Privacy Policy – Kekcusma tmi (GDPR Compliant)

Last update: 2025/11/17

This Privacy Policy describes how personal data is collected and processed on Kekcusma websites:

It explains what information is collected, how it is collected, why it is collected, where it is stored and who has access to it.

This Privacy Policy applies only to website visitors.

Information related to the customer register is described separately in the Customer Register Description.

Kekcusma is committed to full transparency regarding personal data processing. Every user has the right to know:

  • what information (including personal data) may be collected

  • who collects the data

  • how the data is used

  • where the data is stored

  • and how long the data is retained

1. Controller

Kekcusma tmi
Website: www.kekcusma.com
Business ID: FI34898816
Address: Kiipunjärventie 91, 31630 Minkiö, Finland
Phone: +358 46 632 6933
Email: info@kekcusma.com
Responsible person: Oskari Kekkonen

2. Relation to the Customer Register

This Privacy Policy concerns website visitor data.

The Customer Register Description explains how personal data is processed when a person becomes a customer, meaning:

  • they purchase a product or service, or

  • intend to purchase and provide personal data through contact channels (email, social media, forms, etc.)

Website analytics data and customer data are never combined.
Kekcusma does not store IP addresses or analytics data in the customer register.

Only data voluntarily provided by a person for ordering or contacting the business enters the customer register.

3. What Data Is Collected and Why

Website analytics data is collected to ensure the websites function properly and to improve their usability. This is standard practice among website operators.

3.1 Data collected from website visitors may include:

  1. Browser type, device type (mobile, tablet, desktop)

  2. Internet connection information

  3. Referring website (e.g., social media link)

  4. Pages visited on the site and user interactions (scrolling, clicks)

  5. Duration of the website visit

  6. IP address and approximate geolocation

3.2 Why this data is collected

  • To improve website functionality

  • To understand how visitors use different pages

  • To detect potential errors and fix them

  • To optimize user experience

  • To support content and design development

This data helps maintain and improve the site for its intended purpose.

4. How User Data Is Collected

User data is collected through cookies and similar technologies.

A cookie is a small text file stored on the visitor’s device.

Cookies are used to:

  • analyze website usage

  • track visitor behavior

  • measure traffic

  • improve service quality

4.1 First-party cookies

Generated by the platforms hosting Kekcusma websites:

  • kekcusma.com → hosted on Squarespace

  • avwk.kekcusma.com → hosted on SmugMug

  • holvi.com/shop/kekcusma - > hosted on Holvi.com

These providers use cookies to analyze traffic and site function.

4.2 Third-party cookies

Kekcusma may also use:

  • Google Analytics cookies

  • Meta Pixel (Facebook/Instagram) cookies

These third-party tools collect analytics data for measurement and marketing optimization.

5. Storage of User Data

Kekcusma does not store website visitor data on its own devices.

All analytics data is viewed directly through the service providers’ dashboards.

Retention times:

  • Google Analytics: 14 months

  • Other providers: retention durations depend on each provider’s policies

6. Processing of Customer Materials (FOTOGRFIK Design Services)

This section applies to files provided by customers using Kekcusma’s FOTOGRFIK / Design by AVWKSTUDiOS photo design services.

6.1 Confidentiality

All materials (photos, text, videos, audio) sent by a customer are handled 100% confidentially by the entrepreneur, Oskari Kekkonen.

6.2 Temporary Storage During Editing

Files may be stored temporarily on the entrepreneur’s:

  • mobile devices

  • computers

All devices:

  • are used exclusively by the entrepreneur

  • are protected with strong security

  • are checked daily before work begins

Backup copies may be stored on an external hard drive.

6.3 Cloud Storage

Images and project files may also be stored in:

  • Google Workspace

  • SmugMug

Both services:

  • are protected by two-factor authentication

  • are U.S.-based companies

  • may store data outside the EU

  • comply with GDPR under the EU–US Data Privacy Framework

6.4 Retention of Customer Materials

Customer materials are stored only for the duration of the project.

After project completion:

  • All materials are permanently deleted within 30 days
    from Google, SmugMug, and backup devices.

6.5 Extended Retention Upon Request

The customer may request longer retention if:

  • they plan to continue the project later

  • they want access to previous design files

If the customer does not request extended retention, all project-related files will be deleted 30 days after project completion.

7. Rights of Website Visitors

Website visitors have the right to:

  • Refuse non-essential cookies (if cookie banner is available)

  • Block cookies in their browser settings

  • Request information about analytics practices

8. Updates to This Privacy Policy

Kekcusma may update this Privacy Policy as necessary due to:

  • changes in technology

  • changes in analytics tools

  • legal requirements

  • new services or website features

The latest version is always available on the website.

Questions ? Contact here.

Customer Register Description (GDPR) – Kekcusma

Last update: 2025/11/17

This document describes the GDPR-compliant customer register maintained by Kekcusma tmi.

