# Cookies Policy
**Effective Date:** 1.6.2025
**Last Updated:** 1.6.2025
## 1. Introduction
This Cookies Policy explains how Marko Pyhäjärvi ("we," "us," or "our") uses cookies and similar tracking technologies on our website MarkoPyhajarvi.com. This policy is integrated with our Privacy Policy and applies to our business-to-business services only.
### 1.1 Business Services Only
- **This policy applies exclusively to business-to-business interactions**
- **Consumer purchases:** If you are an EU consumer, additional consumer protection laws may apply
- **Consumer inquiries:** Contact contact@markopyhajarvi.com for consumer-specific information
### 1.2 Legal Framework Integration
- This policy supplements our Privacy Policy (Section 5: Cookies and Tracking)
- For data protection rights and general privacy matters, see our Privacy Policy
- Cookie consent is part of our comprehensive data protection compliance
## 2. What Are Cookies
### 2.1 Cookie Definition
**Cookies are small text files** that are stored on your device (computer, tablet, smartphone) when you visit our website. They help us:
- Provide essential website functionality
- Understand how our website is used
- Improve user experience and website performance
- Deliver relevant business communications (with consent)
### 2.2 Similar Technologies
**We also use similar tracking technologies:**
- **Local storage:** For temporary session data
- **Web beacons/pixels:** For analytics and email tracking
- **Server logs:** For security and performance monitoring
- **Fingerprinting:** Limited technical fingerprinting for security purposes only
**Note:** Browser storage APIs (localStorage, sessionStorage) are not used in our website artifacts due to technical limitations.
## 3. Types of Cookies We Use
### 3.1 Essential Cookies (No Consent Required)
**These cookies are strictly necessary for website operation:**
| **Cookie Name** | **Purpose** | **Duration** | **Provider** |
|-----------------|-------------|--------------|--------------|
| `session_id` | User session management | Session only | MarkoPyhajarvi.com |
| `csrf_token` | Cross-site request forgery protection | Session only | MarkoPyhajarvi.com |
| `cookie_consent` | Records your cookie preferences | 12 months | MarkoPyhajarvi.com |
| `security_check` | Basic security verification | 24 hours | MarkoPyhajarvi.com |
**Legal basis:** Legitimate interest for website security and functionality (GDPR Art. 6(1)(f))
**You cannot opt out of essential cookies** as they are required for basic website operation.
### 3.2 Analytics Cookies (Consent Required)
**These cookies help us understand website usage:**
| **Cookie Name** | **Purpose** | **Duration** | **Provider** |
|-----------------|-------------|--------------|--------------|
| `_ga` | Google Analytics - distinguishes users | 2 years | Google Analytics |
| `_gid` | Google Analytics - distinguishes users | 24 hours | Google Analytics |
| `_gat` | Google Analytics - throttles request rate | 1 minute | Google Analytics |
| `_ga_[CONTAINER-ID]` | Google Analytics 4 - session data | 2 years | Google Analytics |
**Data collected:** Page views, session duration, bounce rate, traffic sources, device information (anonymized)
**Legal basis:** Consent (GDPR Art. 6(1)(a))
**IP anonymization:** Enabled to enhance privacy protection
**Google Analytics configuration:** Demographics and Interest reports disabled
### 3.3 Marketing Cookies (Explicit Consent Required)
**These cookies are used for business marketing purposes:**
| **Cookie Name** | **Purpose** | **Duration** | **Provider** |
|-----------------|-------------|--------------|--------------|
| `li_sugr` | LinkedIn - browser identification | 3 months | LinkedIn |
| `bcookie` | LinkedIn - browser identification | 1 year | LinkedIn |
