CT-logo puna-valkoinen
Join us!

Crazy Town's Privacy Policy and Terms of Use

Customer and Marketing Register

We process personal data about you that you have provided when ordering our newsletter, participating in our event, filling out a form, or downloading an information package. You will be automatically added to our marketing list when you do the above actions, but you can easily unsubscribe from the marketing list at any time. You have the right to request the data controller to see the information stored about you and to demand its deletion if you wish.

On this page, we aim to clearly and visibly explain how we process your data when you are our customer, potential customer, or partner.

Please feel free to contact us if you have any questions.

Best regards,
Niklas Isberg, Crazy Town Ltd

Updated: May 15, 2026

Who processes your data?

Responsible and contact person

Whose data do we process?

We process your data in accordance with this privacy policy if you are:

  • Our customer
  • Our potential customer
  • Our partner
  • You have attended our event either physically or remotely (event attendee)

No matter who you are, we handle your data with the same care as our own.

Why do we process your data?

We process your data:

  • to enter into and fulfill a contract
  • to provide services and manage customer relationships
  • for customer communication, such as service-related notifications, announcements, and newsletters
  • to measure customer satisfaction and develop our services


The legal basis for processing personal data is:

  • the contract between you and us (Article 6(1)(b) of the EU General Data Protection Regulation)
  • our legitimate interest in managing and developing customer relationships (Article 6(1)(f))


Pre-contractual processing (such as preparing an offer) is based on your request.

We may also use your data to market additional services to you. This processing is based on our legitimate interest. You have the right to object to us using your data for direct marketing at any time.

Potential Customer

We process your data for the marketing of our services, including newsletters, advertisements, and other direct contacts via phone, text message, email, or social media services.

If you are a representative or decision-maker of a company, the legal basis for processing is our legitimate interest (Article 6(1)(f)).

If you are a consumer or individual customer, we will use your data for direct marketing only if you have given your consent (Article 6(1)(a)), for example, when using our website’s contact form or subscribing to the newsletter. You can withdraw your consent at any time.

Partner

We process your data to manage our partnership, for communication, managing contract and billing information, and developing partnerships. The processing is based on the partnership agreement (Article 6(1)(b)) and our legitimate interest (Article 6(1)(f)).

Event Attendee

If you have attended our event, we process your data:

  • for event-related communication and collecting feedback
  • for the marketing of our services and events (newsletters, advertisements, and other direct contacts via phone, text message, email, or social media)


We use your information for direct marketing only if you have given your consent (for example, when signing up via a registration form or subscribing to a newsletter).

Legal Obligations

In some cases, we also process your information to fulfill our legal obligations (for example, accounting legislation, taxation). In this case, the legal basis is a legal obligation (Article 6, paragraph 1, point c).

We do not engage in profiling or automated individual decision-making based on personal data.

What information do we process?

We only process personal data that is necessary for the purposes described above. This may include, for example:

  • name
  • company
  • contact information (email address, phone number, postal address if necessary)
  • information related to customer relationships and contracts (e.g., ordered services, contract and billing information)
  • information related to events and reservations (e.g., registrations, participation details)
  • information related to direct marketing and consents (e.g., newsletter subscription, opt-out from direct marketing)
  • communication history and contacts (e.g., email messages, messages sent via forms)
  • any feedback and reviews

We do not collect or process information belonging to special categories of personal data (e.g., health information) in our customer and marketing register.

Where do we get the data?

We collect and receive your information from the following sources:

  1. Primarily, we receive your information provided by you, for example:
    • through the contact form, order form, or event registration on our website
    • through newsletter subscriptions
    • from email messages, phone calls, or other personal interactions
  2. If you are a representative of a potential customer or a business decision-maker, we may collect your information from publicly available sources online (for example, from your company’s website or other reliable business information sources).
  3. We use the Vainu.io service to collect companies’ contact information. Publicly available information may come to us through this channel.
  4. In some cases, we may also receive information from our partners if it is necessary for providing the service and you have provided your information for this purpose.

Who else processes your information?

