Privacy Policy for tomigronfors.com

Last updated: 20.11.2025

This Privacy Policy explains how The Groenfors Method Oy (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit www.tomigronfors.com.

We are committed to protecting your privacy and handling your personal data with care, transparency, and full compliance with the EU General Data Protection Regulation (GDPR).

If you do not agree with this policy, please discontinue the use of our website.

1. Data Controller

The Groenfors Method Oy
Email: tomi@tomigronfors.com

We decide how and why your personal data is processed when you visit www.tomigronfors.com.

2. What This Policy Covers

This policy applies to:

• www.tomigronfors.com
• Any related public pages or subpages we operate
  
• Content such as articles, blogs, updates, and general website features
  
  

This website does not host any login areas, customer accounts, SaaS platform, or application backend. It is purely a public information website.

3. What Is Personal Data

Under GDPR, “personal data” means any information that can identify you directly or indirectly, such as:

• Name
• Email address
• IP address
  
• Browser details
  
• Any message you voluntarily send us
  
  

Information that cannot identify you is considered non-personal data.

All data transmitted between you and our website is encrypted using HTTPS (TLS/SSL).

4. What Personal Data We Collect

We collect two categories of data:

4.1 Data you provide voluntarily

For example:

• When you send us a message via a contact form
  
• When you email us directly
  
  

This may include:

• Name
  
• Email address
  
• Any information you write in your message
  
  

4.2 Data collected automatically

When you visit our website, our system automatically receives:

• IP address
  
• Timestamp
  
• Pages visited
  
• Browser type and operating system
  
• Referring URL
  
  

We use this data for:

• Basic website analytics
  
• Website security
  
• Preventing malicious activity (e.g., hacking attempts)
  
  

5. Cookies

We use cookies for:

• Basic site functionality
  
• Traffic analytics (if enabled)
  
• Security and performance
  
  

You can control cookie usage in your browser settings at any time.

We use Google Analytics and thus cookies or similar tracking technologies may be used.
These are only activated when legally required after consent.

6. Why We Collect Your Data

We process your data only when we have a lawful basis under GDPR:

Purpose	Lawful basis
To respond to messages you send	Legitimate interest
To maintain website security	Legitimate interest
To analyse site performance	Consent (if analytics tools are used)
To operate and improve the website	Legitimate interest

We do not sell or trade your personal data.

7. How Long We Keep Your Data

We retain personal data only as long as needed:

• Contact form submissions: up to 12 months or more, in case it is necessary to serve you better
  
• Security logs: 30–180 days, depending on hosting provider
  
• Analytics: Based on provider settings (typically 14–26 months)
  
  

After this period, data is deleted or anonymised.

8. How We Protect Your Data

We use industry-standard security measures, including:

• HTTPS encryption
  
• Secure EU-based hosting
  
• Access controls and limited personnel access
  
• Regular updates and threat monitoring
  
  

All website data is stored within the EU/EEA.

9. Third Parties Who May Process Your Data

We may use third-party service providers for:

• Website hosting
  
• Security
  
• Analytics (if enabled by you)
  
  

Examples of potential processors:

• A European hosting provider
• Analytics tools such as Google Analytics (if consented)
  
  

Each third-party provider complies with GDPR and processes data only on our instructions.

We do not disclose personal data to external parties unless required by law or necessary to protect our rights.

10. Your Rights Under GDPR

You have the right to:

• Access your personal data
  
• Correct inaccurate data
  
• Delete your data (“right to be forgotten”)
  
• Object to processing
  
• Withdraw consent at any time
  
• Restrict processing
  
• Receive a copy of your data in a portable format
  
  

To exercise any of these rights, contact:

📧 tomi@tomigronfors.com

If you believe your data has been mishandled, you may also contact the supervisory authority:

Office of the Data Protection Ombudsman (Tietosuojavaltuutettu)
https://tietosuoja.fi

11. International Transfers

We strive to keep all data inside the EU/EEA.
If data is transferred outside the EU (e.g., US-based analytics providers), this is only done with valid GDPR safeguards, such as:

• Standard Contractual Clauses (SCCs)
  
• Adequacy decisions
  
• Additional technical protections
  
  

12. Changes to This Policy

We may update this Privacy Policy when needed.
The “Last updated” date at the top always reflects the latest version.

Significant changes will be clearly highlighted.

13. Contact

For privacy questions, requests, or concerns, you can contact us at:

The Groenfors Method Oy
📧 tomi@tomigronfors.com