Privacy & data protection
Privacy Policy
This document describes how Strainttgloweo processes personal data when you visit https://strainttgloweo.site/, use the contact channel, or interact with optional analytics after providing consent. The policy is designed for alignment with the EU General Data Protection Regulation (GDPR) and Finnish national implementation.
01Introduction
We provide general informational content about structuring office workdays, breaks, and educational programs. Personal data processing is limited to what is needed to operate the website securely, respond to enquiries, document consent, and—only where you opt in—support measurement or campaign scripts described in the cookie policy.
This policy should be read together with the Terms of Use, Cookie Policy, and Refund Policy. If you are acting on behalf of an organization, both you and your employer may have distinct roles; this text addresses visitors and message senders in their own capacity unless a separate data processing agreement states otherwise for B2B engagements.
We do not use this website to deliver medical or clinical services. Please do not submit special categories of data (for example detailed health histories) through the contact form.
02Scope and informational use
The policy applies to processing activities connected to the domain https://strainttgloweo.site/, including subpages that share the same technical stack, forms, and consent tools. Offline activities—such as signed consulting agreements—may introduce additional schedules referenced in those contracts or invoices.
Marketing copy on the site describes educational framing. Performance is discussed in qualitative terms. Nothing in our public pages should be interpreted as a commitment about how any individual or team will experience work after adopting suggested habits.
03Categories of personal data
Depending on how you interact with us, we may process:
- Identity & contact data. Name, email address, phone number if you supply it, organization name, and similar details entered voluntarily.
- Message content. Free-text fields you type, which may include scheduling preferences or business context. Keep content proportionate to informational enquiries.
- Technical & usage data. Internet protocol address, approximate location derived by network providers, device type, browser version, referring URL, timestamps, and error logs needed for integrity monitoring.
- Cookie and storage identifiers. Values persisted by strictly necessary tools or, if enabled, analytics and marketing vendors.
- Consent records. Timestamped evidence of choices made through the cookie banner and form checkboxes.
04Sources and collection points
Most data comes directly from you when you browse, email, call, or complete the contact form. We may receive professional contact information from public registers or referrals when someone introduces you to us; in those cases we still validate accuracy with you before relying on it for ongoing correspondence.
Hosting infrastructure automatically generates server logs when pages load. Those logs are not used to build individual behavioural profiles unless a separate, consent-based analytics deployment is active in line with the cookie policy.
05Purposes and legal bases
We rely on GDPR Article 6 thresholds that fit each activity:
- Website delivery & security (Art. 6(1)(f)). Maintaining uptime, rate limiting abusive traffic, detecting tampering, and supporting HTTPS certificates.
- Responding to enquiries (Art. 6(1)(b) or (f)). Taking steps at your request prior to contracting, or pursuing legitimate interests in answering questions, balanced against your rights.
- Consent-based analytics or marketing (Art. 6(1)(a)). Optional tags load only after you enable the relevant cookie category.
- Legal compliance (Art. 6(1)(c)). Retaining invoices, tax evidence, or regulatory correspondence where Finnish or EU law compels storage.
Where we cite legitimate interests, you may object under Article 21 GDPR. We will assess whether compelling grounds override your interests; for pure commercial newsletters you may always withdraw consent or unsubscribe if that mechanism exists.
06Consent management and withdrawal
Cookie preferences are stored locally so the banner does not reappear unnecessarily. You may reopen settings by clearing storage or using any future in-footer control we add. Withdrawing marketing consent does not retroactively invalidate earlier lawful processing but stops new activities that required consent.
Contact form consent is granular to messaging. If you withdraw consent before we reply, we will stop processing your enquiry unless another legal basis applies (for example statutory recordkeeping).
07Processors and categories of recipients
Trusted vendors assist with hosting, email delivery, customer ticketing, backup, or analytics (when enabled). They remain processors bound by written instructions. Government authorities may receive disclosures when mandatory Finnish or EU law requires cooperation.
We do not sell personal data, and we do not authorize partners to use your enquiry emails for their independent advertising without explicit permission.
08International transfers
Primary processing occurs within the European Economic Area. If a processor stores or accesses data from other regions, we implement appropriate safeguards such as adequacy decisions or Standard Contractual Clauses supplemented by technical measures like encryption in transit.
Upon request, we can summarize the mechanisms applicable to a specific vendor relationship, subject to commercial confidentiality that does not obstruct regulatory oversight.
09Retention periods
Contact messages: up to twenty-four months from the last email in a thread unless litigation or accounting rules require longer retention. Consent logs: up to thirty-six months for accountability evidence. Server logs: rotated per hosting defaults, commonly ninety days unless extended during incident review. Financial records follow statutory bookkeeping timelines (often six to ten years depending on document type).
Backups may briefly retain deleted items until overwrite cycles complete; restoration after deletion is not guaranteed and is reserved for disaster recovery, not routine access.
10Security measures
We apply layered controls: access restriction for staff accounts, separation of environments where feasible, patching expectations for managed infrastructure, transport encryption for web traffic, logging of administrative actions, and vendor diligence reviews proportional to risk.
No online system is immune to attack. If we become aware of an incident that poses high risk to individuals, we evaluate notification duties toward supervisory authorities and, when required, affected data subjects.
11Your rights
You may ask for access, rectification, erasure, restriction, data portability (where technically feasible), and human intervention regarding automated decisions with legal effects (we currently do not perform such decisions on site visitors). You may lodge a complaint with the Finnish Office of the Data Protection Ombudsman.
Online: Visit https://tietosuoja.fi/en/ for supervisory contact paths.
Email us: Use the controller mailbox above for SAR tickets; we may request proportionate identification before releasing records.
12Special categories of data
Article 9 GDPR covers data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometrics, health, sex life, or sexual orientation. Our public forms are not designed for those topics. If you voluntarily disclose them, we will delete unnecessary elements unless a separate legal exemption applies and is documented.
13Children
Content targets adult professionals. We do not market to minors. Guardians who believe a child provided personal data should alert us; verification steps may apply before erasure to prevent fraudulent deletion requests.
14Automated decision-making
We do not operate fully automated decision engines on visitors that produce legal or similarly significant effects. Analytics tools, if enabled, may aggregate traffic; they do not adjudicate eligibility for employment or benefits on this site.
15Third-party links
References to regulators, font hosts, icon libraries, or future partners are provided for convenience. Their controllers determine their own privacy statements. Review them before submitting personal data elsewhere.
16Complaints
You may pursue remedies before Finnish courts or escalate to supervisory authorities without prejudice to other administrative or criminal complaint channels available under national law.
17Changes to this policy
We update this text when processing operations, vendors, or laws evolve. Material changes will be reflected on this page with a refreshed summary date in the footer. Where consent is affected, we will collect fresh consent before expanding optional tracking.
18Contact
Questions about this Privacy Policy can be directed to the controller postal address, phone line, or email listed in the hero card. Please allow reasonable time for complex requests; statutory deadlines under GDPR remain unaffected where applicable.