We regularly use the following service providers for processing personal data:

  1. Brevo – marketing automation and newsletters
  2. OfficeRND – customer relationship management, membership, and space reservation data
  3. Google Workspace (e.g., Gmail, Google Drive) – email, file storage, and internal communication
  4. Trustmary – collecting and publishing feedback and customer reviews

Third parties do not have any independent right to use the information received from us for purposes beyond the assignment. We ensure through contracts that all our service providers to whom we disclose your information comply with data protection legislation and process the data only on our behalf.

We do not disclose or share your information with third parties except as described in this privacy policy or as required by law (for example, to authorities).

We will never sell your information to anyone.

Transfer of data outside the EU/EEA

Some of the service providers we use may be located outside the EU/EEA or process data outside the EU/EEA (for example, in the United States).

In such cases, we ensure that there is a legal basis for the transfer of data in accordance with the General Data Protection Regulation, such as:

  • Standard Contractual Clauses (SCC) approved by the European Commission or
  • other protective measures in accordance with the General Data Protection Regulation.

If necessary, you can request more information about the protective measures we use by contacting us.

How long do we process your data?

We retain your data only as long as necessary to fulfill the purposes described above or as required by law.

In general, we adhere to the following principles:

  • Data in the marketing register is retained for a maximum of 180 days from the last active action (e.g., opening a message, clicking, or contacting us), after which the data will be deleted or anonymized unless you have an active customer relationship or have given permission for longer retention.
  • Data related to customer relationships is retained as long as the customer relationship is active and for a reasonable time after its termination, for example, to handle any complaints.
  • Billing and accounting data is retained for the period required by accounting legislation.

You can request the deletion of your data from the register through the unsubscribe link in every marketing message we send or by sending a request via email to info@crazytown.fi or niklas.isberg@crazytown.fi. We will delete or anonymize the data without undue delay upon receiving the request, unless we have another legal basis for retaining the data.

How do we protect your data?

We use the following protective measures to ensure data security:

  1. We process personal data only with modern and proven secure information systems that address typical data security risks.
  2. Access to data is restricted by passwords, two-factor authentication, and personal user IDs only to those individuals who are authorized and need the information to perform their job duties.
  3. We restrict connections to servers behind firewalls and encrypt all data traffic to servers (for example, HTTPS connections).
  4. We ensure that our staff receives training and guidance on data protection and information security.
  5. We regularly assess and develop our data security practices.

Your rights

You have the following rights regarding your personal data. Requests to exercise these rights should be made to info@crazytown.fi or by contacting the person mentioned in this statement.

  • Right of access: the right to check what personal data about you is stored in the register and to obtain a copy of it.
  • Right to rectification: the right to request the correction of any inaccurate or incomplete personal data concerning you.
  • Right to erasure (“right to be forgotten”): in certain situations, the right to request the deletion of personal data concerning you.
  • Right to restriction of processing: in certain situations, the right to request the restriction of the processing of your personal data (for example, if you contest the accuracy of the data).
  • Right to data portability: the right to receive your personal data provided to us in a commonly used, machine-readable format and to transfer it to another controller, if the processing is based on consent or a contract and is carried out automatically.
  • Right to object: the right to object to the processing of your personal data when the processing is based on our legitimate interest. Processing may not continue unless there are compelling legitimate grounds for the processing.
  • Right to object to direct marketing: the right to object to direct marketing directed at you at any time. Every marketing email sent will contain a link through which you can unsubscribe.

If the processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

You also have the right to lodge a complaint with a supervisory authority if you believe that we have violated data protection regulations in processing your personal data. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (tietosuoja.fi).

Ask for more information or request a quote!

Are you looking for office space for yourself or your team? Ask us for more information and request a quote! We are happy to arrange a tour of our facilities.

Kysy lisÀÀ tai pyydÀ tarjous!

Etsitkö toimitilaa itsellesi tai tiimillesi? Kysy meiltÀ lisÀÀ ja pyydÀ tarjous! JÀrjestÀmme mielellÀmme esittelyn tiloissamme.