Categorydistribu

Data protection

Privacy Policy

Version 2.0 · Last updated: 7 April 2026. This document explains how Categorydistribu collects, uses, stores, and protects personal data when you visit categorydistribu.world or contact us from Finland or elsewhere in the European Economic Area.

Data controller

The controller responsible for personal data processing under the EU General Data Protection Regulation (GDPR) and applicable Finnish national law is:

Registered identity

Categorydistribu
Mannerheimintie 96, 00250 Helsinki, Finland
Email: callback@categorydistribu.world
Phone: +358 9 425 77200

When this policy refers to “we,” “us,” or “our,” it means the controller above unless a specific subprocess or joint arrangement is described in a separate notice.

Plain-language summary

This summary is provided for convenience. It does not replace the full policy or your statutory rights.

What we collectContact details you send us, technical logs from your browser, and—if you allow—analytics or marketing identifiers through cookies.
Why we use itTo run the website securely, reply to messages, evidence consent choices, improve content in aggregate form, and meet legal duties.
How long we keep itOnly as long as needed for each purpose, then we delete or anonymise data where feasible.
Your controlYou may access, correct, delete, restrict, object, port data, or withdraw consent subject to legal limits.

Scope of this policy

This policy applies to personal data processed in connection with:

  • Browsing public pages on categorydistribu.ddd.
  • Submitting the contact form or emailing us at the address listed above.
  • Storing and reading cookies or similar technologies according to your choices in the cookie banner.
  • Communications we send in response to your requests when you have provided contact details.

It does not govern third-party websites that we may link to; those sites publish their own notices. It also does not cover anonymous or purely statistical information that cannot reasonably identify you.

Categories of personal data

Depending on your interaction, we may process the following categories:

  • Identity and contact data: name, email address, telephone number, job title, or organisation name if you include them in a message.
  • Communication content: the body of forms, email threads, and attachments you choose to send.
  • Technical identifiers: IP address, user agent string, device type, operating system, and approximate region derived from network information.
  • Usage and performance data: pages viewed, time on page, scroll depth proxies, referral URL, and crash or error codes when optional analytics tools are active.
  • Cookie and consent records: your cookie category selections, timestamps, and a random or pseudonymous consent identifier stored locally where applicable.
  • Security data: failed login attempts if such features exist in the future, rate-limit counters, and abuse signals.

We do not ask you to provide health or other special categories of personal data through general contact forms. If you voluntarily include sensitive information, we will treat it with additional care and only process it where a lawful basis exists, such as explicit consent or a clear legal obligation. We may ask you to remove unnecessary sensitive content or to use a more appropriate channel.

Sources of personal data

We obtain personal data from:

  • You directly, when you type into forms, subscribe to updates where available, or correspond by email.
  • Your device and browser, automatically when you load pages, unless you have configured blocking technologies that prevent certain requests.
  • Analytics or advertising partners, only where you have consented to optional cookies and the partner acts under contract with us or its own legal basis as disclosed in their policies.
  • Public registers or professional listings, only in rare cases where we verify organisational details for due diligence related to a partnership inquiry you initiated.

Lawful bases for processing

We process personal data only when a lawful basis under Article 6 GDPR applies. The main bases we rely on include:

  • Consent (Article 6(1)(a)): for optional analytics and marketing cookies, certain newsletters if offered, and any processing you explicitly opt into through a clear affirmative action.
  • Performance of a contract or pre-contractual steps (Article 6(1)(b)): to respond to service-related inquiries and prepare agreements when you request information about collaboration.
  • Legitimate interests (Article 6(1)(f)): to secure our infrastructure, prevent fraud, understand aggregate site performance, improve navigation, train staff on anonymised examples, and manage routine correspondence—balanced against your rights and freedoms.
  • Legal obligation (Article 6(1)(c)): to retain accounting records, respond to lawful requests from authorities, or comply with court orders where applicable.

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawal may mean we cannot provide certain optional features.

Purposes of processing

We process personal data for specific, explicit, and legitimate purposes, including:

  • Hosting and delivering website content over HTTPS with appropriate caching and compression.
  • Receiving, triaging, and archiving messages you initiate, including follow-up questions.
  • Recording evidence of cookie preferences to demonstrate compliance with ePrivacy requirements.
  • Measuring aggregated traffic patterns and content performance when analytics consent is granted.
  • Attributing marketing campaigns and limiting repetitive advertisements when marketing consent is granted.
  • Detecting and mitigating attacks, spam, or scraping that could degrade service quality.
  • Fulfilling statutory retention or reporting duties in Finland or the EU where they apply to our operations.

Online advertising and measurement (including Google)

Where you have given consent to marketing or analytics cookies (as applicable), we or our processors may use technologies that support online advertising and campaign measurement. This can include, for example, Google Ads conversion measurement, remarketing or similar audience features, and Google Analytics (or comparable tools) when enabled. These tools may process pseudonymous identifiers, device or browser information, and event data such as page views or conversions.

