Privacy Policy & GDPR Rights

1. Data controller and contact points

The controller responsible for processing personal data relating to this website and related communications is Squezlaxchral, with its principal contact address at Bulevardi 13, 00120 Helsinki, Finland. Finland is a member state of the European Union and the European Economic Area, which informs the framework for this notice.

If you need our Finnish Business ID (Y-tunnus) for accounting, invoicing, or advertiser verification, request it by email; we provide it when relevant to a genuine business or legal need.

You may contact us for general inquiries by telephone at +358 9 694 0088 and by email at callback@squezlaxchral.world. For requests specifically concerning privacy rights, including access, rectification, erasure, restriction, objection, portability, or withdrawal of consent, please use the email address and include a short description of your request. We may ask you to verify your identity before fulfilling certain requests, using proportionate methods such as confirming control of an email address you used to contact us.

Response timelines. We aim to acknowledge privacy requests within a few business days and to provide a substantive response within the timeframes set by applicable law, typically within one month for GDPR requests, subject to extension where permitted when requests are complex or numerous.

Representatives and processors

Where we use processors (such as hosting providers), they process data only on our instructions and under written agreements that require appropriate safeguards. Processors do not use your data for their own purposes in relation to our services.

2. Categories of personal data

The categories of data we collect depend on how you interact with us. We strive to collect only what is adequate, relevant, and limited to what is necessary for the stated purposes.

Identity and contact data: name, email address, telephone number if you choose to provide them.
Communication content: messages you send through contact forms or email, including attachments if you include them.
Technical and usage data: IP address, browser type and version, device type, operating system, approximate geographic location derived from IP, pages viewed, referring URLs, timestamps, and similar diagnostics when you browse the site or when analytics cookies are active with your consent.
Preference and consent records: cookie choices, marketing preferences, and records of when consent was given or withdrawn.
Relationship metadata: correspondence history, ticket reference numbers, and internal notes needed to respond to your request.

We do not ask you to provide special categories of personal data (such as data revealing health) through our general contact forms. If you voluntarily include sensitive information, we will handle it carefully and only where necessary to respond to your message or as permitted by law.

3. Sources of data and collection methods

We obtain personal data directly from you when you submit forms, send email, call us, or otherwise communicate with us. We may also receive technical data automatically when you load pages, including through server logs and, where you consent, cookies and similar technologies described in our Cookie Policy.

We do not purchase marketing lists or combine your data with third-party data brokers for the purposes described in this policy unless we explicitly inform you and rely on a valid legal basis.

4. Purposes and legal bases

We process personal data only for specified, explicit, and legitimate purposes and only where a legal basis under the GDPR applies. The table below summarises common processing activities and typical legal bases.

Website operation and security: delivering pages, maintaining availability, debugging, and protecting against abuse (legitimate interests in providing a secure service; in some cases necessary for the performance of a contract or pre-contractual steps at your request).
Responding to inquiries: reading and responding to your messages (legitimate interests; performance of contract or pre-contractual measures where applicable; sometimes consent).
Cookie and preference management: storing consent and respecting your choices (consent for non-essential cookies; legitimate interests or legal obligations for strictly necessary cookies).
Analytics: understanding aggregate usage to improve content and navigation (consent where required by law).
Marketing measurement: evaluating campaign performance if you have opted in (consent).
Compliance: record-keeping, responding to lawful requests from authorities, and defending legal claims (legal obligation or legitimate interests).

Where we rely on legitimate interests, we balance our interests against your rights and expectations. You may object to processing based on legitimate interests where applicable by contacting us.

5. Retention periods

We retain personal data only as long as necessary for the purposes described, after which we delete or anonymise it where feasible.

Contact form and email inquiries: typically up to twenty-four (24) months after the last substantive message in a thread, unless a longer period is needed to resolve an ongoing matter.
Consent and preference records: up to twenty-four (24) months after withdrawal or last update, unless longer retention is required to demonstrate compliance.
Server and security logs: generally between thirty (30) and ninety (90) days, unless extended for security investigations.
Analytics identifiers tied to cookies: in line with provider settings and your consent, often fourteen (14) to thirty-eight (38) months for aggregated reporting; identifiers may reset sooner.
Legal, tax, or accounting obligations: as required by applicable law, which may extend retention for certain categories.

