Our Privacy Policy
Privacy Policy Chronbay.com
Updated: 5.10.2025
Welcome to Chronbay.com. This privacy policy explains how we, WebRocket Oy (Business ID: 3524355-5), collect, use, store, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR). We want to ensure that you understand how your information is handled and what rights you have.
Data Controller
Business ID: 3524355-5
Company name: WebRocket Oy
Company address: Kuntotie 2, 96400 Rovaniemi
Email address: webrocketoy@gmail.com
2. Name of the Register
Chronbay’s customer register.
3. Purpose of Processing Personal Data
We process personal data to manage, administer, and develop customer relationships. This includes providing, delivering, and improving our services, as well as handling billing.
In addition, we use personal data for communication, including updates and promotional messages.Marketing may include direct and electronic marketing, which you can opt out of at any time.
Specifically, we use data to:
Manage customer relationships
Provide and maintain services
Deliver customer support
Handle invoicing and payments
Improve our services based on feedback
Enhance user experience and platform functionality
4. Legal Basis for Processing
The processing of personal data is based on the following legal grounds under the EU General Data Protection Regulation (GDPR):
The data subject has given consent to the processing of their personal data for one or more specific purposes (GDPR Article 6(1)(a));
Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract (GDPR Article 6(1)(b));
Processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party (GDPR Article 6(1)(f)).
The legitimate interest pursued by the data controller is based on a relevant and appropriate relationship between the data subject and the data controller, such as when the data subject is a customer. The processing is carried out for purposes that the data subject could reasonably expect at the time of data collection and within the context of that relationship.
5. Contents of the Register
The register contains the following personal data, in principle, for all registered individuals:
Basic and Contact Information
Name, address, phone, email
Company or Organization Information (if applicable)
Company name, business ID, position or title
Direct Marketing Information
Marketing consents or refusals
Service Usage Information
Username and encrypted password
Payment data
Customer support messages
Optional profile data
6. Regular Sources of Information
Personal data is primarily collected directly from the data subject themselves, for example, during registration, purchase, contact, or other transactions.
In addition, data may be collected and updated from public and generally available sources within the limits permitted by applicable legislation, if necessary for managing the customer relationship between the data controller and the data subject. Such sources may be used, for instance, when the data controller requires up-to-date information to fulfill its obligations or to maintain the customer relationship.
7. Retention Period of Personal Data
We keep your personal data only as long as necessary. The period depends on the customer relationship, legal obligations, and operational needs.
We also review data regularly and, unless legally required otherwise (e.g., for accounting), delete it five years after the customer relationship ends.
We also correct or remove any outdated or inaccurate data as soon as possible.
8. Recipients and Disclosures
Personal data is processed confidentially and is not disclosed to external parties. We do not sell, rent, or otherwise transfer our users’ personal data to third parties for marketing or other external purposes.
Still, we may share it with trusted providers such as hosting or payment services, but only under strict agreements.
9. Data Transfers Outside EU/EEA
All data is processed and stored within the EU/EEA or under equivalent data protection safeguards.
10. Register Protection Principles
The data controller ensures the appropriate protection of personal data using both physical and technical measures. Materials containing personal data are stored in locked and monitored facilities, with access restricted only to designated individuals who have the right to process such data based on their job duties. Access to these facilities is supervised, and only authorized employees may handle the data in these locations.
The database containing personal data is located on a server housed in a physically secured and locked space. The server is protected with an up-to-date firewall and other appropriate technical safeguards to prevent unauthorized access.
Access to information systems and databases is granted only with personal usernames and passwords, which are assigned exclusively to specifically authorized individuals. Access rights and permissions are limited so that only those individuals whose work duties require it—and whose processing is based on legal or contractual grounds—can view and handle the data. All activities within the information systems are logged, and these logs can be used for monitoring data security and investigating any potential incidents.
The data controller’s staff and any external individuals who have access to personal data are bound by a duty of confidentiality and must keep all confidential information received during the processing of personal data secret. This obligation of confidentiality continues even after the termination of the employment or contract relationship.
11 Rights of the Data Subject
Under the EU General Data Protection Regulation (GDPR), you have the right to:
Access your personal data and know how it is used (Art. 15)
Correct inaccurate or incomplete data (Art. 16)
Delete your data in certain cases, such as if it is no longer needed or was processed unlawfully (Art. 17)
Restrict processing under specific conditions, like during accuracy verification (Art. 18)
Withdraw consent at any time without affecting previous lawful use (Art. 7)
Object to processing, including direct marketing (Art. 21)
Receive and transfer your data in a machine-readable format (Art. 20)
Complain to a supervisory authority if your data rights are violated (Art. 77)
You can request any of these by contacting the data controller listed in section 1.
12 Web Analytics
We use analytics to better understand how users interact with our platform and improve our services accordingly.
Tools in Use:
Google Analytics tracks usage statistics like page views and traffic sources. Data is anonymized and does not identify individuals.
Hosting Analytics may record technical information, such as IP addresses, browser types, and general location.
.
13 Targeted Marketing
We may use anonymized data to deliver more relevant content and promotions to our users. This helps us tailor our marketing efforts based on user interests and behavior, improving your overall experience with our platform.
Marketing Tools in Use:
Google Analytics (with Remarketing Features)
Google Analytics allows us to understand user behavior and create audiences for remarketing. This means you may see ads for our platform across Google’s network based on your previous interactions with our website. No personal data is shared—only anonymized behavioral data is used.Hosting Infrastructure
While our Hosting service does not actively participate in marketing activities, their infrastructure supports the tools we use for targeted advertising and performance tracking. Any data passed through their services remains subject to strict privacy and security controls.