Privacy notice
This notice explains how personal data is handled when you visit santerivolotinen.com, contact Santeri Volotinen or book a meeting through the site.
Last updated 17 July 2026
Controller
Santeri Volotinen is the controller for the processing described in this notice. The controller is established in Finland.
No data protection officer has been appointed because the website's processing does not require one under Article 37 GDPR.
Privacy contact: sa.volotinen@gmail.com
Scope and principles
This notice covers the public website, website enquiries, analytics and meeting bookings. Client assignments and scouting reports may require separate privacy information and contractual terms.
Personal data is not sold, used for third-party advertising or used for automated decisions or profiling that produce legal or similarly significant effects.
Data collected
Depending on how you use the site, the following data may be processed:
- Contact data you provide: name, email address, company or club, message and any other information you choose to include.
- Booking data you provide to Calendly: contact details, selected time, time zone and booking responses.
- Technical data: IP address, browser and device type, operating system, approximate country, timestamps, requested pages, referrer and security logs.
- Optional analytics data after consent: page views, interactions, device information and pseudonymous identifiers. Form fields are treated as sensitive by the analytics configuration and are not intentionally recorded.
- Consent data stored in your browser: your analytics choice, policy version and decision time.
Purposes, legal bases and retention
| Purpose | Data | Legal basis | Retention |
|---|---|---|---|
| Respond to enquiries and take steps toward a service agreement | Contact data and message content | GDPR Art. 6(1)(b); legitimate interest under Art. 6(1)(f) for ordinary business correspondence | Up to 24 months after the last communication, unless a contract, legal obligation or claim requires longer |
| Arrange and manage meetings | Booking and contact data | GDPR Art. 6(1)(b) | Up to 24 months after the meeting or last related communication, unless longer retention is required by law or contract |
| Deliver, secure and troubleshoot the site | Technical requests and security logs | Legitimate interest, GDPR Art. 6(1)(f), in operating a secure and reliable website | For the shortest period needed for delivery, security and incident investigation, subject to hosting-provider settings |
| Measure aggregate traffic and site performance with Vercel Web Analytics and Speed Insights | Page, device, approximate location and performance data; no third-party cookies | Legitimate interest, GDPR Art. 6(1)(f), in maintaining and improving the site | Vercel's visitor-session hash is discarded after 24 hours; aggregate and performance data follow Vercel's retention terms |
| Optional usage analytics with Microsoft Clarity and, when configured, Google Analytics | Interactions, page views, device data and pseudonymous cookie identifiers | Consent, GDPR Art. 6(1)(a), and applicable ePrivacy rules | Clarity recordings 30 days and click/heatmap data up to 13 months; GA4 user-level data up to 14 months; browser cookies as listed below |
Recipients and service providers
Access is limited to the controller and providers needed to run the site. Providers act under their own terms and, where applicable, data-processing agreements.
- Vercel
- Website hosting, request logs, Web Analytics and Speed Insights.
- Resend
- Delivery of website contact-form emails, including the sender address and message content.
- Calendly
- Meeting scheduling. The embedded scheduler loads only after you choose to load it.
- Microsoft Clarity
- Optional interaction analytics and session recordings after consent.
- Google Analytics
- Optional audience measurement after consent, when configured.
- LinkedIn and other external sites
- Independent controllers that receive data only when you follow an external link.
Transfers outside the EEA
Some providers are based in the United States or use global infrastructure. Transfers may therefore take place outside the European Economic Area.
Where required, transfers rely on an applicable European Commission adequacy decision, including the EU–US Data Privacy Framework for certified recipients, or the European Commission's Standard Contractual Clauses together with supplementary safeguards. You may request more information using the privacy contact above.
Your choices
You can allow or reject optional analytics with equal choices in the consent panel. Rejection does not limit the site's core content. Your choice is saved for six months.
Use “Cookie settings” in the footer at any time to change or withdraw your choice. Withdrawal applies from that point forward and triggers removal of the site's known first-party analytics cookies. You can also clear cookies and site data in your browser.
The Calendly scheduler is separately blocked until you choose to load it. You can contact the controller by email without loading Calendly.
Your data-protection rights
Subject to the conditions in the GDPR, you may:
- request access to and a copy of your personal data
- request correction or deletion
- request restriction of processing
- object to processing based on legitimate interests
- receive data you provided in a portable format where applicable
- withdraw consent at any time without affecting earlier lawful processing
Send a request using the privacy contact above. You also have the right to lodge a complaint with the Office of the Data Protection Ombudsman in Finland or the supervisory authority where you live or work. tietosuoja.fi
Security
Reasonable technical and organisational safeguards are used, including encrypted HTTPS connections, access controls, data minimisation and service providers selected for appropriate safeguards.
No internet transmission or storage method is completely secure. If a personal-data breach creates a legally reportable risk, the competent authority and affected individuals will be notified as required.
Children
This website and its enquiry tools are intended for professional audiences and are not directed to children. Do not submit a child's personal or sensitive data through the public contact form. If such data has been submitted, contact the controller so it can be reviewed and removed where appropriate.
Changes to this notice
This notice is reviewed when services or processing change. The date above shows the latest revision. Material changes to consent-based processing will not take effect for optional analytics without a new valid choice where required.
