top of page

Hatfuls Privacy Policy

Effective as of 28 March 2023.

We at Hatfuls Oy. (later; “Company”, “We”, “Us”, “Hatfuls”) are committed to protecting your privacy. This Privacy Policy details our data collection, processing and usage practices. This Privacy Policy applies to the websites and services we control (, mobile applications as FamTracker and other websites under the domain). 

This Policy explains how we collect, process, and protect personal information as part of the Service. Discussion of your use of the Service in this Policy refers to both visits and other interactions with the websites and Services, whether or not you are registered user of our services. If you do not agree with or are uncomfortable with any aspect of this Policy or the Terms of Service, you should stop accessing or using our Services.

We periodically update this Privacy Policy. The latest version will be on this page. If the changes are significant we will also notify all users through email or the Service. If you have any questions about this Privacy Policy or our treatment of your personal data, please contact us at

Purpose of collection and processing

Personal data is used for orders, billing, recovery, contacts, transactions, customer enquiries, service development, reporting, marketing, and other customer relationship management measures. Purchasing, transaction and location information can also be used for profiling and targeting marketing activities and customer communications to make them more interesting to the registered. Personal information is also used when sending newsletters, or when people attend events and other marketing activities.

Data content and information categories

Data that can be used includes contact persons of the controller’s current or past customer organisations, persons with connections to the controller, service users or persons who approved the marketing.

The registry may contain data from the following information categories relevant to the purpose of the use of the registry:

  1. Basic information such as name and contact details (address, email address, telephone number) of the controller’s current, past or potential customer organisations as well as their contact persons’ name and contact details.

  2. Information relating to the customer relationship between the controller and the registered persons, such as information on orders or appointments, possible direct marketing permits and prohibitions, emails, and other communications between the parties, and related information.

  3. Data, including the first and last name, address, contact details, position, employer, username and password of a person registered in our services, or information obtained through the application and the various functions contained therein, such as location and information the user has provided in the application.

  4. Transaction information from the controller’s website on different websites, information on behaviour on websites and other related category information, contacts made with customer service, and information related to subscribing to the newsletter.


Legal basis for collection and processing

We are required under Data Protection Laws to notify you about our purposes and the legal basis for processing your personal information.

Purpose of processing:


To ensure network and information security

We process your information to:

  • Ensure the security of our services.

  • Monitor and verify service access.

  • To comply with applicable security laws and regulations.

Legal basis: Legal obligation


To enforce our Terms of Service

We have Terms of Service that define how our Services may be used. We may process your information to:

  • Investigate, prevent or mitigate prohibited or illicit activities.

  • Collect fees based on you or your company’s use of the Service.

Legal basis: Contract


To provide our Services

‍We process your information to provide our Services. For example for:

  • Transactional emails & onboarding.

  • User identification.

  • Tracking of user activity.

Legal basis: Contract


To provide customer service

We process your information to respond to your questions, issues, requests or other feedback regarding our Services.

Legal basis: Contract


For research and development

We may process your information to better understand you and how you use our Services, in order to improve the current Services or potentially develop new Services. We may also process your information in order to resolve bugs or issues in the Service.

Legal basis: Legitimate interest


For direct marketing

We may collect and process your information in order to contact you and offer services we believe could interest or benefit you.

Legal basis: Legitimate interest


For other marketing activities

We post and share customer testimonials on our Websites and social media accounts, which may contain Personal Information. We obtain each customer’s explicit consent before sharing any testimonial or name.

Legal basis: Consent


Regular sources of information

Information provided by the customer, customer data system and billing database, user and transaction information on websites, blogs and newsletters, partners and companies and authorities offering personal information services.

Regular disclosure of information

Collected information can be shared with Hatfuls Oy’s dealers or subcontractors. Hatfuls Oy can also outsource the processing of your personal data to companies outside the enterprise which may also be in countries outside the European Union and the European Economic Area, such as the United States of America. These companies can process personal data to provide, for example, infrastructure and IT services, or other services. In such cases, sufficient data security and the handling of the data are taken care of by an EU-U.S. – Privacy Shield arrangement, or by contract using templates approved by the EU Commission.


Principles of data protection

The information is technically protected. Physical access to data is blocked by access control, as well as other security measures. Access to information requires adequate rights and multi-stage identification. Unauthorised access is also prevented by firewalls and technical protection. The information can only be accessed by the controller and by specially designated technical persons. Only designated persons have the right to process and maintain the data. Users are bound by professional secrecy. The information is backed up safely and can be restored as needed. The level of secrecy is audited at recurring intervals either by external or internal auditing.

Your rights

You have rights to your Personal Information as described below. You can exercise these rights by contacting us at We may take steps to verify your identity before we consider or comply with your request. Your rights are however not without limit, and may be denied e.g. when required by law. This list is not exclusive.

  • You have the right to check what personal information we hold on you.

  • You have the right to amend any incorrect information.

  • You have the right to withdraw consent in the cases where our processing relies on your consent.

  • You have the right to request that we do not contact you for direct marketing.

  • You have the right to request that we remove all the data we have collected about you.


Hatfuls Oy
Haaransuonkuja 4
90240 Oulu

Contact person

Matias Tuomela, CEO

bottom of page