Data Controller: InnoHeap Oy · Helsinki, Finland · Last updated: June 2026
InnoHeap Oy (“InnoHeap”, “we”, “us”) is committed to protecting the privacy of all individuals who visit our website or contact us. This Privacy Policy explains what personal data we collect, why we collect it, how long we retain it, and what rights you have under the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).
The data controller responsible for your personal data is:
InnoHeap Oy
Helsinki, Finland
For any questions or requests regarding your personal data, please use the contact button at the bottom of this page.
We collect personal data only for specific, explicit, and legitimate purposes. The following describes each processing activity on this website.
When you submit our contact form, we collect:
Purpose: To respond to your enquiry and, where appropriate, to assess a potential business relationship.
Legal basis: Legitimate interests (GDPR Article 6(1)(f)). It is in our and your legitimate interest to be able to respond to messages sent to us voluntarily.
Retention period: We retain contact form submissions for up to 24 months after the last interaction, after which they are deleted unless a business relationship has been established.
Our website is hosted on Hostinger. As with any web hosting service, Hostinger’s servers automatically log certain technical data each time a visitor accesses the website. This includes:
IP addresses are considered personal data under GDPR. They are processed at the infrastructure level by Hostinger as our data processor and are not used by InnoHeap to identify, profile, or track individual visitors. Hostinger’s built-in analytics tool aggregates this data for traffic overview purposes only; it does not use cookies or third-party integrations.
Purpose: To maintain the security and correct functioning of the website, to prevent malicious misuse, and to understand aggregate website traffic in order to improve our service.
Legal basis: Legitimate interests (GDPR Article 6(1)(f)). We have a legitimate interest in maintaining a secure and functional website and in understanding aggregate visitor behaviour.
Retention period: Server access logs are retained as determined by Hostinger’s infrastructure policies. No personally identifiable visitor profiles are created or retained by InnoHeap.
If you book a discovery call through our Microsoft Bookings scheduling tool, we collect:
Purpose: To schedule and manage the meeting, send you a calendar invitation and any necessary meeting instructions.
Legal basis: Performance of a pre-contractual step at your request (GDPR Article 6(1)(b)).
Retention period: Booking information is retained for 12 months after the meeting date, after which it is deleted unless an ongoing business relationship has been established.
We do not sell, rent, or trade your personal data to third parties.
We share personal data only with the following categories of processors who act strictly on our instructions under data processing agreements:
These providers may process data within the European Economic Area (EEA) or, in the case of Microsoft, under standard contractual clauses approved by the European Commission, ensuring an adequate level of data protection.
We may also disclose personal data to competent authorities if required to do so by applicable law.
Microsoft Corporation is headquartered in the United States. Data processed through Microsoft 365 and Microsoft Bookings may be transferred to and stored in the United States. Such transfers are carried out under the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S. Data Privacy Framework, ensuring an adequate level of protection.
Hostinger’s primary infrastructure is located within the EU/EEA. For current information on Hostinger’s data transfer practices, please refer to Hostinger’s Privacy Policy.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These measures include:
Our website may contain links to external websites that are not operated or controlled by InnoHeap. We are not responsible for the content or privacy practices of those websites. We encourage you to review the privacy policy of any third-party website you visit. This Privacy Policy applies solely to information collected by InnoHeap’s website.
Under the GDPR, you have the following rights regarding your personal data. You may exercise these rights free of charge using the contact button at the bottom of this page.
We may ask you to verify your identity before processing your request. We will respond within one month.
If you believe your personal data has been processed in violation of applicable data protection law, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu):
Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki
P.O. Box 800, 00531 Helsinki, Finland
tietosuoja(at)om.fi
tietosuoja.fi
InnoHeap does not carry out any automated decision-making or profiling of individuals using personal data collected through this website.
We review and update this Privacy Policy periodically. When we make material changes, we will update the “Last updated” date at the top of this page. We recommend checking this page from time to time to stay informed of any updates.