Privacy Policy

Data Controller

EFC Finland Oy
Business ID: 1750567-0
Ahmantie 6
FI-65520
Helsingby

Purpose of Personal Data Processing

The purpose of the register is to manage customer relationships and customer communications. The register is also used for marketing to current and potential customers and stakeholders. Personal data is collected and processed solely for these purposes.

Data Collected

Company name, details, and contact information (business ID, phone number, email address, postal address, website).

Personal data (name and professional title, email address, phone number, postal address).

Personal data is primarily processed as long as the contract upon which processing is based on remains valid. Data is entered into the register as received from the Data Subject and is updated according to information provided by the Data Subject to the Controller.

Regular Data Sources

We collect personal data during the customer relationship and the work carried out to establish a potential customer relationship. Data is collected via an electronic contact form and a newsletter subscription form on the Controller’s website.

Regular Data Disclosures

Personal data may be selectively disclosed, for example, for the Controller’s targeted marketing campaigns. The Controller remains in ownership of the data, and third parties have no right to use the data for purposes outside the scope of the assignment. Data may be disclosed to authorities as required by law, for example, in cases of investigation or prevention of misuse. Customer data may also be transferred or disclosed to temporary registers (e.g., event, raffle, or survey registers) to fulfill customer assignments or with the customer’s consent. Personal data may be provided to a debt collection agency if necessary for monitoring payments.

The following service providers used by EFC may selectively process personal data:

• Adobe Systems Incorporated (https://www.adobe.com/privacy/policy.html)
• Google (https://policies.google.com/privacy?hl=en)
• HubSpot (https://legal.hubspot.com/privacy-policy)
• LinkedIn Corporation (https://www.linkedin.com/legal/privacy-policy)
• Meta Platforms Inc (https://www.facebook.com/privacy/policy)
• Microsoft Corporation (https://www.microsoft.com/en-us/privacy/privacystatement)
• Pipedrive (https://www.pipedrive.com/en/privacy)

Transfer of Data Outside the EU or EEA

The data in the Controller’s customer register is generally not transferred outside the EU or EEA. However, data may be transferred or disclosed outside the EU/EEA as needed by the aforementioned service providers. Refer to their privacy policies for more details.

Data Protection Principles

The Controller stores customer register data in digital information systems secured with usernames, passwords, and access rights. The network and hardware containing the register are protected with firewalls and other technical measures. Access rights to the information system are granted only to members of the Controller’s staff. Disclosures are monitored by a designated contact person. Data processors are bound by confidentiality obligations.

Right of Access and Rectification

Data Subjects have the right to access their personal data and request for correction of incorrect information. Data is reviewed and corrected upon a signed written request sent via post or email to the Controller’s contact person:

Contact Person for the Register
EFC Finland Oy / Kristian Mäkelä
Business ID: 1750567-0
Ahmantie 6
FI-65520 Helsingby
kristian.makela@efc.fi

Other Rights Related to Data Processing

Data Subjects have the right to object to data processing and to request restrictions on data processing. Data Subjects also have the right to receive their personal data, provided to the controller in a structured, commonly used, and machine-readable format, and to transfer said data to another controller. Additionally, Data Subjects can object to automated decision-making and profiling and prohibit the use of their data for marketing and advertising purposes, as well as to secure any other rights specified in the Personal Data Act.

Data Deletion and Retention Period

Personal data is retained as long as there is a business justification for its processing. When no longer justifiable, the data is anonymized or deleted. Data Subjects may also request data deletion (right to be forgotten) as permitted by law. However, data will not be deleted if required by law, during an ongoing legal or administrative process, or under a protective court decision. Data Subjects can unsubscribe from marketing emails using the unsubscribe link included in each email.

Use of Cookies

Updating the Privacy Policy

The Controller reserves the right to update the privacy policy based on business development or legal changes without prior notice. We recommend reviewing the policy regularly.