Privacy policy

Colloidtek Oy (2829721-3) Privacy and Registry Policy based on European Unions General Data Protection Regulation (2016/679).

Last updated 2025-05-13.

Registrar

ColloidTek Oy (2829721-3)
Visiokatu 1, 33720 Tampere
info@collo.fi

ColloidTek Oy and its affiliates (collectively, “ColloidTek”, “Collo”, “we”, “us”, and “our”) respect your privacy. Please read the following to learn more about our Privacy Policy (“this Policy”). This Policy applies to ColloidTek websites that display or provide links to this Policy or are controlled by ColloidTek Oy (2829721-3)

 

Person responsible for Data Protection

Matti Järveläinen, CEO
ColloidTek Oy
Visiokatu 1, 33720 Tampere

 

The meaning of this registry and Policy

This Policy describes how ColloidTek processes your personal data, but it may not address all possible data processing scenarios. ColloidTek may inform you of specific data collection through supplementary policies or notices provided before collection.

The registry is used but not limited to:

  • Contacting customers and messaging
  • Keeping client records up to date
  • To make agreements and execute them
  • To keep up the records in registry, enforce the rights concerning it and executing the said rights.
  • To analyse website traffic and page efficiency
  • Other ways that enable us to follow and monitor the site to keep it safe and update information accordingly

 

Legal basis for processing personal data

Customer Approval

  • Information given to Collo by Customer contact or other permission to collect and use customer contact information to contact the person or entity. This includes a permission to contact with marketing messages. This marketing permission can always be cancelled by the person or entity.

Execution of a contract

  • A right given by a contract or an agreement to use customer information and contact a person or entity to execute an agreement or provide a service.

Legitimate Interest of the Company

  • The company uses personal data and contacts to execute assignments and deals, communicate with customers, develop its services and ensure the quality of it’s work. We also handle personal information and contact information when needed to fulfill legal obligations and/or defend the company if needed.

Legal Obligations

  • As mentioned above, the company can use personal data to fulfill legal obligations if needed.

How we collect data?

The following data sources are included, but not limited to:

  • Contact from the customer by contact form, email, phone or any other method towards the company.
  • Information gathered from Finnish Trade Register and/or including but not limited to any other business register, public contact registry, purchased contacts, social media, business media, fairs

Examples of collected data:

  • Name
  • Email
  • Phone number
  • IP-address
  • Job title
  • Other personal information provided

How do we use collected data?

  • Customer identification
  • Invoicing
  • Contacting customers
  • Marketing our products and services

 

Processing and storing data

Collo respect privacy and we have strict policies who can access personal or company data. In general, only Collo personnel have access to the information described and all contact and personal information is handled by trusted personnel only. The data is handled only by company’s own devices or purchased cloud services which are all encrypted and protected by protected SSH connection. Company emails are also SSH protected. Please note, that even with SSH protection, emails are not considered secure email (turvaposti). Collo uses 3rd party provided cloud services where customer projects and information is also stored. The data stored in cloud services are stored mainly in EU and EEA areas. In case where data is stored outside EU, we take appropriate actions to ensure that the data is stored and protected.

In Collo all necessary security measures are made to protect collected data. This includes limits of personnel having access to personal data, secure passwords, encrypted connections and endpoint devices, regular backups, firewalls, Two-Factor-Authentication methods and other security measures.

 

Profiling and automated decision making

ColloidTek does not use personal data for automated decision making.

 

Exception to data retention or disclosure

Please notice that if official authorities ask for data on legal grounds, we are forced to give it for full disclosure.

 

How long do we keep collected personal data

We retain the collected data primarily for a period of five years from the date it is generated. For assignments and other accounting obligations or business purposes, we retain the data for ten years from the end of the financial year in which the assignment was completed. If necessary, we may retain the data beyond these periods if there is a justified reason for doing so (e.g., a legal interest).

 

Rights of Data Subjects

The Company supervises the register and ensures the rights of the data controller and the data subjects. Below is a breakdown of the rights of individuals whose data is contained in the register. More information on data subjects' rights can be found on the website of the Office of the Data Protection Ombudsman.

 

Right to be Informed About Personal Data Processing

The data subject has the right to know whether their personal data is being used, and if so, what data is being used and for what purpose. The Company has an obligation to identify the individual requesting access to their personal data before disclosing it. Identification may only be conducted using information comparable to data already held by the Company.

 

Right to Rectify or Amend Data

The data subject has the right to supplement their personal data in the register, while being responsible for the accuracy of the information. They also have the right to correct incorrect information in the register. In such cases, the data subject must provide the current and correct data.

 

Right to Erasure ("Right to be Forgotten")

The data subject has the right to request the deletion of their data from the register if there is no longer a need to retain it, or if the data has been used unlawfully.

The Company may refuse to delete the data for the following reasons:

  • Compliance with legal obligations
  • Public interest, such as archiving or record-keeping
  • Establishment, exercise, or defence of legal claims

Source: Office of the Data Protection Ombudsman

 

Right to Data Portability

The data subject has the right to request the transfer of their personal data from one system to another. This may involve providing the data to the data subject or, at their request, transferring it directly to a new target register.

This right applies only to raw, unmodified personal data that concerns the data subject. Any information created or modified during a commission by the Company falls under the Company's trade secrets.

 

Right to Restrict Processing

The data subject has the right to restrict the processing of their data if they suspect the data is incorrect, used unlawfully, unnecessary, or if they have requested erasure and the Company has not yet responded or completed the process.

During the restriction period, the Company may process the data only:

  • With the data subject’s consent
  • For the establishment, exercise, or defence of legal claims
  • For reasons of public interest
  • To protect the rights of another person

Source: Office of the Data Protection Ombudsman

 

Right to Withdraw Consent

The data subject has the right to withdraw their consent to data processing if the processing is based solely on consent and not required for the fulfilment of a commission, billing relationship, or defence of the Company.

 

Right to Contact the Data Protection Ombudsman

The data subject has the right to contact the Office of the Data Protection Ombudsman if they believe their data has been processed inappropriately, their data security has been compromised, or if they believe the Company has mishandled their personal data.

More information about the Office of the Data Protection Ombudsman and data protection is available at www.tietosuoja.fi.

 

Contact

If you would like more information about the processing of personal data in our Company or if you have any questions, you may contact us using the contact details provided at the top of this privacy notice.

 

Right to Modify the Privacy Notice

The Company reserves the right to modify the content of this privacy notice at any time. The Company recommends that customers regularly review this privacy and data protection notice to stay informed about how their personal data is processed.