Privacy Policy


Like all people, the users of our service respect their privacy. We are committed to protecting your privacy in accordance with applicable laws and the principles described in this privacy policy. However, as we offer a cloud-based digital service, we need to collect and use some personal data relating to our users, such as name, contact details and other information described in this privacy policy. We collect, store and use your personal data in compliance with this privacy policy and applicable laws, so we ask you to read this privacy policy carefully.

We may do updates to this privacy policy from time to time associated with development of our business operations or changes in applicable laws. Up to date privacy policy is always available on our website, so we ask you to visit this page from time to time.


The controller with respect to personal data collected, stored and used in accordance with this privacy policy is AgiNotes Oy (hereinafter also “AgiNotes”, “us” or “we”):

AgiNotes Oy
Business ID: 2867568-3
40951 Muurame

For what purposes is personal data used and what is the legal basis for processing personal data?

We collect, store and process your personal data only for predefined purposes. We also always make sure that there is at least one legal basis for processing personal data. The main purposes and the applicable legal basis for processing personal data are:

Providing the Digital Service; Delivering Ordered Products. Personal data is collected and used for managing the customer relationship and providing our digital service. This may also concern user identification and processing of payments relating to the use of our service or purchase of goods from our webshop (if/when available). (Please note that is owned and run by Spreadshirt and they have their own privacy policy, which you can find in the webshop.) The main legal basis for this processing is a contract between AgiNotes and the user or customer.

Marketing. We collect and use personal data for marketing purposes, including marketing analytics, direct email marketing (based on consent) as well as targeting advertising in search engines and social media channels. A person can at any point prohibit direct marketing by sending email to We do not sell or rent personal data to third parties for marketing purposes, but we may use third party services providers in executing marketing activities.

Customer Communications, Feedback and Handling Complaints. We use personal data for communicating with existing customers, responding to requests, providing notifications to users relating our service, handling feedback as well as possible complaints about our service or products. The main legal basis for this processing is fulfilling contractual obligations, possibly also our legitimate interest.

Analytics; Developing our Service and Business. We are keen to develop our service and offering to ensure that we can provide great user experiences and customer value. That’s why we may use personal data also for business development purposes within our own business field. The legal basis for this processing is our legitimate interest.

Fulfilling Other Contractual and Legal Obligations. Personal data may also be collected and used for fulfilling other contractual or legal obligations, such as responding to requests made by authorities.

What personal data is collected and from which sources?

The personal data we collect, store and use are mainly provided by you when you become a user of our service, purchase products or register for our marketing newsletters. We may also collect personal data about our website visitors with Google Analytics to analyze our website use, develop it further and for targeting relevant marketing content for our customers, users and website visitors. Some personal data may also be created during the use of our service.

We mainly collect and store personal data relating to potential or existing users or customers of our service and products.

The main categories of personal data collected, stored and used by us contain the following:

  • Name
  • Email address
  • Country
  • Team name
  • Delivery address and details (for ordered products)
  • Consent or prohibition of direct marketing
  • Consent regarding privacy and visibility settings of the user account
  • Pictures and video links
  • Other content created by the user during the use of service

Who processes personal data and is it transferred to anyone else?

Personal data is mainly stored in electronic format and people within our organization have access to personal data.

However, we use service providers and subcontractors in different parts of our business, so these companies may have access to our personal data based on contracts we have with them. We use third party services especially in the following areas: website hosting and maintenance, website development, website analytics, email marketing, surveys and processing of payments. We understand that these companies may be considered as data processors under applicable privacy laws, so we make sure that the confidentiality of your personal data is secured with contracts and data processing terms and conditions.

We may also disclose personal data to fulfill our other contractual or legal obligations or when a legal authority requires a disclosure. We could also disclose personal data if we would be a party in a business sale, such as a merger or an acquisition.

We do not sell or rent personal data to third parties for marketing purposes.

Is my data transferred outside the EU?

By default, your data is not transferred outside the EU. However, considering that we store personal data basically only in electronic form, some of the service providers we use, such as website hosting, email marketing and cloud storage services providers, may be located outside the EU.

If personal data is transferred outside the EU, we make sure that the data transfer fulfills the requirements set by applicable laws. This means that (1) the transferee must be located in a country with adequate safeguards (as decided by the EU commission from time to time), (2) the transferee must be Privacy Shield certified (if a US-based company), (3) or the transfer must be made by using the model clauses published by the EU commission.

How long is my data stored?

We will not store your personal data for longer period than is necessary for its purpose or required by contract or law. If personal data is processed only based on consent, we delete the data when a person withdraws her consent. Personal data may also be deleted after a person requests deletion (and we have no other processing condition). The retention period of personal data may also be based on laws (e.g. bookkeeping, tax laws) or legal claim periods. We may also update personal data from time to time.

How is my data stored and kept secure?

Your data is stored on the servers provided by our service providers, which are secured according to general industry standards and practices. We choose established services providers who are also known for having high data security standards. We consider and keep your personal data confidential. Access to your personal data has been protected with user-specific logins, passwords and user rights. Our premises are also safe and secured.

Is it mandatory to provide personal data? What happens if I don’t give it to you?

As we provide a paid digital service and can also sell products through a webshop, a certain minimum processing of personal data is required, otherwise we cannot identify you as a user, process payments and deliver ordered products. So if you want to become a customer and make a contract with AgiNotes, certain personal data must be shared with us.

Does your website use cookies and what are those?

We use cookies on our website to provide the best possible user experience for our website visitors. Cookies are small text files that are placed on a web user’s computer and are designed to hold a modest amount of data particular to a user and a website. Cookies give us information how users use our website. We may use cookies to develop our website and services, analyze website use as well as target and optimize marketing efforts. If you do not wish to receive cookies, you may set your web browser to disable them. Please note that most browsers accept cookies automatically. If you disable cookies, you should understand that certain services at our website may not function correctly.

What rights do I have relating my personal data?

Access to data

As a user of our service, most of the customer or personal data can be directly accessed, updated and/or deleted by you by logging into our service. In addition to that, you have the right to have confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.

Withdraw your consent

If we process personal data based on your consent, you can at any time withdraw your consent by notifying us, for instance by sending email to

Right to have errors corrected

You have the right to request that we correct any inaccurate or outdated personal data we have about you.

Right to prohibit direct marketing

You have the right to request that your personal data is not processed for direct marketing purposes by sending us email to

Right to object processing

If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.

Right to restrict processing

In certain situations you have the right to require that we restrict processing of your personal data.

Right to data portability

If we process your personal data based on your consent or fulfilling of a contract, you have the right to require transfer of the data you have provided to us to another services provider in a commonly used electronic format.

How can you use your rights?

You can execute and use your rights by contacting us, for instance by sending email to or by contacting us by using the contact details below. In such case, we ask you to provide us your name, contact details, phone number as well as documentation for verifying your identity (e.g. signed request letter or copy of and ID, but without social security code or other details that are not necessary). If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervisory authority (tietosuojavaltuutettu).

Can this privacy policy be updated?

We may make updates to this privacy policy when our operations change or develop. Also changes in law may make it necessary to update this privacy policy. The changes become valid once we have published them in the form of an updated privacy policy. Therefore, please visit this page and read this privacy policy from time to time.

Who can I contact in privacy matters?

Contact details:

AgiNotes Oy
Business ID: 2867568-3
PL 30, 40951 MUURAME
Tel: +358 50 514 9399

The contact person at AgiNotes in privacy matters is Mari Oksanen.