Privacy Policy
Last updated:
1. Data Controller
The data controller responsible for your personal data is:
Kneessybone
12 Eskdale Terrace, Cullercoats, Whitley Bay, North Shields NE30 4PX, United Kingdom
Email: contact@kneessybone.world
Phone: +44 7963 316663
2. Scope and Legal Framework
This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit kneessybone.world or use our consultation services. We process personal data in accordance with:
- Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR)
- The Finnish Data Protection Act (Tietosuojalaki 1050/2018)
- The UK GDPR and Data Protection Act 2018, where applicable to our operations
This policy applies to visitors and clients in Finland, the European Economic Area (EEA), the United Kingdom, and other jurisdictions where our services are offered.
3. Data We Collect
3.1 Information You Provide
- Name and email address submitted through our contact form
- Message content and any additional information you choose to share
- Consultation booking details, billing information, and communication preferences
3.2 Automatically Collected Data
- IP address, browser type, operating system, and device information
- Pages visited, time spent on pages, and referral sources
- Cookie and similar technology data as described in our Cookie Policy
4. Purposes and Legal Bases
We process your personal data for the following purposes under GDPR Article 6:
- Responding to enquiries — Legitimate interest in communicating with prospective clients (Art. 6(1)(f))
- Providing consultation services — Performance of a contract or steps prior to entering a contract (Art. 6(1)(b))
- Website analytics and marketing measurement — Your explicit consent where required (Art. 6(1)(a))
- Legal compliance and accounting — Compliance with a legal obligation (Art. 6(1)(c))
Where we rely on legitimate interest, we balance our interests against your rights and freedoms. You may object to processing based on legitimate interest at any time.
5. Data Retention
We retain personal data only for as long as necessary for the purposes described in this policy:
- Contact form submissions: up to 24 months from the date of last communication
- Consultation and contract records: up to 6 years to meet legal, tax, and accounting requirements under Finnish and UK law
- Analytics data: up to 26 months, or sooner if you withdraw consent
- Cookie consent preferences: stored locally on your device until you clear them
6. Data Sharing and Processors
We do not sell your personal data. We may share data with trusted service providers (processors) who assist with website hosting, email delivery, payment processing, and analytics. All processors are bound by written data processing agreements that meet GDPR requirements.
We may disclose data when required by law, court order, or to protect our legal rights.
7. International Transfers
Your data may be processed in the United Kingdom, Finland, the EEA, or other countries where our service providers operate. When personal data is transferred outside the EEA or UK, we ensure appropriate safeguards are in place, including:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities
- Other lawful transfer mechanisms under GDPR Chapter V
You may request a copy of applicable safeguards by contacting us.
8. Your Rights
Under the GDPR and Finnish Data Protection Act, you have the right to:
- Access the personal data we hold about you (right of access)
- Request correction of inaccurate or incomplete data (right to rectification)
- Request erasure of your data where applicable (right to erasure)
- Restrict processing of your data in certain circumstances (right to restriction)
- Receive your data in a structured, machine-readable format (right to data portability)
- Object to processing based on legitimate interest or for direct marketing (right to object)
- Withdraw consent at any time where processing is consent-based, without affecting the lawfulness of prior processing
- Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects (Art. 22 GDPR). We do not use such automated decision-making.
To exercise any of these rights, contact us at contact@kneessybone.world. We will respond within one month, as required by GDPR.
9. Supervisory Authorities
If you are located in Finland or the EEA, you have the right to lodge a complaint with a supervisory authority. In Finland, the competent authority is:
Office of the Data Protection Ombudsman (Tietosuojavaltuutettu)
Website: tietosuoja.fi
If you are located in the United Kingdom, you may contact the Information Commissioner's Office (ICO) at ico.org.uk.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (HTTPS), access controls, and regular security reviews. While we take reasonable precautions, no method of transmission over the internet is entirely secure.
11. Children's Privacy
Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated revision date. Where required by law, we will notify you of significant changes.