1. Data controller

Yelppy Finland Oy

Business ID: 3508660-9

Salomonkatu 17 B, 00100 Helsinki, Finland

asiakaspalvelu@yelppy.com

2. Contact Person for Register Matters

Marko Eteläaho

asiakaspalvelu@yelppy.com

3. Name of the Register

Yelppy Customer and User Register

4. Data Subjects

– Business owners and employees using the Yelppy software

– Website visitors

– Newsletter and marketing message recipients

– Partners and service providers

5. Purpose of Personal Data Processing

Personal data is processed for:

– Providing software services and managing customer accounts

– Customer service and communication

– Invoicing and contract management

– Marketing communication and newsletters (with consent)

– Website analytics and development

The processing is based on:

– Contracts and customer relationships

– Legal obligations (e.g., accounting laws)

– Consent (e.g., marketing purposes)

6. Data Content of the Register

The register may include:

– Contact details: name, email, phone number, company, title

– Login details (email, hashed password)

– Billing data: invoices, payments, contracts

– Interaction data: support requests, usage logs

– Analytics data: IP address, browser, device, site behavior

You may request correction or deletion of your data unless required by law.

7. Regular Disclosures of Data

Data may be disclosed to:

– Authorities (e.g., Tax Administration)

– Hosting and IT service providers (e.g., Hostinger)

– Payment and accounting service providers

– Email and analytics platforms (e.g., newsletter tools, Google Analytics)

Data is not sold or disclosed to third parties for marketing without consent.

8. Transfer of Data Outside the EU

Data is primarily stored within the EU/EEA.

If data is transferred outside the EU, EU-approved safeguards such as standard contractual clauses will be applied.

9. Principles of Data Security

Data security is ensured through:

– Firewalls, encryption, and secure authentication

– Access control: only authorized personnel can access the data

– Regular audits and system updates

10. Data Retention and Deletion

– Accounting data: 6 years (according to accounting law)

– Customer data: 2 years after the end of the customer relationship

– Analytics data: according to cookie/tool-specific retention times

Data will be deleted or anonymized when no longer needed. Deletion requests will be honored unless restricted by law.

11. Data Subject Rights

Data subjects have the right to:

– Know if their data is being processed

– Access and correct their data

– Request deletion if there is no legal basis for processing

– Object to or restrict data processing

– Withdraw consent (e.g., unsubscribe from marketing)

– File a complaint with the data protection authority

Requests will be processed within 30 days.