Maatori Oy's Privacy Statement

This is a combined privacy policy and information document in accordance with the Data Protection Act and the General Data Protection Regulation of the European Union (2016/679/EU). This privacy policy was prepared on November 20, 2023, and was last updated on November 20, 2023.


Maatori Oy (Y: 0967353-5)
Somerotie 8
36220 Kangasala

Contact person on privacy policy issues:

Marika Myllykoski


Maatori Oy’s customer-, consumer and marketing register ( “Customer Register”)


General Information on Data Processing

Personal data refers to information that can be linked to a specific individual. This document provides a more detailed description of the procedures for collecting, processing and disclosing personal data as well as the rights of the user or data subject. To the extent that the Customer Register contains personal data, the processing of such data is carried out in accordance with data protection laws and other applicable laws, regulations, directives, and official guidelines governing the processing of personal data.

The purpose of collecting personal data:

a) The purpose of collecting personal data is the customer’s registration as a user of Maatori Oy’s services or the purchase of products offered by Maatori Oy.

  • The purpose of the register is the maintenance of the Data Controller’s Customer Register for those customers who have purchased products or services offered by Maatori Oy or registered as users of the website or services.
  • The register is also used for Maatori Oy’s marketing and communication purposes

In this section: a) The individuals mentioned in section a) are later referred to in this document as “Customer.”

b) Data storage based on consent

To the extent that the registration right based on the aforementioned laws or circumstances is exceeded or if there is no other legal basis mentioned, the customer is separately asked for consent to store, process, and retain personal data.

Consequences of not obtaining the information:

If the data controller does not receive the information referred to in sections a) and b), the use of the service cannot be initiated or continued, nor can any other agreement or legal action be undertaken with the user.

The purpose of data usage

The information in the Customer Register can be used for the following main purposes:

  • managing and developing the service
  • providing, offering, improving, enhancing, and protecting services
  • invoicing, collection, and verifying customer transactions
  • targeted advertising
  • analysis and statistics related to services
  • customer communication, marketing, and advertising
  • protecting and securing the rights and/or property of the data controller and other parties related to the data controller’s assignments
  • fulfilling the data controller’s legal obligations
  • other similar purposes.


Maatori Oy processes data for the maintenance of the service and the Customer Register.

Maatori Oy processes, or may process, information belonging to the following groups:

  • customer’s basic information, such as full name, date of birth/business ID, email address, phone number, address, and home country.
  • information related to billing and collections
  • information related to registration and customer relationship, such as services offered to the customer, their usage dates, order confirmations, and similar information.
  • consent and opt-out information, such as direct marketing permissions and prohibitions.
  • interests and other self-provided information by the user.
  • other transaction-related information for services.


Other personal data will be deleted when there is no longer a need to retain such information. Personal data collected during auctions on the website will be automatically deleted on an annual basis. However, information obtained from customer registration will be retained for a maximum of five (5) years from the moment of registration.

If the collection and retention of personal data have been based solely on the user’s consent, the personal data will be deleted upon the user’s request.


Personal data is collected from the customer through self-filled personal data forms, when using the data controller’s services in other ways, or directly from the customer. This information is also collected from the contact forms on the data controller’s website and from customer satisfaction surveys and contests. In addition, data is collected through GA4 (Google Analytics 4) page user tracking.

Data based on consent is collected directly from the customer or with their consent from registers or sources maintained by authorities or third parties.


The data controller may issue personal data within the limits and requirements of applicable legislation, as well as for the fulfillment of contractual obligations or in relevant circumstances.

Data may be transferred outside the European Union or the European Economic Area in accordance with the law. Transfers outside the EU may occur in connection with the use of various cloud services such as OneDrive, iCloud, Google Drive or Dropbox.

Data may be disclosed to authorities if required by law. 

The data controller may also disclose data to third parties with the separate written consent of the user.

In the context of the data controller’s information technology outsourcing, the processing of personal data may also be carried out by the data controller’s subcontractors, but only on behalf of the data controller.


Only those employees of the data controller and subcontractors’ employees who require access to the data for job-related tasks have access to the data. The data is stored in service databases protected by firewalls, passwords, and other technical measures. The databases are located in locked and guarded premises, and only specific pre-defined individuals have access to the data. User data is stored electronically.

In cases where personal data is processed by a subcontractor on behalf of the data controller, agreements between the data controller and the subcontractor ensure the provision of appropriate security measures and compliance with data protection legislation.


The customer has the right to inspect the information that has been recorded about them in the Customer Register. The customer must submit the inspection request to the data controller in writing, in a personally signed format, or in an equivalently verified document, or by email.

The data controller will provide the aforementioned information to the customer within 30 days of receiving the inspection request.

The customer has the right to receive the customer data they have provided themselves in a structured, commonly used, and machine-readable format and have it transferred to a third party. However, the data controller will retain the transferred data in accordance with this privacy policy.

The customer has the right to correct any personal data about themselves that is stored in the customer register to the extent that they are incorrect. The customer has the right to object to the processing of their data for direct marketing, distance selling, and other direct marketing, as well as for market and opinion research and the development of the data controller’s business, and to restrict the processing of their data. Additionally, the customer has the right to have their personal data that has been registered for the mentioned purpose deleted, even if there would otherwise be a legal basis for processing the data.

If the information in the register is based on the customer’s consent, the consent can be revoked at any time by notifying the data controller’s representative mentioned in this document. Upon request, all information that does not need to be retained or cannot be retained under the law or other grounds mentioned in this privacy policy will be deleted.

Requests for inspection, correction, or other matters can be made by contacting the data controller’s customer service in writing using the contact information provided in this document. The customer has the right to bring the matter to the attention of the Data Protection Ombudsman if the data controller does not comply with the user’s correction or other request.


The data controller does not perform user profiling based on personal data or use automated decision-making.


We use cookies on our websites. By using our site, you consent to the use of cookies. A cookie is a small text file that a computer, phone, or tablet stores on the user’s device when using a website. Utilizing cookie information requires that the user has accepted cookies by following the cookie message displayed to new users on the service. The use of cookies is a common practice on most websites.

We use cookies for:

  • improving the user experience on our website.
  • remembering your personal preferences.
  • providing essential content and information.
  • ensuring the security of our website.
  • collecting statistics about the usage of our website and measuring the effectiveness of advertising.

You can clear cookies from your device’s browser settings. In this case, the identifier used to collect information about you will change. You also have the option to completely block the use of cookies by changing your device’s browser settings. Blocking cookies may affect the functionality of our services. If you decide to block cookies, you may not be able to fully utilize the online services we offer.

Cookies can also be used to enhance security through Google reCAPTCHA. For more information and the privacy policy of Google reCAPTCHA, please visit the following link :

User tracking

On our websites, we may use tracking software, such as Google Analytics, to gather information about your activities on our websites. For this purpose, the tracking software uses cookies, and the data generated by these cookies about your use of the website is transmitted to and stored by a service provider such as Google. We may use IP address anonymization in the tracking software. For more information about any tracking software used, its usage, and terms, please contact the data controller.


The data controller continually develops its operations and may, as a result, need to change and update its privacy practices as necessary. Changes may also be based on changes in data protection legislation. 

If the changes involve new purposes for the processing of personal data or otherwise significantly alter the practices, the data controller will provide advance notice and, if necessary, request consent.