Privacy and Data Protection Policy

This Privacy and Data Protection Policy complies with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Effective Date: March 1, 2019. Last Updated: April 1, 2025.​

1. Data Controller

Kitchen of Insights Oy
Business ID: 2966900-7
Address: Lokkalantie 16 A 22, 00330 Helsinki, Finland
Email: carola(at)kitchenofinsights.com
Phone: +358 505 707 806

2. Contact Person for Register Matters

Carola Hjelt
Email: carola(at)kitchenofinsights.com
Phone: +358 505 707 806​

3. Name of the Register

Kitchen of Insights Oy Customer Register​

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data is the customer relationship between the data subject and the data controller, as outlined in the GDPR. Personal data is processed for the following purposes:​

  • Communication with clients​
  • Maintenance of customer relationships​
  • Provision and development of services​
  • Marketing purposes

Personal data will not be used for automated decision-making or profiling.​

5. Contents of the Register

The register may contain the following personal data:​

  • Full name
  • Position​
  • Company/Organization
  • Contact information (phone number, email address, postal address)​
  • Website addresses​
  • IP address of network connection​
  • Social media profiles​
  • Information about subscribed services and their changes​
  • Billing information​
  • Other information related to the customer relationship and subscribed services​

Personal data is retained only as long as necessary for maintaining the customer relationship or as required by law. Data will be deleted when retention is no longer necessary for legal or business purposes.​

6. Regular Sources of Information

Personal data is primarily collected directly from the data subject through meetings, communications via web forms, emails, phone calls, contracts, and social media services. Data may also be collected and updated from address, update, or similar services provided by third parties, as well as from public sources.​

7. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA

Personal data is not regularly disclosed to third parties. Data may be published to the extent agreed upon with the client. Personal data is not transferred outside the EU or EEA by the data controller.​

8. Principles of Register Protection

The processing of the register is conducted with care, and data processed via information systems is adequately protected. When data is stored on internet servers, the physical and digital security of the hardware is appropriately managed. The data controller ensures that stored data, server access rights, and other critical personal data are treated confidentially and only by employees whose job description includes such processing.​

9. Right to Inspect and Request Correction of Data

Every person in the register has the right to inspect the data recorded about them and to request the correction or completion of incorrect, unnecessary, incomplete, or outdated information. Requests must be made in writing to the contact person specified in section 2.​

10. Other Rights Related to the Processing of Personal Data

Individuals in the register have the right to prohibit the processing and use of their data for direct marketing and market research by contacting the data controller in writing.​