Privacy Policy and Register Description
This is the privacy policy and register description of Oivia Oy in accordance with the EU General Data Protection Regulation (GDPR).
Prepared on April 19, 2026. Last updated on April 19, 2026.
Data Controller
Oivia Oy
Kauppatie 6, 04300 Tuusula
Business ID: 2338716-4
Contact Person Responsible for the Register
Jarmo Toikka
sales(at)oivia.com
+358 50 598 8179
Name of the Register
Oivia Oy Customer Register
Legal Basis for Processing Personal Data
Personal data is processed based on:
the data subject’s consent
a customer relationship
a contract or assignment
the legitimate interest of the company
Purpose of Processing Personal Data
Personal data is processed for the following purposes:
development, planning, and maintenance of operations
execution of contracts and assignments
management of customer relationships, customer service, and related communication
stakeholder communication
opinion and marketing research
targeting of customer and marketing communications
website analytics, statistics, and information security measures
Data is not used for automated decision-making or profiling.
Data Content of the Register
The register may contain the following information:
company name
business ID
first and last name of contact person
position in the company
address
personal identity number (when permitted by law)
phone number
email address
information on ordered services and their changes
billing information
marketing permissions and prohibitions
customer and transaction history, including contracts and orders
Website visitors’ IP addresses and necessary cookies are processed based on legitimate interest, for example to ensure data security and to collect statistical data. Consent is requested separately where required for third-party cookies.
Regular Sources of Data
Personal data is collected:
directly from the data subject in connection with customer relationships, service use, communication, and transactions (e.g. website forms, email, phone, social media, contracts, meetings)
from public sources such as websites, directories, and other companies
Data Retention Period
Personal data is stored only as long as necessary for its intended purpose or as required by law (such as consumer protection, accounting, and tax laws).
Personal data collected from public sources for direct or telemarketing purposes is stored for a maximum of two months.
Disclosure of Data
Personal data is not regularly disclosed to third parties. Processing tasks may be outsourced to external service providers in accordance with data protection legislation. Data may be published where agreed with the customer. Data may also be transferred outside the EU or EEA when necessary. In cases related to assignments or customer relationships, data may be disclosed to relevant stakeholders.
Data Protection
Personal data is handled with care and protected appropriately in information systems.
If data is stored on internet servers, both physical and digital security measures are ensured. Access to data is restricted to employees whose duties require it, and all data is handled confidentially.
Rights of the Data Subject
The data subject has the right to:
access their personal data
request correction of inaccurate data
object to the use of their data for direct marketing and marketing research
Requests must be submitted in writing to the data controller. The controller may request verification of identity. Responses will be provided within the time limits set by the GDPR.
Other Rights
The data subject has the right to request deletion of their personal data (“right to be forgotten”). They also have other rights under the European GDPR, such as the right to restrict processing in certain situations. Requests must be submitted in writing to the data controller. Identity may be verified if necessary. The controller will respond within the time required by European GDPR.