Affecto Oyj respects the privacy of service users and complies with all applicable regulations of the Personal Data Act, Information Society Code, and other applicable legislation. This privacy statement is to specify the type of information that is collected of people who visit the website and the ways in which this information is used.

  1. Information collected and regular sources of information

We mainly collect personal data from the visitors themselves through the various forms found in the service. These include:

  • Information relating to the visitor such as their name, name of their employer, and their position in the organization for which they work;
  • Contact details such as name, telephone number, and email address.

Because is an online service, also other technically collected visitor data is saved in our systems, some of which might be personal data in nature. Such technically collected visitor data include:

  • IP address, type and version of the operating system, and language settings of the browser and the operating system.
  1. Purpose of processing personal data

Visitor data can be processed for the following purposes:

  • Contacting the visitors;
  • Marketing our services and sending newsletters and bulletins to the visitors;
  • Producing, offering and developing our services;
  • Analysing our services and customer relations and generating related statistics.
  1. Disclosing personal data

However, we can disclose personal data of the visitors to third parties for justified purposes such as in order to complete assignments. We can also disclose personal data of the visitors if required by law or the authorities, or in order to implement the applicable terms of use, to investigate suspected violations of the terms and conditions, and to ensure security of the service.

We can disclose anonymous data of the visitors to third parties. Any collected data can be included in the marketing and/or customer register of the data controller to the applicable extent.

  1. Data security principles

All data saved in our system has been protected by organisational and IT protection measures and procedures. All stored personal data is protected either by means of passwords or physically locked away to prevent unauthorized access. Personal data can only be accessed by parties and employees, whose work tasks make the processing of personal data justified and necessary.

  1. Transferring information outside the EU or EEA

We transfer personal data outside the EU and EEA to selected service providers including Amazon Web Services (AWS) for the purpose of producing the service. We ensure sufficient level of personal data protection for example by agreeing on matters relating to confidentiality and processing of personal data in a manner required by law; this includes using the standard contractual clauses approved by the European Commission and otherwise so that personal data is always processed in accordance with this privacy statement.

  1. Cookies

Cookies are small text files that the browser saves on the device that is used to access the website to identify the terminal equipment and for the technical implementation of the service. The text file contains information that allows the website to separate between visitors. We use the information produced by the cookies for example to determine the number of visitors to the website and for analysing the use of the service and for statistical monitoring.

We use Google Analytic for analysing the use of the service. This is a third party service that can save its own cookies on the devices of the users. You can refuse the use of Google Analytics by clicking on the following link:

Visitors of the service who do not wish cookies to be saved on their devices can prevent this from the settings of their browser. Instructions for preventing cookies can be found in the user instructions of the browser. Some of the cookies that we use can be necessary for some of the features of the service to function properly.

  1. Inspection, correction, and prohibition right

Registered persons have a statutory right to access any personal data concerning themselves saved in our system and the right to have incorrect, incomplete, or out-dated data corrected, deleted, or updated. To exercise this inspection and correction right, we request visitors to contact the responsible person named at the end of this privacy statement. In addition to the inspection and correction rights, registered persons have the right to prohibit the controller from using their personal data for purposes of distance selling and direct marketing, for market research and opinion polls, as well as for public registers and genealogical research.

  1. General

Our website may contain links to third party websites. We cannot be held responsible for the processing of personal data of such third party websites, as they have their own privacy practices.

We reserve the right to make changes to this privacy statement. We recommend that visitors of the service read this privacy statement regularly.

The data controller is: