Privacy Policy

This Privacy Policy explains how GästFors handles personal data when you visit this website, request access, request a demo, or communicate with us.

Last updated: 5 July 2026

1. Controller

The controller responsible for the personal data described in this Privacy Policy is:

GästFors OY
Finland
Email: pp@gastfors.com

Please contact us at pp@gastfors.com if you have questions about this Privacy Policy or how we process personal data.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed through the GästFors website, request access forms, demo requests, and related professional communications.

GästFors is an AI-assisted guest experience automation platform for hospitality, tourism, and venue operations. At this stage, the website is mainly used to provide information, receive selected access and demo requests, and communicate with potential customers, partners, investors, and professional contacts.

3. Personal data we may collect

We may collect and process the following categories of personal data.

3.1 Information you provide to us

When you submit a form, request access, request a demo, or contact us, we may process information such as:

3.2 Technical website data

When you visit the website, certain technical information may be processed automatically to operate, protect, troubleshoot, and improve the website. This may include:

3.3 Cookies and local storage

Our website may use essential cookies or browser local storage for basic functionality, such as remembering whether you have accepted the cookie notice.

We do not currently use advertising cookies on the website. If we introduce analytics, marketing, advertising, or third-party tracking tools in the future, we will update this Privacy Policy and request consent where required.

4. Purposes of processing

We process personal data for the following purposes:

5. Legal bases for processing

We process personal data only when we have a legal basis under applicable data protection law. Depending on the situation, the legal basis may be:

6. Recipients and service providers

We do not sell personal data.

We may share or make personal data available to trusted service providers and professional advisors where necessary for the purposes described in this Privacy Policy, including:

Service providers are expected to process personal data only for appropriate business, technical, legal, or service-related purposes.

7. Third-party resources used by the website

The website may load certain third-party resources, such as fonts, icons, JavaScript libraries, or content delivery network files. When your browser loads these resources, the relevant third-party provider may receive technical information such as your IP address, browser details, and the page from which the resource was requested.

We aim to keep third-party resources limited and appropriate for website functionality and presentation.

8. International transfers

We aim to use service providers located in the European Economic Area where practical. Some service providers or technical resources may process personal data outside the European Economic Area.

Where personal data is transferred outside the European Economic Area, we will use appropriate safeguards where required, such as European Commission standard contractual clauses or other legally recognised transfer mechanisms.

9. Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Typical retention periods are:

If a business relationship is created, certain records may be kept longer where required for accounting, contract, tax, legal, compliance, or dispute-related reasons.

10. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

These measures may include access control, secure hosting practices, encrypted transmission where applicable, limited internal access, monitoring, logging, backup procedures, and regular review of technical safeguards.

No online service can be guaranteed to be completely secure, but we aim to process personal data responsibly and proportionately.

11. Your rights

Depending on the situation and applicable law, you may have the right to:

In Finland, the supervisory authority is the Data Protection Ombudsman’s Office.

To exercise your rights, contact us at pp@gastfors.com. We may need to verify your identity before responding to certain requests.

12. Automated decision-making and AI

We do not currently use the public website to make legally or similarly significant automated decisions about individuals.

GästFors may develop AI-assisted tools for guest experience automation, operational risk intelligence, incident documentation, and review-ready summaries. Such tools are intended to support human review and professional decision-making, not to replace qualified legal, insurance, compliance, or operational judgement.

13. Children’s privacy

GästFors is intended for professional and business use. Our website and services are not directed to children, and we do not knowingly collect personal data from children through the website.

14. Third-party links

The website may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or security of third-party websites. Please review their privacy policies separately.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time as GästFors develops, our website changes, or legal requirements evolve. The latest version will be published on this page with the updated date.

16. Contact

For privacy questions, requests, or concerns, contact:

GästFors OY
Finland
Email: pp@gastfors.com