Privacy policy

Last updated: June 06, 2024

vector

1. DATA CONTROLLER

RasmiCare Tmi
Business ID: 3578101-1
Helsinki, Finland
Email: carerasmi@gmail.com
Phone: +358 44 927 2929

We will appoint a Data Protection Officer (DPO) when required under GDPR Article 37.

2. SCOPE OF APPLICATION

Thispolicyappliesto all personaldataprocessed in connection with:

  • Residential & commercial cleaning
  • Facility maintenance and building access
  • Employees, subcontractors & job applicants
  • Suppliers, operational partners & internal systems
  • Website visitors, analytics, and digital communication
  • Booking, scheduling, customer service & incident reports
3. PRINCIPLES OF DATA PROCESSING

Wefollow globally recognizedprinciples:

  • Lawfulness,fairness & transparency
  • Purpose limitation
  • Dataminimisation
  • Accuracy & storage limitation
  • Confidentiality & integrity
  • Demonstrableaccountability
4. PERSONAL DATA WE PROCESS
4.1 Customer & Client Data

Names, contact details,access codes, key details, billing info, preferences, voluntary photos,communication records.

4.2 Commercial Clients

Company name, BusinessID, responsible persons, contract terms, invoicing data, building rules.

4.3 Employees & Subcontractors

Contact info, criminal record extract (when legally required), tax data, bank details, training, incident

4.4 LogsWebsite & Technical Data

IP address, browser/device info, cookie consent logs, analytics (consent-based), and security sessiondata.

5. LEGAL BASES FOR PROCESSING

We process personal data under:

  1. Contractual necessity
  2. Legal obligations
  3. Legitimate interest
  4. Consent (analytics/optional communication).
6. PURPOSES OF PROCESSING

We process data to:

  • Deliver and optimize cleaning services
  • Ensure safe building access
  • Plan schedules & workforce allocation
  • Communicate with customers
  • Invoice & maintain financial records
  • Manage incidents, insurance & complaints
  • Comply with Finnish and EU regulations
7. BUILDING ACCESS & KEY MANAGEMENT

Rasmi Care follows Nordic-grade access protocols:

  • Secure, logged key management
  • Immediate deletion of access codes after service
  • Strict no-duplication policy
  • Mandatory locking of premises after service
  • Reporting of unusual conditions

CCTV clarification: Any camera systems belong to property owners.

8. SUBCONTRACTOR COMPLIANCE

All subcontractors undergo identity checks, legal compliance checks, confidentiality agreements, andperformance evaluation.

Rasmi Care remains fully responsible as the Data Controller for subcontractor complianceunder GDPR

9. DATA STORAGE, SECURITY & EU/EEA RESIDENCY

We store all personal data in secure EU/EEA data centers unless otherwise stated.

Security controls include:

  • Encryption
  • Role-based access
  • Device protections
  • MFA
  • Secure disposal
  • Monitoring & backups

We do NOT use profiling or automated decision-making.

10. DATA SHARING & THIRD-PARTY PROCESSORS

Weshare limiteddata with:

  • Webflow
  • Google Workspace
  • Accounting & payroll providers
  • Banks & payment processors
  • Insurance companies
  • EU cloud hosting
  • Subcontractors (minimal data)

Updated processor list available upon request.

11. INTERNATIONAL TRANSFERS

Weavoid transfersoutsideEU/EEA.Ifunavoidable, we use:

  • Standard Contractual Clauses
  • Encryption
  • Controlled access
  • Documented safeguards
12. RETENTION PERIODS
  • Customerdata: 3 years
  • Communication: 12–24 months
  • Access codes: deleted immediately
  • Billing records: 6 years
  • Incident reports: 3 years
  • Subcontractor records: 5 years post-contract
13. DATA BREACH RESPONSE

Our protocolincludesinvestigation,containment, authority notification, customer notification (if highrisk), and implementation of corrective actions.

14. GDPR RIGHTS

Individuals mayrequest:

  • Access
  • Correction
  • Erasure
  • Restriction
  • Objection
  • Portability
  • Withdrawal of consent

Complaints:Updated processor list available upon request.OfficeoftheData Protection Ombudsman (Tietosuojavaltuutettu)

15. COOKIES & CONSENT TRACKING

We use essential cookies and optional analytics cookies. logs are stored for GDPR Consentcompliance.

Examples:

  • wf_cookie_consent – 6 months
  • wf_session – session
  • analytics_storage – 6 months
16. CHILDREN & VULNERABLE PERSONS

We donot knowingly process the data of children under 16. Data about vulnerable persons is onlyprocessed when necessary for safety

17. TRUST, ETHICS & CUSTOMER ASSURANCE

We do not sell, trade,orm is use personal data.Transparency,integrity, and confidentiality define our service culture

18. CONTACT

RasmiCare Tmi
Business ID: 3578101-1
Helsinki, Finland
Email: carerasmi@gmail.com
Phone: +358 44 927 2929