Personal data collected from website visitors (analytics, cookies, etc.) is described separately in the Privacy Policy.

Kekcusma is committed to transparency regarding personal data processing. Every individual has the right to know why personal data is stored, what data is collected, where it is stored, who has access to it, and how it can be removed (“right to be forgotten”).

1. Controller

Kekcusma tmi
Website: www.kekcusma.com
Business ID: FI34898816
Address: Kiipunjärventie 91, 31630 Minkiö, Finland
Phone: +358 46 632 6933
Email: info@kekcusma.com
Responsible person: Oskari Kekkonen

2. Name of the Register

Kekcusma Customer Register

3. Purpose of the Register

The register is used to maintain up-to-date customer information for:

  • Customer relationship management

  • Order processing and communication

  • Business development

  • Marketing of products and services

The register is not used for automated decision-making or profiling.

4. Legal Basis for Processing

The legal basis for processing personal data is the customer’s consent.

Consent is given when a customer:

  • places an order at www.holvi.com/shop/kekcusma

  • submits an order through a form

  • places an invoice-based order

  • subscribes to a newsletter

  • creates an account (if applicable)

  • or contacts the business with intent or interest to purchase via email, social media, WhatsApp or other channels related to Kekcusma

A person is considered a customer even without completing a purchase if they voluntarily provide personal data for the purpose or interest of ordering product or service.

5. Data Stored in the Register

The customer register may include the following data:

  1. Name

  2. Organisation

  3. Contact details (address, phone number, email, website)

  4. Order information (receipts, items ordered, delivery address, notes)

  5. Billing and contract information

  6. Marketing consent (opt-in/opt-out)

  7. Additional information provided voluntarily by the customer for customer service purposes

Customer data is retained until:

  • the customer requests its removal or

  • the company determines that the customer is no longer active

6. Sources of Data

Data is obtained from:

  • Website orders

  • Holvi online store orders

  • Email communication

  • Social media communication

  • WhatsApp or phone communication

  • Website forms

  • Customer-provided information in connection with purchases, inquiries, reviews

7. Storage, Transfer, and Disclosure of Data

Data is obtained from:

  • Website orders

  • Holvi online store orders

  • Email communication

  • Social media communication

    7.1 Squarespace

    • The main customer register is stored on Squarespace servers.

    • Squarespace is headquartered in New York, USA, with servers located across the United States.

    • Data may therefore be stored outside the EU/EEA.

    • Data is not disclosed to third parties without customer consent.

    • Only the entrepreneur has access.

    7.2 Holvi

    • Customer data from purchases made at www.holvi.com/shop/kekcusma is stored on Holvi’s servers.

    • Holvi is a Finnish payment institution regulated by the Finnish Financial Supervisory Authority.

    • Holvi operates fully in compliance with GDPR.

    7.3 Google Workspace

    • Used for email, form responses, and backup storage of the customer register.

    • Google’s servers are globally distributed; data may be stored outside the EU/EEA.

    • Only the entrepreneur has access.

    7.4 Smugmug (Photo Design Services)

    • If a customer orders photo design services, submitted photo files may be stored on Smugmug servers (USA).

    • Only the entrepreneur has access.

    • Photos are not shared with third parties without consent.

    • If a physical product requires the image for production, the customer gives consent for data transfer to the production partner.

    7.5 US Data Transfers

    • The above companies are certified under the EU–US Data Privacy Framework.

    • As of July 10, 2023, the EU has recognized an adequate level of protection for certified U.S. companies.

    7.6 Temporary Local Storage

    • Some data may temporarily be stored on the entrepreneur’s devices, protected with strong passwords.

    • Primary storage remains on the platforms mentioned above.

    7.7 Multi-Platform Storage

    • When orders are placed through website forms or offline methods, data may be stored in Squarespace or Google Workspace.

    • Regardless of storage location, all data forms one unified customer register.

8. Disclosure and Removal of Data

Customers have the right to:

  • Request access to their personal data

  • Request correction or removal

  • Restrict processing

  • Receive a copy of their data

Requests are processed within 30 days.

Data will only be disclosed or removed after the customer’s identity has been reliably verified.
If identity cannot be confirmed, data cannot be released.

Data is never shared with third parties except when:

  • legally required by Finnish authorities, or

  • explicitly permitted by the customer.

Despite storage on third-party servers, Kekcusma does not allow these companies to access or use customer data for their own purposes.

9. Protection of the Register

The customer register is protected by:

  • Secure service providers

  • Multi-factor authentication

  • Strong passwords

  • Up-to-date device security

  • Confidential handling of all personal data

Only the entrepreneur (controller) has access to the register.

The controller is not responsible for potential privacy breaches caused by service provider failures beyond the controller’s control.

Questions? Contact here.