top of page


1. Registrar


Rockroth Oy


In matters concerning the register, contact person:

Andreas Stenroth


+358 40 487 2590


2. Registered


Rockroth Oy's customers, potential customers who have requested a quote for our services, and Rockroth Oy's newsletter subscribers. Website Users.


3. Purpose of use of personal data


Customers' personal data is processed in order to handle orders and commissions, in connection with the marketing of products and services, development of services, customer surveys, contacts, invoicing, collection, reporting and other measures related to customer management.


4. Legal basis for personal data processing


The controller processes personal data on the basis of an agreement with the customer in order to implement the agreement or take measures prior to the agreement. The processing of personal data for managing the customer relationship and for marketing purposes is possible based on the legitimate interest of the data controller under the customer relationship.


5. Personal data to be stored in the register


The company and its contact information



Telephone number


Information about purchased products/services

IP address

6. Regular sources of information

Customer information is regularly received from the customer himself.


7. Regular disclosures of information


Information is not disclosed outside of Rockroth Oy for marketing purposes.

8. Duration of processing


As a general rule, personal data is processed for two years from the sending of the last offer or invoice.

The registrant can unsubscribe from our marketing list via the link in each of our marketing e-mails.

Website visitor information is processed for two years

It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.


9. Data transfer outside the EU


Rockroth Oy uses Google Drive, Dropbox cloud services. In this case, it is possible that personal data will be processed outside the EU/EEA area.


Google LLC privacy statement, Dropbox Inc privacy statement, EU-U.S. Within the framework of the Privacy Shield program, so data transfer is legal in accordance with the EU General Data Protection Regulation and the level of data protection is ensured: EU-U.S. Privacy Shield Program


Google LLC encrypts the data, no matter where it is in its possession. Among other things, Dropbox uses two-step verification and file encryption, as well as an alert when a new device or application is connected to the user's account.


10. Automatic decision-making and profiling


We do not use the data for automatic decision-making or profiling.


11. Basics of register protection


Personal information is kept confidential. The electronic registers are protected by a firewall, usernames and passwords. Rockroth Oy uses SSL encryption (Secure Sockets Layer). SSL encryption (https) is designed to make the transmitted data unreadable by anyone other than us.


Personal information on paper is kept in a locked room with smoke alarms.


12. Cookies


What is a cookie?


The controller uses cookies ("cookie") on its website. A cookie is a small text file that the internet browser saves on the user's device.


Use of cookies on the website


The controller uses both session-specific, deleteable cookies and cookies stored in the user's browser on its website. Session-specific cookies remain in the user's browser memory only for as long as the browser is open. The purpose of stored cookies is to identify the user's browser for the user's next visit to the website. In addition, the controller uses cookies to track visitor traffic on its website and to make its service even more user-friendly, safer and smoother. The controller also uses the Google Analytics web analysis service, the Facebook Custom Audience Pixel service, the Hotjar screen behavior recording service and live chat to implement the data collection functions of the controller using cookies on its website. Cookies collected through Google Analytics and Facebook are stored on the servers of the respective service provider, which may be located outside the European Union. Hotjar and store data on servers in the EU region.


Preventing the use of cookies


The user can define in their browser settings whether the user wants to accept or deny the use of cookies. The user can also define the browser setting to notify the use of cookies on websites, in which case the user can accept the use of cookies on a case-by-case basis. If the user blocks the use of cookies, this may affect the functionality of the controller's website.


13. Rights of the data subject


The registrant has the following rights, requests for the use of which should be made to the address: andreas.stenroth(at)


Right of inspection


The registered person can check the personal data we have stored.


Right to rectification of data


The registered person can ask to correct incorrect or incomplete information about him.


Right to object


The registered person can object to the processing of personal data if he feels that the personal data has been processed unlawfully.


Ban on direct marketing


The registrant has the right to prohibit the use of data for direct marketing.


Right of deletion


The registered person has the right to request the deletion of data if data processing is not necessary. We process the deletion request, after which we either delete the data or provide a justified reason why the data cannot be deleted.


Withdrawal of consent


If the processing of the data subject's personal data is based only on consent, and not on e.g. customership or membership, the data subject can withdraw the consent.


The registered person can appeal the decision to the Data Protection Commissioner


The registered person has the right to demand that we limit the processing of disputed data until the matter is resolved.


Right of appeal


The registered person has the right to file a complaint with the data protection commissioner if he feels that we violate the current data protection legislation when processing personal data.


Contact information of the data protection officer:

bottom of page