Privacy Policy

1. Data Controller

Digital Rebel / Jenni Saarenpää
Business ID: FI27176209
Finland
jenni@digitalrebel.fi
+358 45 868 4790

2. What Data We Collect and Why

We collect personal data only when necessary and for clearly defined purposes:

Contact form: name, email address, company name, and your message. Collected to respond to your inquiry and to communicate about potential collaboration.

Meeting booking (Cal.com): name, email address, and scheduling details. Collected to arrange and manage meetings you request.

Website analytics (Google Analytics): anonymized usage data such as pages visited, session duration, device type, and approximate location. Collected only with your explicit consent, to understand how the website is used and to improve it.

3. Legal Basis for Processing

We process personal data under the following legal bases as defined in GDPR Article 6(1):

Consent (Art. 6(1)(a)): Analytics cookies are only placed after you give explicit consent via the cookie banner.

Legitimate interest (Art. 6(1)(f)): Contact form submissions are processed to respond to your inquiry. Our legitimate interest is to communicate with potential clients who initiate contact.

Contract performance (Art. 6(1)(b)): Booking data is processed to deliver the service you requested (scheduling a meeting).

4. Third-Party Services and Data Transfers

We use the following third-party services that may process personal data:

Google Analytics (Google LLC, USA): Website usage statistics. IP anonymization is enabled. Data may be transferred to the United States under Google's EU-US Data Privacy Framework certification. Only activated with your consent.

Cal.com: Meeting scheduling. Processes name and email for booking purposes.

Vercel (Vercel Inc., USA): Website hosting. Server logs may temporarily contain IP addresses. Vercel processes data under Standard Contractual Clauses (SCCs).

Substack: Newsletter content is fetched via RSS feed on the server side. No visitor data is shared with Substack through this website.

5. International Data Transfers

Some of the third-party services listed above are based in the United States. Where personal data is transferred outside the EU/EEA, we ensure adequate safeguards are in place, including the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or equivalent mechanisms as required by GDPR Chapter V.

6. Cookies

This website uses the following cookies:

Necessary cookies: A consent cookie to remember your cookie preferences. This cookie does not require consent as it is essential for the website to function.

Analytics cookies (Google Analytics): These cookies are only set after you give explicit consent through the cookie banner. They help us understand website usage patterns.

You can change your cookie preferences at any time using the "Cookie Settings" link in the footer of this website.

7. Data Retention

We retain personal data only as long as necessary for the purpose it was collected:

Contact form submissions: 12 months from receipt, then permanently deleted.

Booking data: 12 months after the scheduled meeting, then deleted.

Analytics data: 26 months (Google Analytics default), then automatically deleted.

8. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

Right of access (Art. 15): You can request a copy of the personal data we hold about you.

Right to rectification (Art. 16): You can request correction of inaccurate data.

Right to erasure (Art. 17): You can request deletion of your data when it is no longer necessary.

Right to restrict processing (Art. 18): You can request that we limit how we use your data.

Right to data portability (Art. 20): You can request your data in a structured, machine-readable format.

Right to object (Art. 21): You can object to processing based on legitimate interest.

Right to withdraw consent (Art. 7(3)): You can withdraw consent for analytics at any time via Cookie Settings, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at jenni@digitalrebel.fi. We will respond within 30 days.

9. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (tietosuoja.fi).

10. Data Security

We take appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. The website is served over HTTPS, and access to personal data is limited to the data controller.

11. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any significant changes will be communicated through this page. We encourage you to review this page periodically.

Last updated: March 2026