Privacy Policy

Privacy Policy

Hereinafter in this policy referred to as the Company

 

Person responsible for data protection and/or contact person

Contact information can be found on the Contact page.

Name of the personal data register

Customer and marketing register

This privacy statement applies to our website, marketing, customer relationship management, and the processing of personal data related to the products and services we offer.

Collected personal data and sources

We collect personal data necessary for managing the customer relationship.

Data group	Examples of data content
Identification and contact details	Customer’s and/or representative’s name and contact information.
Information related to products and services, orders, and customer communication	Order details, delivery times, contract, invoicing, customer communication, and complaint-related information.
Marketing (including direct marketing), events, and the data subject’s consents and prohibitions	Contact information for marketing, and data collected in connection with events. Consents and opt-outs for direct marketing.
Use of website and other electronic services	IP address, electronic communication identifiers, search and browsing data, browser and OS information, registration details

We collect personal data from the data subject themselves as well as from publicly available official registers and other external sources, such as the trade register or similar public business registers. We also collect data from contact form submissions and use them for the purposes mentioned above related to customer relationship management.

Purpose and legal basis of processing personal data

Personal data is processed within the limits allowed by applicable law for the following purposes:

• delivery of products and services, and conclusion of customer contracts (contract or its preparation)
• management of customer relationships (legitimate interest)
• service-related communication and guidance (legitimate interest)
• web service testing (legitimate interest)
• development of products and services (legitimate interest)
• collection and analysis of user statistics (consent, legitimate interest)
• improvement of user experience on our website and other services (consent, legitimate interest)
• invoicing, credit decisions, and debt collection (legitimate interest)
• marketing communication (legitimate interest)
• direct marketing, including electronic and phone marketing, as well as planning and measuring the effectiveness of marketing and advertising, and combining and updating personal data for direct marketing purposes (legitimate interest, consent)
• stakeholder relationship management, subcontracting, and cooperation with service providers (legitimate interest, contract or its preparation)
• internal reporting and administrative actions (compliance with legal obligations)
• warranty and liability claims, complaint handling, and legal or regulatory proceedings (legitimate interest)
• prevention and investigation of abuse, ensuring security of data, people, and property (legitimate interest)
• fulfilling other legal obligations (e.g. accounting, taxation, reporting)

When the processing of personal data is based on consent, the data subject may withdraw their consent at any time by notifying the above-mentioned contact person.

Processing of personal data may be necessary for the legitimate interests of the Company and the customer relationship. The Company has a legitimate interest to process personal data for marketing, service, and customer analyses, and service testing. Marketing purposes may also include profiling. In such cases, the data subject has the right to object to the processing of personal data. Where processing is based on legitimate interest, we have assessed that the rights and interests of the data subjects do not override the legitimate interest. Upon request, we provide more information on processing based on legitimate interest.

Processors of personal data

Access to personal data is restricted to persons responsible for customer relationship management and marketing.

Recipients of personal data

Various service providers and third parties may be used in processing, such as providers of technical solutions, hosting services, or accounting and financial services. We ensure proper agreements are in place as required by data protection legislation.

Personal data may be disclosed to third parties in cases required by law or authorities, or to investigate abuse and ensure safety. Personal data may also be disclosed in the context of legal proceedings or similar legal processes.

If the Company is involved in a merger, acquisition, or other business arrangement, personal data may be disclosed to the parties or assistants involved in the transaction.

We provide more information on recipients of personal data upon request.

Transfers of personal data outside the European Economic Area

Personal data is not transferred outside the EU or EEA unless necessary for technical implementation of the service. In such cases, we comply with the required level of data protection and safeguards under data protection law.

We provide more information on transfers and safeguards upon request.

Cookies

We use cookies and similar technologies on our site. A cookie is a small text file stored on the user’s device. Cookies contain an anonymous unique identifier used to recognize and count different browsers visiting our site. The purpose of cookies and similar technologies is to analyze and develop our services to better serve users and to target advertising. Users can manage their consent through the cookie tool on our website.

Protection of personal data

We protect personal data using appropriate technical and organizational measures. Data is stored in databases protected by firewalls, passwords, and other technical security measures. Databases and backups are located in locked and guarded facilities, and access is limited to specific authorized individuals.

Retention and disposal of personal data

Personal data is retained for as long as needed for the purpose for which it was collected and processed, or for fulfilling a contract, or as long as required by law and regulations. After this, data is securely destroyed.

Rights of the data subject

The data subject has the following rights:

1. Right to access personal data. The data subject has the right to confirm whether personal data is being processed and to receive the related information. The data subject also has the right to obtain a copy of their personal data.
2. The data subject may request correction of incomplete or incorrect data.
3. The data subject may request deletion of data when there is no legal basis for its continued processing.
4. The data subject has the right to restrict processing if the accuracy or legality of the data is questioned, or based on objection to restrict processing to storage only. The data subject also has the right to object to processing for direct marketing purposes based on legitimate interest.
5. The data subject may request the transfer of their data to another controller. This applies to data the data subject has provided in a structured, machine-readable format, where processing is based on consent or contract and carried out automatically.
6. Right to withdraw consent. If processing is based on consent, the data subject has the right to withdraw it. Withdrawal does not affect processing done prior to the withdrawal.
7. Requests regarding these rights must be sent in writing or by email to the following contact:

Company name
Request for inspection or other data-related inquiry

The identity of the requester may be verified before the request is processed. The Company will respond within 1 month of the request, unless there are special reasons to extend the response time.

The data subject has the right to lodge a complaint with the competent data protection authority if they believe their personal data has been processed unlawfully.

Contact details of the Finnish Data Protection Authority can be found here.