Last updated: 16.4.2026
1. Data Controller
Anfra Oy Business ID: 2679234-1 Linnunrata 14 90440 Kempele
2. Contact Person for Data Protection
For questions regarding data protection, you may contact:
Marika Vänttilä
Email: tietosuojavastaava@anfra.fi
3. Scope of This Policy
This privacy policy applies to Anfra Oy's website, anfra.fi and the processing of personal data related to the website's use.
Specifically, this policy covers:
- Data collected via website forms
- Technical data generated through website use
- Cookies and analytics
- Data security, prevention of misuse, and log data processing
- Third-party services and embeds used on the website
4. Data We Process
DATA COLLECTED VIA FORMS
The website uses Pipedrive web forms. The following information may be collected through these forms:
Contact Form
- Name
- Business ID
- Phone number (optional)
- Message
Feedback form
- Message
Form data is directed directly to Pipedrive and is not stored in WordPress.
DATA GENERATED DURING WEBSITE USE
The following data may also be processed in connection with website use:
- IP address
- Browser and device information
- Log and event data
- Data related to cookies and consent choices
- Identifiers necessary for website functionality, security, and analytics
5. Purposes of Processing
Personal data is processed for the following purposes:
- Responding to inquiries
- Processing feedback
- Creating and managing B2B sales leads
- Preparing sales processes and customer relationships
- Business communication
- B2B marketing
- Analyzing and developing website usage
- Ensuring the technical functionality and security of the website
- Preventing misuse, security breaches, and harmful traffic
- Managing and documenting cookie preferences
6. Legal Basis for Processing
LEGITIMATE INTEREST
The processing of personal data is based on Anfra Oy's legitimate interest insofar as the processing relates to:
- Receiving and processing B2B inquiries
- Management of sales leads
- Preparation and maintenance of customer relationships
- Business communication and B2B marketing
- Ensuring website security
- Prevention of misuse
- Technical logging and service maintenance
Anfra Oy's legitimate interest is based on the need to process B2B contacts, manage sales leads, maintain business communication, and ensure the website's operation and security.
CONSENT
Processing is based on consent regarding:
- The use of non-essential cookies
- The use of analytical cookies
- Loading third-party content, such as YouTube embeds, when their use requires consent
Consent can be withdrawn or cookie settings changed at any time via the website's cookie settings.
7. Sources of Information
Personal data is primarily obtained from:
- The data subject themselves via web forms
- Technical data generated during website use
- Cookie and consent management tools
8. Is Providing Data Mandatory?
Providing personal data via web forms is generally voluntary. If the data subject does not provide the information necessary to handle the inquiry, Anfra Oy may not be able to respond to the inquiry or process the matter appropriately.
9. Recipients and Processors of Personal Data
Personal data may be processed to the extent necessary to implement the website, forms, analytics, security, and technical maintenance.
The following service providers, among others, may process personal data on behalf of Anfra Oy:
- Louhi Net Oy (hosting and server environment) (hosting and server environment)
- Pipedrive Pipedrive (web forms and lead management)
- Google services, such as Analytics, Tag Manager, Search Console, and PageSpeed Insights
- Hubexo Finland Oy / Rakennusfakta Analytics Pro
- YouTube, if the user accepts cookies or external content associated with it
Personal data is disclosed or provided for processing to these parties only to the extent necessary to implement, maintain, protect, or develop the service.
10. Data Transfers Outside the EU or EEA
Some of the service providers used may process personal data outside the European Union or the European Economic Area or utilize international sub-processors.
If personal data is transferred outside the EU or EEA, the transfers are carried out in accordance with applicable data protection laws and using appropriate safeguards. The data subject may request further information about the safeguards used by contacting tietosuojavastaava@anfra.fi.
11. Retention Periods
Personal data is stored only as long as necessary to fulfill the processing purposes described in this policy.
- Form and lead data: Inquiries and leads received via Pipedrive remain in the CRM system indefinitely until deleted.
- Log and security data: Log data collected for technical and security purposes is stored only for as long as necessary. The retention period for logs from the Redirection plugin used on this website is currently generally one week.
- Cookies and consent data: Retention periods vary depending on the type and purpose of the cookie.
12. Cookies and Analytics
The website uses cookies and similar technologies to implement website functionality, consent management, analytics, and external content.
ESSENTIAL COOKIES
Some cookies are necessary for the technical operation and security of the website, as well as for storing the user's cookie preferences.
CONSENT MANAGEMENT COOKIES
The website uses cookies intended to store and manage the user's consent or refusal regarding the use of cookies.
IDENTIFIERS DETECTED BEFORE COOKIE SELECTION
The following identifiers have been detected on the website's front page before the user's cookie selection:
- _pk_id.6.a306
- _pk_ses.6.a306
- gtm_pageview_count
- ma_popup_visitor
The exact technical classification of these identifiers may depend on the website's implementation and active functionalities.
ANALYTICS COOKIES USED AFTER CONSENT
Once the user accepts the use of cookies, additional analytical cookies may be used, such as:
- _ga_J9NZBYLVTB
- _gat_gtag_UA_75859458_1
- _ga
- _gid
According to the website's understanding, non-essential cookies related to analytics and media content, such as those related to Google Analytics and YouTube, are subject to consent.
EMBEDDED CONTENT
The website may contain YouTube videos. Displaying such content may lead to a third party setting cookies or processing data if the user gives their consent.
13. Data Security
Anfra Oy protects personal data with appropriate technical and organizational measures. Such measures may include:
- Restricting access rights
- Access control
- Server and network security measures
- Monitoring log data
- Login protection and prevention of misuse
- Use of encrypted connections
The website also utilizes plugins and technical solutions supporting security and logging to detect and prevent harmful or unauthorized use.
14. Automated Decision-Making
Anfra Oy does not engage in automated decision-making based on personal data, nor does it perform profiling that would have legal effects or other similarly significant effects on the data subject.
15. Rights of the Data Subject
In accordance with applicable data protection legislation, the data subject has the right to:
- Obtain confirmation as to whether personal data concerning them is being processed
- Access personal data concerning them
- Request the rectification of inaccurate or incomplete data
- Request the erasure of data within the limits allowed by law
- Request the restriction of processing
- Object to the processing of personal data when processing is based on legitimate interest
- Data portability (transfer data from one system to another) where applicable
- Withdraw consent insofar as the processing is based on consent
- Lodge a complaint with a supervisory authority
Requests concerning data protection can be sent to tietosuojavastaava@anfra.fi.
16. Changes to the Privacy Policy
Anfra Oy reserves the right to update this privacy policy based on, for example, service development, changes in legislation, or functional changes to the website. The up-to-date privacy policy will be published on this page.