Privacy Policy | Lightstone Productions

Privacy and Data Policy

This is the registry and data protection statement of Lightstone Productions Oy that is compliant with the EU’s General Data Protection Regulation (GDPR).

1. Data Controller

Lightstone Productions Ltd, (later referred to as Lightstone).

2. Contact Person Responsible for the Registry

Jimi Tuomaala, info@lightstonevfx.com, phone +3584578330097.

3. Registry Name

Marketing Registry. The registry contains information that has been entered through the form on Lightstone’s website.

4. Purpose of Processing Personal Data

The purpose of processing personal data is:

- communication with customers,

- management of customer relationships,

- contacting existing customers,

- informing existing customers about services and recruitment.

The data is not used for automated decision-making or profiling.

5. Content of the Registry

Following information is stored in the Registry:

- contact person’s name,

- company or organization name,

- phone number,

- email address and

- country of residence.

Additionally, if a customer relationship exists, the following information may be stored:

- address and

- business ID. The IP addresses of website visitors and cookies necessary for the service’s functions are processed based on legitimate interest, for instance, to ensure security and collect statistical data on site visitors, in cases where they can be considered personal data. Consent is requested separately for third-party cookies when necessary.

6. Regular Sources of Information

The information stored in the registry is obtained from the customer via messages sent through web forms, email, telephone, social media services, contracts, customer meetings, and other situations where the customer provides their information. Contact information for companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.

7. Transfer of data outside the EU or EEA

Lightstone collects customer information via a form on its website, which allows Lightstone to respond to customer requests. We share this data with the domain hosting service Wix to use the company’s services. In addition to form data, Wix processes browser, network, and device information of website visitors. Wix requires this information to maintain Lightstone’s website and to protect and improve its own services. More information about Wix’s data processing practices can be found at https://www.wix.com/about/privacy-dpa-users. Wix’s privacy statement is available at https://www.wix.com/about/privacy.

Lightstone also shares information with Google to use the services offered by the company.

Principles of Registry Protection The registry is processed with care, and the data managed via information systems is appropriately protected. When registry data is stored on Internet servers, both the physical and digital security of the hardware is properly maintained. The data controller ensures that stored information, server access rights, and other critical data for the security of personal data are handled confidentially and only by employees whose job description includes such tasks.
Right to Inspect and Demand Correction of Information Every individual in the registry has the right to inspect their stored data and demand the correction of any incorrect information or the completion of incomplete information. If an individual wishes to inspect their stored data or request a correction, the request must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the time frame stipulated by the EU’s data protection regulation (generally within one month).
Other Rights Related to the Processing of Personal Data The individual in the registry has the right to request the deletion of their personal data from the registry (“the right to be forgotten”). Similarly, the registered individuals have other rights in accordance with the EU’s General Data Protection Regulation, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to prove their identity if necessary. The data controller responds to the customer within the time frame stipulated by the EU’s data protection regulation (generally within one month).