This Privacy Policy explains how LK Web collects, uses, stores and protects personal data of visitors and clients in Finland, Germany and Austria. We comply with the EU General Data Protection Regulation (GDPR), the Finnish Data Protection Act (Tietosuojalaki 1050/2018), the German Federal Data Protection Act (BDSG) and TTDSG, and the Austrian Data Protection Act (DSG).
1. Data controller
The data controller for this website is:
Lauri Kesonen, trading as LK Web (sole proprietor / yksityinen elinkeinonharjoittaja)
Tyyneläntie 2, 45610 Koria, Finland
Y-tunnus / Business ID: 3593428-4
VAT ID: FI35934284
Email: lauri@lkweb.fi
Phone: +358 44 303 7121
2. Personal data we collect
- Contact data you provide via the intake form, contact form or email (name, email, phone number, company, message content).
- Project data you share during a project (assets, brand materials, feedback).
- Usage data automatically collected when you visit the site: IP address, browser type, device type, pages viewed, referrer, timestamps.
- Cookies and similar technologies, see section 7.
3. Purposes and legal bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Responding to inquiries and providing quotes | Pre-contractual measures (Art. 6(1)(b)) |
| Performing client contracts (build, hosting, maintenance) | Contract performance (Art. 6(1)(b)) |
| Issuing invoices and meeting tax obligations | Legal obligation (Art. 6(1)(c)) |
| Securing the website and preventing abuse | Legitimate interest (Art. 6(1)(f)) |
4. Recipients and processors
We share personal data only with carefully selected service providers acting as data processors under written agreements (DPAs):
- Hosting provider: Hetzner Online GmbH (server located in Helsinki, Finland).
- Email provider: Domainhotelli Oy (Finland), receives email correspondence sent to lauri@lkweb.fi.
- Tax authorities and our accountant when legally required.
5. International transfers
Personal data is primarily stored within the EU/EEA. If a service provider transfers data outside the EU/EEA, the transfer is protected by Standard Contractual Clauses (SCCs) approved by the European Commission, or another GDPR-compliant safeguard.
6. Retention
- Inquiry messages: up to 12 months from the last contact.
- Client records, invoices and accounting documents: 6 years from the end of the financial year (Finnish Accounting Act §10).
- Server access logs: up to 30 days.
7. Cookies
This website uses only strictly necessary cookies required for it to function. We do not set marketing or tracking cookies without your consent. If we add analytics in the future, you will be asked for consent via a cookie banner before any non-essential cookie is set.
8. Your rights
Under the GDPR you have the right to:
- access your personal data (Art. 15)
- rectify inaccurate data (Art. 16)
- erase your data ("right to be forgotten", Art. 17)
- restrict processing (Art. 18)
- data portability (Art. 20)
- object to processing based on legitimate interest (Art. 21)
- withdraw consent at any time
To exercise any right, contact lauri@lkweb.fi. We will respond within one month.
9. Right to lodge a complaint
If you believe your data is processed unlawfully, you can complain to the supervisory authority in your country:
- Finland: Tietosuojavaltuutetun toimisto · tietosuoja.fi
- Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) or your federal state DPA · bfdi.bund.de
- Austria: Österreichische Datenschutzbehörde (DSB) · dsb.gv.at
10. Security
We use TLS encryption, access controls, regular backups and reputable EU hosting to protect personal data against unauthorised access, loss or alteration.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest version. Material changes will be communicated via the website or email.
12. Contact
Questions about this policy or your personal data? Email lauri@lkweb.fi.