1.  Data Controller

Infinity Design Ltd. (Business ID 1982703-2) (and its subsidiaries), Linnankatu 82, 20100 Turku.

2.  Contact Person for the Register

Jussi Juva, privacy[at]infinity.fi, +358 440 333802.

3.  Register Name

Infinity's customer, marketing, and partner register.

4.  Register Name

The legal basis for processing personal data in accordance with the GDPR is:

• Establishing customer relationships.
• Maintaining customer relationships.
• Communication with corporate clients' contact persons.
• Communication with partners and maintaining partnerships.
• Invoicing.
• Sending customer messages and newsletters.
• Marketing activities to strengthen customer relationships.
• Sales and marketing.
• Business and service development.
• Data is not used for automated decision-making or profiling.

5.  Content of the Register

The information stored in the register includes:

• Legal entity user's basic information: such as the company name, address, Business ID, contact person's name, email address, and phone number.
• Natural person user's basic information: such as name, address, profession, phone number, and email address. • Information related to customer relationships and partnerships, including billing and payment information, order details, customer feedback, and communications, as well as cancellation information.
• Consent for direct marketing via email, text messages, and other automated systems.
• User-provided profiling and interest information.
• Other information collected with the user's consent.
• Other information related to customer relationships and ordered services (e.g., upcoming meetings, meeting notes, and sent offers). Data is retained for the necessary duration to fulfill the purposes mentioned in this statement. When personal data is no longer needed, it will be appropriately and securely deleted. Visitors' IP addresses and cookies necessary for the operation of the website are processed based on legitimate interests, including security and gathering statistical data about website visitors, when they can be considered personal data. Third-party cookies require separate consent as needed.

6.  Regular Sources of Information

The information to be stored in the register is obtained from customers or potential customers through means such as messages sent via the website forms, email, phone calls, social media services, agreements, customer meetings, and other situations where customers provide their information. Contact information for businesses and other organizations' representatives may also be collected from public sources such as websites, directory services, public registers, and other companies.

7.  Regular Disclosures of Data and Data Transfers Outside the EU or EEA

Data is not regularly disclosed to other parties. Data may be published or disclosed to partners to the extent agreed upon with the customer. Data may also be transferred outside the EU or EEA by the data controller. Data is not transferred to the United States without the explicit consent of the registered individuals. However, the data controller may transfer personal data related to cookies provided by Google Analytics to the United States if the user has given consent for these cookies. In such cases, the transfer of personal data to the United States is subject to conditions compliant with the model clauses approved by the European Commission. Data transferred during website visits is conveyed to Google, which processes it as an independent data controller. Google handles this data for its own purposes and has the ability to combine it with other visitor information. You can find Google's privacy policy and terms of use at

Meta's Pixel tracking service records actions taken on the website. Meta processes your data as an independent data controller, and you can read more about their privacy practices at

8.  Principles of Register Protection

Care and diligence are observed in the processing of the register, and the information processed by data systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the hardware is properly maintained. The data controller ensures that stored information, as well as server access rights and other information critical to the security of personal data, is treated confidentially and only by employees whose job description includes such responsibilities.

9.  Right to Inspection and Right to Request Data Correction

Every individual in the register has the right to inspect the information stored about them in the register and to request the correction of any erroneous information or completion of incomplete information. If a person wishes to review the information stored about them or request corrections, the request should be sent in writing to the data controller. The data controller may, if necessary, request the person making the request to prove their identity. The data controller will respond to the customer within the time frame specified in the EU Data Protection Regulation (usually within one month).