Clean Freak Oy Website and Contact Requests
Updated: 25 November 2025
Clean Freak Oy respects the privacy of its customers and website users and processes personal data with care, in accordance with the EU General Data Protection Regulation (GDPR) and other applicable legislation. This Privacy Policy describes how we process personal data when you visit our website www.cleanfreak.fi or contact us, for example via the contact form.
1. Controller
Clean Freak Oy
Espoo, Finland
Business ID: 3473176-8
Email: siivous@cleanfreak.fi
2. Data subjects and purposes of processing
This register contains personal data of individuals who visit the website and contact Clean Freak Oy via the form or by email. A data subject may be a household customer, a contact person of an association or other organisation, or a representative of a company.
Personal data is used to receive and handle contact requests, respond to quote enquiries, plan and deliver cleaning services, communicate with customers, and fulfil accounting and other statutory obligations. In addition, personal data is used to ensure the technical functioning and security of the website and service. Personal data is not used for automated decision-making or large-scale profiling.
3. Categories of personal data
In connection with contact requests and customer relationship management, we may process, for example, the following data: name, email address, phone number, address and location details relating to the cleaning site, information about the customer type (household, association/club, other), requested duration and timing of the cleaning, and the content of the message and any additional information provided by the data subject.
In connection with the website, the server and security solutions may also process technical data, such as IP address, browser and operating system, time of visit and pages visited, and information on whether a form submission was successful or blocked for security reasons. The Google reCAPTCHA service used to protect the contact form may additionally collect technical data and analyse user activity in order to prevent misuse. This technical data is used solely to ensure the functioning and security of the website.
4. Legal basis for processing
The legal basis for processing personal data is the taking of steps prior to entering into a contract and the performance of a contract (GDPR Art. 6(1)(b)) when we handle contact requests, prepare quotes and deliver agreed services. For data processed to comply with accounting and tax legislation, the legal basis is the controller’s legal obligations (GDPR Art. 6(1)(c)). Processing carried out to ensure the security of the website and information systems and to prevent misuse is based on the controller’s legitimate interests (GDPR Art. 6(1)(f)).
5. Sources of personal data
Personal data is primarily obtained from the data subject, when they fill in the contact form or contact us by email. In addition, technical data is generated automatically by the online service and server logs, as well as by the security and form protection solutions in use (such as Google reCAPTCHA).
6. Retention period
Personal data is retained only for as long as is necessary for the purposes described in this Privacy Policy or as required by law. Data relating to contact requests and quote enquiries is typically retained for no longer than approximately 12 months from the last contact, unless a customer relationship continues. Data relating to completed assignments, invoicing and accounting is retained for the period required by accounting legislation, usually 6–10 years. Technical log data is retained for a limited period necessary for ensuring security and investigating possible incidents.
7. Disclosures and transfers of personal data
Personal data may be disclosed to service providers that assist with accounting, payment processing, IT infrastructure, or other statutory obligations on behalf of the controller. In such cases, contractual and other arrangements are used to ensure that personal data is processed in accordance with data protection requirements. Data may be disclosed to authorities where required by law. Personal data is not sold to third parties.
Personal data is mainly processed within the EU and EEA. Some essential service providers (for example major cloud and technology providers such as Google) may, however, be located outside the EEA. In such cases, we seek to ensure an adequate level of protection for personal data by using safeguards required by data protection legislation, such as standard contractual clauses approved by the European Commission or other appropriate arrangements.
8. Protection of personal data
Personal data is processed in protected systems using appropriate technical and organisational security measures. These include, for example, restricted user rights, strong passwords, two-factor authentication, encrypted connections (HTTPS), and security measures implemented at server and application level. Personal data is processed only by persons who need the data to perform their duties.
9. Rights of the data subject
Under the EU General Data Protection Regulation, the data subject has the right to obtain confirmation as to whether personal data concerning them is being processed and to access their personal data. The data subject may request the rectification of inaccurate or incomplete data and, in certain situations, the erasure of data or restriction of processing. The data subject has the right to object to processing based on legitimate interests on grounds relating to their particular situation, and the right to data portability for data they have provided themselves, to the extent that the processing is based on consent or contract and carried out by automated means.
Requests should be addressed to the controller using the contact details provided in section 1, preferably in writing by email. The controller may request additional information if necessary to verify the identity of the person making the request. The data subject also has the right to lodge a complaint with the Office of the Data Protection Ombudsman (www.tietosuoja.fi) if they consider that their personal data has been processed in violation of data protection rules.
10. Cookies
This website does not use analytics or marketing cookies, and cookies are not used to track or profile individual visitors. The Google reCAPTCHA service used to protect the contact form may use cookies and similar technologies to ensure the technical functioning of the service and to prevent misuse.
11. Contact
If you have any questions or requests regarding the processing of personal data, please contact the controller by email at siivous@cleanfreak.fi.