR) and Swedish data protection laws.

By using our website, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our website.

We use the collected information for the following purposes:

• Communication: To respond to your inquiries, provide customer support, and send requested information
• Service Delivery: To provide, maintain, and improve our game development services
• Analytics: To understand how visitors use our website and identify areas for improvement
• Marketing: To send promotional materials, newsletters, and updates (only with your consent)
• Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements
• Security: To detect, prevent, and address technical issues, fraud, or security vulnerabilities
• Business Operations: To conduct internal research, analysis, and business development

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: When you have given explicit consent for specific processing activities
• Contractual Necessity: When processing is necessary to fulfill a contract with you
• Legal Obligation: When we must process data to comply with legal requirements
• Legitimate Interests: When processing serves our legitimate business interests while respecting your rights

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Secure Socket Layer (SSL) encryption for data transmission
• Regular security assessments and vulnerability testing
• Access controls and authentication procedures
• Employee training on data protection practices
• Secure data storage and backup systems
• Incident response and breach notification procedures

While we strive to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but will notify you of any breach that may affect your rights.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law:

• Contact form inquiries: Retained for up to 2 years after the last communication
• Marketing communications: Until you unsubscribe or withdraw consent
• Analytics data: Aggregated data retained indefinitely; individual data up to 26 months
• Legal records: Retained as required by Swedish law (typically 7 years for business records)

When data is no longer needed, we securely delete or anonymize it to prevent unauthorized access or use.

Under GDPR and Swedish data protection laws, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within 30 days.

You are not required to provide any personal information when using this website. If you prefer not to share your data, you may:

• Avoid filling out contact forms, account registrations, or any data-submitting features
• Disable cookies through your browser settings (see our Cookie Policy for more details)
• Contact us directly to request the deletion of any previously shared personal data

We respect your privacy choices. If you would like us to delete your data, please reach out to us at the contact details provided below. We will process your request promptly and confirm when your data has been removed from our systems.

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers operate. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions confirming equivalent data protection standards
• Binding Corporate Rules for intra-group transfers

We remain responsible for personal data transferred to third parties for processing on our behalf.

Our website is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

If we discover that we have collected personal data from a child under 16 without parental consent, we will delete that information promptly.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make significant changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email if you have subscribed to our communications
• Display a prominent notice on our website for material changes

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries, you may also contact the Swedish Authority for Privacy Protection:

Integritetsskyddsmyndigheten (IMY)
Box 8114
104 20 Stockholm, Sweden
Website: www.imy.se