Cookie and Privacy Policy

This privacy policy statement describes how Small Data Garden treats its customers’ personal information; what personal data Small Data Garden collects, for what purposes the data is used and to whom the data may be disclosed, and how the data subject may affect the processing. Privacy statement also provides information on the obligations that Small Data Garden complies with the processing of personal data.

Small Data Garden protects the privacy of data subjects and complies with the general data protection regulation of the European Union (2016/679) as well as other applicable and up-to-date data protection legislation and good data processing practices in all processing of personal data.

1. Register holder

Small Data Garden
Maantie 1
11130 Riihimäki

Contact information regarding register

Pia Bister
Maantie 1
11130 Riihimäki

2. Purpose of personal data

Personal data is processed based on a registered customer relationship.
Personal data will only be processed for pre-defined purposes, which are as follows:

  • Customer relationship management and offering products / services. In this case, the processing of personal data is based on an agreement between you or the company you represent and us.
  • Customer relationship development. In this case, the processing of personal data is based on our legitimate interest in obtaining adequate and relevant information for the development of our services and the management of our business.

Informing about new products and offers. In this case, the processing of personal information is based on our legitimate interest in providing information as part of our service and in marketing other services to you.

3. Sources of information

Customer information is obtained:

  • from the customer himself when a customer relationship arises
  • purchase history
  • contact with the customer during the customer relationship public information sources.

4. Personal data to be stored in the register

The customer register contains the following information:

Contact information

  • company name and business ID
  • contact person
  • address
  • email
  • telephone number

Customer information

  • information on purchased products / services, payment information, billing information, and marketing authorizations and prohibitions
  • customer contacts and related correspondence information on communication, marketing and response to the data subject

5. Rights of the data subject

The data subject shall have the following rights, the exercise of which may be affected by sending a written, signed request to the controller using the contact details provided in point 1.

Right of inspection

The data subject can check the personal data we have stored.

Right to rectification

The data subject may request the correction of incorrect or incomplete information concerning him.

Right to object

The data subject may object to the processing of personal data if he or she feels that the personal data has been processed unlawfully.

Prohibition of direct marketing

The data subject has the right to prohibit the use of the data for direct marketing.

Right of removal

The data subject has the right to request the deletion of data if it is not necessary to process the data. We will process the deletion request, after which we will either delete the data or state a valid reason why the data cannot be deleted. It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) specified in the Finnish Kirjanpitolaki (Chapter 2, Section 10). Therefore, accounting material cannot be deleted before the deadline.

The right to transfer data from one system to another

In certain cases, you have the right to transfer the personal data you provide to us from one system to another, ie the right to receive your personal data in a structured, commonly used, machine-readable form and to transfer your personal data to another controller in accordance with applicable law.

Withdrawal of consent

If the processing of personal data concerning the data subject is based only on consent and not, for example, based on customer relationship or membership, the data subject may withdraw the consent. The data subject may appeal against the decision to the Data Protection Officer. The data subject has the right to demand that we therefore limit the processing of the disputed data until the matter can be resolved.

Right of appeal

The data subject has the right to lodge a complaint with the Data Protection Officer if he or she feels that we are in breach of the applicable data protection legislation when processing personal data. Contact information of the Data Protection Supervisor:

6. Regulatory disclosures

We may disclose personal information to third parties:

– when our partners process personal information on our behalf on our behalf and in accordance with our instructions.

– as required by the competent authorities or other bodies, based on the legislation in force at the time.

7. Duration of processing

Personal data is generally processed for as long as the customer relationship is valid. In addition, we may retain some personal information to the extent required or permitted by applicable law after the termination of the customer relationship, for example, to comply with the Accounting, Consumer Protection and Product Liability Act.

The registered person can leave our marketing list by notifying by e-mail to:

8. Processors of personal data

The controller and his staff process personal data. We may also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that the personal data will be processed in accordance with applicable data protection legislation and otherwise in an appropriate manner.

Use of the contact form

If you send us questions through the contact form, we will collect the information entered on the form, including the contact information you provide, to answer your question and any follow-up questions. We will not share this information without your permission.