We periodically review retention needs and delete data that no longer meets a lawful purpose.

6. Recipients and categories of recipients

We may share personal data with:

Hosting and infrastructure providers that store website files and databases, typically within the EEA or with appropriate safeguards.
Email and communication tooling used to receive and respond to messages.
Analytics or marketing partners only when you have consented to the relevant cookies or channels, subject to their roles as processors or independent controllers as applicable.
Professional advisers (for example legal or accounting firms) under confidentiality obligations.
Public authorities when required by law.

We use written agreements with processors that require appropriate technical and organizational measures and processing only on our instructions.

7. International transfers

Where personal data is transferred outside the European Economic Area, we rely on mechanisms recognized by the GDPR, such as adequacy decisions issued by the European Commission, standard contractual clauses approved by the Commission, or other permitted safeguards. We assess supplementary measures where appropriate, particularly when using services hosted in countries without an adequacy decision.

You may request further information about transfers and safeguards by contacting us.

8. Security measures

We implement appropriate technical and organizational measures, including:

TLS (HTTPS) for data in transit between your browser and our servers where supported.
Access controls limiting staff and systems to data required for their role.
Regular review of service providers and configuration hardening.
Processes for detecting and responding to incidents affecting personal data.
Backups and redundancy where appropriate to recover from outages without unnecessary duplication of personal data.

No method of transmission or storage is completely secure; we work to reduce risk in proportion to the nature of the data and processing.

Personal data breaches

If we become aware of a personal data breach likely to result in a risk to your rights, we will notify the supervisory authority where required and communicate with affected individuals when required by law.

9. Your rights under the GDPR

Subject to conditions and exceptions in the GDPR, you have the right to:

Access your personal data and obtain a copy.
Rectify inaccurate or incomplete data.
Erasure (“right to be forgotten”) where applicable.
Restrict processing in certain situations.
Data portability for data you provided where processing is based on consent or contract and is automated.
Object to processing based on legitimate interests, including profiling in specific cases.
Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
Not be subject to solely automated decisions with legal or similarly significant effects, where applicable.

You may exercise these rights by contacting us at the email address in section 1. You also have the right to lodge a complaint with a supervisory authority. In Finland, the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) is available at https://tietosuoja.fi/en/.

10. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. That document explains categories, purposes, retention, and how you can control preferences. Consent for non-essential cookies is obtained through our cookie banner and can be updated through your browser settings.

11. Children

Our services are not directed at children under sixteen (16). We do not knowingly collect personal data from children. If you believe we have received such data, please contact us so we can delete it.

12. Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects solely based on automated processing in relation to the data subjects covered by this policy.

13. Aggregated research and product improvement

We may create aggregated or de-identified statistics that cannot reasonably be linked to you. Such information may be used to understand general usage patterns, prioritize content improvements, and plan infrastructure capacity. We do not attempt to re-identify individuals from aggregated data.

14. Complaints and supervisory authority

If you believe we have processed your data unlawfully, you may first contact us so we can address your concern. Without prejudice to your rights, you may also lodge a complaint with the Finnish Data Protection Ombudsman or, if you reside or work in another EEA country, with the supervisory authority in your country of residence or workplace.

15. Changes to this Privacy Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. The “Effective” date at the top of this page will change accordingly. Material changes may be highlighted on the website or communicated where appropriate. Continued use of the site after changes constitutes acceptance where permitted by law.

You are encouraged to review this page periodically when you use our services.

16. Online advertising, Google Ads, and measurement

Where we use digital advertising (including Google Ads) or conversion measurement, we aim to comply with Google’s destination requirements and applicable EU law. Non-essential advertising or measurement tags are loaded only if you have given consent through our cookie banner for the relevant categories (typically Analytics and/or Marketing).

Google Ireland Limited and other Google entities may process personal data when you interact with our site and ads, subject to Google’s policies. You can read how Google uses information from sites that use its services at https://policies.google.com/technologies/partner-sites and Google’s Privacy Policy at https://policies.google.com/privacy.

You can manage ad personalisation in Google’s Ads Settings and use industry tools such as Your Online Choices (EU) for interest-based advertising. You can also withdraw or update consent on our site via the cookie controls.

We do not use advertising to promote unverified health claims or to mislead users about the nature of our informational content. Our landing pages clearly identify Squezlaxchral and provide contact and policy links.