Privacy Policy
This Privacy Policy has been updated on 13.4.2025.
Thank you for trusting Webwarden with your information. Protecting your personal data and ensuring your privacy is very important to us.
We process personal data in accordance with the EU General Data Protection Regulation, Finnish laws, regulations and instructions from the authorities, and good data processing practices. We exercise due diligence in all our activities and ensure that data protection and data security are implemented.
Data controller
Company name: Webwarden Oy
Business ID: 3360403-8
Email: contact@webwarden.com
Collection of personal data
We collect the following information through the Stripe form:
- User’s email address
- First Name, Last Name
This data is collected during the account creation and purchase process.
Purpose and legal basis for processing personal data
We process personal data for the following purposes:
- To create and manage your Webwarden account.
- To provide access to the Webwarden service.
- To process payments securely through Stripe.
- To send marketing emails and product update notifications.
Legal basis for processing personal data:
- Performance of a contract: The processing is necessary to provide the services you have purchased.
- Consent: By submitting your data, you consent to the use of your email for marketing communications. You may withdraw your consent at any time by contacting us at contact@webwarden.com.
Payment Processing with Stripe
We use Stripe as our payment processor. When you make a purchase, your payment information is handled securely by Stripe according to their own privacy practices. We do not store your payment details.
For more information see Stripe’s Privacy Policy.
Retention of personal data
We retain your personal data as long as necessary to:
- Maintain your active Webwarden account.
- Fulfill our legal obligations.
- Send you service-related and marketing communications, unless you opt out.
You may update or delete your personal information, such as your first name and last name, directly from the Webwarden user interface under “Settings.”
Recipients of personal data
Personal data is processed only by authorised employees or subcontractors of the company who are committed to complying with data protection requirements. Data will not be disclosed to third parties without the user’s consent.
User rights
The user has the following rights:
- Right of access: The right to know what information is stored about them.
- Right to rectification: The right to request that inaccurate data be corrected.
- Right to data erasure: The right to request the erasure of data unless it is necessary to keep it.
- Right to restriction of processing: The right to restrict the processing of data in certain circumstances.
- Right to object to processing: The right to object to the processing of personal data for direct marketing purposes.
- Right to data transfer: The right to receive your data in a structured, commonly used format.
All requests should be sent by e-mail to contact@webwarden.com.
The right to file in a complaint to your national data protection authority
If you think there is a problem with the way we are handling your personal data, you have a right to file in a complaint to your national data protection authority in the EU/EEA.
In Finland, that is The Office of the Data Protection Ombudsman. You can find contact details of The Office of the Data Protection Ombudsman here: https://tietosuoja.fi/en/contact-information.
Changes to this policy
We may change this Policy from time to time. If we make any changes to this Policy, we will let you know on our website.
Webwarden SaaS Data Protection Agreement (DPA)
| Term | Definition |
| Customer | The entity named in the service agreement that is a party to this agreement. |
| Customer Data | Data belonging to the Customer (or Users) and processed in the Software, such as data collected from a website entered into the Software for scanning. |
| Personal Data | Any information relating to an identified or identifiable natural person (Data Subject). |
| Processor | The entity that processes Personal Data on behalf of the Controller. |
| User | An individual named user of the Software. Users may be Customer’s employees or other individuals who have been granted a user account by the Provider or the Customer. |
| Usage Data | Data collected or generated from the use of the Software. |
| Software | The software applications and related services defined in the service description, including changes, new features, updates, and data storage. |
| Party | The Provider or the Customer. |
| Controller | The entity that determines the purposes and means of the processing of Personal Data. |
| Data Subject | A natural person whose Personal Data is processed by the Controller or Processor. |
| Data | Depending on the context, refers to the following: Customer Data and Usage Data, including Personal Data and data sets. |
| Data Processing | Any operation performed on Personal Data, whether by automated or other means, such as collection, recording, organization, structuring, storage, modification, alteration, deletion, or destruction. |
Personal Data Processing
This agreement applies to the processing of Personal Data by Webwarden Oy (hereinafter referred to as the Provider) as a Processor on behalf of and for the benefit of the Customer. The Provider is committed to ensuring that the Software complies with applicable data protection legislation.
Upon termination of the agreement, the processor will delete all personal data.
Transfers of Personal Data Outside the EU/EEA
Personal data may be transferred outside the EU/EEA if necessary for the provision of the service. Personal data may be transferred outside the European Union and the European Economic Area if the European Commission has issued a decision on the adequacy of data protection (known as an adequacy decision, Article 45 of the GDPR). The Commission’s decision is the primary basis for transfer. Transfers to the United States are made only to entities that have joined the EU–U.S. Data Privacy Framework, ensuring an adequate level of data protection.
Webwarden primarily processes personal data within the EU/EEA. However, our payment processor Stripe may transfer data outside the EU/EEA in accordance with applicable data protection laws and based on appropriate safeguards.
The groups of Data Subjects, types of Personal Data, and the nature and duration of the Processing:
The Provider or the Customer adds Personal Data to the Software (Customer’s Users).
If the Customer adds Personal Data to the Software, the Customer decides which Personal Data the Provider processes and who the Data Subjects are.
The groups of Data Subjects include:
- Customer’s Users
- Customer Data collected from the Customer’s website containing Personal Data
The Processing may involve the following types of Personal Data:
- First and last name
- Contact details (company name, email, phone number, company address)
The Processing may include collecting, organizing, storing, retrieving, using, analyzing, disclosing by transmission, anonymizing, and deleting Personal Data.
The nature of the Processing is to provide the Software in accordance with the Service Agreement.
The Provider processes Personal Data as a Processor on behalf of and for the benefit of the Customer during the validity of the Service Agreement unless otherwise agreed or the Customer instructs the Provider in writing to stop such Processing earlier.
The Provider only processes Personal Data according to the Customer’s written instructions. The Customer instructs the Provider to:
- Process Personal Data on behalf of and for the benefit of the Customer to provide the Software, add-on modules, and services as necessary.
- Process Personal Data securely and professionally.
- Act in accordance with the Service Agreement.
- Fulfill the obligations of the Service Agreement and applicable data protection legislation.
Subprocessors
We use the following subprocessors to process personal data:
- Hetzner Online GmbH (hosting services)
- Stripe, Inc. (payment processing)
Each subprocessor has entered into appropriate data protection agreements to ensure your data remains protected.
Contact Person
Data Protection Officer and contact person for data protection matters:
Tuomas Kumpula, tuomas.kumpula(a)webwarden.com, +358 400 535 498
Data Security
The Provider is committed to maintaining a high level of data security within the Software, taking particular account of Article 32 of the General Data Protection Regulation (GDPR). The Provider ensures appropriate data security through organizational, technical, and physical security measures designed to ensure the confidentiality, integrity, availability, and resilience of the Software and the Data processed within it.