GDPR Compliance (Finland)

Introduction

This page provides specific information about GDPR (General Data Protection Regulation) compliance for users in Finland. spinsauna is fully committed to protecting your personal data in accordance with:

• EU General Data Protection Regulation (GDPR) 2016/679
• Finnish Data Protection Act (Tietosuojalaki 1050/2018)
• Finnish Information Society Code (Tietoyhteiskuntakaari 917/2014)

Data Controller

Name: spinsauna Entertainment Ltd.
Business ID: FI12345678
Address: Helsinki, Finland
Email: privacy@spinsauna.com

Data Protection Officer

You can contact our Data Protection Officer regarding any data protection matters:

Email: privacy@spinsauna.com

Personal Data We Collect

We collect and process the following categories of personal data from Finnish users:

Information You Provide

• Name and contact information (email address)
• Age verification data (date of birth)
• Account credentials
• Communication preferences
• Information submitted through contact forms

Automatically Collected Data

• IP address
• Browser type and version
• Device information
• Usage data and analytics
• Cookies and similar technologies

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

1. Consent (Article 6(1)(a) GDPR)

We process your data with your explicit consent for:

• Marketing communications
• Non-essential cookies
• Optional features and services

2. Contract Performance (Article 6(1)(b) GDPR)

Processing necessary to provide our services:

• Account creation and management
• Delivering gaming services
• Customer support

3. Legal Obligation (Article 6(1)(c) GDPR)

Processing required by law:

• Age verification (compliance with Finnish Gaming Act)
• Record keeping for legal compliance
• Responding to lawful requests from authorities

4. Legitimate Interests (Article 6(1)(f) GDPR)

Processing for our legitimate business interests:

• Security and fraud prevention
• Service improvement and analytics
• Technical administration

Your Rights Under GDPR

As a Finnish user, you have the following rights regarding your personal data:

1. Right of Access (Article 15)

You can request a copy of all personal data we hold about you, including information about how we process it.

2. Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

3. Right to Erasure ("Right to be Forgotten") (Article 17)

You can request deletion of your personal data in certain circumstances.

4. Right to Restriction of Processing (Article 18)

You can request that we limit how we use your personal data in certain situations.

5. Right to Data Portability (Article 20)

You can request to receive your personal data in a structured, commonly used format and transfer it to another service provider.

6. Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

7. Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you can withdraw it at any time.

8. Right Not to be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your GDPR rights, contact us:

• Email: privacy@spinsauna.com
• Contact Form: spinsauna.com/contact

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you of the extension.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy:

• Account Data: For the duration of your account plus applicable legal retention periods
• Age Verification: As required by Finnish law
• Communication Records: As needed for customer service and legal compliance
• Analytics Data: Anonymized after collection or deleted within 26 months

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (SSL/TLS) and at rest
• Access controls and authentication systems
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Finnish Office of the Data Protection Ombudsman within 72 hours of becoming aware of the breach
• Notify affected users without undue delay if there is a high risk to their rights and freedoms
• Provide information about the nature of the breach and measures taken

Cookies and Tracking

We use cookies in compliance with the EU ePrivacy Directive and Finnish Information Society Code:

• Essential cookies do not require consent
• Non-essential cookies require your explicit consent
• You can manage cookie preferences through our cookie banner
• You can withdraw consent at any time

For detailed information, see the Cookies section of our Privacy Policy.

International Data Transfers

If we transfer your personal data outside the EU/EEA, we ensure appropriate safeguards are in place:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable

Complaints and Supervisory Authority

If you believe we have not handled your personal data properly or violated your rights, you have the right to lodge a complaint with the Finnish supervisory authority:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)

Address:
P.O. Box 800
FI-00521 Helsinki, Finland

Email: tietosuoja@om.fi
Phone: +358 29 566 6700
Website: tietosuoja.fi/en

However, we encourage you to contact us first so we can address your concerns directly.

Children's Privacy

Our services are restricted to individuals 18 years or older. We do not knowingly collect or process personal data from minors. If we discover that we have inadvertently collected data from anyone under 18, we will delete it immediately.

Updates to This Policy

We may update this GDPR compliance information periodically. Material changes will be communicated through:

• Notice on our website
• Email notification to registered users
• Updated "Last Modified" date

Additional Resources

For more information about your data protection rights and GDPR:

• Finnish Data Protection Ombudsman
• European Data Protection Board
• spinsauna Privacy Policy

Contact Us

For any questions about GDPR compliance or data protection:

Data Protection Officer: privacy@spinsauna.com
General Inquiries: Contact Form