1. Controller
Valeriia Fedorishcheva Tmi
Business ID (Y-tunnus): 3558146-6
Email: [email protected]
Back to the homepage
Privacy & Cookie Policy
This policy explains how Valeriia Fedorishcheva Tmi processes personal data and other information relating to the use of Valeriia.fi.
Applicable legislation
GDPR (EU) 2016/679, the Finnish Data Protection Act (1050/2018), the Act on Electronic Communications Services (917/2014), and related guidance from supervisory authorities.
2. Scope
This policy applies to Valeriia.fi and to data that may be processed when a user visits the website, uses the cookie banner, views embedded content, or opens external links made available on the website.
The website does not provide user accounts, registration, payment functionality, e-commerce checkout, or forms for direct submission of personal data through the website.
3. What data may be processed
- IP address
- browser type, browser language, device information, and operating system information
- page URLs, visit timestamps, referral information, and technical HTTP request data
- interaction data relating to use of the website
- cookie identifiers and identifiers from similar technologies
- consent preferences and cookie choices
- technical logs related to delivery, caching, and security
4. Purposes of processing and legal bases
Operation of the website, availability, security, abuse prevention, caching, and technical delivery: GDPR Article 6(1)(f) (legitimate interests).
Storing and applying the user’s cookie and consent choices: GDPR Article 6(1)(f). To the extent the activity involves storing or accessing information on the user’s terminal equipment, Act on Electronic Communications Services (917/2014), Section 205 also applies.
Website analytics: GDPR Article 6(1)(a) (consent) and Act on Electronic Communications Services (917/2014), Section 205(1).
Advertising, conversion measurement, and related marketing features: GDPR Article 6(1)(a) (consent) and Act on Electronic Communications Services (917/2014), Section 205(1).
Display of Google Maps: GDPR Article 6(1)(a) (consent) and Act on Electronic Communications Services (917/2014), Section 205(1).
Display of Google Reviews and related business/location information: GDPR Article 6(1)(f) (legitimate interests in presenting public business information and public reviews to website visitors).
5. Cookies and similar technologies
The website uses cookies and similar technologies, including browser local storage.
Necessary technologies are used for core website functions and for remembering the user’s consent choices. Storage or access used solely to enable transmission in communications networks or to provide a service specifically requested by the user falls within Act on Electronic Communications Services (917/2014), Section 205(2).
Analytics and Marketing technologies are activated only after the user has given consent in accordance with Act on Electronic Communications Services (917/2014), Section 205(1).
6. Consent and withdrawal of consent
The user may accept all non-essential technologies, reject them, or choose categories separately. The GDPR requirements for consent are set out in particular in Article 7.
Consent may be withdrawn at any time through the cookie settings made available on the website. The user may also clear cookies and local storage data through browser settings. The right to withdraw consent follows in particular from GDPR Article 7(3).
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
7. Google services
The website may use Google Analytics, Google Ads conversion measurement, Google Maps, and Google services related to reviews and place information.
If the user gives consent to the relevant categories, Google may process data such as IP address, browser/device data, cookie identifiers, interaction data, and referral information.
Google Maps content is not loaded until the required consent has been given.
Google review data shown on the website may be retrieved through a server-side endpoint and temporarily cached on the server for approximately 12 hours for performance and API-efficiency purposes.
8. External links
The website may contain ordinary links to third-party services, including Instagram, WhatsApp, and Timma. The mere presence of such a link does not by itself mean that the relevant service automatically processes personal data on this website.
Once the user opens an external service, data processing is carried out by that third party under its own terms and privacy policy.
9. Recipients and categories of recipients
The obligation to inform data subjects about recipients or categories of recipients follows in particular from GDPR Article 13.
- analytics and advertising service providers
- hosting, infrastructure, networking, CDN, and security service providers
- technical service providers used for website delivery, caching, protection, and maintenance
10. Transfers outside the EEA
Some third-party services used on the website may process data outside the European Economic Area.
Where personal data is transferred outside the EEA, such transfer is carried out only on the basis of an applicable transfer mechanism under GDPR Chapter V (Articles 44–49), for example an adequacy decision or appropriate safeguards.
11. Retention
GDPR Article 13 requires the retention period or the criteria used to determine it to be communicated to the data subject.
- consent and cookie preferences: until the user changes the choices, clears browser data, or the stored record is replaced by a new one
- server-side cache for Google Reviews: approximately 12 hours
- technical logs, security logs, delivery logs, and infrastructure logs: for as long as necessary for website operation, security, diagnostics, and administration
- analytics and marketing data: according to the retention settings of the relevant service, where the user has given consent
12. Your rights
If the controller does not hold directly identifiable personal data about the user, the user will be informed accordingly in response to the request.
- right of access - GDPR Article 15
- right to rectification - GDPR Article 16
- right to erasure - GDPR Article 17
- right to restriction of processing - GDPR Article 18
- right to object to processing based on legitimate interests - GDPR Article 21
- right to withdraw consent at any time where processing is based on consent - GDPR Article 7(3)
- right to lodge a complaint with a supervisory authority - GDPR Article 77
13. Supervisory authority
A complaint may be lodged with the Office of the Data Protection Ombudsman (Finland).
14. Official sources
- GDPR (EU) 2016/679: in particular Article 5(1)(a), Article 6(1)(a) and (f), Article 7, Article 13, Articles 15–18, Article 21, Article 77, and Chapter V (Articles 44–49).
- Data Protection Act (1050/2018).
- Act on Electronic Communications Services (917/2014): in particular Section 205.
- Traficom guidance on web cookies.
- Data Protection Ombudsman guidance: inform data subjects about processing.
- Data Protection Ombudsman guidance: rights of the data subject.
15. Changes to this policy
This Privacy & Cookie Policy may be updated if the website, the technologies or services used, or the applicable legal requirements change. The latest version will always be published on this page.