FI | EN

Privacy Policy

Introduction

At SuomiFest, your privacy is our priority. We are committed to safeguarding the personal data you share with us and ensuring transparency about how we collect, use, disclose, and protect your information. This Privacy Policy applies to your use of our website www.suomifest.com (the “Site”), including subpages, mobile versions, and related services.

By accessing or using our Site, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please discontinue use of our Site.

1. Information We Collect

1.1 Personal Data You Provide

“Personal Data” means any information that identifies or can reasonably identify an individual. We collect Personal Data that you voluntarily provide when you:

  • Subscribe to our newsletter (e.g., email address).
  • Register an account (e.g., name, email, password).
  • Contact us via our forms (e.g., name, email, phone number, message content).
  • Participate in surveys, contests, or promotions (e.g., demographic details, preferences).
  • Complete a purchase or affiliate transaction (e.g., shipping address, payment details). Note: Payment data is processed by our payment processors and not stored on our servers.

1.2 Automatically Collected Information

When you visit our Site, we automatically collect certain technical and usage data, which may include:

  • Device Information: Device type, operating system, browser type, screen resolution.
  • IP Address: Identifies your approximate geographic location.
  • Referring URLs: The website or search engine you used to arrive at our Site.
  • Pages Visited and Duration: Pages you view, how long you spend on each, and navigation patterns.
  • Interaction Data: Clicks, scroll behavior, and other interactions with elements on our Site.

This information helps us understand how visitors use our Site and improve its performance and usability.

1.3 Cookies and Similar Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect and store information when you visit our Site. Cookies are small text files placed on your device that help us remember preferences and track usage patterns.

Types of cookies we use:

  • Essential Cookies: Necessary for basic Site functionality (e.g., session management, security). Without these cookies, parts of our Site may not function correctly.
  • Analytics Cookies: Help us understand how visitors interact with our Site (e.g., Google Analytics, Matomo). We use anonymized data to measure performance and improve the user experience.
  • Preference Cookies: Remember your settings (e.g., language preference, region, font size).
  • Advertising Cookies: Used for targeted advertising and retargeting through third-party ad platforms. We do not directly display third-party ads, but affiliate links and tracking may use these cookies.

You can control cookies through your browser settings. You may opt to block or delete cookies; however, this may impact your ability to use certain features of the Site.

1.4 Third-Party Data Collection

Some pages on our Site may embed third-party content (e.g., YouTube videos, social media widgets, Google Fonts). These third parties may collect data about your use of embedded content according to their own privacy policies.

2. How We Use Your Information

We use the information we collect for various purposes, including:

  • To Provide and Maintain Our Site: Ensure the Site is accessible, secure, and functioning properly.
  • To Respond to Inquiries: Address your questions, comments, and support requests.
  • To Send Newsletters and Promotional Communications: Provide updates, new product announcements, and special offers. You can opt out at any time.
  • To Process Transactions: Facilitate purchases, affiliate referrals, and related order fulfillment.
  • To Personalize Content: Tailor content, recommendations, and offers based on your preferences and browsing behavior.
  • To Conduct Analytics and Improve Services: Analyze usage trends to enhance functionality, design, and performance.
  • To Protect Against Fraud and Abuse: Detect and prevent unauthorized or fraudulent activity.
  • To Comply with Legal Obligations: Fulfill reporting obligations and cooperate with law enforcement or regulatory authorities.

3. Legal Basis for Processing Your Data

Under applicable data protection laws (including GDPR for EU residents), we rely on one or more of the following legal bases when processing your Personal Data:

  • Consent: You have given us clear consent to process your data for specific purposes (e.g., marketing emails).
  • Contract Performance: Processing is necessary to perform a contract with you, such as processing orders or providing services you request.
  • Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our Site, analytics), provided it does not override your rights and freedoms.
  • Legal Obligations: We must process your data to comply with applicable laws (e.g., tax reporting, financial regulations).

You have the right to withdraw your consent at any time if we rely on consent to process your data.

4. Sharing and Disclosure of Your Information

We do not sell your Personal Data. We may share information in the following scenarios:

4.1 Service Providers and Vendors

We engage third-party service providers to perform functions on our behalf, including:

  • Web Hosting: Companies that host our website and database.
  • Payment Processors: Companies that process credit card or other payment transactions. We do not store detailed payment data on our servers.
  • Email and Marketing Platforms: Services that facilitate newsletter delivery and marketing automation (e.g., Mailchimp, SendGrid).
  • Analytics and Performance: Providers such as Google Analytics, Matomo, or similar platforms to analyze site usage.

