en
Your eyes underwater

Privacy Notice

This Privacy Notice describes how Baltic Eye Oy (the "Controller") processes personal data in accordance with the EU General Data Protection Regulation (EU) 2016/679 (GDPR).

Date of issue: 10 January 2026

1. Data Controller

Baltic Eye Oy
Business ID: 3584655-9
Kemiönsaarentie 750b
25760 Kiila
Finland
Email: info@balticeye.fi

2. Contact Person for Data Protection Matters

Marko Saramo
Email: marko.saramo@balticeye.fi
Phone: +358 40 553 4720

3. Name of the Register

Baltic Eye Oy customer and stakeholder register.

4. Legal Basis and Purposes of Processing

Personal data is processed on the following legal bases under the GDPR:

  • the data subject's consent

  • performance of a contract or steps prior to entering into a contract

  • compliance with a legal obligation (e.g. accounting legislation)

  • the legitimate interests of the Controller (customer relationship management, business development, and communication)

The purposes of processing personal data include:

  • managing and maintaining customer relationships

  • delivering products and services

  • communicating with customers and stakeholders

  • billing and payment management

  • marketing and business communications

  • business analysis, development, and reporting

Personal data is not used for automated decision-making or profiling.

5. Content of the Register

The register may contain the following categories of personal data:

  • name of the individual

  • job title and position

  • company or organisation

  • contact details (email address, phone number, postal address)

  • website addresses

  • IP address and other online identifiers

  • social media profiles and identifiers

  • information related to ordered products and services and changes thereto

  • billing and payment information

  • other information related to the customer relationship or contractual obligations

When using the website, data may be collected through cookies. Strictly necessary cookies are processed based on the Controller's legitimate interest. Consent is requested separately for non-essential cookies.

6. Regular Sources of Data

Personal data is collected:

  • directly from the data subject (e.g. via web forms, email, phone calls, contracts, meetings)

  • from public sources (e.g. company websites, directories, official registers)

7. Disclosure of Data and Transfers

Personal data is not disclosed on a regular basis to third parties. Data may be disclosed to competent authorities where required by law.

Personal data may be processed by service providers acting on behalf of the Controller (e.g. IT and accounting service providers). In such cases, processing is governed by appropriate data processing agreements in accordance with the GDPR.

As a rule, personal data is not transferred outside the EU or EEA. If such transfers occur, they are carried out in compliance with the GDPR using appropriate safeguards.

8. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes described in this Privacy Notice.

Customer-related data is retained for the duration of the customer relationship and thereafter for as long as required to comply with legal obligations or to safeguard the Controller's legitimate interests (e.g. accounting obligations).

9. Data Security

The Controller applies appropriate technical and organisational measures to ensure the security and confidentiality of personal data.

Access to personal data is restricted to authorised persons whose job responsibilities require such access. All parties processing personal data are bound by confidentiality obligations.

10. Rights of the Data Subject

The data subject has the following rights under the GDPR:

  • the right to access personal data concerning them

  • the right to rectification of inaccurate or incomplete data

  • the right to erasure of personal data ("right to be forgotten")

  • the right to restriction of processing in certain circumstances

  • the right to object to processing, in particular direct marketing

  • the right to data portability, where applicable

Requests concerning these rights should be submitted in writing to the Controller. The Controller may request proof of identity where necessary.

11. Right to Withdraw Consent

Where the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

12. Right to Lodge a Complaint with a Supervisory Authority

The data subject has the right to lodge a complaint with the Office of the Data Protection Ombudsman in Finland if they believe that their personal data has been processed in violation of applicable data protection legislation.

13. Requirement to Provide Personal Data

Providing personal data may be a prerequisite for entering into and maintaining a contractual relationship. If the required personal data is not provided, the Controller may not be able to deliver its products or services.