PRIVACY POLICY
Intohimo Creates / www.pinjamitrovitch.com
Last updated: 21 February 2026
This Privacy Policy describes how Intohimo Creates processes personal data in accordance with the EU General Data Protection Regulation (GDPR, EU 2016/679) and the Finnish Data Protection Act (1050/2018).
________________________________________
1. Data Controller
Intohimo Creates
Business ID: 3292540-3
Address: Hiihtomäentie 30 A 4
Postal code and city: 00800 Espoo, Finland
Phone: +358 40 733 9380
Email: pinja@pinjamitrovitch.com
Contact person for data protection matters
Pinja Mitrovitch
Phone: +358 40 900 5481
Email: pinja@pinjamitrovitch.com
________________________________________
2. Purpose and legal basis for processing personal data
Personal data is processed for the following purposes:
• managing and developing customer relationships
• booking and delivering photography services
• processing online store orders and payments
• sending newsletters and other electronic marketing communications
• analyzing and developing website usage
The legal basis for processing personal data is:
• performance of a contract (e.g. photography booking or online purchase)
• consent (e.g. newsletters and cookies)
• legal obligation (accounting)
• legitimate interest (customer relationship management and service development)
________________________________________
3. Personal data processed
The register may contain the following personal data:
• name
• email address
• phone number
• billing and order details
• booking-related information (Pixieset)
• newsletter subscription details (Flodesk)
• IP address and website usage data (Google Analytics)
• cookie data
The company does not process personal identity numbers and does not store passwords in its own systems.
________________________________________
4. Regular sources of personal data
Personal data is collected from:
• the data subject themselves (contact forms, bookings, newsletter subscriptions, online store purchases)
• website usage through cookies and analytics tools
________________________________________
5. Data retention period
Personal data is retained as follows:
• customer and order data: up to 6 years in accordance with accounting legislation
• marketing data (newsletter): until the data subject withdraws their consent
• analytics data: in accordance with Google Analytics settings (maximum 26 months)
Data is deleted or anonymized once the retention period ends.
________________________________________
6. Disclosure of data and transfers outside the EU/EEA
Personal data is not sold or disclosed to third parties for direct marketing purposes.
Personal data is processed through the following service providers:
• Pixieset – bookings and client galleries
• Flodesk – newsletters and email marketing
• Holvi – online store and invoicing
• Paytrail Oyj – payment processing
• Google Analytics – website analytics
Some service providers may process data outside the EU/EEA (e.g. in the United States). In such cases, data transfers are carried out in accordance with GDPR using the European Commission’s Standard Contractual Clauses or other lawful safeguards.
________________________________________
7. Cookies
The website uses cookies to ensure functionality, improve user experience, and analyze website usage.
Analytics cookies (Google Analytics) are used only with the user’s consent.
Users can manage or withdraw their cookie consent via the cookie banner or browser settings.
________________________________________
8. Data security
Personal data is protected using appropriate technical and organizational measures:
• SSL-encrypted data transmission
• firewalls and secure servers
• access restricted to persons who need the data to perform their duties
________________________________________
9. Rights of the data subject
The data subject has the right to:
• access their personal data
• request correction or deletion of data
• restrict or object to processing
• withdraw consent at any time
• request data portability
• lodge a complaint with a supervisory authority
Requests regarding personal data should be submitted in writing to the contact person listed above.
Supervisory authority in Finland:
Office of the Data Protection Ombudsman – www.tietosuoja.fi