PRIVACY POLICY (GDPR)

Data Controller
Osku Leinonen
Website: [https://english.oskuleinonen.com](https://english.oskuleinonen.com)
Contact: oskuleinonen@gmail.com

Osku Leinonen operates english.oskuleinonen.com and may operate additional related websites. This Privacy Policy explains how personal data is collected, used, and protected in accordance with the EU General Data Protection Regulation (GDPR).

By using this website, you agree to the practices described in this policy.

---

1. What Personal Data We Collect

We may collect the following categories of personal data:

A. Technical and Usage Data

* IP address
* Browser type and version
* Device information
* Language preferences
* Referring website
* Date and time of access
* Pages visited and interaction data

B. Contact and Account Data (if applicable)

* Name
* Email address
* Username
* Information voluntarily provided via contact forms or email

C. Transaction Data (if applicable)

* Billing information
* Payment-related information (processed via third-party payment providers)

We collect only data that is necessary for the specific purpose of the interaction.

---

2. Legal Basis for Processing (GDPR Article 6)

We process personal data based on:

* Consent (e.g., newsletter subscription, contact form submission)
* Contractual necessity (e.g., processing payments or account registration)
* Legitimate interests (e.g., website security, analytics, preventing abuse)
* Legal obligations (if required by law)

You may withdraw consent at any time.

---

3. How We Use Personal Data

We use personal data to:

* Operate and maintain the website
* Provide requested services
* Process transactions
* Respond to inquiries
* Improve website functionality and user experience
* Ensure website security
* Comply with legal obligations

We do not sell or rent personal data.

---

4. Data Sharing and Disclosure

We may share personal data only with:

* Service providers (e.g., hosting providers, payment processors)
* Contractors who process data on our behalf under confidentiality agreements
* Authorities when required by law

Some service providers may be located outside the European Union. In such cases, appropriate safeguards (such as Standard Contractual Clauses) are used where required.

---

5. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected, including:

* As long as an account remains active
* As required for accounting or legal obligations
* As necessary for legitimate business purposes

When data is no longer needed, it is securely deleted or anonymized.

---

6. Cookies

This website may use cookies to:

* Ensure proper website functionality
* Analyze website usage
* Remember user preferences

You may control or disable cookies through your browser settings. Please note that disabling cookies may affect website functionality.

If analytics or third-party cookies are used, they are processed in accordance with their respective privacy policies.

---

7. Your Rights Under GDPR

As a data subject within the EU, you have the right to:

* Access your personal data
* Rectify inaccurate data
* Erase your data (“right to be forgotten”)
* Restrict processing
* Object to processing
* Data portability
* Withdraw consent at any time
* Lodge a complaint with a supervisory authority

In Finland, the supervisory authority is:
Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)

To exercise your rights, please contact: [your contact email]

---

8. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

---

9. Business Transfers

In the event of a merger, acquisition, or transfer of assets, personal data may be transferred to the new entity, subject to the terms of this Privacy Policy.

---

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be published on this page with an updated revision date.

Continued use of the website after changes are posted constitutes acceptance of the updated policy.

---

If you would like, I can also create:

* A minimal artistic version aligned with your website tone
* A cookie policy add-on
* A GDPR-compliant consent banner text
* Or a version tailored specifically to WordPress or your hosting provider setup