Privacy Policy

This Privacy Policy explains how Viking Lab Oy (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit our website biofrost.fi. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and Finnish data protection law.

If you have any questions regarding this Privacy Policy, please contact us using the information provided below.

1. DATA CONTROLLER

Viking Lab Oy
Vanha Vaasantie 8 C
33470 Ylöjärvi, Finland
Phone: +358 44 0221422
Email: info@vikinglab.fi
Business ID: FI26181268

2. GDPR CONTACT PERSON

The GDPR contact person in our company is:

• Name: Heikki Lehmuslehti
• Position: Chief Executive Officer (CEO)
• Email: heikki@vikinglab.fi
• Phone: +358 44 0221422

3. PERSONAL DATA WE COLLECT

Our website is primarily informational and does not operate an active online store. We do not actively collect, track, or store personal data about our visitors.

3.1 Data Processed Through Essential Cookies

Our website uses only essential cookies that are strictly necessary for the website to function. These may process:

• Language Preference: To display the website in your chosen language
• Cookie Consent Status: To remember your cookie preferences

3.2 Data You Provide Directly

If you contact us via email or our contact form, we may collect your name, email address, and the content of your message.

3.3 Third-Party Services

Our website may load Google Fonts to display text properly. When Google Fonts is loaded, Google may receive your IP address. This occurs only with your consent.

4. LEGAL BASIS FOR PROCESSING

We process personal data based on the following legal grounds under Article 6 of the GDPR:

Processing Activity	Legal Basis	GDPR Article
Essential website cookies	Legitimate interest (website functionality)	Art. 6(1)(f)
Google Fonts (with consent)	Consent	Art. 6(1)(a)
Responding to inquiries	Legitimate interest (customer service)	Art. 6(1)(f)
Cookie consent management	Legal obligation	Art. 6(1)(c)

Where we rely on legitimate interest as the legal basis, we have conducted a balancing assessment to ensure our interests do not override your fundamental rights and freedoms. You may request details of this assessment by contacting us.

5. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies to manage your consent preferences and to ensure the website functions properly. Cookies are small text files stored on your device when you visit our website.

We use Real Cookie Banner to manage cookie consent. For details on how Real Cookie Banner processes data, visit: https://devowl.io/rcb/data-processing/

5.1 Essential Cookies (No Consent Required)

These cookies are strictly necessary for the website to function and cannot be disabled:

• WPML cookies: Store your language preference for the multi-language site
• WordPress session cookies: Enable basic site functionality
• Real Cookie Banner: Stores your cookie consent preferences

5.2 Non-Essential Cookies (Consent Required)

These cookies are only activated after you provide consent:

• Google Fonts: Loads custom fonts to display text properly on our website

We do not use analytics, tracking, or advertising cookies.

You can manage your cookie preferences at any time by clicking the “Change consent settings” link in the footer of our website or by visiting: https://biofrost.fi/#consent-change

6. HOW WE USE YOUR DATA

The minimal data processed through our website is used only for:

• Providing and maintaining our website functionality
• Displaying the website in your preferred language
• Responding to your inquiries if you contact us directly
• Complying with legal obligations

Note: We do not engage in analytics, email marketing, profiling, tracking, or automated decision-making.

7. WHO WE SHARE YOUR DATA WITH

We may share personal data with the following service providers:

Service Provider	Purpose	Location
OVH SAS	Website hosting	France (EU)
Google LLC (Fonts)	Font delivery (with consent)	USA (see Section 8)
devowl.io (Real Cookie Banner)	Cookie consent management	Germany (EU)

We do not sell, trade, or otherwise transfer your personal data to third parties for marketing purposes.

8. INTERNATIONAL DATA TRANSFERS

Our website is hosted by OVH SAS in France, within the European Economic Area (EEA).

When you consent to Google Fonts, your IP address may be transferred to Google LLC in the United States. Google is certified under the EU-US Data Privacy Framework, which provides an adequate level of protection for personal data transferred from the EU to the US.

