Legal

Privacy Policy

Last updated: March 18, 2026

1. Data Controller

Wicflow Oy
Business ID: 3590597-7
Helsinki, Finland
Email: info@wicflow.com
Phone: +358 44 305 2209

2. What Data We Collect

2.1 Website Analytics

We use Google Analytics (measurement ID: G-DP3EFHC5YX) to collect anonymized usage data about how visitors interact with our website. This includes:

  • Pages visited and time spent on each page
  • Referring website or source
  • Browser type, device type, and screen resolution
  • Approximate geographic location (country/city level)
  • Language preferences

Google Analytics uses cookies to distinguish unique visitors. IP addresses are anonymized before storage. We do not use Google Analytics advertising features.

2.2 Contact Form Submissions

When you submit our contact form, we collect:

  • Name
  • Email address
  • Company name (optional)
  • Message content

2.3 Booking and Scheduling

When you book a call through our scheduling tool, the booking provider may collect your name, email, and any information you provide during the booking process. This data is processed by the third-party scheduling service under their own privacy policy.

3. How We Use Your Data

We use the collected data for the following purposes:

  • Website improvement: Analytics data helps us understand how visitors use our site so we can improve the user experience.
  • Communication: Contact form data is used to respond to your inquiries and provide information about our services.
  • Service delivery: If you become a client, your contact information is used to deliver and manage our services.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a)): For cookies and analytics tracking. You can withdraw consent at any time by clearing your cookies or using your browser's cookie settings.
  • Legitimate interest (Art. 6(1)(f)): For website analytics and improving our services.
  • Contract performance (Art. 6(1)(b)): For processing data necessary to respond to your inquiries and deliver services you have requested.

5. Cookies

Our website uses the following types of cookies:

  • Essential cookies: Required for the website to function properly.
  • Analytics cookies: Google Analytics cookies (_ga, _ga_*) used to collect anonymized usage statistics. These cookies expire after 2 years.

You can control cookies through your browser settings. Disabling analytics cookies will not affect the functionality of our website.

6. Data Retention

  • Analytics data: Google Analytics data is retained for 14 months, after which it is automatically deleted.
  • Contact form submissions: Retained for up to 24 months after your last interaction with us, unless a longer retention period is required for an ongoing business relationship or legal obligation.
  • Client data: Retained for the duration of the business relationship and for up to 6 years after termination to comply with Finnish accounting and tax obligations.

7. Data Storage and EU Residency

Your data is stored and processed within the European Union and European Economic Area (EU/EEA). Our website is hosted on EU-based infrastructure. We do not intentionally transfer personal data outside the EU/EEA.

Google Analytics data may be processed by Google in data centers within the EU/EEA in accordance with Google's data processing terms and Standard Contractual Clauses.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15): You can request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You can request that we correct inaccurate personal data.
  • Right to erasure (Art. 17): You can request that we delete your personal data, subject to legal retention obligations.
  • Right to restrict processing (Art. 18): You can request that we limit how we process your data.
  • Right to data portability (Art. 20): You can request your data in a structured, machine-readable format.
  • Right to object (Art. 21): You can object to the processing of your personal data based on legitimate interest.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@wicflow.com. We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encrypted connections (HTTPS), access controls, and regular security reviews.

10. Third-Party Services

We use the following third-party services that may process personal data:

  • Google Analytics (Google LLC) - Website analytics
  • Netlify (Netlify Inc.) - Website hosting and form processing
  • LeadConnector/GoHighLevel - Appointment scheduling

Each of these services has their own privacy policy governing their data processing practices.

11. Supervisory Authority

If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman:

Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki, Finland
Email: tietosuoja@om.fi
Website: tietosuoja.fi

12. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Contact

For any questions or requests regarding this privacy policy or your personal data, please contact:

Wicflow Oy
Email: info@wicflow.com
Phone: +358 44 305 2209
Helsinki, Finland