Privacy policy

Objectives

We implement the data protection policy taking into account the requirements of both the EU data protection regulation and other legislation. The purpose of the data protection policy is to ensure the rights of persons working in the organization, stakeholders and data subjects, as well as the rights and obligations of the data controller, related to the processing of personal data. In the processing of personal data with Höyry, the protection of private life is implemented and compliance with good data processing practices is promoted. The following general principles are followed in the processing of personal data:

legality, reasonableness and transparency

intended use

data minimization

punctuality

limiting storage

integrity and confidentiality

Rights of the registrant

Data protection is the protection of a person’s private life. It includes everyone’s right to their personal data. The basic principle of the registrant’s rights is to guarantee the protection of personal data from unauthorized or harmful use of data. As the controller, we openly inform you about the processing of personal data before starting the processing operations. Rights and obligations of the data controller

We implement the data subject’s rights. In addition, we ensure that personal data is not processed without an appropriate legal basis (for example, the data subject’s consent). We make sure that personal data is only processed under appropriate conditions and that this is also taken into account when planning new processing methods. The processing of personal data is purpose-related, that is, we define in advance the purposes for which personal data is processed.

We also implement the necessary technical and organizational measures to ensure and demonstrate that the processing complies with the legislation. These measures are reviewed and updated as necessary.

Technical and administrative solutions for data protection

Based on the risk assessment, we choose technical security solutions to protect the data in our possession, and in accordance with the risk assessment, we have built an administrative system to monitor, guide and implement daily data processing in our company. We ensure the level of data protection in accordance with the data protection policy by conducting audits and reviews. We have appointed a data protection officer who leads and implements the data protection policy approved by the management and the operational measures approved by the board. In addition, we regularly train our employees in data protection matters. Personal data processors are also bound by a duty of confidentiality.

Actions when data protection is compromised

If data protection is suspected or found to have been compromised, the matter will be investigated immediately. In addition, the data subject whose data protection has been compromised will be notified without delay. We also notify the supervisory authority of a personal data security breach.

Instructions for handling personal data

The purpose of the digital and advertising agency Höyry’s personal data processing instructions is to guide the processing of personal data, implement the protection of private life and promote compliance with good data processing practices.

The personal data processing instruction is based on the EU data protection regulation, which applies to the processing of personal data. The Data Protection Regulation applies to the processing of personal data that is partially or fully automatic, as well as to the processing of personal data in a non-automatic form that forms part of the register or is intended to form part of the register.

These instructions provide common regulations for the processing of personal data of Digi-ja mainostoimisto Höyry. The personal data processing instructions are approved by the entrepreneurs/board of the Digital and advertising office Höyry. The data protection officer of Digija mainostoistimo Höyry is responsible for updating the handling instructions.

Download the personal data processing instructions in their entirety

1. Registrar

Digital and advertising agency Höyry Oy

Contact information

Digital and advertising agency Höyry
Koskikatu 10
96200 Rovaniemi
+358 50 366 2726

The person responsible for the register

Sami Halonen
Koskikatu 10
96200 Rovaniemi
+358 50 366 2726

2. Registered

Customers

Potential customers

3. Purpose of use of personal data

Personal data is collected for a specific, specific and legal purpose. Personal data is collected for contacting, for example, the sale of Digi-ja mainostoimisto Höyry Oy’s services and the company’s marketing communications, as well as processing customer feedback.

4. Personal data to be stored in the register

The information in the contact form is not public, but is collected only for Digi- ja mainostoimisto Höyry Oy’s internal measures. The customer register contains the following information:

Contact information

Name

Company/community

Address

Email

Phone number

In addition, you are asked to indicate the subject of the message and the object of interest

Customer information

Information about purchased products / services

5. Rights of the data subject

The registered person has the right to check what information about him is stored in the register.

Right of Access
In addition, after submitting a sufficiently specific and individualized request for access, the data subject has the right to obtain information concerning themselves and the contents of any records. The request for access must be submitted in writing and signed, and sent to the following postal address: Digi- ja Mainostoimisto Höyry, Koskikatu 10, 96200 Rovaniemi, Finland.