These providers are granted access to your Personal Data only to perform tasks on our behalf and are contractually obligated not to disclose or use it for other purposes.

4.2 Affiliates and Business Partners

With your explicit consent, we may share certain information with our affiliates or business partners for joint marketing and promotional purposes. We ensure any shared data is limited to what is necessary for the agreed-upon purposes.

4.3 Legal and Regulatory Requirements

We may disclose Personal Data if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal proceedings.
  • Protect and defend our rights or property.
  • Prevent or investigate possible wrongdoing in connection with the Site.
  • Protect the personal safety of users of the Site or the public.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, we may transfer your Personal Data to a successor entity. We will notify you of any material changes to this Privacy Policy and give you a chance to opt out before any transfer.

5. Third-Party Links and Embedded Content

Our Site may contain links to third-party websites or embedded content (e.g., social media feeds, videos). We do not control these third-party sites and are not responsible for their privacy practices. We encourage you to read the privacy policies of any linked or embedded sites before providing your Personal Data.

6. Your Rights and Choices

If you are located in Finland, the EEA, or other jurisdictions with data protection laws, you have the following rights regarding your Personal Data:

  • Right of Access: You can request a copy of the Personal Data we hold about you.
  • Right to Rectification: You can request that we correct inaccurate or incomplete data.
  • Right to Erasure (“Right to Be Forgotten”): You can request deletion of your data, subject to legal obligations.
  • Right to Restrict Processing: You can request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: You can request a machine-readable copy of your data for transfer to another service.
  • Right to Object: You can object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: If processing is based on consent, you can withdraw consent at any time without affecting processing prior to withdrawal.

To exercise any of these rights, please contact us at [email protected] or call us at +358 40 218 6243. We will comply with your request within applicable legal timelines (typically one month).

7. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. For example:

  • Account Data: Retained as long as your account is active and for a reasonable period afterward to comply with record-keeping obligations.
  • Newsletter Subscription: Retained until you unsubscribe or we no longer have a legitimate reason to keep it.
  • Transactional Data: Retained for a period necessary to comply with financial regulations (typically 5–7 years for tax and accounting purposes).
  • Analytics Data: Anonymized or aggregated data may be retained indefinitely for statistical purposes.

8. Security Measures

We implement a range of technical and organizational measures to protect your Personal Data from unauthorized access, disclosure, alteration, and destruction, including:

  • Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption for data in transit.
  • Encrypted storage of sensitive data where appropriate.
  • Access controls, multi-factor authentication, and role-based permissions for staff.
  • Regular security assessments, vulnerability scanning, and penetration testing.
  • Data backup and disaster recovery procedures.

While we strive to protect your data, no system is completely secure. We cannot guarantee absolute protection against unauthorized access or data breaches. In the event of a data breach affecting your Personal Data, we will notify you and relevant authorities in accordance with applicable laws.

9. International Data Transfers

Because we operate globally, your Personal Data may be processed and stored outside your country of residence, including in jurisdictions that may not have the same level of data protection laws as your home country. When transferring data internationally, we rely on:

  • Adequacy Decisions: Transfers to countries recognized by the European Commission as providing adequate data protection.
  • Standard Contractual Clauses: Legally approved model clauses to ensure adequate safeguards.
  • Binding Corporate Rules: For transfers within our corporate group, where applicable.

By using our Site, you consent to any such transfers of your Personal Data.

10. Children’s Privacy

Our Site is not intended for children under the age of 16. We do not knowingly collect Personal Data from anyone under 16. If you are a parent or guardian and become aware that your child under 16 has provided us Personal Data, please contact us immediately at [email protected]. We will take prompt steps to delete such information.

11. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or new features on our Site. Whenever we make significant changes, we will:

  • Post the updated Privacy Policy on this page with a revised “Last Updated” date.
  • Send you a notification via email or a site banner if the changes materially affect your rights or the way we process your data.

Your continued use of the Site after the “Last Updated” date constitutes acceptance of the updated Privacy Policy.

12. Contact Information

If you have questions or concerns about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:

SuomiFest
Kummunkatu 18, 83500 Outokumpu, Finland
Phone: +358 40 218 6243
Email: [email protected]

Last Updated: June 6, 2025