Privacy policy and use of personal data
UseLess Company

Updated 8.4.2026

Data controller

UseLess Company Oy (business ID: 2895321-7), later UseLess Company

Lapinlahdenkatu 16

00180 Helsinki

Data protection and registry contact person

Maija Leino

UseLess Company Oy

+358 44 216 1611

maija.leino(at)useless.fi

Purpose of processing personal data

Personal data is processed to maintain and deliver UseLess Company’s services, as well as for related customer service and communication, and for analyzing and improving the services. UseLess Company also processes personal data for planning its own business operations, managing relationships with customers and partners, as well as for marketing purposes, personalization of services, targeted marketing, ensuring usability and functionality, and preventing and investigating misuse. Personal data may also be collected and processed in connection with registrations for webinars and events organized by UseLess Company. In such cases, the data is used for managing the event, related communication, and providing post-event materials.

Legal basis for processing personal data

We process personal data based on the following legal grounds under the GDPR:

  • Contract or pre-contractual measures (GDPR Article 6(1)(b)), when personal data is processed in connection with service use or event registrations, managing customer relationships, or related communication.
  • Consent (GDPR Article 6(1)(a)), when personal data is processed for marketing communications (e.g. newsletters), post-event communication, or telephone contact.
  • Legitimate interest of the controller (GDPR Article 6(1)(f)), when personal data is processed for service development, analytics, prevention of misuse, and customer communication with business clients.

Disclosure of data

UseLess Company may disclose personal data within the limits permitted or required by applicable legislation. Personal data may also be shared with selected partners of UseLess Company for the purpose of delivering services.

Personal data may be disclosed for direct marketing purposes if the data subject has given explicit consent. Recipients of such data are not permitted to disclose it further.

Data may also be disclosed in connection with a potential merger, acquisition, outsourcing arrangement, or business transaction, as well as within a corporate group or other economic association, to the relevant parties involved. We may also disclose user data to third parties if the user has given consent, for example by connecting the service to third-party platforms such as social media services.

For the purpose of providing the service, personal data may be processed outside the EU or EEA.

UseLess Company ensures an adequate level of data protection for any personal data processed outside the EU or EEA prior to such processing.

Data retention

UseLess Company retains collected personal data only for as long as necessary to provide and develop its services to data subjects.

Personal data is stored until the data subject requests deletion or otherwise informs UseLess Company that they have ceased using the service. UseLess Company may consider the user to have stopped using the service and may delete the personal data from the register and/or transfer limited data to its marketing register if the user has not used the service or otherwise interacted with UseLess Company within the last 18 months.

Data is stored electronically on the servers of our service providers, which are protected in accordance with industry-standard practices. The servers are located in the region specified by the service provider and are subject to continuous monitoring. We are promptly informed of any potential data breaches and will notify affected parties without delay upon becoming aware of such incidents.

Data security of the register

Only specifically designated employees of UseLess Company and companies acting on its behalf have the right to maintain the register. All individuals handling the IT-based register have a personal access right granted by the controller. Each user is assigned a personal access level limited to the information necessary for their role, and access is verified upon login using a personal username and password.

Manually processed documents containing personal data (if any need to be stored) are kept in locked storage facilities. Only designated employees of UseLess Company have the right to process manually stored personal data.

All individuals processing data in the register are bound by confidentiality regarding all personal data contained therein.

CRM system data content and data sources

This website uses the HubSpot marketing automation system. HubSpot uses cookies to collect information about how users interact with our website. We use the data collected through these cookies, as well as through contact forms, to compile reports, improve the website, and support our marketing activities.

You can read HubSpot’s privacy policy here.

Cookies

The controller uses cookies to provide and improve its services. A cookie is a small text file sent to and stored on the user’s computer or other device. Cookies are used to facilitate the use of websites and to enhance the user experience. They also enable the analysis of website usage and support marketing activities. Cookies do not harm users’ devices or files.

If a user does not wish cookies to be stored, the user can configure their browser or device to refuse cookies and delete previously stored cookies by clearing browsing data. Instructions for managing cookie preferences can be found here. Please note that refusing cookies may affect the proper functioning of the service.

Analytics services such as Google Analytics and HubSpot also use cookies to generate insights and manage users. Third-party services are subject to their own privacy policies and terms of use, and UseLess Company is not responsible for the data collection or processing carried out by these parties, including cookies and other tracking technologies or linked services. We recommend reviewing the terms and privacy policies of these third-party services.

Rights of the data subject

In accordance with the GDPR, the data subject has the right to:

– access their personal data
– request the rectification of inaccurate data
– request the erasure of personal data
– restrict the processing of personal data
– object to the processing of personal data for direct marketing purposes
– withdraw consent at any time
– lodge a complaint with the supervisory authority (Office of the Data Protection Ombudsman)

The data subject may exercise their rights by contacting the Data Protection Officer.

Supervisory authority

Office of the Data Protection Ombudsman

www.tietosuoja.fi

Changes to this privacy policy

UseLess Company may update this privacy policy from time to time. We therefore encourage you to review this policy regularly to stay informed of any changes.