| `li_gc` | LinkedIn - guest conversion tracking | 6 months | LinkedIn |
| `AnalyticsSyncHistory` | LinkedIn - sync analytics | 30 days | LinkedIn |
**Data collected:** Professional interests, company information, B2B engagement patterns
**Legal basis:** Explicit consent (GDPR Art. 6(1)(a))
**Business purpose:** B2B marketing, professional networking, industry targeting
**Audience:** Business professionals only - not for consumer targeting
### 3.4 Functionality Cookies (Consent Required)
**These cookies enhance website functionality:**
| **Cookie Name** | **Purpose** | **Duration** | **Provider** |
|-----------------|-------------|--------------|--------------|
| `language_pref` | Language preference storage | 6 months | MarkoPyhajarvi.com |
| `timezone_pref` | Timezone preference for scheduling | 6 months | MarkoPyhajarvi.com |
| `contact_form_data` | Form data preservation during session | Session only | MarkoPyhajarvi.com |
**Legal basis:** Consent (GDPR Art. 6(1)(a))
**Purpose:** Improve user experience and reduce form re-entry needs
## 4. Third-Party Cookies and Data Processors
### 4.1 Google Analytics (Google LLC)
**Service:** Website analytics and performance monitoring
**Data Processing Agreement:** Standard Contractual Clauses in place
**Data transfer:** USA (with appropriate safeguards under GDPR)
**Data retention:** 14 months (reduced from default 26 months)
**User control:** Opt-out available via [Google Analytics Opt-out](https://tools.google.com/dlpage/gaoptout)
**Data minimization measures:**
- IP anonymization enabled
- Demographics and interest reports disabled
- Data sharing with Google disabled
- Advertising features disabled
### 4.2 LinkedIn Business Solutions (LinkedIn Corporation)
**Service:** B2B marketing and professional networking
**Data Processing Agreement:** LinkedIn DPA for business customers
**Data transfer:** USA (with Standard Contractual Clauses)
**Business focus:** Professional audience targeting only
**User control:** LinkedIn privacy settings and our cookie preferences
**B2B specific configuration:**
- Consumer audience targeting disabled
- Personal interest tracking disabled
- Focus on business and professional interests only
- Industry-specific targeting for consulting services
### 4.3 Email Service Provider Integration
**Service:** Business email marketing automation
**Cookies:** Email tracking pixels and engagement cookies
**Duration:** 30 days maximum
**Legal basis:** Consent for business communications
**Opt-out:** Unsubscribe link in all emails + cookie preferences
## 5. Cookie Consent Management
### 5.1 Consent Requirements
**We obtain consent for non-essential cookies through:**
- **Granular consent banner** with clear choices per cookie category
- **No pre-ticked boxes** - active consent required for each category
- **Plain language explanations** of what each cookie type does
- **Easy withdrawal** options available at any time
### 5.2 Consent Choices Available
**You can choose to:**
- ✅ **Accept all cookies** (including marketing and functionality)
- ✅ **Accept essential cookies only** (reject all non-essential)
- ✅ **Customize preferences** (granular control per category)
- ✅ **Reject all non-essential** (essential cookies remain active)
### 5.3 Consent Recording and Management
**We maintain records of:**
- Which consent choices you made and when
- Your IP address (anonymized after 90 days) for consent verification
- Consent withdrawal requests and timing
- Cookie preference updates and modifications
**Consent validity period:** 12 months (re-consent requested annually)
## 6. Managing Your Cookie Preferences
### 6.1 Our Cookie Preference Center
**Access your cookie preferences:**
- **Cookie settings link** in website footer
- **Cookie banner settings** (appears on first visit or after clearing cookies)
