Important: The text below is a broad template for disclosure and contractual structure. It is not a substitute for legal advice and may not describe every technical implementation or third-party service in detail. Pankkih Oy may update this page without individual notice; the current version is always at this URL.
1. Website operator and contact
For the purposes of these terms and for questions about personal data processing, the publisher and data controller is Pankkih Oy (Business ID FI28831711), Opastinsilta 8 B, 00520 Helsinki, Finland. The site presents Pankkih Oy's business, expertise and contact paths for professional visitors.
References to "Pankkih Oy", "we", "us" or "the company" mean the legal entity above. References to "you" or "user" mean anyone who visits the site, loads pages, follows links or otherwise interacts with the site.
2. Scope and relationship to other documents
These terms apply only to use of this website and the related technical and legal framework. They do not by themselves create a service contract, employment contract or consulting agreement unless expressly agreed in writing. If you have a separate agreement with Pankkih Oy (for example a services, project or confidentiality agreement), that agreement takes priority for the relationship it governs.
The site may reference external tools (for example a public routing check utility or stock imagery). External services are governed by their own terms and privacy policies even if linked from our pages. We encourage you to read them before use.
3. Licence to use the site and user obligations
Pankkih Oy grants you a non-exclusive, revocable, non-transferable right to use the site for lawful purposes related to you or the organisation you represent, in line with these terms. You must not use the site in a way that could harm, overload or impair the site or back-end systems, or infringe the rights of others or of Pankkih Oy.
Without express written permission, you must not: systematically scrape or bulk-download content for commercial purposes; probe for or exploit security vulnerabilities; attempt unauthorised access to systems; operate bots that violate a robots.txt policy where one exists; or copy, modify or redistribute content in a way that infringes intellectual property rights.
If we detect misuse, we may restrict access, remove content and cooperate with authorities as required by applicable law.
4. Intellectual property
Unless stated otherwise, text, visual design, logos, layout and other original material on the site belong to Pankkih Oy or its licensors. Third-party material remains with its owners. Finnish copyright law and other applicable IP rules apply.
You may save or print reasonable excerpts for personal or internal business use provided you do not remove copyright or trademark notices. Large-scale commercial reuse, translation for resale, or embedding in third-party products without permission is not allowed. For broader use, contact Pankkih Oy by email; permission may be granted case by case.
5. Accuracy of information and limitation of liability
Content is provided for general information and professional presentation. We aim to keep it up to date but do not warrant that it is complete, error-free or suitable for every situation. Technology, regulation and customer environments change; what is described on the site may not match a specific implementation without a separate assessment.
To the extent permitted by law, Pankkih Oy is not liable for indirect loss, lost profits, business interruption or data loss connected with use of the site or external services linked from it. Any direct liability is limited to the minimum required by mandatory law, if liability arises at all.
The site is provided "as is". We do not guarantee uninterrupted availability on every device or browser. Maintenance, DNS issues, outages of third-party providers or force majeure events may affect availability.
6. Personal data and the GDPR
This section describes how personal data may be processed where Pankkih Oy acts as controller in connection with this website. Processing is governed by Regulation (EU) 2016/679 (GDPR) and applicable Finnish national law, including the Data Protection Act and, where relevant, legislation on electronic communications privacy.
6.1 Controller and contacts
The controller is Pankkih Oy (Business ID FI28831711), Opastinsilta 8 B, 00520 Helsinki, Finland. For privacy requests, contact us using the details published on the site. If we appoint a data protection contact, we will update this page accordingly.
6.2 Purposes and legal bases
We may process personal data for: (a) providing the website and ensuring technical operation, legal basis legitimate interests (security, abuse prevention, service delivery); (b) responding to enquiries you send us, legal basis legitimate interests and/or steps prior to a contract; (c) compliance with legal obligations such as accounting or tax rules where they apply to communications; (d) aggregated or anonymised analytics to improve the site, legal basis legitimate interests until effective anonymisation.
We do not intend to use marketing cookies or profiling on this site without a clear, separate consent if such features are introduced. The site is largely static, which typically limits the volume of personal data.
6.3 Categories of data
Depending on how you use the site, we may process: technical server logs (IP address, timestamp, browser and OS, requested URL, HTTP method and status); identifiers from cookies or similar technologies if used; email address and message content if you contact us; your company name and role if you include them; and any other information you voluntarily include in messages or attachments.
We do not seek special categories of personal data (such as health, religion or political opinions) through the site. If you send such information unnecessarily, we will process it only to the extent needed to handle your request or as required by law, and we ask you to avoid sending sensitive data without a clear need.
6.4 Retention
Technical logs are usually kept only as long as needed for security monitoring, troubleshooting and legitimate interests, unless law requires longer retention. Retention periods may depend on hosting infrastructure. Enquiry messages are typically kept for the duration needed to manage the relationship or legal claims, often up to a few years unless a longer period is mandated.
