Privacy policy - Luminia Oy - Communications Agency

Privacy Policy / Luminia Oy website

Created: 23 May 2018
Last updated: 1 January 2026

This is the privacy policy of Luminia Oy, which applies to personal data processed on the company’s website. Personal data is processed in accordance with the EU General Data Protection Regulation (EU 2016/679) and applicable Finnish data protection legislation.

This privacy policy explains what personal data is collected and processed, for what purposes the data is used, and what rights data subjects have.

Data controller

Luminia Oy
Kohnantie 16
21530 Paimio
Finland
Business ID: FI22452008
Tel: +358 50 5835 888
Email: info@luminia.fi

Contact person responsible for the register

Päivi Noroaho
Tel: +358 50 5835 888
Email: info@luminia.fi

Name of the register

Luminia Oy website visitor data

Processing of personal data on the website

The Luminia Oy website is an informational presentation site.

The website does not include contact forms, analytics tools, newsletter services, or marketing tracking.

In connection with the use of the website, the web hosting provider processes technical log data such as:
• IP address
• browser type and version
• time of visit
• operating system used

Log data is processed to ensure the technical functionality, information security, and maintenance of the website.

Luminia Oy does not use log data to identify visitors, profile users, or for marketing purposes.

Cookies

The website only uses strictly necessary technical cookies required for its operation. No cookies are used for analytics, marketing, or tracking purposes.

As only essential cookies are used, no separate cookie consent is required.

Data retention

Server log data is stored in accordance with the web hosting provider’s policies and only for as long as necessary to ensure the technical functionality and information security of the website.

Rights of the data subject

The data subject has the rights provided under applicable data protection legislation to obtain information about the processing of their personal data, as well as other statutory rights.

For inquiries regarding the processing of personal data: info@luminia.fi

Changes to this privacy policy

Luminia Oy continuously develops its operations and reserves the right to update this privacy policy as necessary, for example due to changes in legislation or operational development.

The latest version of the privacy policy is available on the Luminia Oy website. Significant changes may be communicated separately if necessary.

This privacy policy is effective as of 1 January 2026.

Privacy Policy / Luminia Oy customer database

Created: 23 May 2018
Last updated: 1 January 2026

This is the privacy policy of Luminia Oy, which applies to personal data processed in the company’s customer register. Personal data is processed in accordance with the EU General Data Protection Regulation (EU 2016/679) and applicable Finnish data protection legislation.

This privacy policy explains what personal data is processed in the register, for what purposes the data is used, and what rights data subjects have.

Data controller

Luminia Oy
Kohnantie 16
21530 Paimio
Finland
Business ID: FI22452008
Tel: +358 50 5835 888
Email: info@luminia.fi

Contact person responsible for the register

Päivi Noroaho
Tel: +358 50 5835 888
Email: info@luminia.fi

Name of the register

Luminia Oy customer database

Purpose of processing personal data

Luminia Oy processes the personal data of its customers and the contact persons of client companies for the following purposes:
• management, maintenance, and development of customer relationships
• preparation, execution, and invoicing of contracts
• delivery of services and products
• customer service and communication
• business planning, analysis, and development
• enforcement of rights, as well as preparation and defence against potential legal claims

Legal basis for collecting and processing data

Luminia Oy processes personal data on the following legal bases:
• Contract: processing is necessary for managing the customer relationship and for preparing and performing service agreements.
• Legal obligation: data is processed in accordance with accounting and tax legislation requirements.
• Legitimate interest: data may be processed for maintaining customer relationships, communication, and business development.

Content of the register and data retention

Personal data is stored in Luminia Oy’s cloud-based invoicing system, the company’s information systems, and, where necessary, in separate cloud services.

Data is primarily stored in electronic form. If necessary, data may also be printed in paper format, for example for accounting or contract documentation purposes.

The register contains personal data of both business clients’ contact persons and private customers.

The customer register includes information necessary for managing the customer relationship and fulfilling contractual obligations, such as:

Company information:
• company name, Business ID, address, phone number, email address, and website
• e-invoicing address, invoicing operator details, or other billing address

Contact person information:
• name, job title, phone number, and email address

Billing information:
• billing address (if different from the company address)
• invoicing identifiers

Customer relationship information:
• information about contracts and assignments
• information about ordered and delivered services
• invoicing and payment details
• customer communication records

If the customer has given separate consent for electronic direct marketing, the register may also include information about granted consent or refusal

Data retention period

Personal data is retained for as long as it is necessary for managing the customer relationship and fulfilling contractual obligations.

