How FinnScreen collects, uses, and protects your personal data
The data controller responsible for your personal data is:
Business ID (Y-tunnus): 3318632-3
Address: Helsinki, Finland
Email: privacy@finnscreen.fi
Website: finnscreen.fi
For all data protection enquiries please contact us at privacy@finnscreen.fi. We aim to respond within 30 days as required by Article 12 GDPR.
Note for business customers (data processors): When you use FinnScreen to display content on your screens, you remain the data controller for any personal data shown in that content. FinnScreen processes such data on your behalf only as a data processor under the terms of our Data Processing Agreement (DPA), available on request.
We collect only the data necessary to provide and improve the FinnScreen service. The categories are:
We do not collect sensitive personal data (special categories under Article 9 GDPR) such as health information, biometric data, political opinions, or religious beliefs.
Under Article 13 GDPR we are required to inform you of the legal basis for each processing activity. The table below sets out how and why we use your data:
| Purpose | Data used | Legal basis (GDPR Art. 6) |
|---|---|---|
| Creating and managing your account | Account & registration data | Art. 6(1)(b) — Contract |
| Providing the digital signage service (dashboard, player, scheduling) | Account, device, content, and usage data | Art. 6(1)(b) — Contract |
| Billing and invoicing | Account data, payment data | Art. 6(1)(b) — Contract + Art. 6(1)(c) — Legal obligation |
| Storing financial records (Finnish Accounting Act 1336/1997 — 6-year retention) | Invoices, payment records | Art. 6(1)(c) — Legal obligation |
| Security monitoring, fraud prevention, and abuse detection | Log data, IP addresses | Art. 6(1)(f) — Legitimate interests |
| Improving and developing the service (aggregated analytics) | Anonymised usage data | Art. 6(1)(f) — Legitimate interests |
| Responding to support requests | Communication data, account data | Art. 6(1)(b) — Contract |
| Sending service notifications (downtime, policy changes, security alerts) | Email address | Art. 6(1)(f) — Legitimate interests |
| Sending marketing emails and product updates | Email address | (opt-in; withdrawable at any time) |
Legitimate interests balancing test: Where we rely on legitimate interests (Art. 6(1)(f)), we have assessed that our interests do not override your fundamental rights. You have the right to object to processing based on legitimate interests — see Section 7.
We keep personal data only for as long as necessary for the purpose it was collected, or as required by Finnish law:
| Data category | Retention period | Reason |
|---|---|---|
| Account and profile data | Duration of account + 30 days after deletion request | Service provision; grace period for accidental deletion |
| Content files (uploaded media) | Deleted when you delete them or close your account | Stored only while needed for playback |
| Billing records and invoices | 6 years from end of financial year | Finnish Accounting Act (Kirjanpitolaki 1336/1997), Ch. 2 §10 |
| Technical logs (access, error) | 90 days | Security monitoring and debugging |
| Support correspondence | 2 years from resolution | Service quality and dispute resolution |
| Marketing consent records | Until consent is withdrawn + 3 years | Proof of consent under Finnish Information Society Code (917/2014) |
After the applicable retention period, data is securely deleted or anonymised. Anonymised data (which can no longer identify you) may be retained indefinitely for statistical purposes.
We do not sell your personal data. We share data only with the following categories of processors, each bound by a Data Processing Agreement in accordance with Article 28 GDPR:
We may disclose personal data if required to do so by Finnish law, a court order, or a competent public authority (e.g. the Finnish Data Protection Ombudsman). We will inform you of any such disclosure unless legally prohibited from doing so.
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the new entity. We will notify you by email before your data becomes subject to a different privacy policy.
Our primary data processing takes place within the European Economic Area (EEA). Where we use processors based outside the EEA (e.g. Vercel or Stripe infrastructure in the US), transfers are protected by one or more of the following safeguards:
You may request a copy of the relevant transfer safeguard documentation by contacting us at privacy@finnscreen.fi.
Under the GDPR and the Finnish Data Protection Act (Tietosuojalaki 1050/2018), you have the following rights:
Request a copy of all personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
Request that we pause processing your data in certain circumstances.
Receive your data in a structured, machine-readable format (JSON/CSV) to transfer to another provider.
Object to processing based on legitimate interests or direct marketing. We will stop unless we can demonstrate compelling legitimate grounds.
Withdraw marketing consent at any time via the unsubscribe link in emails or by contacting us. Withdrawal does not affect prior lawful processing.
We do not make decisions with legal or significant effect based solely on automated processing.
Submit a request to privacy@finnscreen.fi with the subject line "Data Subject Request". We will verify your identity and respond within 30 calendar days. In complex cases this may be extended by a further 60 days with prior notice.
Exercising these rights is free of charge. We may charge a reasonable fee for manifestly unfounded or excessive requests (Article 12(5) GDPR).
We use strictly necessary cookies to operate the service — for example, to keep you logged in during a session. These cookies do not require your consent under the Finnish Information Society Code (917/2014), Section 205.
With your consent, we may use analytics cookies to understand how visitors use our website in aggregate. You can manage or withdraw consent at any time through the cookie banner or by clearing cookies in your browser settings.
The FinnScreen Player Android application does not use advertising cookies or third-party tracking SDKs. It communicates only with the FinnScreen backend to receive content and scheduling instructions.
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or destruction, in accordance with Article 32 GDPR. Measures include:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Finnish Data Protection Ombudsman within 72 hours (Article 33 GDPR) and inform affected individuals without undue delay where required by Article 34 GDPR.
The FinnScreen service is a professional business tool intended for users aged 18 and over. We do not knowingly collect personal data from children under the age of 13. If you believe a child has provided us with personal data, please contact us immediately at privacy@finnscreen.fi and we will delete the data promptly.
The FinnScreen Player Android application is rated Everyone on Google Play because it contains no harmful content; however, it is designed for business deployment by adults and not directed at children.
We may update this Privacy Policy from time to time. When we make material changes we will:
Continued use of the service after the effective date constitutes acceptance of the updated policy. If you disagree with the changes, you may close your account before the effective date.
For any questions, concerns, or requests related to this Privacy Policy or your personal data:
Helsinki, Finland
Email: privacy@finnscreen.fi
Response time: within 30 calendar days
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu), which is the competent supervisory authority in Finland:
Tietosuojavaltuutetun toimisto
Visiting address: Lintulahdenkuja 4, 00530 Helsinki, Finland
Postal address: PO Box 800, 00531 Helsinki, Finland
Telephone: +358 29 566 6700
Email: tietosuoja@om.fi
Website: tietosuoja.fi
We encourage you to contact us first so we can try to resolve your concern directly before lodging a complaint.