Privacy-Policy
Privacy Policy
Controller: Classic Touch Cleaning Oy
Business ID (Y-tunnus): 3411328-1
Address: Zanseninkuja 4 A 9, 02600 Espoo, Finland
Email: marifel.narag26@gmail.com
Phone: 041 313 9369
Last updated: 5 June 2026
This Privacy Policy explains how Classic Touch Cleaning Oy processes personal data in connection with its website and business operations. The company acts as the controller of personal data described in this policy. Processing is carried out in accordance with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (1050/2018), which supplements the GDPR in Finland.
1. Who this policy applies to
This policy applies to personal data relating to:
website visitors;
prospective customers who contact the company;
customers and customer representatives; and
persons whose personal data is included in messages sent to the company.
2. What personal data may be processed
Depending on the situation, the company may process the following categories of personal data:
basic identification and contact details, such as name, email address, phone number, company name and address;
customer relationship information, such as quotations, bookings, service requests, invoicing details and communications;
website and technical information, such as IP address, browser type, device information, page views, timestamps, referring pages and other usage data collected through website analytics tools;
search performance data made available in aggregated form through Google Search Console and Bing Webmaster / Search Console type services; and
any other information that a person voluntarily provides in a contact message or service enquiry.
The company does not intentionally collect special categories of personal data through the website. Persons contacting the company should avoid sending sensitive personal data unless it is clearly necessary.
3. Purposes of processing
Personal data may be processed for the following purposes:
responding to contact requests and service enquiries;
preparing quotations, managing customer relationships and delivering cleaning services;
handling billing, bookkeeping and legal obligations;
protecting the security and functionality of the website and related services;
understanding how the website is used and improving the website, services and content through privacy-conscious analytics; and
monitoring website visibility and technical performance in search engines.
4. Legal bases for processing
The company processes personal data on one or more of the following legal bases under Article 6(1) GDPR:
Contract: when processing is necessary to take steps at the request of the data subject before entering into a contract or to perform a customer contract;
Legal obligation: when processing is necessary to comply with obligations under applicable law, such as accounting, taxation or responding to lawful requests from authorities; and
Legitimate interests: when processing is necessary for the company’s legitimate interests, such as managing customer communications, ensuring website security, preventing misuse, and measuring basic website performance in a proportionate manner.
Where consent is required under applicable cookie or ePrivacy rules for non-essential analytics technologies, the company will request consent before placing such cookies or using comparable technologies on the user’s device. Finnish guidance distinguishes essential cookies from analytics and other non-essential cookies, which require a choice by the user.
5. Analytics and website tools
The company states that it uses Framer Analytics, Google Search Console and Bing Search Console / Bing Webmaster type search performance tools.
Framer Analytics
If Framer Analytics on the website is configured in a way that uses cookies or other non-essential identifiers on the user’s device, those technologies should only be activated after the visitor has given consent through the cookie banner or similar consent mechanism. Finnish and EU guidance on cookies distinguishes non-essential analytics from strictly necessary technologies.
If Framer Analytics is configured in a strictly aggregated, cookieless and non-identifying manner, the legal assessment may differ. In that case, the company should ensure that the implementation does not store or access information on the terminal device beyond what is strictly necessary and that no unnecessary personal data is processed. This policy should be reviewed against the actual Framer setup used on the website.
Google Search Console and Bing search tools
The company uses Google Search Console and Bing search performance tools to monitor how the website appears in search engines, such as search queries, indexing status, crawl issues and overall search visibility. Search Console type tools generally provide aggregated search performance information and are not the same as on-site analytics tools that directly track visitors with cookies on the company’s website.
6. Sources of personal data
Personal data is collected:
directly from the data subject, for example when a person contacts the company, requests a quote or becomes a customer;
automatically from website use through technical logs and analytics tools, subject to the configuration used and any required consent; and
from search engine webmaster platforms in aggregated form concerning website performance in search results.
7. Recipients and processors
Personal data may be disclosed to or processed by:
website and hosting or website platform providers, including Framer where applicable;
domain and related technical service providers, including Zoner where applicable to domain or website infrastructure services;
IT, email and communication service providers;
accounting, payment or invoicing service providers where necessary; and
public authorities where disclosure is required by law.
These parties process personal data only to the extent necessary for their role, either as independent controllers or as processors acting on documented instructions where required by law.
8. International data transfers
Some service providers used in connection with the website or communications may process personal data outside the European Economic Area (EEA) or make it accessible from outside the EEA. If personal data is transferred outside the EEA, the company will aim to ensure that the transfer has a lawful basis under Chapter V of the GDPR, for example by relying on an adequacy decision or the European Commission’s standard contractual clauses, together with supplementary measures where needed.
Because international transfer compliance depends on the exact providers and configuration used, the company should verify the current data processing terms of Framer, Google, Microsoft/Bing, Zoner and any email or hosting providers actually in use.
9. Retention periods
Personal data is retained only for as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.
As a general rule:
contact requests and quotation messages are retained for as long as necessary to respond and follow up on the request;
customer and invoicing data is retained for the duration of the customer relationship and thereafter for the period required by accounting, tax or limitation laws;
website technical logs and analytics data are retained for a limited period appropriate to security and website development purposes; and
data that is no longer needed is deleted or anonymised where reasonably possible.
10. Data subject rights
Under the GDPR, a data subject may have the right to:
obtain confirmation as to whether personal data concerning them is being processed;
access their personal data;
request rectification of inaccurate or incomplete data;
request erasure of data in situations provided by law;
request restriction of processing in situations provided by law;
object to processing based on legitimate interests;
receive personal data in a structured, commonly used and machine-readable format where the right to data portability applies; and
lodge a complaint with the supervisory authority.
In Finland, the supervisory authority is the Office of the Data Protection Ombudsman. The Finnish Data Protection Act supplements the GDPR in Finland.
Requests concerning data subject rights may be sent to: marifel.narag26@gmail.com
11. Cookies and similar technologies
The website may use cookies and similar technologies that are either:
strictly necessary for the technical operation and security of the website; or
optional, such as analytics technologies, where consent may be required before use.
The Data Protection Ombudsman’s Office explains that cookies are small text files stored in the browser and that essential cookies are used to ensure technical functioning, while other cookies may serve additional purposes. Finnish public guidance also distinguishes non-essential analytics cookies from necessary cookies.
If the website uses non-essential analytics cookies or similar technologies, visitors should be able to choose whether to accept them. Refusing optional cookies should not prevent access to the website’s core functions unless a specific feature genuinely requires that technology.
12. Data security
The company takes appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or unlawful disclosure. Measures may include access controls, secure passwords, limited access on a need-to-know basis, secure communications and appropriate service provider arrangements.
13. Contact and complaints
Questions about this Privacy Policy or the processing of personal data may be sent to:
Classic Touch Cleaning Oy
Zanseninkuja 4 A 9, 02600 Espoo, Finland
Email: marifel.narag26@gmail.com
Phone: 041 313 9369
A data subject also has the right to lodge a complaint with the Office of the Data Protection Ombudsman in Finland if they believe that their personal data has been processed unlawfully.
