Controller
Wacasa Oy
Business ID: 3362866-2
Rantakatu 3 B 1, 65100 Vaasa, Finland
per.hannuksela@wacasa.fi
joni.uusipaikka@wacasa.fi
Purpose of Processing Personal Data
Wacasa Oy processes analytics data generated from the use of the website in order to monitor the operation of the website, ensure security and develop the website.
Data Processed
Analytics may include data about the use of the website, such as page views, time of visit, visited pages, link usage, browser, device type and technical log data.
IP addresses are anonymised. Analytics are not used to identify individual visitors, profile users or target advertising.
Legal Basis for Processing
The processing of personal data is based on the controller’s legitimate interest. The legitimate interest is to monitor the operation, security and usability of the website and to develop the website.
Processors and Recipients
TietoWare Oy acts as the technical provider of the analytics service. Analytics are implemented using the Matomo service at analytics.tietoware.fi.
The data is processed on behalf of Wacasa Oy for website maintenance, security, performance monitoring and development.
Data Transfers
Analytics data is not used for targeted advertising and is not disclosed to advertising networks. Data is not transferred outside the European Economic Area unless necessary for the technical maintenance of the service and protected in accordance with data protection legislation.
Data Retention
Analytics data is retained only for as long as necessary to monitor and develop the operation of the website. The retention period is determined by the settings of the Matomo service.
Rights of the Data Subject
The data subject has the right to request access to their personal data, rectification or erasure of data, restriction of processing and the right to object to processing on grounds relating to their particular situation.
Requests can be sent to per.hannuksela@wacasa.fi or joni.uusipaikka@wacasa.fi.
The data subject has the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data infringes data protection legislation.