Privacy Policy
1. Controller and Contact Information
The operator of this website and the entity responsible under data protection law (General Data Protection Regulation – GDPR) is:
[Your Full Name / Business Name]
[Your Address]
[Postal Code, City, Country]
For all inquiries regarding the processing of personal data, you may contact:
✉ postmaster@thomastust.com
2. General Information on Data Processing
We process personal data of users of this website only to the extent necessary to provide a functional website, our content, and services. The processing of personal data takes place exclusively on the basis of the General Data Protection Regulation (GDPR) and applicable EU and national data protection laws.
3. Hosting and Server Log Files
This website is hosted on servers of Hetzner Online GmbH, Helsinki, Finland (EU).
When accessing our website, the hosting provider automatically collects and stores information in server log files that your browser transmits to us. These may include:
- IP address
- Date and time of access
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
This data is not merged with other data sources. The temporary storage of the IP address is necessary to enable delivery of the website. The legal basis for processing is Art. 6(1)(f) GDPR (legitimate interest in providing a technically secure and optimized website).
4. Security and Wordfence
This website uses the Wordfence Security plugin, a service provided by Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA. Wordfence serves to protect this site against unauthorized access, brute force attacks, and viruses/malware.
Wordfence processes IP addresses of visitors in order to detect and prevent malicious traffic. Depending on circumstances, data may be transferred to servers in the United States. Defiant Inc. has implemented safeguards in line with GDPR requirements.
The legal basis for this processing is Art. 6(1)(f) GDPR, our legitimate interest in ensuring the security and integrity of this website.
5. Contact Form
When you contact us via the contact form, the following personal data may be collected:
- Name
- Email address
- Subject/message content
- (Optional) Phone number
This data is stored in the WordPress backend and forwarded to our email system, which is operated by HostGator (USA). Data is processed exclusively for the purpose of responding to your inquiry.
The legal basis is Art. 6(1)(b) GDPR (performance of pre-contractual measures) or Art. 6(1)(f) GDPR (our legitimate interest in effective communication).
Your information will be deleted once the inquiry has been conclusively answered, unless statutory retention obligations require otherwise.
6. Use of Google Services
a) Google Fonts
This site may use fonts provided by Google Fonts API, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For this purpose, your browser establishes a connection to Google servers. This may transmit IP addresses and other browser data to Google.
Legal basis: Art. 6(1)(a) GDPR (consent).
Note: To comply with GDPR rulings, fonts may alternatively be hosted locally.
b) Google Maps
This website integrates Google Maps for displaying interactive maps. When using Google Maps, information (including your IP address) is transmitted to Google servers and may also be stored there.
Legal basis: Art. 6(1)(a) GDPR (consent).
c) YouTube
Embedded YouTube videos are provided by Google Ireland Limited. If you consent to playback, YouTube may set cookies and collect data about your interaction with the video (e.g., IP address, playback history).
Legal basis: Art. 6(1)(a) GDPR (consent).
7. Cookies and Consent Management
We use cookies to ensure proper website functionality, to provide additional features, and to analyze usage. Cookies may also originate from third-party services (Google Maps, YouTube, Google Fonts).
A consent management tool will be used to allow you to choose which categories of cookies you agree to:
- Essential cookies (necessary for the operation of the website)
- Functional cookies (preferences, fonts, etc.)
- Statistics cookies (analytics, if implemented in the future)
- Marketing cookies (YouTube, Maps, etc.)
Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest in technically essential cookies).
8. Future Use of WooCommerce
In the future, we may implement an online shop via WooCommerce. This will involve the collection of additional data (billing and shipping details, payment information). This Privacy Policy will be updated accordingly at that time.
9. Data Retention
Personal data will be stored only as long as necessary to fulfill the purposes described, or as required by statutory retention obligations (e.g., tax or commercial law).
10. Your Rights as a Data Subject
Under the GDPR, you have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
The competent supervisory authority is:
Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), Ratapihantie 9, 00520 Helsinki, Finland.
11. Security of Processing
We implement technical and organizational measures to ensure data is processed securely and protected against loss, misuse, and unauthorized access.
12. Updates to this Privacy Policy
We reserve the right to update this Privacy Policy in line with technical developments, legal changes, or future enhancements of our website (e.g., online shop).