Privacy Policy

Data privacy statement

1. Data Controller

ESiOR Ltd, VAT number: FI20675718
Tulliportinkatu 2 LT4, 70100, Kuopio

2. Register name

ESiOR Ltd’s marketing register

3. Contact person for register and data privacy issues

Data Protection Officer Mika Karjalainen
Tulliportinkatu 2 LT4
70100 Kuopio

4. Purposes and legal basis for processing of personal data

The purpose of processing personal data is to plan, design, implement, develop, and monitor sales, marketing, and communication with various stakeholders and to improve the user experience of webpages. Personal data can be analyzed and processed to improve and target the marketing contents and to develop business by creating different data subject profiles.

Personal data is processed for the purposes of the legitimate interests pursued by ESiOR or based on data subject’s consent for one or more specific purposes (e.g. direct marketing, newsletter subscription, contact requests through forms, surveys).

5. Data Contents

We may collect, process, and store the following data:
a) Contact information: name, phone number, and e-mail address
b) Message subject and contents for contact forms
c) Information of given consents (e.g. newsletters, direct marketing, or other marketing communications)
d) Other information provided by the data subject (e.g. answers to survey questionnaires)
e) Data collected by cookies from visitors on our website. 

6. Data Sources

Register contains data that is collected from the data subject, various business information databases, company webpages, and cookies on webpages. Data subject may provide information through contact forms on our webpages, or by participating in different events, campaigns, studies, or surveys organised by ESiOR.

7. Data recipients and data transfers

Register data or right of access to the data will not be granted to third parties without the consent of the data subject unless required by applicable legislation.

Register data will be stored and processed using servers and software that are provided by ESiOR’s service providers. Should the servers be located outside the European Economic Area, the means of data transfers ensure adequate level of protection in accordance with the General Data Protection Regulations.

8. Data Retention Period

Personal data will be stored as long as necessary for carrying out the intended purposes of the processing. Personal data that is processed based on the data subject’s consent will be stored for the duration specified in the consent or until the subject withdraws the consent. Appropriate measures will be taken to delete redundant and outdated data from our systems safely and completely.

9. Data Protection

The electric register is stored in a database which is protected with firewalls, passwords, and other technical safety measures. Access rights to the registry are only held by persons appointed by ESiOR, who have signed a non-disclosure agreement and whose job description necessitates the processing of such data. Every user has a personal username and password. Any non-electronic material will be stored in locked filing cabinets with restricted access.

10. Data subject rights

Data subjects have the following rights:
a) right of access – you have the right to access all personal data that we hold on you,
b) right of rectification – you have the right to correct data that is incorrect or incomplete
c) right to be forgotten – you have the right to request erasure of any personal data that is stored on you,
d) right to restrict processing – you have the right to request that we limit the way we use your personal data,
e) right of portability – you have the right to request transfer of any personal data we hold on you to another company,
f) right to object – you have the right to object certain types of processing, such as direct marketing and automated decision-making including profiling,
g) right to withdraw consent at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal),
h) right to lodge complaint – you have the right to lodge a complaint with a supervisory authority if you consider that your rights under the general data protection regulation are infringed. Contact information and guidance by the Finnish supervisory authority can be found at:

Written requests for use of data subject rights should be signed and sent by post or e-mail to the contact person for register and data privacy issues as detailed in section 3 above.

11. Approval

The data privacy statement has been approved on 27/2/2023.


Cookie Policy

We are using cookies on our website. By using our website you consent to the use of cookies in accordance with this Cookie Policy. If you do not consent to the use of cookies please disable them in your browser.