Data Protection Compliance
Privacy and Data Protection Policy
Last updated: January 2026
Summary for Busy Operations Managers: We treat your data exactly how we advise our clients to treat theirs. We do not sell your data, we host everything within secure EEA locations, and we use the minimum information possible to deliver technical consultation. Read the full compliance breakdown below.
1. Who We Are and Data Controller Identification
This website and the consulting services described herein are operated by Dailyspotlighttrax Oy, a company registered in Helsinki, Finland. We act as the Data Controller under the General Data Protection Regulation (GDPR) (EU 2016/679) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).
Our Headquarters Address:
Dailyspotlighttrax Oy
Keskuskatu 6 B, 4. krs
00100 Helsinki, Finland
Contact Email: [email protected]
2. Exact Categories of Personal Data Processed
We process only the technical, identifier, and client-submitted data categories strictly necessary to operate our digital presence and coordinate corporate strategic assessments:
- Form-Based Operational Data: This includes the name of the inquirer, work email address, organization type, operational improvement areas, and any metadata description of the databases, pipelines, or systems provided in free-text fields.
- Technical Navigation Details: This includes network log files gathered automatically by our hosting systems (including partial IP addresses, date-stamps of access, device type, operating system version, browser user agent, and specific path requests).
- Consent State Logs: Simple locally-stored browser parameters recording whether a user accepted or rejected optional analytics processing.
3. Legal Bases and Specific Purposes of Data Processing
Dailyspotlighttrax Oy operates under distinct, lawful processing parameters defined in Article 6(1) of the GDPR:
- Performance of Pre-contractual Procedures (GDPR Art. 6.1.b): When you submit a request for a data review, architecture assessment, or schedule a strategy call, we process your contact information to validate corporate ownership and prepare the custom roadmap presentation.
- Consent of the Data Subject (GDPR Art. 6.1.a): Optional analytics tracking to optimize our database performance guides requires your explicit click of "Accept All" within our banner. This consent is entirely voluntary and revocable.
- Legitimate Interests of the Controller (GDPR Art. 6.1.f): Web system logs are preserved to identify cyber threats, mitigate malicious injection vulnerabilities, and preserve high availability.
4. Stringent Security Standards & Hosting Geography
Your data security is central to our operational integrity. All processing servers are strictly located within state-of-the-art data centers in the European Union (EEA). We enforce TLS encryption for all input forms, isolated containerized network stacks, and strict multi-factor authentication roles for our internal consultants. We never transmit database credentials or schema files through unprotected public routes.
5. Retention Schedule
We believe in data minimization. Your personal parameters are stored only as long as necessary to achieve the stated purposes:
| Data Category | Standard Retention Period | Disposition Logic |
|---|---|---|
| Pre-sales form submissions | 180 Days from inquiry closure | Fully anonymized or securely deleted if no contract results |
| Server log files | 30 Days from recording | Automated log rotation and erasure |
| Cookie preferences and logs | 365 Days | Browser storage expiration |
6. Extensive Rights of the Data Subject
Under Chapter III of the GDPR, you have comprehensive rights regarding our processing of your personal information. You can exercise these at any time by contacting our security coordinator at [email protected]:
- Right to Rectification (Art. 16): Ensure any incomplete or incorrect information we hold is updated without delay.
- Right of Access (Art. 15): Request a complete export of all personal coordinates and technical details we store.
- Right to Erasure / Right to be Forgotten (Art. 17): Have your pre-sales entries permanently deleted from our communication databases.
- Right to Restriction of Processing (Art. 18): Direct us to suspend database processing actions while accuracy challenges are evaluated.
- Right to Object (Art. 21): Object to any processing performed under our legitimate interest parameters.
7. Supervisory Authority Appeals
If you believe our data processing methods infringe on European Data Protection Laws, you have the right to lodge a formal complaint with the supervisory authority in Finland:
Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Mailing Address: PL 800, 00521 Helsinki, Finland
Email: [email protected] | Telephone: +358 29 566 6700