Privacy Statement

Our approach

Crosskey follows the EU General Data Protection Regulation (GDPR). Protecting the personal data that we handle on our website is an important responsibility for us.

We only use personal data for one of two reasons: to deliver the services we have promised our customers, or to meet a legal or legitimate business need. We do not use personal data for marketing, we do not keep it for longer than we need to, and we do not sell it.

As a rule, personal data is processed inside the EU and the European Economic Area (EEA). Safeguards required by GDPR (such as Standard Contractual Clauses) are used if personal data is transferred outside EU/EEA.

If you have any privacy questions, you can reach us using the details at the bottom of this page.

What this page covers

This statement explains what personal data we collect when you visit www.crosskey.fi and www.crosskey.se, why we collect it, how we use it, and what rights you have. It does not cover the services Crosskey provides to its banking customers — those are governed by separate agreements.

Consent and Google Consent Mode

When you arrive at our website you will see a consent banner managed by Cookiebot. It lets you accept or reject the use of analytics on this site. Your choice is stored and respected on every page you visit, and you can change it at any time using the cookie settings link in the footer.

We have Google Consent Mode v2 active across the site. This means that any Google service that may be loaded (for example an embedded YouTube video) is told whether you have given consent for analytics and advertising storage, and adjusts its behaviour accordingly.

Until you give consent, our analytics tools either do not run, or run in a strictly anonymous, cookieless mode that does not identify you.

What we collect and why

There are two kinds of information we pick up through this website.

Anonymous analytics about your visit

To understand how the site is used and where we can improve it, we use three privacy-friendly analytics tools. All three are set up so that no information that can identify you personally is collected.

PostHog — set up in fully anonymized mode. PostHog does not collect names, email addresses or any other directly identifying information, does not create persistent user profiles, and does not track you across sessions or other websites. IP addresses are anonymized before being stored. PostHog is hosted in the European Union (Frankfurt) by PostHog Inc.

What these tools record is limited to things like which pages were viewed, the approximate country or region the visit came from, the type of browser and device used, the page that referred you to us, and how long the visit lasted. None of it is used for advertising, and none of it is sold to third parties.

Our legal basis for collecting this data is your consent, given through the Cookiebot banner. Where the data is fully anonymous and falls outside the scope of GDPR, we also rely on our legitimate interest in running and improving the website.

Information you give us through forms

If you use the "get in touch" web form, we collect the email address and anything else you choose to write in the message field. We use it to reply to you, and to keep improving the service we offer.

Our legal basis for this is your consent — by sending the form, you are asking us to get back to you — together with our legitimate interest in responding to enquiries.

How long we keep your data

We only keep personal data for as long as we need it for the purpose it was collected for, or for as long as the law requires.

• Analytics data in Matomo, Plausible and PostHog is retained for a maximum of 12 months and is anonymous from the point of collection.
• Consent records stored by Cookiebot are kept for up to 12 months so we can demonstrate that we asked for and respected your choice.
• Contact form messages are kept for as long as needed to handle your enquiry and any follow-up, and then deleted.

Who we share it with

We do not sell your personal data, and we do not share it with third parties for their own marketing.

We do share limited information with the service providers that help us run the website. The data is handled on our instructions and under written contracts that require providers to keep it safe:

• Webflow — hosting platform for the website itself.
• Cookiebot (Usercentrics A/S) — cookie consent management.
• PostHog Inc. — anonymous product analytics, hosted in the EU.

Some technical data may be located on these providers' servers. As a rule, this data stays in the EU/EEA. Where any transfer outside the EU/EEA is unavoidable (for example, if a provider's parent company is based outside the EU), we use the safeguards required by GDPR, such as Standard Contractual Clauses.

Beyond what is described here, we will not share your information with third parties, except where we are legally required to do so.

How we keep your data safe

We use a mix of technical and organisational measures to protect personal data from being lost, altered, or accessed by unauthorised parties. Your provided information is stored on secure servers with industry-standard controls in place.

Links to other websites

Our site contains links to other websites that we do not run. This statement does not cover those sites, and we are not responsible for how they handle your data. If you follow a link, please review the other site's own privacy policy.

Cookies

You can read which cookies we use, and what each one does, in our Cookie Policy.

Your rights

Under GDPR, you have a set of rights over the personal data we hold about you. You can:

• See it — ask what we have on file about you.
• Correct it — ask us to fix anything that is wrong or out of date.
• Delete it — ask us to remove your data (the "right to be forgotten"), where the law allows.
• Pause it — ask us to stop processing while a question is being looked into.
• Take it with you — get a copy of the data you gave us in a common, machine-readable format.
• Withdraw consent — at any time, where we are relying on your consent.
• Object — to anything we are doing on the basis of legitimate interest.
• Complain — to a data protection authority.

To use your rights, just get in touch using the details below — please mention that your request is about the Crosskey website so we can find it quickly.

Contact us

Crosskey Banking Solutions Ab Ltd
‍EU ID: FI 19066720

Attention: Data Privacy Officer
Email: privacy@crosskey.fi
‍Phone: +358 (0) 204 29 022
‍Web: crosskey.fi/contact

Elverksgatan 10
22100 Mariehamn
Finland

Changes to this statement

We may update this statement from time to time — for example, if we change a tool we use or if the law changes. The "Last updated" date at the top tells you when it was last revised. Material changes will be highlighted on the website.

‍