Data Protection Compliance

Privacy and Data Protection Policy

Last updated: January 2026

Summary for Busy Operations Managers: We treat your data exactly how we advise our clients to treat theirs. We do not sell your data, we host everything within secure EEA locations, and we use the minimum information possible to deliver technical consultation. Read the full compliance breakdown below.

1. Who We Are and Data Controller Identification

This website and the consulting services described herein are operated by Dailyspotlighttrax Oy, a company registered in Helsinki, Finland. We act as the Data Controller under the General Data Protection Regulation (GDPR) (EU 2016/679) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).

Our Headquarters Address:
Dailyspotlighttrax Oy
Keskuskatu 6 B, 4. krs
00100 Helsinki, Finland
Contact Email: [email protected]

2. Exact Categories of Personal Data Processed

We process only the technical, identifier, and client-submitted data categories strictly necessary to operate our digital presence and coordinate corporate strategic assessments:

3. Legal Bases and Specific Purposes of Data Processing

Dailyspotlighttrax Oy operates under distinct, lawful processing parameters defined in Article 6(1) of the GDPR:

  1. Performance of Pre-contractual Procedures (GDPR Art. 6.1.b): When you submit a request for a data review, architecture assessment, or schedule a strategy call, we process your contact information to validate corporate ownership and prepare the custom roadmap presentation.
  2. Consent of the Data Subject (GDPR Art. 6.1.a): Optional analytics tracking to optimize our database performance guides requires your explicit click of "Accept All" within our banner. This consent is entirely voluntary and revocable.
  3. Legitimate Interests of the Controller (GDPR Art. 6.1.f): Web system logs are preserved to identify cyber threats, mitigate malicious injection vulnerabilities, and preserve high availability.

4. Stringent Security Standards & Hosting Geography

Your data security is central to our operational integrity. All processing servers are strictly located within state-of-the-art data centers in the European Union (EEA). We enforce TLS encryption for all input forms, isolated containerized network stacks, and strict multi-factor authentication roles for our internal consultants. We never transmit database credentials or schema files through unprotected public routes.

5. Retention Schedule

We believe in data minimization. Your personal parameters are stored only as long as necessary to achieve the stated purposes:

Data Category Standard Retention Period Disposition Logic
Pre-sales form submissions 180 Days from inquiry closure Fully anonymized or securely deleted if no contract results
Server log files 30 Days from recording Automated log rotation and erasure
Cookie preferences and logs 365 Days Browser storage expiration

6. Extensive Rights of the Data Subject

Under Chapter III of the GDPR, you have comprehensive rights regarding our processing of your personal information. You can exercise these at any time by contacting our security coordinator at [email protected]:

7. Supervisory Authority Appeals

If you believe our data processing methods infringe on European Data Protection Laws, you have the right to lodge a formal complaint with the supervisory authority in Finland:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Mailing Address: PL 800, 00521 Helsinki, Finland
Email: [email protected] | Telephone: +358 29 566 6700