1. Data Controller
Nollaamo Oy (Business ID 3182025-5), Untamonpolku 2, 40930 Kinkomaa, Finland. Contact for data-subject rights requests: info@nollaamo.fi.
Last updated: 2026-05-18
Privacy Policy
2. Personal Data Collected
We process the following categories of data: (a) Contact and booking form: name, company, email, phone, team size, and message. (b) Blog comments: name, email, comment content, and pseudonymised IP address (SHA-256 hash that does not directly identify the user). (c) Chatbot conversations: your questions, AI responses, session identifier, language used, and pseudonymised IP. (d) Blog view statistics: anonymous session identifier generated by your browser per read — no cookie-based tracking. (e) Website analytics via Google Analytics, only with your consent.
3. Purpose and Legal Basis
Personal data is processed for contact handling, managing customer relationships, moderating blog comments, operating the chatbot, and developing our services. The legal basis is our legitimate interest (responding to contacts, comment moderation, service operation and improvement) and your consent (newsletter, analytics cookies, voluntary chatbot conversations).
4. Retention Periods
Contact and booking form data: 24 months from the contact, unless longer retention is required for the customer relationship. Published blog comments: retained as long as the article is published. Rejected or pending comments: 30 days. Chatbot conversations: 30 days from sending, then automatically deleted. Blog view statistics: 12 months, then aggregated. Pseudonymised IP hashes follow the same timelines. Google Analytics data: 14 months.
5. Processors and Data Transfers
We use the following processors with whom data processing agreements (DPAs) are in place: Supabase (database, EU region eu-west-1 Ireland), Vercel (application hosting, EU region), Resend (email delivery, USA — DPA + SCC), OpenAI (chatbot and AI text generation language model, USA — DPA + SCC), and Telegram Messenger LLP (internal lead notification for contact requests received through the chatbot, UK / EU). Transfers outside the EU and adequacy-decision area are based on the European Commission’s Standard Contractual Clauses (SCC). We do not share personal data with third parties for marketing.
6. AI Chatbot and Use of Artificial Intelligence
The website may include an AI assistant that uses OpenAI’s language model (gpt-4o-mini) to answer your questions. Your conversation is sent to OpenAI to generate a response. OpenAI does not use API-customer conversations to train its models. The chatbot stores conversations for 30 days to improve the service and detect misuse, after which they are deleted automatically. If you share your contact details in the chat for a meeting or follow-up, they are stored as a contact request (section 4) and forwarded to our operator via an internal Telegram channel. The chatbot does not replace professional advice on medical, legal, financial, or safety-related matters.
7. Blog Comment Moderation
Comments on blog posts are reviewed before publication. The data collected (name, email, comment content, pseudonymised IP) is limited to moderation and spam prevention. Your email address is not published alongside the article — it is used only for moderation. We reject comments that violate the law or contain hate speech, advertising, or misleading content.
8. Your Rights
You have the right to information about the processing, access to your data, rectification or erasure, restriction of processing, objection to processing, and data portability. You may at any time request deletion of your chatbot conversations or blog comments. To exercise your rights, contact info@nollaamo.fi.
9. Right to Complain
You have the right to lodge a complaint with the data protection authority (tietosuoja.fi) if you believe the processing of your personal data violates data protection laws.
10. Cookies
We use necessary cookies to ensure the website works and, with your consent, analytics cookies for visitor tracking. Blog view statistics use a session-based identifier stored only for your browser session and not transferred between sites. You can change cookie settings any time via the "Cookie settings" link at the bottom of the page.
11. Policy Updates
We update this privacy policy as needed when our service or legislation changes. Significant changes are announced on the website. The latest update date appears at the top of this page.