Privacy Policy
Version history
Version: 1.1
Date: 26.2.2026
Who: Maija Halme, AskKauko
Comments: Revised version
Introduction
This is a privacy statement according to the EU's General Data Protection Regulation (GDPR) of AskKauko Oy.
1. User account data controller
AskKauko Oy
2. Contact person
Klaus Matilainen,
klaus@askkauko.com
+358 400 884 732
3. Name of the register
Users of ImpactOS.
4. Legal basis and purpose of the processing of personal data
Personal data is processed on the basis of contract, legitimate interest (including service security, analytics and improvement), consent where required, and legal obligation in accordance with the EU General Data Protection Regulation (GDPR).
5. Data content of the register
The information to be stored in the register are: firstname, last name, email, organisations, photo, date of joining, date of last sign in.
The IP addresses of website visitors and necessary cookies for the functioning of the service are processed based on legitimate interest, among other things, for ensuring data security and collecting statistical information about website visitors, in cases where they can be considered personal data. Consent is requested separately, if necessary, for third-party cookies.
Personal data is retained only for as long as necessary to fulfil the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes and enforce agreements.
6. Regular sources of information
The information to be stored in the register is obtained from the customer through various means, such as messages sent via web forms, email, contracts, customer meetings and other situations where the customer provides their information.
Contact information of companies and other organisation representatives can also be collected from public sources such as websites, directory services, and other companies.
7. Regular disclosures of data and transfer of data outside the EU or EEA
Information is not routinely disclosed to other parties. Information may be published to the extent agreed upon with the customer.
Personal data is primarily processed within the EU/EEA. Where transfers outside the EU/EEA occur, appropriate safeguards such as Standard Contractual Clauses are implemented in accordance with applicable law.
8. The principles of data protection for the register
We value the security of data stored in our data; however, it is important to note that no method of transmission over the Internet or electronic storage is completely secure.
We implement appropriate technical and organisational measures including encryption, access controls and regular security assessments to protect personal data.
9. Right of access and right to request data correction
Every individual in the register has the right to review the information stored in the register and to request the correction of any inaccurate information or the completion of incomplete information. If a person wishes to review the information recorded about them or request corrections, the request should be sent in writing to the data controller. The data controller may request the requester to provide proof of identity if necessary. The data controller will respond to the customer within the timeframe prescribed by the EU General Data Protection Regulation (typically within one month).
In addition, data subjects have the right to erasure, restriction of processing, data portability, objection to processing based on legitimate interest, withdrawal of consent where applicable, and the right to lodge a complaint with the competent supervisory authority.
10. Service Providers
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
