This is Rammy Oy’s privacy statement in accordance with the General Data Protection Regulation (GDPR).
Data Controller:
Rammy Oy
Tietäjäntie 3
70900 TOIVALA
Contact Person for Register Matters:
Akusti Jauhiainen
akusti.jauhiainen(at)rammy.fi
Name of the Register:
Online Service User and Marketing Register
Legal Basis and Purpose for the Processing of Personal Data:
The legal basis for processing personal data under the EU General Data Protection Regulation is the person’s consent (documented, voluntary, specific, informed, and unambiguous). The purpose of processing personal data is to maintain customer relationships, marketing, and service development.
The data is not used for automated decision-making or profiling other than for marketing targeting through cookies, for which consent is requested.
Data Content of the Register:
Data stored in the register includes: website addresses, the IP address of the network connection, usernames/profiles in social media services, organization and contact details, information about ordered services and their modifications, as well as behavioral data on the website (such as page views, shopping cart events, and conversion data) collected using analytics and marketing tools, such as Google Analytics and Meta Pixel. Other information related to the customer relationship and ordered services.
We store user data only for as long as is necessary to fulfill the purposes defined above, in accordance with current legislation.
The IP addresses of website visitors and cookies essential for the functioning of the service are processed based on legitimate interest, e.g., for ensuring data security and collecting statistical data on site visitors in cases where they can be considered personal data. For third-party cookies used for marketing and profiling ( such as Meta Pixel), consent is requested separately in the cookie settings (CMP).
Regular Sources of Data:
The data stored in the register is obtained from the customer, for example, through messages sent via www forms, email, telephone, social media services, contracts, customer meetings, and other situations where the customer provides their data. Contact information for contact persons of companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.
The website uses Google Analytics and Meta Pixel and other analytics tools to create reports on the use of our internet pages, so that we can improve our pages and service and target marketing. More information about Google Analytics can be found at http://www.google.com/analytics. You can opt out of data collection by Google Analytics by downloading the browser add-on at https://tools.google.com/dlpage/gaoptout. More information about the use of Meta Pixel and opting out can be found in Meta’s privacy policy.
Regular Data Disclosures and Transfer of Data Outside the EU or EEA:
Data is not regularly disclosed to other independent parties, except to the extent agreed upon with the customer. Data may be published to the extent agreed upon with the customer.
Transfers outside the EU or EEA: We use Google Analytics and Meta Pixel for website analytics and targeted marketing. The use of these services necessitates the transfer of personal data outside the EU or EEA, particularly to the United States (Google LLC and Meta Platforms Inc.). In such cases, the processing of personal data is based on the consent provided by the user.
We ensure adequate data security and compliance in these transfers through the following safeguards:
1. Standard Contractual Clauses (SCC): We use standard contractual clauses approved by the EU Commission with our service providers.
2. Data Privacy Framework (DPF): We ensure, where applicable, that the US service provider is part of the EU-U.S. Data Privacy Framework (DPF) arrangement.
Principles of Register Protection:
Care is taken in the processing of the register, and data processed using information systems is properly protected. When register data is stored on Internet servers, the physical and digital data security of their hardware is taken care of appropriately. The data controller ensures that stored data, as well as server access rights and other information critical to the security of personal data, are treated confidentially and only by those employees whose job description it is.
Right of Access and Right to Demand Correction of Data:
Every person in the register has the right to check their stored data and demand the correction of any incorrect data or the completion of incomplete data. If a person wishes to check the data stored about them or demand its correction, the request must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time limit stipulated in the EU Data Protection Regulation (usually within one month).
Other Rights Related to the Processing of Personal Data:
A person in the register has the right to request the deletion of personal data concerning them from the register (“right to be forgotten”). Similarly, data subjects have other rights under the EU General Data Protection Regulation, such as the restriction of the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time limit stipulated in the EU Data Protection Regulation (usually within one month).
The supervisory authority is the Office of the Data Protection Ombudsman, whose contact details are:
Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
Mailing address: PO Box 800, 00520 Helsinki
Tel: 029 56 66735
Email: tietosuoja@om.fi
Drafted on December 10, 2025. Latest change on December 12, 2025.