Agenton iconAgenton

GDPR Compliance

Last updated: July 28, 2025

1. Data Controller Information

Under the General Data Protection Regulation (GDPR), the data controller for your personal data is:

  • Company: Agenton Oy
  • Registration: Established and registered in Finland
  • Jurisdiction: Subject to Finnish and EU data protection laws
  • Contact: [email protected]

2. Lawful Basis for Processing

We process personal data under the following GDPR legal bases:

Article 6(1)(b) - Contract Performance

  • Account creation and management
  • Service delivery and functionality
  • Customer support and communication

Article 6(1)(f) - Legitimate Interests

  • Service improvement and optimization
  • Security monitoring and fraud prevention
  • Technical system maintenance

Article 6(1)(a) - Consent

  • Optional marketing communications
  • Non-essential cookies and tracking
  • Additional service features

3. Data Processing Principles

We adhere to all GDPR data processing principles:

Lawfulness, Fairness & Transparency

All processing has legal basis and is conducted fairly with clear communication.

Purpose Limitation

Data is collected for specific, explicit, and legitimate purposes only.

Data Minimization

We collect only data that is necessary for our services.

Accuracy

Personal data is kept accurate and up to date.

Storage Limitation

Data is retained only as long as necessary.

Integrity & Confidentiality

Appropriate security measures protect all data.

4. Your GDPR Rights

As a data subject, you have the following rights under GDPR:

Right to Information (Articles 13 & 14)

Receive clear information about how your data is processed.

Right of Access (Article 15)

Request access to your personal data and processing information.

Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data.

Right to Erasure (Article 17)

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing (Article 18)

Limit how your personal data is processed.

Right to Data Portability (Article 20)

Receive your data in a structured, commonly used format.

Right to Object (Article 21)

Object to processing based on legitimate interests or direct marketing.

5. Data Security Measures

We implement appropriate technical and organizational measures:

  • Encryption: HTTPS for all communications and data in transit
  • Access Controls: Role-based access with principle of least privilege
  • No Communication Storage: User communications are not processed or stored
  • EU Data Residency: All personal data stored within European Union
  • Regular Security Reviews: Ongoing assessment of security measures
  • Staff Training: Regular GDPR and security awareness training

6. Data Retention Periods

We retain personal data according to these schedules:

  • Account Data: Until account deletion or closure
  • Technical Logs: Maximum 30 days for security purposes
  • Communication Content: Not retained (not stored)
  • Support Records: 3 years for customer service quality
  • Legal Obligations: As required by Finnish/EU law

7. International Transfers

No International Transfers

All personal data processing and storage occurs within the European Union. We do not transfer personal data outside the EEA/EU, eliminating the need for adequacy decisions or appropriate safeguards under Chapter V of GDPR.

8. Exercising Your Rights

To exercise any of your GDPR rights:

  1. Contact us through our email: [email protected]
  2. Provide sufficient information to verify your identity
  3. Specify which right(s) you wish to exercise
  4. We will respond within 30 days (extendable to 60 days for complex requests)

Response Times

  • Standard requests: Within 30 days
  • Complex requests: Up to 60 days (with notification)
  • Urgent security matters: Within 72 hours

9. Complaints and Supervisory Authority

If you believe we have not complied with GDPR, you have the right to:

  • Contact us directly to resolve the issue
  • Lodge a complaint with the Finnish Data Protection Authority
  • Contact your local EU supervisory authority
  • Seek judicial remedy in Finnish or EU courts

Finnish Data Protection Authority

Tietosuojavaltuutetun toimisto / Office of the Data Protection Ombudsman

Website: tietosuoja.fi

10. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures. Material changes will be communicated through:

  • Updated privacy policy and this compliance statement
  • Email notifications to users where required
  • Service notifications for significant changes