[Reviewed by counsel: pending]
Data controller
EdSSA Oy (Helsinki, Finland) is the data controller for personal data processed via this website. Contact: contact@edssa.io.
What we collect
- Form submissions: name, role, company, email, free-text message. Used to respond to your inquiry.
- Whitepaper requests: name, role, company, email. Used to send the whitepaper and follow up.
- Server logs: IP address, user-agent, timestamp. Used for operational diagnostics. Retained 30 days.
- Analytics: aggregated, cookieless via Plausible. No personal data is collected through analytics.
Lawful basis (GDPR Article 6)
- Consent: form submissions and whitepaper requests.
- Legitimate interest: server logs for security and operational stability.
- Legal obligation: where applicable.
Retention
Form submissions are retained as long as needed to maintain the inquiry conversation, then archived in our CRM under standard retention policy. Whitepaper request lists are retained for one year unless a longer relationship has begun. Server logs are retained 30 days.
Your rights
Under GDPR (Articles 15–22) you have rights of access, rectification, erasure, restriction, data portability, and objection. To exercise any of these, email contact@edssa.io. You also have a right to lodge a complaint with the Finnish Data Protection Ombudsman.
Sub-processors
- Resend (transactional email).
- Cloudflare (hosting, CDN, DNS).
- Plausible (analytics, EU-hosted, cookieless).
International transfers
Where any sub-processor processes data outside the EU/EEA, we rely on Standard Contractual Clauses and supplementary technical measures.
Updates
This policy was last updated on [LAST UPDATE DATE — placeholder]. Material changes will be notified by email to active inquiry contacts.