- **Email us:** contact@markopyhajarvi.com for assistance
- **Granular control** available for each cookie category
### 6.2 Browser-Based Cookie Management
**Control cookies through your browser settings:**
**Google Chrome:**
1. Settings > Privacy and Security > Cookies and other site data
2. Choose "Block third-party cookies" or "Block all cookies"
3. Manage site-specific cookie permissions
**Mozilla Firefox:**
1. Options > Privacy & Security > Cookies and Site Data
2. Choose Enhanced Tracking Protection settings
3. Manage cookie exceptions for specific sites
**Safari:**
1. Preferences > Privacy > Cookies and website data
2. Choose "Block all cookies" or manage website data
3. Prevent cross-site tracking option
**Microsoft Edge:**
1. Settings > Cookies and site permissions > Cookies and site data
2. Choose "Block third-party cookies" or "Block all cookies"
3. Manage site-specific permissions
**Note:** Blocking essential cookies may affect website functionality.
### 6.3 Third-Party Opt-Out Options
**Direct opt-out from third-party services:**
- **Google Analytics:** [Opt-out browser add-on](https://tools.google.com/dlpage/gaoptout)
- **LinkedIn:** [LinkedIn Privacy Settings](https://www.linkedin.com/psettings/privacy)
- **Industry opt-out:** [Your Online Choices](http://www.youronlinechoices.com/) (EU)
- **NAI opt-out:** [Network Advertising Initiative](http://www.networkadvertising.org/choices/) (US)
## 7. Data Protection and Security
### 7.1 Cookie Data Security
**Security measures for cookie data:**
- **Encryption:** All cookie data transmitted via HTTPS/TLS 1.3
- **Secure flags:** Security flags set on all cookies where applicable
- **SameSite attributes:** CSRF protection via SameSite cookie attributes
- **Regular audits:** Quarterly review of cookie usage and security
### 7.2 Data Minimization
**We minimize cookie data collection by:**
- Using only necessary cookies for stated purposes
- Setting shortest possible retention periods
- Anonymizing data where possible (IP addresses, user identifiers)
- Regular deletion of expired cookie data
### 7.3 Breach Notification
**In case of cookie-related data breach:**
- **Authority notification:** Within 72 hours to Finnish Data Protection Authority
- **User notification:** Within 72 hours if high risk to rights and freedoms
- **Immediate investigation:** Source identification and containment
- **Remediation:** Security improvements and affected cookie deletion
## 8. Children's Privacy and B2B Focus
### 8.1 Business Services Only
**Our website and services are designed exclusively for:**
- Business professionals and decision-makers
- Companies seeking business consulting services
- Professional networking and B2B communications
- Industry-specific business solutions
**We do not:**
- Target consumers or general public audiences
- Collect personal data from individuals under 16
- Use cookies for consumer marketing purposes
- Track personal/non-business interests
### 8.2 Accidental Data Collection
**If we inadvertently collect data from minors:**
- **Immediate deletion** upon discovery
- **Parent/guardian notification** if contact information available
- **System review** to prevent future occurrences
- **Enhanced age verification** for future interactions
## 9. International Data Transfers and Legal Compliance
### 9.1 Cross-Border Data Transfers
**When cookies involve data transfers outside EU/EEA:**
**United States (Google, LinkedIn):**
- **Standard Contractual Clauses** (2021 version) implemented
- **Transfer Impact Assessment** conducted for adequacy
- **Additional safeguards:** Encryption, data minimization, access controls
- **Regular review:** Annual assessment of transfer adequacy and risks
**Safeguard measures:**
- Data encryption in transit and at rest
- Limited data access on need-to-know basis
- Regular security audits of data processors
- Contractual obligations for data protection compliance
### 9.2 EU Law Compliance Framework
**Compliance with EU regulations:**
- **GDPR:** Full compliance with consent, transparency, and data subject rights
- **ePrivacy Directive:** Cookie consent and tracking regulations
- **European Accessibility Act:** Cookie preference accessibility (2025)
- **Digital Services Act:** Transparency and risk management (applicable provisions)
### 9.3 Data Subject Rights for Cookie Data
**Your rights regarding cookie data:**
- **Access:** Request information about cookies and data collected
- **Rectification:** Correct inaccurate cookie preference records
- **Erasure:** Delete cookie data and withdraw consent
- **Restriction:** Limit cookie processing for specific purposes
- **Portability:** Receive cookie preference data in machine-readable format
- **Objection:** Object to cookie processing based on legitimate interests
**Exercise rights:** Contact contact@markopyhajarvi.com with specific requests
## 10. Cookie Retention and Deletion
### 10.1 Retention Periods by Category
**Essential cookies:**
- Session cookies: Deleted when browser closes
- Security cookies: Maximum 24 hours
- Consent cookies: 12 months (then re-consent required)
**Analytics cookies:**
- Google Analytics: 14 months (reduced from default)
- Our analytics: 12 months maximum
- Aggregated data: Retained indefinitely (anonymized)