Therefore, we will only process any information you provide on the contact form with your consent Art. In accordance with Article 6 (1) (a) of the GDPR. You can withdraw your consent at any time. An informal e-mail to is sufficient. Data processed before the request is received can still be processed lawfully.

We will retain the information you provide on the contact form until you request that it be deleted, that you withdraw your consent to retain it, or that it is no longer intended to be retained (e.g., after completing the request). This provision does not affect all mandatory statutory provisions, those concerning mandatory data retention periods.

Use of our live chat support

You can use the live chat as a contact form to chat with our staff in near real time. At the start of the chat, personal data is collected.

  • Date and time of the call,
  • browser type/version
  • IP address
  • operating system used
  • URL of the previously visited website
  • amount of data sent
  • First name, last name
  • email address

Depending on the course of the conversation with our employees, further personal data may arise in the chat, which are entered by you. The type of data depends strongly on your request or the problem you describe to us.

All our employees have been and will be trained about data protection and on the safe and confidential handling of customer data. All our employees are bound to confidentiality and have accordingly signed an addendum to the obligation to maintain confidentiality and to observe data protection in their employee contracts.

We do not store chat records.

9. Data transfer outside the EU

Some of the service providers who work for us operate outside the EU or the European Economic Area (EEA), so when they process your personal data, the data must be transferred outside the EEA. In these cases, we will take the necessary safeguards as required by applicable law. This means: Personal data will only be transferred to countries which have been assessed by a decision of the European Commission as providing an adequate level of data protection (“Data Protection Adequacy Decision”). More information about Data Protection Adequacy Decision.

When a service provider operates in a country not covered by the “decision on adequacy”, separate contractual clauses adopted by the European Commission apply, which provide for the same level of contractual protection of personal data as within the EEA. For more information, please read this Commission Decision.

We may also use service providers in the United States who are committed to the so-called Privacy Shield Framework, which requires them to provide adequate protection for personal information shared between Europe and the United States. You can find more information about data protection here.

10. Security

Personal information is collected in databases that are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked premises and the data can be accessed by authorized and confidential persons.

Opposing campaign emails

We hereby prohibit the use of contact information published in connection with the statutory notices on the website for the purpose of sending promotional and informational materials that are not specifically requested. The webmaster reserves the right to take legal action if unsolicited promotional material, such as email spam, is received to any contact information found on this website.

11. Cookies

We use cookies and other similar technologies on our website (“cookies”). Cookies are small text files that are stored on your device to collect and store useful information, improve the performance of our websites, and make them easier to use. We may also use cookies for statistical purposes, such as to compile statistics on the use of the website to better understand user preferences and interests and to improve the user experience.

The information collected by cookies and various tools is the property of Small Data Garden registrars and can only be used by Small Data Garden. Our partners act as data processors for and on behalf of Small Data Garden and do not use the data for their own purposes.

Only with the consent of marketing cookies can we disclose information to third parties. The use of this information is the responsibility of third parties as independent controllers in accordance with their own data protection policies.

We use the following cookies on our website:

Google Analytics
We use Google Analytics to analyze error situations, usage volumes, and traffic to our website.

Third-party cookies (LinkedIn) allow us to target the user with up to date Small Data Garden marketing in LinkedIn. They also provide us with statistics on marketing and target groups. Retention periods for marketing cookies are the responsibility of third parties in accordance with their own privacy policies. Read more about LinkedIn’s marketing cookies.

Deleting cookie history and disabling cookies

Change your cookie settings

You can prevent the setting of cookies, restrict the use of cookies or delete cookies from your browser. Restricting the use of cookies may affect the usability of the website. You can clear your cookie history from your browser settings, deleting previous cookies stored by your browser. Deleting cookie history does not prevent the creation of new cookie information.

Block targeted online advertising on Your Online Choices

12. Changing the privacy policy statement

Small Data Garden reserves the right to change this Statement. We will notify you of the changes on our website, where you will find the latest version of this privacy policy statement.

Would you like to ask more? Contact us at