For services provided by Google, Google Ireland Limited (or another Google affiliate as described in Google’s disclosures) typically acts as a processor or independent controller depending on the product; see Google’s Privacy Policy and How Google uses cookies in advertising. We configure tags to respect your consent choices where technically required under EU/EEA rules (including Finland).

You can withdraw consent at any time through our cookie settings, adjust ad personalisation in your Google account or via Google Ads Settings, and use browser controls or industry opt-out tools. Withdrawal does not affect the lawfulness of processing before withdrawal.

Finland & EU

Processing related to advertising is carried out in line with the GDPR, applicable Finnish implementation acts, and platform requirements such as Google’s EU User Consent Policy where relevant. We do not use sensitive categories of personal data for personalised advertising through this site.

Automated decision-making and profiling

We do not use personal data to make solely automated decisions that produce legal or similarly significant effects concerning you. Limited analytics may create aggregate statistics or segment audiences at a cohort level; these activities do not evaluate your individual circumstances in a way that would deny services or rights without human involvement.

Recipients and categories of recipients

Access to personal data is limited to personnel and contractors who need it for their duties. We may share data with:

  • Infrastructure providers that host servers, distribute content, or provide email delivery under Article 28 GDPR data processing agreements.
  • Professional advisers such as lawyers or accountants when confidentiality obligations apply.
  • Analytics or advertising vendors when you consent, subject to their role as processors or independent controllers as defined in their terms.
  • Public authorities when required by law or a valid request.

We do not sell personal data in the sense of exchanging it for money with unrelated third parties for their independent marketing lists.

International transfers

Your data is primarily processed within the European Economic Area. If a transfer outside the EEA becomes necessary—for example because a subprocessor operates in another country—we implement appropriate safeguards such as:

  • European Commission adequacy decisions where available;
  • Standard Contractual Clauses with supplementary technical and organisational measures where required by recent jurisprudence;
  • Binding corporate rules or other mechanisms recognised under Chapter V GDPR when applicable.

You may request further information about specific transfers by contacting us using the details below.

Retention periods

We retain personal data no longer than necessary for each purpose. Indicative periods include:

  • Contact and email inquiries: typically up to twenty-four months after the last substantive message, unless a dispute, legal claim, or statutory requirement necessitates longer retention.
  • Server and security logs: generally between thirty and ninety days, extendable when investigating incidents.
  • Consent logs: often up to five years from withdrawal or last update to demonstrate compliance, unless a supervisory authority expects a different period.
  • Analytics identifiers: according to vendor defaults and your consent scope, frequently between thirteen and thirty-eight months for pseudonymous identifiers.
  • Financial or tax records: as required by Finnish bookkeeping and tax legislation, commonly six to ten years depending on the record type.

When retention ends, we delete or irreversibly anonymise data where feasible. Backup copies may persist for a short technical window before overwrite cycles complete.

Deletion requests are applied to live systems promptly. Encrypted backups may retain redundant copies until scheduled rotation. Restores from backup after erasure are performed only when technically necessary and with safeguards to avoid reintroducing erased data into active processing without a new lawful basis.

Security measures

We implement administrative, technical, and organisational measures appropriate to the risk, including:

  • TLS encryption for data in transit between your browser and our site.
  • Access controls and authentication for administrative interfaces.
  • Patch management and vulnerability monitoring for supported systems.
  • Confidentiality commitments for staff and processors.
  • Incident response procedures to detect, contain, and notify breaches where required by Articles 33 and 34 GDPR.

No system is perfectly secure. We continuously review our measures in light of evolving threats and regulatory guidance.

Your rights under GDPR

Subject to conditions and exemptions in the GDPR, you may exercise the following rights:

  • Right of access (Article 15): obtain confirmation of processing and a copy of your personal data.
  • Right to rectification (Article 16): correct inaccurate or incomplete data.
  • Right to erasure (Article 17): request deletion where grounds apply.
  • Right to restriction (Article 18): limit processing in defined situations.
  • Right to data portability (Article 20): receive certain data in a structured, machine-readable format where processing is based on consent or contract and carried out by automated means.
  • Right to object (Article 21): object to processing based on legitimate interests or to direct marketing.
  • Rights related to automated decision-making (Article 22): not applicable to processing described here, but we note it for completeness.

To exercise rights, email callback@categorydistribu.world with enough detail for us to locate your data. We may request reasonable identity verification. We respond within one month, extendable by two further months where complex, with an explanation as required by Article 12(3) GDPR.

Children

Our website is not directed at children under sixteen. We do not knowingly collect personal data from children. If you believe we have received such data, please contact us and we will delete it promptly subject to technical feasibility.

Supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in your habitual residence, place of work, or place of an alleged infringement. In Finland, the competent authority is the Office of the Data Protection Ombudsman. More information is available at tietosuoja.fi.

Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business developments. Material changes will be indicated by revising the date at the top and, where appropriate, a short notice on the website. Continued use after changes constitutes acceptance of the updated policy except where your explicit consent is required for new processing.

Contact

For privacy questions, data subject requests, or clarification about this policy, contact callback@categorydistribu.world or write to Mannerheimintie 96, 00250 Helsinki, Finland.