Privacy Policy

This Privacy Policy explains how Werjo Oy handles personal data in connection with the Werjo website.

The Werjo website currently provides basic company and project information. It does not provide user accounts, user profiles, mobile app functionality, event booking, ticket sales, newsletters, comments, reviews, or other interactive user features.

1. Who we are

The website is operated by:

For the purposes of data protection law, Werjo Oy is the controller of personal data processed through this website.

2. What personal data we process

We aim to collect as little personal data as reasonably possible through this website.

Depending on how you use the website, we may process the following data.

Technical data

When you visit the website, our hosting provider or server may automatically process basic technical data, such as:

• IP address;
• browser type and version;
• device type;
• operating system;
• pages visited;
• date and time of access;
• basic server log data.

This data is used to make the website available, maintain security, prevent abuse, and fix technical issues.

Contact data

If you contact us by email, we may process:

• your email address;
• your name, if you provide it;
• the content of your message;
• any other information you choose to include.

We use this data to read, manage, and respond to your message.

3. What we do not collect through this website

The current Werjo website does not collect or process:

• user account data;
• passwords;
• payment data;
• precise location data;
• app usage data;
• saved events or saved places;
• user-generated content;
• marketing newsletter subscriptions;
• children’s account data.

4. Purposes of processing

We process personal data only for limited purposes:

• to operate and display the website;
• to maintain website security;
• to prevent misuse, spam, or technical abuse;
• to diagnose and fix technical issues;
• to respond to messages sent to us;
• to keep necessary business records;
• to comply with legal obligations.

5. Legal bases for processing

Where the GDPR applies, we rely on the following legal bases:

• Legitimate interests, for operating a basic company website, maintaining security, preventing abuse, and handling technical logs.
• Pre-contractual steps or legitimate interests, when responding to messages sent to us.
• Legal obligation, where we are required to keep or disclose certain information under applicable law.
• Consent, if we later introduce optional cookies, analytics, marketing, or similar technologies that require consent.

6. Cookies and similar technologies

The current Werjo website may use only cookies or similar technologies that are necessary for the website to function correctly, securely, or reliably.

We do not currently use cookies for advertising, behavioural profiling, cross-site tracking, or personalised marketing.

If we introduce analytics, advertising, marketing, or other non-essential cookies in the future, we will update this Privacy Policy and ask for consent where required by law.

You can also control cookies through your browser settings.

7. Service providers

We may use service providers to operate the website and company email. These may include providers for:

• domain registration;
• website hosting;
• server infrastructure;
• email hosting;
• website security;
• technical maintenance.

These providers may process personal data only as needed to provide their services to us.

8. Sharing of personal data

We do not sell personal data.

We may share personal data only when necessary:

• with service providers who help us operate the website or email;
• if required by law, court order, authority request, or legal process;
• to protect the rights, safety, and security of Werjo Oy, the website, or others;
• in connection with a business transfer, restructuring, merger, or acquisition.

9. International transfers

Some service providers may process data outside Finland or the European Economic Area.

Where personal data is transferred outside the EEA, we will use appropriate safeguards when required by law, such as adequacy decisions, standard contractual clauses, or other legally recognized transfer mechanisms.

10. Data retention

We keep personal data only for as long as reasonably necessary.

Typical retention periods are:

• technical server logs: for a limited period needed for security, debugging, and website operation;
• email messages: for as long as needed to respond and maintain necessary business records;
• legal or administrative records: for as long as required by applicable law.

When data is no longer needed, we will delete it or anonymize it where reasonably possible.

11. Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

No website or online service can be completely secure, but we aim to protect personal data using appropriate safeguards.

12. Children

The Werjo website is not directed at children under 13.

The website does not provide accounts, interactive features, or services specifically directed at children.

13. Your rights

Depending on your location and applicable law, you may have rights to:

• access your personal data;
• request correction of inaccurate data;
• request deletion of your data;
• restrict or object to processing;
• withdraw consent where processing is based on consent;
• request data portability;
• lodge a complaint with a data protection authority.

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman.

To exercise your rights, contact us at: legal@werjo.com

14. Changes to this Privacy Policy

We may update this Privacy Policy when the website, legal requirements, service providers, or data processing practices change.

The updated version will be posted on this page with a new “Last updated” date.

15. Contact

For questions about this Privacy Policy or personal data processing, contact: