Aihio Labs
FI | EN

Privacy Policy

Last updated: January 14, 2026

1. Data Controller

Aihio Labs Oy
Business ID: 3592936-2
Martinniementie 77
77700 Rautalampi, Finland
Phone: +358 50 325 3220
Email: markus.sjoberg@gmail.com

2. Register Name

Aihio Labs Oy Customer and User Data Register

3. Legal Basis and Purpose of Processing

Personal data processing is based on:

  • Contract between the customer and data controller (sale of digital products and services)
  • Data controller's legitimate interest (customer relationship management, marketing, business development)
  • Data subject's consent (e.g., newsletter, marketing communications)
  • Legal obligation (e.g., accounting requirements)

Personal data is processed for the following purposes:

  • Maintaining and managing customer relationships
  • Processing orders, payments, and deliveries
  • Delivering digital products and subscriptions
  • Providing customer service
  • Communicating with customers
  • Marketing and newsletters (based on consent)
  • Developing and analyzing services
  • Fulfilling legal obligations

4. Data Content

The register may contain the following information:

  • Basic information: name, email address, phone number
  • Billing information: billing address, country
  • Order information: ordered products and services, order history, payment information (processed through Stripe, we do not store card details)
  • Usage data: usernames, login times, IP addresses, devices and browsers used
  • Communication data: customer service messages, feedback, inquiries
  • Marketing data: consent for marketing communications, interests

5. Regular Sources of Information

Information is obtained from:

  • The data subject themselves (registration forms, orders, inquiries)
  • Service usage (cookies, analytics)
  • Payment system (Stripe) – transaction data
  • Public sources (e.g., business registers for corporate customers)

6. Data Retention Period

Personal data is retained only as long as necessary:

  • Customer data: Duration of active customer relationship and up to 3 years after termination, unless legislation requires longer retention
  • Billing and payment data: 6 years from end of fiscal year according to Accounting Act
  • Marketing consents: Until consent is withdrawn or data is deleted due to inactivity (3 years)
  • Technical log data: Maximum 12 months

7. Data Disclosure and Transfer

7.1 Data Disclosure to Third Parties

Data may be disclosed in the following situations:

  • Stripe Inc. – payment processing and billing
  • Service providers – web service maintenance, email services, analytics
  • Authorities – to fulfill legal obligations

Third parties process personal data only according to our instructions and in compliance with applicable data protection legislation.

7.2 Data Transfer Outside EU/EEA

Data may be transferred outside the EU/EEA only if the recipient is located in a country providing adequate data protection, or we use appropriate safeguards (e.g., EU standard contractual clauses, Privacy Shield).

The Stripe payment system may transfer data outside the EU/EEA based on standard contractual clauses.

8. Register Protection

We protect personal data with technical and organizational measures:

  • Data transmission is encrypted with SSL/TLS connections
  • Access to data is restricted to authorized personnel only
  • We use strong passwords and two-factor authentication
  • Servers are located in secure data centers
  • We conduct regular security audits and backups

9. Cookies

We use cookies to improve user experience and analyze website usage. Cookies are small text files stored on your device.

We use the following cookies:

  • Essential cookies: Required for basic website functions (e.g., login)
  • Analytics cookies: Collect information about website usage (Matomo analytics)
  • Marketing cookies: Used for targeted advertising (with consent only)

You can manage cookies through your browser settings or cookie banner.

10. Data Subject Rights

You have the following rights regarding your personal data processing:

10.1 Right of Access

You have the right to know what personal data we process and receive a copy of it.

10.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

10.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain situations, e.g., when data is no longer needed for its original purposes.

10.4 Right to Restriction of Processing

You can request restriction of processing your personal data in certain situations.

10.5 Right to Data Portability

You have the right to receive your personal data in a machine-readable format and transfer it to another data controller.

10.6 Right to Object

You can object to processing your personal data, especially for direct marketing purposes.

10.7 Right to Withdraw Consent

If processing is based on consent, you can withdraw consent at any time.

10.8 Right to Lodge a Complaint

If you believe that processing your personal data violates data protection legislation, you can lodge a complaint with the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman
Street address: Ratapihantie 9, 6th floor, 00520 Helsinki, Finland
Postal address: P.O. Box 800, 00521 Helsinki, Finland
Phone: +358 29 566 6700
Email: tietosuoja@oikeus.fi
Website: tietosuoja.fi/en

11. Privacy Inquiries

If you wish to exercise your rights or have questions about processing your personal data, please contact:

Aihio Labs Oy
Email: markus.sjoberg@gmail.com
Phone: +358 50 325 3220

12. Changes to Privacy Policy

We reserve the right to modify this privacy policy. We will notify you of material changes on our website and, if necessary, via email.