When retention grounds end, data is securely deleted or anonymised, except where anonymised statistics are kept on a separate basis.
6.5 Disclosure and transfers
We may share data with processors who work for us (hosting, DNS, email or security services). They process data on our instructions and only to deliver the agreed service. We require contractual GDPR-compliant processing terms.
If data is transferred outside the EU/EEA, we apply appropriate safeguards such as Standard Contractual Clauses or other mechanisms recognised under the GDPR, unless an exception applies.
6.6 Your rights
Under the GDPR you may have the following rights, as applicable: access; rectification; erasure ("right to be forgotten") in certain cases; restriction of processing; objection to processing based on legitimate interests; data portability where processing is based on consent or contract and is automated; and the right to lodge a complaint with a supervisory authority.
In Finland the supervisory authority is the Office of the Data Protection Ombudsman (tietosuoja.fi). We recommend contacting Pankkih Oy first so we can resolve your request efficiently.
Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
6.7 Automated decisions and profiling
We do not intend this site to make decisions with legal or similarly significant effects about you based solely on automated processing without human involvement. If that ever changes, we will update this document and explain clearly.
7. Cookies and similar technologies
Websites may use cookies and similar techniques such as browser local storage. Cookies may be session-based or persistent. Purposes can include strictly necessary technical functions, remembering preferences, or analytics if enabled.
You can control cookies in your browser settings. Blocking some cookies may affect functionality. If we only use strictly necessary cookies, we may not show a separate cookie banner; if non-essential cookies or analytics are added, we will obtain consent where required and update this description.
8. Server logs and security
Web servers typically generate logs that may include IP address, requested resource, user-agent string and timestamp. We use such data for security, service quality and investigation of misuse.
We aim to implement appropriate organisational and technical measures such as access control, encryption where appropriate, patching and vendor diligence. No system is completely risk-free; please report suspected security issues to us.
9. External links and embeds
The site may link to third-party pages or embed content (images, maps, etc.). When you follow a link or load embedded content, the third party may collect data under its own policies. We do not control those services and are not responsible for their content or privacy practices.
10. Children
The site is aimed at business and professional audiences. We do not knowingly collect children's personal data. If you believe a child has provided personal data, please contact us so we can delete it appropriately.
11. Changes to these terms
We may update these terms and the privacy description when law, services or technology change. Material updates will be reflected on this page, including a "last updated" note where practicable. Continued use after an update constitutes acceptance of the new terms to the extent permitted by law.
12. Governing law and disputes
These terms are governed by Finnish law, excluding its conflict-of-law rules. Disputes should first be sought to be resolved amicably. If that fails, disputes shall be settled in the competent courts of Finland, unless mandatory consumer protection law grants you the right to bring proceedings in your place of residence.
13. Contact
For general questions, use the contact paths shown on the site. For privacy requests, include enough information to verify your identity (for example name and the email address the request concerns) so we can process the request securely.
If you have an agreement in force with Pankkih Oy (for example a services, maintenance or project contract), your technical support contacts, escalation paths and any customer portal or ticketing details are set out in the contract documents and appendices you received when the agreement was concluded. Please use those channels confidently as your primary route: they are intended for your environment and agreed service levels, and they reach the right team most directly. This public website and its general contact options do not replace the support routes defined in your contract.
14. Exercising your rights and response times
When you submit a request related to data subject rights (for example access), Pankkih Oy will first verify your identity in a reasonable manner. This protects security and third parties. Verification may use the email address the request concerns or another agreed method.
We aim to respond to lawful requests within the time limits set by the GDPR. Actual timing depends on scope (a simple confirmation versus collecting material across multiple systems), resources and whether we need clarifications from you. If a request is manifestly unfounded or excessive, we may charge a reasonable administrative fee or refuse to act as permitted by the GDPR.
If we refuse a request in whole or in part, we will explain the reasons as required by law. You may lodge a complaint with a supervisory authority regardless of whether we accept the request.
15. Processors, subprocessors and chaining
Hosting a website may involve several providers: DNS, TLS certificates, CDN or caching layers, server space, backups and monitoring. Each provider may process technical logs that can contain personal data in a narrow sense (for example an IP address). Pankkih Oy selects providers carefully and contractually, but cannot guarantee that third-party systems are error-free.
If a processor uses subprocessors, responsibilities and instructions are structured in line with GDPR requirements. You may request a summary of key processors where practicable without disproportionate burden.
16. Personal data breaches and communications
If a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data is likely to result in a risk to data subjects, Pankkih Oy will follow GDPR notification duties to the supervisory authority and, where required, to data subjects. Assessment depends on facts: categories and volume of data, whether identifiers are compromised, encryption, and remedial steps already taken.
This section describes a general process, not a contractual insurance regime. Practical communications and timelines depend on severity and regulatory guidance.
Last updated: 12 May 2026. Document: website terms of use and privacy information, Pankkih Oy.