Data protection is your fundamental right, which we commit to safeguard. This Data protection statement explains what kind of personal data the Ilves companies (Ilves Solutions Ltd, Ilves Valmisohjelmisto Ltd and Ilves Invest Oy) process and for what purpose. This privacy statement applies to:

1. General Information

Ilves Solutions Oy, Ilves Valmisohjelmistot Oy and Ilves Invest Oy (“Service Provider”) are committed to protecting the privacy of our customers, the users of internet services (“Service”) and users of the Networks we administer in accordance with the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act 2018/1050, as well as other applicable regulatory provisions, as they apply to the Service Provider.

By using the Service or providing data to the Network, the user (“User”) accepts the terms (“Terms”) included in this privacy policy. If the User does not accept the terms the User must cease using the Service, or prohibit the use of their data in the Service Provider’s or Network administrator’s communication by unsubscribing from the Newsletter’s email list.

2. Collected Information

The Service provider or Network administrator collects from the User such personal data that is necessary for the processing purposes described in Section 4 of the Terms. The data collected from the User includes:

User’s personal information:

Data describing the use of the Service or Network:

The Service Provider stores the following information in the customer register:

The Network administrator stores in the register:

3. Sources from which information is collected

Personal data concerning the User is primarily collected from the following sources:

4. Purpose of Collecting Personal Data

The Service provider collects personal data for predefined purposes, which can be categorized as follows:

5. Storage of personal data

The Service Provider or Network administrator stores personal data only as long as it is necessary for the purposes set forth under Section 4, in accordance with current legislation and regulatory requirements.

If the User has not logged onto the user account for an extended period, typically 12 months, most of the personal data concerning the User is deleted, transferred to a permanent archive register, or transformed into a format that no longer identifies the User.

Notwithstanding the aforementioned, data published by the User shall remain in the public sections of the Service or Network.

The Service Provider or Network Administrator also stores personal information as required by current legislation.

6. Processing of personal data

Personal data shall primarily be processed by Service Provider’s employees.

In case the Service Provider has outsourced the processing of personal data to a third party, Service Provider will ensure through contractual measures that personal data is processed in accordance with the applicable laws and regulations.

Personal data is primarily stored within the EU or EEA. Personal data may need to be transferred outside the EU or EEA (e.g. when using Mailchimp or HubSpot), the level of information protection may be lower than that offered within the EEA.

The Service Provider will ensure sufficient level of privacy protection by, among other things, contractual measures required by the law, for example by using standard contractual model clauses approved by the European Comission.

7. Transferring or disclosure of data

Service Provider or Network Administrator will not sell, rent or transfer User’s personal data to third parties except in the cases set forth below in this Section 7.

Personal data may be disclosed to a third party in case the User has given their express consent thereto.

Personal data may be disclosed due to an order, which is compelling on Service Provider or Network Administrator, issued by a competent authority or another party based on the current legislation.

Personal data may be transferred to a party of such transaction or their advisors in case of re-arrangements of the business relating to the Service or Network such as sale or acquisition of business, merger or diffusion.

8. Protection of personal data

Service Provider or Network Administrator uses necessary technical and organizational measures to protect personal data against unauthorized access, transfer, deletion, or other unauthorized handling.

Such methods include the use of firewalls, encryption technologies and safe server rooms, proper access control, the controlled provision of user rights and supervision of their use, providing instructions for data processors, and diligent selection of competent subcontractors.

Although Service Provider or Network Administrator strives to protect personal data from possible risks and disclosures, it is not possible to achieve perfect data security in a network environment. Therefore, the User should not disclose any such information in the Service, Network or through communication with the Service Provider, which is especially sensitive, or which is not required to be disclosed in the relevant context.

9. Use of cookies

Cookies are small files that the browser saves in the User’s device, and they contain an individual identifier, which Service Provider or Network Administrator can use to identify the User and to track browsers which have visited the Service.

Service Provider or Network Administrator may collect data from User’s terminal and concerning the use of the Service by using cookies and other techniques such as browser’s local data storage.

10. Collection of data by third parties

Third parties mean parties, who are not part of the Service or Network, but are connected to the Service such as providers of online measurements and analytics services (e.g. Leadfeeder) as well as providers of so-called social plugins, such as LinkedIn and Google.

Due to the fact that the services provided by the above mentioned third parties are based, if and to the extent they are offered or utilized in connection with the Service or Network, on data transfer between the Service or Network and the respective services offered by the third party, it is possible, that such a third party may collect information regarding the User for example by installing cookies on the User’s terminal.

Service Provider undertakes to ensure, to the extent possible, through contractual measures that such third parties comply with the current legislation.

Where possible, the Service Provider or the Network Manager will seek to ensure, through contractual arrangements, that such third parties comply with the legislation in force.

11. User’s influence

Direct marketing consent

The User has the right to prohibit the transfer or handling of their information for direct advertising, distance selling or other direct marketing by giving a notice thereof to the following e-mail address or by unsubscribing from the mailing list through the provided link.

Right to access and rectification

The User has the right to access personal data collected and to demand rectification, erasing or supplementation of erroneous, unnecessary, incomplete, or obsolete personal data by giving notice thereof to the following e-mail address

Right to be removed

The data subject has the right to ask for removal of registered data by giving notice thereof to the following e-mail address

Withdrawal of consent

When it comes to processing personal data based on consent, the subject has the right to withdraw consent for processing of such data at any point by giving notice thereof to the following e-mail address

Right to limit the process

The data subject has the right to request that we limit the processing of controversial data until the matter has been settled by giving notice thereof to the following e-mail address

Right to transfer

The data subject has the right to request that the subject’s personal data is transferred to another system by giving notice thereof to the following e-mail address

Preventing the use of Cookies

The User can prevent the use of cookies by changing their browser settings. Preventing cookies may have an impact on the User’s user experience.

Clearing Cookies

The User can clear the cookies from their browser settings. Clearing cookies may have an impact on the User’s user experience.

Right to appeal to supervising authority

If the data subject has grounds for suspecting that we are in not complying with effective legislation regulating data protection, the subject has the right to make an appeal to the Data Protection Ombudsman. The Data Protection Ombudsman’s contact information can be found here.

12. Changing privacy policy

Service Provider (in this context same as Network Administrator) strives to continuously develop the Service and Network, which may result in a need change these Terms. Changes may also result from changes in laws and regulations.

Service Provider reserves the right to change these Terms. Changes to the Terms will be announced in the Service and Network.

Service Provider recommends that the User regularly reads the content of the Terms. Continued use of the Service after the release of new Terms shall be deemed acceptance of the amended Terms.

13. Contact

We request that the User primarily directs all contacts relating to these Terms to the following contact person responsible for issues relating to personal data:

Heikki Ilvessalo, phone +358 40 5471501

The User can also contact use in relation to these Terms through the following address:

Ilves Solutions Oy
Niittymäentie 9
02200 Espoo, Finland

This privacy policy was last updated 19 January 2024