**Marketing cookies:**
- LinkedIn: As per LinkedIn's retention policy (maximum 2 years)
- Email tracking: 30 days maximum
- Consent-based: Until consent withdrawn
**Functionality cookies:**
- Preference cookies: 6 months maximum
- Form data: Session only
- Language/timezone: 6 months maximum
### 10.2 Automated Deletion Process
**Automated systems ensure:**
- **Expired cookies** automatically deleted from our systems
- **Consent withdrawal** triggers immediate cookie deletion
- **Regular cleanup** of outdated cookie data
- **Backup purging** within 90 days of deletion
### 10.3 Manual Deletion Requests
**Upon request, we will:**
- Delete all non-essential cookies immediately
- Provide confirmation of deletion
- Reset consent preferences to default (essential only)
- Update third-party processors about consent withdrawal
## 11. Policy Updates and Communication
### 11.1 Cookie Policy Updates
**We may update this policy to reflect:**
- Changes in cookie usage or new cookies implemented
- Legal or regulatory requirement changes
- Improvements in privacy protection measures
- Feedback from users or data protection authorities
### 11.2 Notification Process
**For policy updates:**
- **Material changes:** 30-day advance notice via email to active users
- **Minor clarifications:** Website banner notification for 30 days
- **Updated "Last Updated" date** at top of policy
- **Consent re-collection** if required for new cookie purposes
### 11.3 Continued Use and Acceptance
- **Continued website use** after updates implies acceptance of minor changes
- **Material changes** require new consent for affected cookie categories
- **Existing consents** remain valid unless specifically withdrawn
- **Annual consent refresh** recommended for transparency
## 12. Contact Information and Support
### 12.1 Cookie-Specific Inquiries
**Cookie policy questions and requests:**
- **Email:** contact@markopyhajarvi.com
- **Subject line:** "Cookie Policy Inquiry - [Topic]"
- **Response time:** 5 business days for cookie preference requests
- **Emergency:** contact@markopyhajarvi.com for security-related cookie concerns
### 12.2 Technical Support
**Cookie technical issues:**
- **Browser compatibility:** Support for major browsers (Chrome, Firefox, Safari, Edge)
- **Consent banner problems:** Technical assistance available
- **Preference center issues:** Help with granular cookie controls
- **Third-party opt-out:** Guidance for external service opt-outs
### 12.3 Business Information
**Company details:**
- **Business name:** Marko Pyhäjärvi
- **Business address:** Merkurstrasse 1, 9000, Sankt Gallen, Switzerland
- **Business ID:** 11111405 (Buchanon Company Ltd)
- **Privacy contact:** contact@markopyhajarvi.com
- **General contact:** contact@markopyhajarvi.com
### 12.4 Data Protection Authority Contact
**If you have concerns about our cookie practices:**
- **Finnish Data Protection Authority:** tietosuoja.fi
- **Email:** tietosuoja@om.fi
- **Your local EU DPA:** If you reside in another EU member state
## 13. Technical Implementation Details
### 13.1 Cookie Consent Banner Specifications
**Our consent implementation includes:**
- **GDPR-compliant consent collection** with clear affirmative action
- **Granular category selection** (essential, analytics, marketing, functionality)
- **Plain language descriptions** of each cookie category and purpose
- **Easy withdrawal mechanism** accessible from any page
### 13.2 Consent Technology Standards
**Technical compliance features:**
- **No cookies set before consent** (except essential)
- **Consent API integration** for third-party services
- **Regular consent validation** and refresh prompts
- **Accessibility compliance** (WCAG 2.1 AA standards)
### 13.3 Data Processing Integration
**Cookie data integration:**
- **Privacy Policy alignment** for comprehensive data protection
- **CRM integration** for consent management
- **Marketing automation** respects cookie preferences
- **Analytics configuration** reflects user consent choices
## 14. Legal Compliance Summary
### 14.1 EU Regulatory Compliance
**This Cookie Policy ensures compliance with:**
- **GDPR Articles 6 & 7:** Lawful basis and consent requirements
- **ePrivacy Directive Article 5(3):** Cookie consent and information requirements
- **European Accessibility Act:** Accessible consent mechanisms (2025)
- **Finnish Personal Data Act:** National implementation requirements
### 14.2 Business-to-Business Focus
**B2B compliance considerations:**
- **Professional cookie usage** for business purposes only
- **Industry-appropriate marketing** targeting business interests
- **Corporate communication** preferences and tracking
- **Business relationship management** through appropriate technology
### 14.3 International Best Practices
**Additional compliance measures:**
- **ICO guidance** (UK) for cookie consent best practices
- **CNIL recommendations** (France) for consent implementation
- **EDPB guidelines** for cookie consent and tracking
- **Industry standards** for privacy-by-design implementation
---
**This Cookie Policy is designed to provide maximum transparency while ensuring full EU legal compliance and minimal business risk for our B2B consulting services.**
**Last legal review:** 1.6.2025
**Next review:** 1.6.2026
**Technical implementation:** Required before website launch