Skip to Content

Privacy Policy

Privacy Policy – AI Innovation Factory Oy (Website)1. Controller2. Data Subjects3. Data We Process4. Purpose and Legal Basis of Processing5. Sources of Data6. Data Retention7. Rights of the Data Subject8. Data Security9. Personal Data Breaches10. Disclosure of Data11. Cookies12. Supervisory Authority13. Updates to This Policy14. Contact

Privacy Policy – AI Innovation Factory Oy (Website)

Version: 1.0

Last updated: 18 June 2026

1. Controller

AI Innovation Factory Oy

Business ID: 3569640-7

Email: fuwad.kalhori@aiinnovationfactory.com

Contact person: Fuwad Kalhori, CEO

2. Data Subjects

We process personal data of visitors to our website (aiinnovationfactory.com), registered users, customers who order products, newsletter subscribers, event participants, and job applicants who contact us through the website.

3. Data We Process

We only process personal data that is necessary for the purposes described in this policy and/or has been provided to us. The processed data includes:

Website visitors:

  • name and email address (voluntarily provided via contact forms)
  • language preference (selected on the website)
  • technical data necessary for basic functionality and security (IP address, browser type, operating system, date and time of visit)
  • cookie-related data (see Section 11 — Cookies)

Registered users and customers:

  • name, email address, and account credentials (when creating an account)
  • billing and delivery address, order details (when purchasing products)
  • language preference (selected in account settings)
  • communication history related to orders and account management
  • technical data necessary for basic functionality and security (IP address, browser type, operating system, date and time of visit)
  • cookie-related data (see Section 11 — Cookies)

Newsletter subscribers:

  • email address (voluntarily provided via sign-up form)
  • name, if voluntarily provided
  • cookie-related data (see Section 11 — Cookies)

Live chat users:

  • name and email address (voluntarily provided when starting a chat)
  • chat messages and conversation history
  • technical data necessary for basic functionality and security (IP address, browser type, operating system, date and time of visit)

Recruitment candidates:

  • name and contact details
  • application materials (CV, cover letter, portfolio)
  • information voluntarily provided during the recruitment process

4. Purpose and Legal Basis of Processing

Personal data is processed for purposes such as:

  • responding to enquiries and communications received via the website and live chat
  • creating and managing user accounts
  • processing and fulfilling product orders
  • sending newsletters and marketing communications (with separate consent)
  • managing recruitment and candidate evaluation
  • ensuring website security and integrity
  • complying with legal obligations

The legal basis for processing includes, where applicable:

  • steps taken prior to entering into a contract or performance of a contract (e.g., responding to enquiries, account creation, order processing, managing recruitment)
  • legitimate interest (e.g., ensuring website security and integrity)
  • compliance with legal obligations
  • consent, where applicable

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Where personal data is required for a contractual or statutory obligation, failure to provide such data may prevent us from offering the relevant service or fulfilling our legal duties.

5. Sources of Data

Data is obtained primarily from the data subject themselves (e.g., data provided via contact forms, account registration, product orders, newsletter sign-ups, or job applications). Technical data (e.g., IP address, log data) is generated in connection with the use of our website.

6. Data Retention

Personal data is processed only for as long as necessary for the purposes described in this policy. Once the purpose is fulfilled, the data is deleted or anonymised, unless continued retention is required by applicable law (e.g., accounting and tax regulations).

As a general rule:

  • Account-related data is retained for the duration of the user relationship and deleted upon account closure, subject to legal obligations.
  • Order-related data is retained for the duration required by accounting and tax regulations (typically 6 years).
  • Newsletter subscription data is retained until you unsubscribe. You can unsubscribe at any time via the link in each newsletter.
  • Recruitment data is retained for the duration of the recruitment process and for a reasonable period thereafter, unless a longer retention is required by law.
  • Enquiry-related data is retained for as long as necessary to process the enquiry.
  • Technical log data is retained for a limited period for troubleshooting and security monitoring purposes.

7. Rights of the Data Subject

Under the GDPR, you have the following rights:

  • Right of access: to obtain confirmation whether we process your personal data and to receive a copy of that data
  • Right to rectification: to request correction of inaccurate or incomplete personal data
  • Right to erasure ("right to be forgotten"): to request deletion of your personal data when it is no longer needed or processed unlawfully
  • Right to restriction of processing: to request restriction of processing in certain circumstances
  • Right to object: to object to processing based on legitimate interest or for direct marketing
  • Right to data portability: to receive your personal data in a structured, machine-readable format and transmit it to another controller, where technically feasible
  • Right to withdraw consent: to withdraw your consent at any time where processing is based on consent
  • Right to lodge a complaint: to lodge a complaint with the competent supervisory authority (see Section 12)

To exercise your rights, contact: fuwad.kalhori@aiinnovationfactory.com. We will respond without undue delay and within one month at the latest. We may request additional information to verify your identity before processing your request. Requests that are manifestly unfounded or excessive may be refused.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including access controls, internal governance procedures, and monitoring mechanisms.

9. Personal Data Breaches

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the competent supervisory authority (the Office of the Data Protection Ombudsman) without undue delay, and where feasible, within 72 hours of becoming aware of the breach.

If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify affected data subjects without undue delay.

10. Disclosure of Data

We do not sell personal data. Personal data is not disclosed to third parties for marketing purposes without separate consent.

Data may be transferred to external service providers strictly necessary for operational purposes (e.g., hosting). Such providers act as processors on our behalf and may not use the data for any other purpose. Appropriate data protection safeguards (data processing agreements and Standard Contractual Clauses where applicable) are applied.

When embedded Vimeo videos are loaded, your browser connects to Vimeo's servers. Vimeo, Inc. acts as an independent data controller for any data collected through this connection.

11. Cookies

Our website uses only essential and functional cookies. No analytics, tracking, or marketing cookies are used.

Cookie / technologyPurposeProviderType
Odoo session cookiesEnable basic site functionalitySelf-hosted (our own server)Essential
Vimeo embed cookiesLoad and play background video animationsVimeo, Inc. (independent data controller)Functional

You can block or delete cookies through your browser settings. Disabling essential cookies may affect website functionality.

When you view embedded Vimeo videos, Vimeo may collect information (such as your IP address) as an independent data controller. Please refer to Vimeo's privacy policy for details on their data processing.

12. Supervisory Authority

If you consider that our processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)

Postal address: P.O. Box 800, 00531 Helsinki

Street address: Lintulahdenkuja 4, 00530 Helsinki

Switchboard: +358 29 566 6700

Registry email: tietosuoja@om.fi

Website: tietosuoja.fi

13. Updates to This Policy

This privacy policy may be updated to reflect changes in legal requirements, technology, or our activities. Material changes will be notified by email and, where reasonably possible, via a notice on our website. The most recent version is always available on our website.

Revision history:

Version 1.0 — 18 June 2026

14. Contact

For any questions, concerns, or requests related to this privacy policy or the processing of your personal data, please contact:

Fuwad Kalhori

CEO / Person responsible for registry matters

fuwad.kalhori@aiinnovationfactory.com

Beatrice Schutte (secondary contact)

beatrice.schutte@aiinnovationfactory.com