Privacy policy


This privacy policy has been prepared in accordance with the EU General Data Protection Regulation (2016/679) and the national Data Protection Act (1050/2018).


Updated: 5 June 2026

1. Data Controller
Red & Blue Oy (hereinafter “redandblue”) Business ID: 2085087-0 Sörnäistenkatu 1, 00580 Helsinki

2. Contact Person for Register Matters
Reeta Laamo Email: reeta (at) redandblue.fi Phone: 044 362 7714

3. Name of the Register
Customer, marketing and stakeholder register.

4. Purpose and Legal Basis for Processing Personal Data

  • The purposes of processing personal data are:
  • Managing and maintaining the customer relationship.
  • Producing, developing and analysing services.
  • Newsletter marketing, direct marketing and communications.
  • Improving the user experience of the website.


Legal bases for processing:

Contract: Processing is necessary for the performance of a contract or for taking steps prior to entering into a contract.

Legitimate interest: Communication and marketing based on an existing or potential customer relationship.

Consent: Subscribing to the newsletter and the use of cookies (marketing/analytics).

5. Data Contained in the Register

The following data may be stored in the register:

  • Basic information: First and last name, company name and business ID.
  • Contact details: Email address, phone number, address details.
  • Customer information: Information on ordered services, contacts and invoicing.
  • Marketing information: Newsletter subscription status, areas of interest.
  • Technical information: IP address, browser information and analytics data related to the use of the website.



6. Regular Sources of Data
Data is collected primarily from the user themselves via website forms, newsletter subscriptions, contacts, or at the start of a customer relationship. In addition, data may be collected from public sources (e.g. company websites, LinkedIn) for B2B marketing purposes.

7. Disclosure and Transfer of Data
Data is not disclosed to third parties, with the exception of service providers acting on behalf of redandblue (e.g. newsletter systems, CRM, analytics tools). If a service provider is located outside the EU/EEA (e.g. SaaS services used in the United States), we ensure an adequate level of data protection by using Standard Contractual Clauses (SCC) approved by the European Commission or other lawful transfer mechanisms.

8. Rights of the Data Subject
The data subject has the following rights:

  • Right of access: The right to know what data has been stored about them.
  • Right to rectification: The right to demand the correction of inaccurate data.
  • Right to erasure (“right to be forgotten”): The right to request the deletion of data, unless the law requires its retention.
  • Right to object to or restrict processing: For example, the right to prohibit direct marketing.
  • Right to data portability (to transfer data from one system to another).
  • Right to lodge a complaint: If you believe that your data is being processed unlawfully, you may lodge a complaint with the Office of the Data Protection Ombudsman.
    Requests must be sent in writing to the contact person named in section 2.



9. Data Retention Period
We retain personal data only for as long as is necessary for the defined purposes or to comply with legislation (e.g. the Accounting Act). Newsletter data is retained until the person unsubscribes.

10. Protection of the Register
Personal data is handled confidentially. The electronic register is protected with user-specific credentials, passwords and technical safeguards (such as SSL encryption). Access to the data is limited to persons whose job duties require it.

11. Cookies
We use cookies on our website to improve the user experience, for analytics, and for marketing targeting.

  • Necessary cookies: Required for the basic functions of the website.
  • Analytics and performance cookies (e.g. Google Analytics, Hotjar): Help us understand how the website is used.
  • Marketing cookies (e.g. Leadfeeder): Used for targeting advertising.
    The user can manage their cookie settings via the website’s cookie banner or through their browser settings. For more information on cookies, see the guidance from the Finnish Transport and Communications Agency (Traficom).