🛡️ Privacy Policy – Vaste.io

Last updated: 19.6.2025

This Privacy Policy explains how S&R Marketing Oy (Business ID: 3379740-7) processes personal data in connection with the Vaste.io service. The processing of personal data complies with the European Union’s General Data Protection Regulation (GDPR) and applicable Finnish legislation.

1. Data Controller

S&R Marketing Oy
Business ID: 3379740-7
Email: [email protected]
Phone: +358 44 364 6550
Head office: Pori, Finland

2. Data Subjects

Users of the Vaste.io service and their customers, whose data is processed through sales, appointment scheduling, and customer support interactions conducted via WhatsApp, website or email.

3. Purpose of Processing Personal Data

Personal data is processed for the following purposes:

  • To deliver and operate the Vaste.io service

  • Customer support and communication

  • Contract and billing management

  • Marketing (with consent)

  • Service improvement and analytics

4. Data Collected

The register may include the following types of data:

  • Name

  • Company details (name, business ID, address)

  • Contact information (phone number, email address)

  • Customer messages (e.g., WhatsApp conversations)

  • Technical information related to service use (IP address, browser, timestamps)

  • Contract and invoicing data

5. Data Sources

We collect data from:

  • The data subject directly (e.g., via registration or messages)

  • Logs generated by service usage

  • WhatsApp conversations between the end customer and Vaste.io

  • Chatbot conversations between the end customer and Vaste.io

6. Data Retention

Data is retained only as long as necessary for the purposes stated in this policy or to comply with legal obligations. Conversation history is deleted once no longer needed, or upon request.

7. Data Disclosure and Transfers

We do not disclose data to third parties without explicit consent unless required by law.

Data may be processed by trusted subcontractors acting on behalf of S&R Marketing Oy, all of whom are contractually obligated to comply with GDPR requirements.

8. Transfers Outside the EU/EEA

As a rule, personal data is not transferred outside the EU/EEA. If such a transfer occurs, it will be carried out in compliance with data protection legislation, using safeguards such as the European Commission’s standard contractual clauses.

9. Rights of the Data Subject

As a data subject, you have the following rights:

  • Right to access your personal data

  • Right to correct or delete your data

  • Right to restrict processing

  • Right to object to processing

  • Right to data portability

  • Right to withdraw consent

  • Right to lodge a complaint with a data protection authority (e.g., Finnish Data Protection Ombudsman)

10. Data Security

Personal data is handled confidentially and protected by appropriate technical and organizational measures. All data traffic is encrypted, and access is limited to authorized personnel only.

11. Contact

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact:

S&R Marketing Oy
Business ID: 3379740-7
Email: [email protected]
Phone: +358 44 364 6550
Location: Pori, Finland