Privacy Policy

Last updated: April 14, 2026

1. Introduction

ISOBUS Block ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you visit our website or purchase our products.

We comply with the General Data Protection Regulation (GDPR) and Finnish data protection laws.

Estsus Oy (ISOBUS Block)
Business ID (Y-tunnus): 2713175-6 · VAT: FI27131756
Kuusvedentie 228, 41340 Laukaa, Finland
Email: [email protected]

2. What Data We Collect

2.1 Information You Provide

When you interact with our website, you may provide us with:

• Account information: Name, email address, password (encrypted)
• Order information: Shipping address, billing address, phone number
• Payment information: Processed securely by Stripe (we do not store card details)
• Communication data: Messages you send to customer support

2.2 Information Collected Automatically

When you visit our website, we automatically collect:

• Device information: Browser type, operating system, device type
• Usage data: Pages visited, time spent, click patterns (via Google Analytics)
• IP address: Used for security and approximate location
• Cookies: See our Cookie Policy for details

3. How We Use Your Data

We use your personal data for the following purposes:

4. Data Sharing

We do not sell your personal data. We share data only with the following parties:

4.1 Service Providers (Data Processors)

• Stripe: Payment processing (Stripe Privacy Policy)
• Google Analytics (Google Ireland Ltd.): Website analytics, only with your consent (Google Privacy Policy)
• Meta / Facebook (Meta Platforms Ireland Ltd.): Conversion tracking and advertising measurement via the Meta Pixel, only with your consent (Meta Privacy Policy)
• Supabase Inc.: Database and authentication hosting (EU region)
• Resend: Transactional email delivery (order confirmations, shipping notifications, password resets)
• Sentry (Functional Software Inc.): Error and performance monitoring of our web application
• Hetzner Online GmbH (Germany): Server and application hosting infrastructure (Dokku on Hetzner)
• Shipping carriers: To deliver your orders

4.2 Legal Requirements

We may disclose your data if required by law, court order, or to protect our legal rights.

5. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework (for US-based service providers)
• Standard Contractual Clauses approved by the EU Commission

6. Data Retention

We retain your personal data for the following periods:

• Account data: Until you delete your account, plus a reasonable period for backup purposes
• Order data: 7 years (for tax and legal compliance)
• Analytics data: 26 months (Google Analytics default)
• Support communications: 3 years after last interaction

7. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

7.1 Right of Access

You can request a copy of all personal data we hold about you. We will respond within 30 days.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete data. You can also update most information directly in your account settings.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. Note that we may need to retain certain data for legal compliance (e.g., tax records).

7.4 Right to Restrict Processing

You can request that we limit how we use your data while we address a complaint or verify data accuracy.

7.5 Right to Data Portability

You can request your data in a machine-readable format to transfer to another service.

7.6 Right to Object

You can object to processing based on legitimate interests. You can also opt out of marketing communications at any time.

7.7 Right to Withdraw Consent

Where processing is based on consent (e.g., analytics cookies), you can withdraw consent at any time through your browser settings or our cookie banner.

To exercise your rights: Contact us at [email protected]. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Secure password hashing
• Regular security updates and monitoring
• Access controls limiting who can view your data

While we take all reasonable precautions, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. For significant changes, we may notify you via email or a prominent notice on our website.

12. Complaints

If you have concerns about how we handle your personal data, please contact us first at [email protected].

You also have the right to lodge a complaint with your local data protection authority. In Finland, this is:

Office of the Data Protection Ombudsman
(Tietosuojavaltuutetun toimisto)
Website: tietosuoja.fi/en
Email: [email protected]

13. Contact Us

For questions about this Privacy Policy or your personal data, contact us at:

Email: [email protected]