Privacy policy

Contact
Request a Quotation

Privacy Policy and Data Protection Statement

This is Finse Oy’s register and data protection statement in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).
Prepared on 17 April 2026. Last updated on 17 April 2026.

1. Data Controller
Finse Oy
Hohontie 14, P.O. Box 48
FI-41400 Lievestuore, Finland

2. Contact Person Responsible for the Register
Antti Hyppönen
+358 400 917 865
antti.hypponen@finse.fi

3. Name of the Register
The company’s customer register, marketing register, stakeholder register, website user register, membership register, employee register, etc.

4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data under the EU General Data Protection Regulation is:

  • the data subject’s consent (documented, voluntary, specific, informed, and unambiguous)
  • a contract to which the data subject is a party
  • a legal obligation
  • the performance of a task carried out in the public interest, or
  • the legitimate interest of the data controller (e.g., customer relationship, employment relationship, membership)

The purpose of processing personal data is to maintain customer relationships, communicate with customers, and carry out marketing activities.

Data is not used for automated decision-making or profiling.

5. Data Content of the Register
The register may contain the following information: name, position, company/organization, contact details (phone number, email address, postal address), website URLs, IP address, social media profiles/identifiers, information related to ordered services and changes to them, billing information, and other information related to the customer relationship and services provided.

6. Regular Sources of Data
Data stored in the register is obtained from the customer through website forms, email, telephone, social media services, agreements, customer meetings, and other situations in which the customer provides their information.

7. Disclosure of Data and Transfers Outside the EU or EEA
Data is not regularly disclosed to third parties. Data may be published to the extent agreed with the customer.

Data may also be transferred by the data controller outside the EU or EEA.

8. Principles of Data Protection
Due care is taken in processing the register, and data processed through information systems is appropriately protected. When data is stored on internet servers, both physical and digital security measures are implemented. The data controller ensures that stored data, server access rights, and other information critical to personal data security are handled confidentially and only by employees whose duties require such access.

9. Right of Access and Right to Rectification
Every individual in the register has the right to check their personal data stored in the register and to request correction of any incorrect or incomplete data. Requests must be submitted in writing to the data controller. The data controller may request proof of identity if necessary. The data controller will respond within the timeframe specified in the GDPR (generally within one month).

10. Other Rights Related to Personal Data Processing
The data subject has the right to request the deletion of their personal data from the register (“right to be forgotten”). Data subjects also have other rights under the GDPR, such as the right to restrict processing in certain situations. Requests must be submitted in writing to the data controller. The data controller may request proof of identity if necessary and will respond within the timeframe specified in the GDPR (generally within one month).