This website publishes general lifestyle information for educational purposes only. It is not medical, health, or professional advice. Individual experiences may vary.
Imaginetopbrain logo

Privacy Policy

Last updated: 5 June 2026

This Privacy Policy explains how Imaginetopbrain.ddd ("we", "us", "our") collects, uses, stores, and protects personal data when you visit our website. We are an independent lifestyle and travel information publisher based in Turku, Finland — not a healthcare provider or medical service. We comply with Regulation (EU) 2016/679 (the General Data Protection Regulation, GDPR), the Finnish Data Protection Act (Tietosuojalaki 1050/2018), and other applicable Finnish and EU legislation.

This notice fulfils our information obligation under GDPR Articles 13 and 14 and the supplementary requirements set out in Chapter 2 of the Finnish Data Protection Act.

Data Controller

Imaginetopbrain.ddd
Kerttulinkatu 1a, 20500 Turku, Finland
Email: clients@imaginetopbrain.world
Phone: +358 40 159 5690

We have not appointed a Data Protection Officer (DPO), as we do not carry out large-scale systematic monitoring or processing of special categories of data. For all data protection matters, please contact us using the details above.

Register and Data Sources

Personal data is maintained in the following register:

  • Website contact and visitor register — data obtained directly from you via the contact form, from your cookie consent choices, and automatically through technical logs when you consent to analytics cookies.

We do not collect personal data from third-party sources or public registers for this website.

Personal Data We Collect

  • Identity and contact data: name and email address (contact form).
  • Communication data: message content and timestamp of your inquiry.
  • Consent records: confirmation that you agreed to personal data processing under GDPR when submitting the contact form.
  • Technical and usage data: IP address, browser type, operating system, device type, pages visited, session duration, and referral source — only when you consent to analytics cookies.
  • Cookie preference data: your choices regarding analytics and marketing cookies, stored in your browser local storage.

We do not intentionally collect special categories of personal data (such as health data) through this website. Please do not include sensitive information in contact form messages unless necessary.

Purposes and Legal Bases for Processing

Under GDPR Article 6, we process personal data only where a valid legal basis applies:

  • Responding to contact inquiries — to handle your message and follow up on your request. Legal basis: your consent (Article 6(1)(a)), given via the GDPR checkbox on the contact form.
  • Website functionality and security — to operate the site, remember cookie preferences, and protect against abuse. Legal basis: legitimate interest (Article 6(1)(f)) in maintaining a secure and functional website.
  • Analytics — to understand how visitors use our content and improve the website. Legal basis: your consent (Article 6(1)(a)), obtained through the cookie banner before analytics cookies are activated.
  • Marketing — to measure campaign effectiveness and deliver relevant content. Legal basis: your consent (Article 6(1)(a)), obtained through the cookie banner before marketing cookies are activated.

Where processing is based on legitimate interest, you have the right to object under GDPR Article 21. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Is Providing Data Mandatory?

Providing personal data through the contact form is voluntary. If you choose not to submit the form, we cannot respond to your inquiry by email. You are not required to accept analytics or marketing cookies to use this website — only strictly necessary cookies are placed without consent.

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you, as defined in GDPR Article 22.

Data Retention Periods

We retain personal data only for as long as necessary for the purposes stated above:

  • Contact form submissions: up to 12 months from the date of your last message, unless a longer period is needed to resolve an ongoing inquiry or required by Finnish law.
  • Analytics data: up to 26 months in aggregated or pseudonymised form, after which data is deleted or anonymised.
  • Cookie consent records: stored in your browser until cleared; we recommend retaining server-side consent logs for up to 5 years where applicable, in line with Finnish Transport and Communications Agency (Traficom) guidance.
  • Server and security logs: up to 90 days for technical troubleshooting and abuse prevention.

After the retention period expires, data is securely deleted or irreversibly anonymised.

Recipients and Data Processors

We do not sell or rent personal data. Data may be shared only with:

  • Hosting and IT service providers — who store website data on our behalf under written data processing agreements (GDPR Article 28).
  • Analytics service providers — only when you have consented to analytics cookies, under GDPR-compliant processor agreements.
  • Public authorities — where disclosure is required by Finnish or EU law (e.g. court order or request from an authorised authority).

All processors are required to process data only according to our instructions and to implement appropriate security measures.

International Data Transfers

We primarily process data within the EU/EEA. If personal data is transferred to countries outside the EU/EEA (for example, through analytics tools with US-based servers), we ensure appropriate safeguards under GDPR Chapter V, including:

  • European Commission adequacy decisions, where applicable;
  • EU Standard Contractual Clauses (SCCs) approved under Commission Decision 2021/914;
  • supplementary technical and organisational measures where required.

You may request a copy of applicable transfer safeguards by contacting us at the address above.

Security Measures

In accordance with GDPR Article 32 and Section 33 of the Finnish Data Protection Act, we implement appropriate technical and organisational measures, including:

  • HTTPS/TLS encryption for data transmitted through the website;
  • access controls limiting personal data access to authorised personnel;
  • regular review of data handling and security practices;
  • secure deletion procedures when retention periods expire.

In the event of a personal data breach likely to pose a risk to your rights, we will notify the Office of the Data Protection Ombudsman within 72 hours where required, and inform affected individuals without undue delay where the breach poses a high risk.

Your Rights Under GDPR and Finnish Law

As a data subject, you have the following rights under GDPR Articles 15–22 and the Finnish Data Protection Act:

  • Right of access (Article 15): request confirmation of whether we process your data and receive a copy.
  • Right to rectification (Article 16): request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): request deletion where processing is no longer necessary, consent is withdrawn, or processing is unlawful.
  • Right to restriction (Article 18): request that we limit processing in certain circumstances.
  • Right to data portability (Article 20): receive data you provided in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object (Article 21): object to processing based on legitimate interest, including profiling.
  • Right to withdraw consent: withdraw consent at any time where processing is consent-based, without affecting prior lawful processing.
  • Right not to be subject to automated decision-making (Article 22): not applicable, as we do not conduct such processing.

To exercise any of these rights, contact us at clients@imaginetopbrain.world. We will respond without undue delay and within one month, as required by GDPR Article 12(3). This period may be extended by two further months for complex requests, in which case we will inform you of the extension and reasons.

If you believe your rights have been violated, you have the right to lodge a complaint with the supervisory authority:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Lintulahdenkuja 4, 00530 Helsinki, Finland
Website: tietosuoja.fi
Email: tietosuoja@om.fi

Children's Privacy

Under GDPR Article 8 and Finnish law, our website is not directed at children under 16. We do not knowingly collect personal data from minors without verifiable parental or guardian consent. If you believe a child has submitted data through our contact form, please contact us and we will delete it promptly.

Cookies and Similar Technologies

Our use of cookies and local storage is described in detail in our Cookie Policy, which complies with the Act on Electronic Communications Services (917/2014), Section 205, and GDPR consent requirements enforced by Traficom and the Data Protection Ombudsman.

Changes to This Policy

We may update this Privacy Policy when our processing practices or legal obligations change. Material changes will be indicated by an updated date at the top of this page. Where changes significantly affect your rights, we will provide additional notice where appropriate.

Cookie Policy | Terms of Use | Contact