Privacy Policy
Last updated: 1 January 2026.
The controller for this website is trailhatchix, Tyynenmerenkatu 9, 00220 Helsinki, Finland. This policy explains how personal data is handled when you use trailhatchix.store, especially when you submit the contact form. The site does not publish an email address or telephone number, so privacy requests and engagement enquiries are routed through the contact form.
The contact form asks for name, email address, organisation type, a short description of what you want to improve, and a message. You may also include information about your role, organisation, systems, process concerns or timing if you choose to write it into the message. Do not include special category personal data unless it is strictly necessary for your enquiry. The purpose of collecting this data is to understand the enquiry, decide whether a first conversation is appropriate, respond to the person who submitted the form, keep a record of what was asked, and avoid proposing anything before scope exists.
The lawful basis under the GDPR is legitimate interests for handling business enquiries, operating the website, protecting the site from misuse and keeping reasonable records of correspondence. Where processing is necessary to take steps before entering into a contract, that basis may also apply. If non-essential cookies are enabled, the lawful basis for those optional categories is consent. Consent can be changed through the footer link labelled “Manage cookie preferences”.
Personal data from enquiries is retained only for as long as it is needed for the purpose for which it was supplied. Enquiries that do not lead to further discussion are removed or anonymised when they are no longer useful for follow-up or record keeping. If an enquiry leads to an engagement, relevant correspondence may be retained with engagement records for the period needed to administer the relationship, resolve questions and meet legal obligations. Retention is reviewed against necessity rather than kept indefinitely by default.
Generic processors may support hosting, website operation, form handling, security monitoring, storage, analytics if consented, and business administration. These processors act under instructions and are expected to provide appropriate confidentiality, security and data-processing commitments. trailhatchix does not sell personal data and does not use contact form data for third-party marketing.
Some processors or infrastructure providers may process data outside Finland or the European Economic Area. Where that happens, trailhatchix relies on appropriate transfer mechanisms recognised under the GDPR, such as adequacy decisions or standard contractual clauses, together with proportionate technical and organisational measures. The exact route can depend on the service provider used for hosting and operational support at the time of processing.
You have rights under the GDPR as implemented in Finland by the Tietosuojalaki, the Data Protection Act 1050/2018. These include the right to request access to your personal data, rectification of inaccurate data, erasure where the legal conditions are met, restriction of processing, objection to processing based on legitimate interests, and data portability where applicable. You also have the right to withdraw consent for optional cookies without affecting processing that occurred before withdrawal.
To exercise your rights, use the contact form and state the right you want to exercise. trailhatchix may need to verify that the request relates to you before acting on it. A request can be refused or limited where the law allows, for example where retention is required to establish, exercise or defend legal claims, or where another person’s rights would be affected.
The site uses localStorage and may use cookies as described in the Cookie Policy. Strictly necessary storage records your cookie preference. Analytics, functional and marketing categories are disabled unless you enable them. Non-essential scripts are gated behind the stored consent value.
Security measures include limiting the personal data requested, using access controls appropriate to the service, keeping records only where needed, and avoiding unnecessary publication of contact routes. No website can guarantee absolute security. If you believe data submitted through the site has been mishandled, use the contact form and include enough detail to identify the issue.
You have the right to lodge a complaint with the Finnish supervisory authority, the Office of the Data Protection Ombudsman, Tietosuojavaltuutetun toimisto. You may also contact trailhatchix first through the contact form so the matter can be reviewed directly. This policy may be updated when site operation, legal requirements or processing practices change.