Suomeksi
Book a chat

Privacy

Privacy policy

Notice under Articles 13 and 14 of the EU General Data Protection Regulation (GDPR). Updated 2026-04-27.

1. Data controller

Koud Oy
Business ID: 2929995-8
Kalevantie 2, 33100 Tampere, Finland
Email: tietosuoja@koud.fi

The controller decides the purposes and means of processing. We have not appointed a Data Protection Officer because our processing operations do not require one.

2. Privacy contact

Email tietosuoja@koud.fi. We reply within one business day.

3. Personal data we process

  • Inquiries and proposal requests: name, email, optional phone number, company, message content, sender IP (bot mitigation).
  • Cal.com booking calendar: contact details and meeting context provided by the user, plus technical data collected by Cal.com.
  • Web analytics (Vercel Web Analytics and Plausible Analytics): aggregated anonymous visit statistics. No cookies, no personal identifiers.
  • Customer engagements: names and contact details of contract contacts, plus communications during the project.
  • Recruitment: applications, CVs, and the data they contain, when you send them to us.

4. Purpose and lawful basis

  • GDPR 6(1)(b) — Performance of contract: handling inquiries, the proposal process, and ongoing customer relationships.
  • GDPR 6(1)(c) — Legal obligation: bookkeeping and other regulatory requirements.
  • GDPR 6(1)(f) — Legitimate interest: operating and improving the website, mitigating abuse, business development.

5. Retention

  • Inquiries that do not lead to a customer relationship: 24 months.
  • Customer-engagement data: for the duration of the contract and the period required by Finnish accounting law afterwards (10 years).
  • Recruitment material: six months after the end of the recruitment process, unless the applicant grants permission for a longer period.
  • Web analytics data (Vercel Web Analytics, Plausible): aggregated practically indefinitely, as it is not personal data.

6. Sources of data

Data is primarily collected from data subjects themselves (forms, email, phone). Technical data about the site is collected automatically through standard logs.

7. Sub-processors and transfers

We use the following service providers in the processing of personal data. All have committed to GDPR requirements and have signed the necessary data-processing agreements with us.

  • Vercel Inc. (US, EU regions): hosting and cookieless Web Analytics visit statistics.
  • Plausible Insights OÜ (Estonia, EU): cookieless Plausible Analytics visit statistics.
  • Resend, Inc. (US, eu-west-1 region): transactional email.
  • Cal.com, Inc. (US / EU region): embedded booking calendar on /varaa-aika/, /en/book/, and /yhteystiedot/. Details: cal.com/privacy.
  • Microsoft Ireland Operations Ltd. (EU, Ireland): work email and the calendar that Cal.com syncs with.

Transfers outside the EU rely on the EU Standard Contractual Clauses (SCCs) and on the providers' EU subsidiaries.

8. Your rights

Under the GDPR you have the right to:

  • access the data we hold about you,
  • request correction of inaccurate data,
  • request deletion when the lawful basis ends,
  • object to or restrict processing,
  • request portability (when processing is based on contract or consent),
  • withdraw consent at any time when processing is based on consent.

Send requests to tietosuoja@koud.fi. We aim to reply within one month.

9. Supervisory authority

You have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuoja.fi) if you believe our processing breaches the GDPR.

10. Security

We protect data with technical and organizational measures, including least-privilege access control, encrypted communications (TLS), password management, and regular backups. Data breaches will be reported to the supervisory authority and to data subjects as required by the GDPR.

11. Profiling and automated decision-making

We do not perform profiling or automated decision-making on personal data with legal or otherwise significant consequences for the data subject.