En Fin
We use cookies to provide the best site experience.
OK
Privacy Policy
(Last updated: 18.08.2025)

1. Controller Information
This Privacy Policy describes the processing of personal data by Lintu Investments Oy ("Company", "we", "our", "us") in connection with the provision of our services, including analytics tools and the personality/risk tolerance test.
Controller: Lintu Investments Oy
Business ID: 3359228-4
Address: Meri-Rastilan Tie 6 A 8, 00980 Helsinki, Finland
Email: info@lintu.finance
We act as the data controller within the meaning of the General Data Protection Regulation (EU 2016/679, GDPR) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).
If in the future Lintu Investments Oy operates through subsidiaries, branches, or affiliates within the EU, the relevant entity responsible for your personal data will be clearly identified at the time of collection.
2. Categories of Personal Data Processed
We may process the following categories of personal data:
  • Identification and contact details: name, email address, telephone number, postal address.
  • Account data: login credentials, profile information.
  • Payment data: billing details (note: card information is processed by third-party payment providers and not stored by us).
  • Technical and usage data: IP address, browser and device information, log data, cookies and similar technologies.
  • Communication data: correspondence between you and us.
  • Test data: answers you provide in the personality/risk tolerance test and the resulting profile score.
We do not intentionally process special categories of personal data (Article 9 GDPR), nor do we provide services to minors under 18 years of age.
3. Purposes and Legal Bases of Processing
Personal data is processed strictly in accordance with GDPR on the following legal bases:
  • Performance of a contract (Art. 6(1)(b) GDPR): to provide, maintain and administer our services and user accounts.
  • Legal obligation (Art. 6(1)(c) GDPR): to comply with statutory requirements, including accounting and taxation obligations under Finnish law.
  • Legitimate interests (Art. 6(1)(f) GDPR): to ensure the security of our systems, improve services, conduct statistical analysis, develop new features, and prevent misuse. Anonymised or aggregated risk test results may be used for these purposes.
  • Consent (Art. 6(1)(a) GDPR): for optional processing, including marketing communications, non-essential cookies, and participation in the personality/risk tolerance test. Consent can be withdrawn at any time (see Section 8).
4. Processing Activities
We process personal data for the following purposes:
  • Managing user registrations and accounts.
  • Processing payments and issuing invoices.
  • Communicating with users regarding service matters.
  • Providing service updates and marketing communications (where consent has been given).
  • Conducting the risk tolerance test and providing the resulting score for informational purposes.
  • Monitoring, analyzing, and improving our platform, including through anonymised and aggregated test data.
  • Meeting statutory obligations and responding to lawful requests from public authorities.
Certain processing activities, such as the risk tolerance test, involve profiling. This profiling is used solely for educational and informational purposes and does not produce legal or similarly significant effects on you.
5. Cookies and Similar Technologies
We use cookies and related technologies to ensure the technical functioning of our website, analyze usage, and—subject to your consent—for marketing purposes.
Where cookies are used in connection with the risk tolerance test or analytics tools, these will only be applied in accordance with GDPR and with your consent.
6. Recipients and International Transfers
Personal data may be disclosed to:
  • Service providers and subcontractors (such as hosting providers, analytics services, and payment processors) acting as data processors on our behalf.
  • Public authorities where disclosure is required by applicable law.
  • Professional advisers, such as auditors or legal counsel, where necessary.
We never sell or rent your personal data to third parties. If anonymised and aggregated, risk tolerance test data may be shared internally within Lintu Investments Oy for research and service development.
Where personal data is transferred outside the European Economic Area (EEA), such transfers will occur only:
  • to jurisdictions with an adequacy decision by the European Commission, or
  • under appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs).
7. Data Retention
Personal data shall be retained only for as long as necessary for the purposes for which it was collected, or as required by applicable legislation. For example:
  • Account and service data: retained while the account is active and up to 3 years thereafter.
  • Transaction and billing records: retained for 6 years in compliance with Finnish accounting law.
  • Marketing data: retained until consent is withdrawn.
  • Risk tolerance test data: retained as long as your account is active or until you withdraw consent, whichever is earlier.
After expiry of retention periods, data will be securely deleted or anonymized. Anonymized data may be retained indefinitely for statistical analysis, research, and service development.
8. Data Subject Rights
Under GDPR and Finnish law, you have the following rights:
  • Right of access (Art. 15 GDPR): obtain confirmation and a copy of personal data held about you.
  • Right to rectification (Art. 16 GDPR): have inaccurate or incomplete data corrected.
  • Right to erasure (Art. 17 GDPR): request deletion of personal data in certain cases, including test data.
  • Right to restriction (Art. 18 GDPR): request limited processing in specified cases.
  • Right to data portability (Art. 20 GDPR): receive personal data in a machine-readable format and transfer it to another controller.
  • Right to object (Art. 21 GDPR): object to processing based on legitimate interests, including profiling and direct marketing.
  • Right to withdraw consent (Art. 7 GDPR): withdraw previously given consent at any time (for example, for marketing or test participation).
You may exercise certain rights directly through your account settings. Alternatively, you can contact us at info@lintu.finance or request deletion via the "My Data" section in your dashboard.
You also have the right to lodge a complaint with the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto) in Finland or your local supervisory authority in the EU.
9. Security of Processing
We implement appropriate technical and organizational security measures to protect personal data, including but not limited to:
  • Encryption of sensitive information.
  • Access controls and authentication procedures.
  • Use of secure servers and firewalls.
  • Regular monitoring, audits, and staff training.
We apply the principle of privacy by design and by default, integrating data protection into our systems, services, and practices.
Where risk tolerance test data is anonymized, we ensure that no individual can be re-identified.
10. Amendments
We may amend this Privacy Policy from time to time.
If material changes are made, we will notify you in advance by email or through your account dashboard. You will have the opportunity to review the revised policy before it takes effect.
Continued use of our services after such amendments constitutes acceptance of the revised Privacy Policy.
11. Contact Details
For any queries, requests, or to exercise your rights, please contact us:
Lintu Investments Oy
Business ID: 3359228-4
Address: Meri-Rastilan Tie 6 A 8, 00980 Helsinki, Finland
Email: info@lintu.finance