Legal

Privacy Policy

This Privacy Policy explains how Purificationsyjo collects, uses, stores, and protects personal data when you visit our website or use our services. We comply with the EU General Data Protection Regulation (GDPR), the Finnish Data Protection Act (1050/2018), and applicable international data protection standards.

Effective date:

1. Data Controller

The data controller responsible for processing your personal data is:

Purificationsyjo
Aleksanterinkatu 52
00100 Helsinki, Finland
Email: assist@purificationsyjo.world
Phone: +358 20 702 1000

For any questions regarding this Privacy Policy or the exercise of your data protection rights, please contact us using the details above. We aim to respond to all privacy-related inquiries within 30 days as required under GDPR Article 12.

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through the website purificationsyjo.world, including when you browse our pages, submit the contact form, purchase educational products or consulting services, subscribe to communications, or interact with our cookie consent mechanism. It does not apply to third-party websites linked from our pages, which maintain their own privacy practices.

Our website provides general informational content about meal system creation for busy people. We do not collect health data, medical records, or sensitive personal data as defined in GDPR Article 9. If you voluntarily include health-related information in a contact message, we will process it only to the extent necessary to respond to your inquiry and will delete such content upon request.

3. Categories of Personal Data We Collect

3.1 Data You Provide Directly

When you use our contact form, we collect your name, email address, message content, and confirmation of GDPR consent. If you purchase a service, we may additionally collect billing address, payment confirmation details (processed by our payment provider — we do not store full card numbers), and service preferences you share during consulting sessions.

3.2 Data Collected Automatically

When you visit our website, our servers and analytics tools (when consented) may collect technical data including IP address, browser type and version, operating system, referring URL, pages viewed, time and date of visit, and session duration. This data is collected in pseudonymized form where possible.

3.3 Cookie Data

We use cookies and similar technologies as described in our Cookie Policy. Cookie data may include consent preferences, session identifiers, and analytics identifiers when you opt in to non-essential cookies.

4. Purposes and Legal Bases for Processing

We process personal data only for specified, explicit, and legitimate purposes. The legal bases under GDPR Article 6 are indicated below:

  • Responding to inquiries (Article 6(1)(b) — contractual steps): Processing contact form data to evaluate and respond to your request for information about our meal planning guidance services.
  • Service delivery (Article 6(1)(b) — contract performance): Processing data necessary to deliver consulting sessions, personalized plans, educational products, or programs you have purchased.
  • Legal compliance (Article 6(1)(c)): Retaining transaction records as required by Finnish accounting and tax legislation (typically six years).
  • Legitimate interests (Article 6(1)(f)): Website security monitoring, fraud prevention, and improvement of our informational content based on aggregated usage patterns. We balance these interests against your rights and provide opt-out mechanisms for analytics and marketing cookies.
  • Consent (Article 6(1)(a)): Analytics and marketing cookies, and optional newsletter subscriptions. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Contact form submissions: Up to 24 months from the date of submission, unless a business relationship develops — in which case data is retained for the duration of the relationship plus 24 months.
  • Customer and service records: Duration of the service agreement plus six years for accounting and legal compliance purposes under Finnish law.
  • Analytics data: Up to 26 months in pseudonymized form, subject to your cookie consent preferences.
  • Cookie consent records: 12 months, after which we request renewed consent.
  • Server log files: Up to 90 days for security and troubleshooting purposes.

After retention periods expire, data is securely deleted or anonymized so it can no longer be associated with you.

6. Data Sharing and Recipients

We do not sell your personal data. We share data only with the following categories of recipients when necessary:

  • Hosting and infrastructure providers: Servers located within the European Economic Area (EEA) or covered by adequacy decisions or Standard Contractual Clauses.
  • Email service providers: For sending responses to your inquiries and service-related communications.
  • Payment processors: For handling transactions when you purchase paid services. Payment data is processed directly by the processor under PCI DSS standards.
  • Analytics providers: Only when you consent to analytics cookies, and only in pseudonymized form.
  • Legal and regulatory authorities: When required by applicable law, court order, or to protect our legal rights.

All processors act under written data processing agreements compliant with GDPR Article 28, ensuring they process data only on our instructions and implement appropriate security measures.

7. International Data Transfers

Our primary data processing occurs within the EEA. If any processor transfers data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, binding corporate rules, or adequacy decisions. You may request a copy of applicable transfer safeguards by contacting us.

8. Security Measures

We implement technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • HTTPS encryption for all website traffic with no mixed content
  • Access controls limiting personal data access to authorized personnel
  • Regular review of data processing activities and security practices
  • Secure storage of consent records and contact form submissions
  • Incident response procedures for potential data breaches, with notification to the Office of the Data Protection Ombudsman and affected individuals within 72 hours where required by GDPR Article 33 and 34

While we take reasonable precautions, no method of transmission over the internet is completely secure. We encourage you to use strong passwords for any accounts we provide and to contact us immediately if you suspect unauthorized access to your data.

9. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right of access (Article 15): Request confirmation of whether we process your data and obtain a copy.
  • Right to rectification (Article 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): Request deletion of your data when it is no longer necessary, consent is withdrawn, or processing is unlawful.
  • Right to restriction (Article 18): Request limited processing in specific circumstances.
  • Right to data portability (Article 20): Receive your data in a structured, machine-readable format where processing is based on consent or contract and carried out by automated means.
  • Right to object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent (Article 7(3)): Withdraw consent at any time for consent-based processing, including cookie preferences via our Cookie Settings panel.
  • Right not to be subject to automated decision-making (Article 22): We do not use automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, contact us at assist@purificationsyjo.world. We will verify your identity before processing requests. You also have the right to lodge a complaint with the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) at tietosuoja.fi if you believe our processing violates applicable data protection law.

10. Children's Privacy

Our website and services are directed at adults managing household meal planning. We do not knowingly collect personal data from individuals under 16 years of age. If we become aware that we have collected data from a child without appropriate parental consent, we will delete it promptly. Parents or guardians who believe their child has submitted data to us should contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service offerings. Material changes will be indicated by updating the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acknowledgment of the updated policy.

12. Contact Information

For privacy-related inquiries, data subject requests, or questions about this policy:

Purificationsyjo
Aleksanterinkatu 52, 00100 Helsinki, Finland
Email: assist@purificationsyjo.world
Phone: +358 20 702 1000