Privacy Policy

This Privacy Policy of Nordic Audio Solutions Oy has been prepared in accordance with the EU General Data Protection Regulation (GDPR, EU 2016/679). It applies to the processing of personal data in connection with the DSPeaker online store and its customer register.
Prepared on 17 October 2025.

1. Data Controller

Nordic Audio Solutions Oy
Business ID: 3567148-8
Töölönkatu 44–48 C 45, 00250 Helsinki, Finland
Email: info@dspeaker.fi

2. Contact Person Responsible for the Register

Teppo Hirvikunnas, Nordic Audio Solutions Oy
Email: info@dspeaker.fi
Phone: +358 (0)50 123 4567

3. Name of the Register

Customer and sales register of the DSPeaker online store and related customer relationships. The register contains information about customers, resellers, and potential customers needed for handling orders, support services, and marketing communications.

4. Legal Basis and Purpose of Processing

The legal bases for processing personal data under the EU GDPR are contract (for processing orders, deliveries, and customer service), legal obligation (for accounting and taxation requirements), consent (for newsletters and marketing communications), and legitimate interest (for maintaining customer relationships and developing services).

The purpose of processing is to manage and deliver orders, provide customer service, product support, warranty and maintenance actions, and, based on consent, marketing communications. Data is also used for ensuring the technical functionality and security of the website. Personal data is not used for automated decision-making or profiling.

5. Data Content of the Register

The register may include the following information: name, address, phone number, email address, delivery and billing information, order history, payment method, product registrations, service records, customer communication, feedback, IP address, and technical information such as cookies and browser details.

Data is stored for as long as necessary for its purpose. Order and billing data are retained for at least six years as required by the Finnish Accounting Act. Marketing data is retained until the customer withdraws consent. Service and warranty data are retained for up to 24 months after the end of the warranty period.

Website cookies are processed based on legitimate interest to ensure site functionality and security. Consent is requested separately for third-party analytics cookies.

6. Regular Sources of Data

Data is primarily obtained directly from the customer when placing an order through the online store, submitting return, warranty, or contact forms, or when contacting customer service by email or phone. Business contact information may also be supplemented from publicly available sources such as websites, directories, or trade fair participation lists.

7. Disclosures and Data Transfers

Personal data is disclosed only to service partners when necessary for providing the service. These partners include Paytrail Oyj for payment processing, Posti, Matkahuolto, Shipit, DHL, and UPS for logistics and delivery, as well as accounting and financial administration service providers.

Data is not transferred outside the EU or EEA without the customer’s explicit consent.

8. Data Protection Principles

Personal data is processed carefully and stored in secure systems. All online connections are SSL/TLS encrypted, and access to data is restricted to authorised personnel whose duties require it. Servers are protected with firewalls, user credentials, and passwords, and physical data storage is kept in locked facilities.

9. Right of Access and Rectification

Data subjects have the right to access their personal data and to request the correction of any inaccurate information. Requests must be submitted in writing by email to info@dspeaker.fi. The requester’s identity may be verified if necessary. The controller will respond within the timeframe defined by the GDPR, typically within 30 days.

10. Other Rights Related to Personal Data

Data subjects have the right to request the deletion of their personal data from the register (“right to be forgotten”). They also have other rights under the GDPR, such as restricting the processing of their data in certain circumstances. All requests must be submitted in writing to the data controller. The controller may verify the requester’s identity if necessary and will respond within the time limits set out in the GDPR, generally within one month.