For more information about OVH’s data protection practices, visit: https://www.ovhcloud.com/en-ie/personal-data-protection/

For more information about Google’s data protection practices and EU-US Data Privacy Framework certification, visit: https://policies.google.com/privacy

9. DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

Data Type	Retention Period
Cookie consent records	Until consent is withdrawn or 12 months
Contact form inquiries / emails	2 years from last communication
Server logs (OVH)	12 months (managed by OVH)

When your personal data is no longer required, we will securely delete or anonymise it in accordance with applicable data protection laws.

10. YOUR RIGHTS UNDER GDPR

Under the General Data Protection Regulation, you have the following rights:

• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data (“right to be forgotten”)
• Right to Restrict Processing: You can request limitation of processing under certain circumstances
• Right to Data Portability: You can request your data in a structured, machine-readable format
• Right to Object: You can object to processing based on legitimate interests
• Right to Withdraw Consent: You can withdraw consent at any time by adjusting your cookie preferences

To exercise any of these rights, please contact us using the details provided in Section 1. We will respond to your request within one month.

11. RIGHT TO LODGE A COMPLAINT

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority.

The supervisory authority in Finland is:

Office of the Data Protection Ombudsman
(Tietosuojavaltuutetun toimisto)
Street address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PL 800, 00531 Helsinki, Finland
Phone: +358 29 566 6700
Email: tietosuoja(at)om.fi
Website: https://tietosuoja.fi/en/home

12. DATA SECURITY

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:

• Encryption: Our website uses HTTPS/TLS encryption for secure data transmission
• Secure Hosting: Our website is hosted by OVH in France, which maintains strict physical and digital security measures
• Access Controls: Access to personal data is restricted to authorised personnel only
• Regular Updates: We keep our website software and security measures up to date

For more information about OVH’s security measures, visit: https://www.ovhcloud.com/en-ie/personal-data-protection/

13. CHILDREN’S PRIVACY

Our website is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

14. AUTOMATED DECISION-MAKING

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you.

15. DATA BREACH NOTIFICATION

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Finnish Data Protection Ombudsman within 72 hours of becoming aware of the breach
• Inform affected individuals without undue delay if the breach poses a high risk
• Document all breaches and the remedial actions taken

16. DO NOT TRACK SIGNALS

Our website does not currently respond to “Do Not Track” browser signals. However, since we do not use any tracking or analytics technologies, your browsing activity is not tracked regardless of this setting.

17. WOOCOMMERCE (PRODUCT DISPLAY)

Our website uses WooCommerce to display product information. Please note that our online store is currently inactive and does not process any orders or collect any purchase-related data. WooCommerce may set essential cookies required for basic functionality when browsing product pages, but no personal data is collected for order processing.

18. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make significant changes, we will notify you by posting the updated policy on our website with a new effective date.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

19. CONTACT US

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

Viking Lab Oy
Vanha Vaasantie 8 C
33470 Ylöjärvi, Finland
Phone: +358 44 0221422
Email: info@vikinglab.fi

20. NO ACTIVE DATA COLLECTION

Important clarification: Viking Lab Oy does not actively collect, store, or process personal data about website visitors. Specifically:

• We do not use Google Analytics or any other analytics tools
• We do not use tracking pixels, advertising cookies, or remarketing technologies
• We do not collect email addresses for marketing purposes
• We do not create user profiles or conduct profiling
• We do not sell or share data with third parties for marketing

What this means for data subject requests:

If you submit a data access request (Article 15 GDPR), please be aware that:

• If you have not contacted us directly (via email or contact form), we likely do not hold any personal data about you
• Essential cookies (such as language preference) are stored locally on your device and are not collected by us
• Server logs are managed by our hosting provider OVH and are automatically deleted after 12 months
• If you have contacted us, we will provide any correspondence and contact details we hold

We will always respond to your data subject request within one month, even if the response confirms that we do not hold any personal data about you.

This Privacy Policy was last updated on [27.01.2026]