Legal

Privacy notice

This notice explains how personal data is handled when you visit santerivolotinen.com, contact Santeri Volotinen or book a meeting through the site.

Last updated 17 July 2026

Controller

Santeri Volotinen is the controller for the processing described in this notice. The controller is established in Finland.

No data protection officer has been appointed because the website's processing does not require one under Article 37 GDPR.

Privacy contact: sa.volotinen@gmail.com

Scope and principles

This notice covers the public website, website enquiries, analytics and meeting bookings. Client assignments and scouting reports may require separate privacy information and contractual terms.

Personal data is not sold, used for third-party advertising or used for automated decisions or profiling that produce legal or similarly significant effects.

Data collected

Depending on how you use the site, the following data may be processed:

  • Contact data you provide: name, email address, company or club, message and any other information you choose to include.
  • Booking data you provide to Calendly: contact details, selected time, time zone and booking responses.
  • Technical data: IP address, browser and device type, operating system, approximate country, timestamps, requested pages, referrer and security logs.
  • Optional analytics data after consent: page views, interactions, device information and pseudonymous identifiers. Form fields are treated as sensitive by the analytics configuration and are not intentionally recorded.
  • Consent data stored in your browser: your analytics choice, policy version and decision time.

Purposes, legal bases and retention

PurposeDataLegal basisRetention
Respond to enquiries and take steps toward a service agreementContact data and message contentGDPR Art. 6(1)(b); legitimate interest under Art. 6(1)(f) for ordinary business correspondenceUp to 24 months after the last communication, unless a contract, legal obligation or claim requires longer
Arrange and manage meetingsBooking and contact dataGDPR Art. 6(1)(b)Up to 24 months after the meeting or last related communication, unless longer retention is required by law or contract
Deliver, secure and troubleshoot the siteTechnical requests and security logsLegitimate interest, GDPR Art. 6(1)(f), in operating a secure and reliable websiteFor the shortest period needed for delivery, security and incident investigation, subject to hosting-provider settings
Measure aggregate traffic and site performance with Vercel Web Analytics and Speed InsightsPage, device, approximate location and performance data; no third-party cookiesLegitimate interest, GDPR Art. 6(1)(f), in maintaining and improving the siteVercel's visitor-session hash is discarded after 24 hours; aggregate and performance data follow Vercel's retention terms
Optional usage analytics with Microsoft Clarity and, when configured, Google AnalyticsInteractions, page views, device data and pseudonymous cookie identifiersConsent, GDPR Art. 6(1)(a), and applicable ePrivacy rulesClarity recordings 30 days and click/heatmap data up to 13 months; GA4 user-level data up to 14 months; browser cookies as listed below

Recipients and service providers

Access is limited to the controller and providers needed to run the site. Providers act under their own terms and, where applicable, data-processing agreements.

Vercel
Website hosting, request logs, Web Analytics and Speed Insights.
Resend
Delivery of website contact-form emails, including the sender address and message content.
Calendly
Meeting scheduling. The embedded scheduler loads only after you choose to load it.
Microsoft Clarity
Optional interaction analytics and session recordings after consent.
Google Analytics
Optional audience measurement after consent, when configured.
LinkedIn and other external sites
Independent controllers that receive data only when you follow an external link.

Transfers outside the EEA

Some providers are based in the United States or use global infrastructure. Transfers may therefore take place outside the European Economic Area.

Where required, transfers rely on an applicable European Commission adequacy decision, including the EU–US Data Privacy Framework for certified recipients, or the European Commission's Standard Contractual Clauses together with supplementary safeguards. You may request more information using the privacy contact above.

Cookies and local storage

Optional analytics is blocked unless you allow it. The site uses the following browser storage or may use it when the corresponding service is configured:

cookie-consent (local storage)
Necessary preference record containing your choice, policy version and timestamp. Expires after six months.
_clck and _clsk
Microsoft Clarity first-party analytics cookies. _clck can last up to one year and _clsk about one day. Microsoft may use additional third-party cookies described in its cookie documentation. Set only after consent.
_ga and _ga_<container-id>
Google Analytics first-party cookies used to distinguish users and maintain session state. Default lifetime is up to two years, subject to browser limits. Set only after consent and only when Google Analytics is configured.
Calendly storage
Calendly and its subprocessors may use cookies or similar storage after you explicitly load the scheduler or visit Calendly.

Your choices

You can allow or reject optional analytics with equal choices in the consent panel. Rejection does not limit the site's core content. Your choice is saved for six months.

Use “Cookie settings” in the footer at any time to change or withdraw your choice. Withdrawal applies from that point forward and triggers removal of the site's known first-party analytics cookies. You can also clear cookies and site data in your browser.

The Calendly scheduler is separately blocked until you choose to load it. You can contact the controller by email without loading Calendly.

Your data-protection rights

Subject to the conditions in the GDPR, you may:

  • request access to and a copy of your personal data
  • request correction or deletion
  • request restriction of processing
  • object to processing based on legitimate interests
  • receive data you provided in a portable format where applicable
  • withdraw consent at any time without affecting earlier lawful processing

Send a request using the privacy contact above. You also have the right to lodge a complaint with the Office of the Data Protection Ombudsman in Finland or the supervisory authority where you live or work. tietosuoja.fi

Security

Reasonable technical and organisational safeguards are used, including encrypted HTTPS connections, access controls, data minimisation and service providers selected for appropriate safeguards.

No internet transmission or storage method is completely secure. If a personal-data breach creates a legally reportable risk, the competent authority and affected individuals will be notified as required.

Children

This website and its enquiry tools are intended for professional audiences and are not directed to children. Do not submit a child's personal or sensitive data through the public contact form. If such data has been submitted, contact the controller so it can be reviewed and removed where appropriate.

Changes to this notice

This notice is reviewed when services or processing change. The date above shows the latest revision. Material changes to consent-based processing will not take effect for optional analytics without a new valid choice where required.