After the termination of the customer relationship, personal data is deleted or anonymised within a reasonable period of time, and no later than three (3) years, unless there is a legal obligation or other justified reason for retaining the data.

Personal data related to accounting and invoicing is stored for the period required by accounting legislation. Such data is retained, for example, in invoices and accounting records in accordance with applicable legislation.

Regular sources of data

Personal data is primarily collected from the data subject themselves during the customer relationship. Data is obtained, for example, from:
• information provided by the customer (for example via email, phone, online forms, or meetings)
• information provided in connection with contracts and assignments
• information related to invoicing and payment transactions

In addition, contact details of business customers’ representatives may be collected from public sources, such as company websites or public business registers, to the extent necessary for managing the customer relationship.

Regular disclosures of data

Personal data is not regularly disclosed to external parties.

However, personal data is processed by service providers acting on behalf of Luminia Oy, to the extent necessary for managing customer relationships, carrying out invoicing, and fulfilling statutory obligations. Such service providers include, for example:
• cloud-based invoicing system
• accounting service provider
• cloud storage service provider (OneDrive)
The service providers process personal data in accordance with Luminia Oy’s instructions and in compliance with applicable data protection legislation.

Personal data may also be disclosed to public authorities when required by applicable law.

Transfer of data outside the EU or EEA

Personal data may be transferred outside the EU/EEA by service providers used by Luminia Oy. In such cases, the transfers are carried out in compliance with applicable data protection legislation and using appropriate safeguards approved by the European Commission, such as an adequacy decision or standard contractual clauses.

Principles of register security

Luminia Oy ensures the appropriate protection of personal data through technical and organisational measures.

Electronically stored data is protected by user IDs, passwords, and other appropriate security measures. Access to the data is restricted only to persons who are authorised to process it based on their job duties. Devices and systems are secured with appropriate information security solutions.

Any paper-based documents are stored in locked premises and are securely destroyed when there is no longer a basis for retaining them.

Personal data is processed confidentially and is not disclosed to third parties without a lawful basis.

Automated decision-making and profiling

Luminia Oy does not use automated decision-making in relation to the customer register and does not carry out profiling of data subjects.

Right of access and right to rectification

The data subject has the right to obtain confirmation as to whether personal data concerning them is being processed, as well as the right to access their personal data (right of access).

The data subject also has the right to request the correction or completion of inaccurate or incomplete personal data.

Requests for access and rectification must be made in writing and sufficiently specified to the data controller. The data controller may request additional information where necessary to verify the identity of the data subject.

The data controller will respond to requests without undue delay and no later than one month after receiving the request.

As a general rule, requests are processed free of charge. However, if requests are manifestly unfounded or excessive, in particular due to their repetitive nature, the data controller may charge a reasonable fee or refuse to act on the request in accordance with applicable data protection legislation.

Further information about data subjects’ rights is available on the website of the data protection authority.

Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with a supervisory authority if they believe that their personal data has been processed in violation of applicable data protection legislation.

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.

Further information on how to submit a complaint is available on the authority’s website.

Other rights

The data subject has the right to request the erasure of their personal data (“right to be forgotten”) in accordance with applicable data protection legislation. However, personal data will not be erased to the extent that its retention is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims.

The data subject has the right to object to the processing of their personal data and to request restriction of processing in situations where the processing is based on legitimate interest.

If the processing of personal data is necessary for the performance of contractual obligations, erasure or restriction of processing may result in the inability to fulfil the contract.

If personal data is used for direct marketing purposes, the data subject has the right to object to such processing at any time.

Requests for erasure, objection, and restriction must be submitted in writing to the data controller. The data controller may request verification of the identity of the person making the request if necessary.

Inquiries regarding the processing of personal data

The data subject may contact the data controller with any questions related to the processing of personal data by email at info@luminia.fi.

Changes to this privacy policy

Luminia Oy continuously develops its operations and reserves the right to update this privacy policy as necessary, for example due to changes in legislation or operational development.

The most up-to-date version of the privacy policy is available on the Luminia Oy website. Significant changes may be communicated separately if necessary.

This privacy policy is effective as of 1 January 2026.