Skip to main content
fi

This is N2 Creative’s register and privacy statement in accordance with the EU General Data Protection Regulation (GDPR).
Prepared: 3 March 2022
Last updated: 16 October 2025

1. Controller

N2 Creative Oy, Pursimiehenkatu 29–31A, 00150 Helsinki, Finland.

2. Contact person responsible for the register

Minna Järvenpää, minna.jarvenpaa@n2.fi

3. Name of the register

Online service user register and marketing register.

4. Legal basis and purpose of processing personal data

The legal basis for processing personal data under the EU General Data Protection Regulation is the acceptance of the website’s terms of use.

The purpose of processing personal data is to provide and deliver marketing services to companies and organizations, to analyze our services and develop our business, as well as for marketing and customer communications.

Data is not used for automated decision-making or profiling.

5. Data content of the register

The following information is stored in the register:

  • Name of the person

  • Contact details (phone number, email address, postal address)

  • Website addresses

  • IP address of the internet connection

  • Social media service usernames/profiles

  • Information about subscribed services and changes to them

  • Billing information

  • Other information related to the customer relationship and subscribed services

We do not retain personal data longer than necessary for its intended purpose or longer than required by contract or law.

6. Regular sources of data

Data stored in the register is obtained from the customer, for example, via messages sent through online forms, by email, by phone, through social media services, from contracts, customer meetings, and other situations where the customer provides their information.

Contact details of representatives of companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.

7. Cookies and other tracking technologies

We use cookies to customize the content and ads we offer, to support social media features, and to analyze our visitor numbers. We also share information about your use of our site with our social media, advertising, and analytics partners. Our partners may combine this information with other data you have provided to them or that they have collected when you have used their services.

The following services collect IP addresses and cookie data:

  • Google Analytics

  • Google Tag Manager

8. Regular disclosures of data and transfer of data outside the EU or EEA

Data is not regularly disclosed to other parties. Data may be published to the extent agreed with the customer.

Data may also be transferred by the controller outside the EU or EEA. Data will not be transferred to the United States without the explicit consent of the data subjects.

9. Principles of register protection

Care is taken in processing the register, and data processed via information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the equipment is properly ensured. The controller ensures that stored data, as well as server access rights and other critical information for the security of personal data, are handled confidentially and only by employees whose job description includes such tasks.

10. Right of access and right to request correction

Every person in the register has the right to check the data stored about them and to request the correction of any incorrect data or the completion of incomplete data. If a person wishes to check the data stored about them or request corrections, the request must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time frame set by the EU General Data Protection Regulation (generally within one month).

11. Other rights related to the processing of personal data

A person in the register has the right to request the deletion of their personal data from the register (“right to be forgotten”). Likewise, data subjects have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time frame set by the EU General Data Protection Regulation (generally within one month).