Right to Rectification
The controller must correct any inaccurate personal data in the personal data register identified by the data subject. The controller also has an independent obligation to ensure that the information in the register is accurate and up to date. The data subject may also request that the controller delete personal data concerning them from the register. The Data Protection Officer is responsible for managing the process.

Right to Object
The data subject has the right to request the restriction of the processing of personal data. The data subject also has the right to receive the personal data concerning them that they have provided to the controller in a structured, commonly used, and machine-readable format, and the right to transfer such data to another controller. In addition, the data subject has the right to object to data processing, automated decision-making, and profiling.

Direct Marketing Prohibition
The data subject has the right to prohibit the use of their data for direct marketing purposes.

Right to Erasure
The data subject’s information will be removed from the contact form register when it is no longer necessary for the purpose for which it was collected, and no later than five years after the end of the need related to the contact request. Access rights to the register will be removed when the controller determines that the user no longer requires access rights or user rights to the register data for work-related reasons.

Digi- ja Mainostoimisto Höyry Oy will also remove a customer’s data from the register if the individual concerned requests deletion based on their legal rights. However, the data will not be deleted if legislation requires otherwise, if a competent authority has initiated a process requiring the retention of the data, or if another party has obtained a protective order from a Finnish court regarding the data.

Withdrawal of Consent
If the processing of personal data concerning the data subject is based solely on consent, and not, for example, on a customer or membership relationship, the data subject may withdraw their consent.

The Data Subject May Appeal to the Data Protection Ombudsman
The data subject has the right to request that we restrict the processing of disputed data until the matter has been resolved.

Right to Lodge a Complaint
The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they believe that we are violating applicable data protection legislation in our processing of personal data.
Contact details of the Data Protection Ombudsman: www.tietosuoja.fi/fi/index/yhteystiedot.html

6. Regular Sources of Information

Personal data is collected from the customer themselves when the customer relationship is established, as well as through the controller’s systems and online forms related to services. Information is also updated from official sources or other service providers to ensure that the information remains up to date.

7. Regular Disclosures of Data

As a rule, information is not disclosed for marketing purposes outside Digi- ja Mainostoimisto Höyry and its offices.

8. Duration of Processing

Personal data is generally processed for as long as the customer relationship remains valid. A data subject may remove themselves from our marketing list via the link included in every marketing email we send, or by sending a message to: info@hoyry.net

9. Processors of Personal Data

The controller and its employees process personal data. We may also outsource the processing of personal data in part to third parties, in which case we ensure through contractual arrangements that personal data is processed in accordance with applicable data protection legislation and otherwise appropriately.

10. Transfer of Data Outside the EU

Personal data is not transferred outside the European Union or the European Economic Area.

11. Automated Decision-Making and Profiling

We do not use personal data for automated decision-making or profiling.

12. Cookies and Browsing Tracking

We collect information relating to the user’s device through cookies and other similar technologies, such as browser local storage. A cookie is a small text file stored by the browser on the user’s device. Cookies often contain an anonymous, unique identifier that allows us to recognize and count browsers visiting our website.

Our website uses the Google Analytics service.
Our pages also contain links to other websites and services. We are not responsible for the privacy practices or content of these external websites. Third parties may place cookies on the user’s device when the user visits our services in order to collect statistics on visitor numbers across different websites.

This privacy policy has been approved as continuously valid and was last reviewed on July 3, 2025.

Cover image

How can we help?

WordPress websites Visual and brand identity Growth through digital marketing I would like to request a quote

Frequently asked questions

What kind of services do you offer?

Höyry’s services range from website design and development to visual identity and brand concept design, search engine optimization, digital marketing, and online business development. Our goal is to increase your brand’s visibility, strengthen awareness of your products and services, and support their growth in sales.

How do you price your services?

We work on both a project basis and hourly billing. For larger assignments, you will always receive a proposal that includes a solution outline, process description, scope of delivery, and timeline. Smaller tasks are billed hourly, and we can provide a time estimate upon request. Compared to agencies in the Helsinki metropolitan area, we are competitively priced while delivering the same high level of quality.

How quickly can we get started?

We’re agile and can schedule a meeting within the same week. Based on that discussion, we’ll define the scope and provide a clear proposal. Depending on the scale of the project, a website redesign typically takes around three months. Smaller websites, such as one-page sites, can be completed in just a few weeks if needed.

Get to know Höyry