Privacy Policy

We are committed to protecting your privacy. This privacy policy applies to the processing of personal data of users of the www.siirto.fi website and the processing of personal data of our current and potential customers and partners. In this privacy policy, we explain in more detail:

  • who the data controller is and what its contact details are
  • what kind of personal data we process and where the data collected is from
  • for what purposes we use the personal data and what the legal basis for the processing is
  • how long we retain the data
  • how cookies are used on the website
  • what kind of rights you have as a data subject
  • where the data is transferred and disclosed
  • how the data is protected
  • how we may make changes to this privacy policy

We ask you to familiarize yourself with the content of this privacy policy. Please also note that our website may contain links to third-party services (such as social media services). If you click on these links and go to a third-party service, we encourage you to familiarize yourself with the privacy policy applicable to the processing of personal data on that service.

This privacy policy does not apply to the processing of personal data of consumers using the Siirto service. If you are a consumer using the Siirto service, the processing of your personal data is subject to the privacy policy of the bank or other party participating in the provision of the Siirto service. The processing of your personal data is also subject to the privacy policies of merchants who use the Siirto service, for example, to invoice you. We recommend that you familiarise yourself with such privacy policies and address any contacts and requests to the data controller mentioned in the applicable privacy policy.

1. Who is the data controller?

Data controller: Siirto Brand Oy

Business ID: 3102648-1

Address: Kampinkuja 2, 00100 Helsinki

Contact person: Mikko Ketola, mikko.ketola@siirto.fi

2. What kind of data do we process and where is the data collected from?

You can visit our website without providing any personal data. However, if you provide such data, we may process the following information:

  • Website visitor data, such as name and contact information provided on the contact form or chat, automatically collected log data, and information collected by cookies describing the user’s terminal device and use of the website in accordance with section 5.

With regard to customers and partners, we typically process the following data:

  • information about the contact persons of customers and partners, such as name, contact information, title and contacts, and information about the organisation represented by the contact person, such as name, business ID, contact information and invoicing information
  • information about the contact persons of potential customers and partners, such as name, contact information, title, and information about the organization represented by the contact person, such as name, business ID and contact information

We receive the data of our customers and partners from the data subjects themselves or from the organisation they represent. We collect information about potential customers and partners from public sources, such as the Trade Register, company websites or professional profiles, such as LinkedIn, or through contacts we receive.

3. For what purposes do we use personal data and what is the legal basis for processing?

We process the data for the following purposes:

  • Responding to your contacts: We process the information you provide to respond to your contact. The processing is based on consent or our legitimate interest.
  • Provision of services: We process the information you provide in order to fulfil the contract we have entered into with the organisation you represent. We cannot contact you in matters related to the contract, manage the digital customer account of the organization you represent, deliver a newsletter or invoice our services without processing personal data. This processing is based on an appropriate relationship with the organisation you represent and on our legitimate interest.
  • Marketing: We process your data for marketing based on our legitimate interest. Marketing, such as targeting advertising with the help of cookies, may also be based on your consent.
  • Business development: We process your data to develop our business and services. This processing is based on our legitimate interest.
  • Ensuring data security and detecting misuse: We process data to ensure data security. From time to time, we also need to use the data to prevent and investigate misconduct.
  • Safeguarding our rights: We may need to process personal data in order to be able to assert or defend legal claims or to resolve disputes amicably. This processing is based on our legitimate interest.
  • To comply with legal obligations: We may be required to retain some of your personal data in order to comply with accounting or other mandatory legislation. In this case, the processing is based on compliance with a legal obligation.

Part of the processing of personal data is based on our legitimate interest. The processing of personal data is necessary in order for us, for example, to manage a customer or cooperation relationship and to communicate with you about the agreement and our services. We consider the processing to be justified because it benefits both you and us and does not unduly restrict your rights. You can object to direct marketing at any time, and you can object to other processing based on legitimate interest on grounds relating to your personal situation (see section 6).

We do not make automated decisions that would have legal effects or that would otherwise significantly affect you.

4. How long do we keep the data?

We will retain your personal data for as long as necessary to fulfil the purposes described above. The retention periods are generally as follows:

  • we store the data collected through cookies for the period referred to below;
  • we store contacts for 180 days, unless the contact concerns a customer or cooperation relationship or a potential customer or cooperation relationship;
  • we store the personal data of the contact persons of customers and partners for the duration of the contractual relationship and for a reasonable period of time after its termination for the purpose of managing the customer or cooperation relationship and for business development, after which we use the data for marketing and fulfilling legal obligations as described below;
  • we store the personal data of the contact persons of potential customers and partners for two years from the last contact;
  • we store any personal data contained in receipts for seven years in order to comply with accounting obligations.

Please note that we may retain information if it is necessary to establish, exercise or defend a legal claim.

5. How do we use cookies on the website?

We may collect information about the end device of the user of our services with the help of cookies and other similar technologies. A cookie is a small text file that the browser saves on the user’s device. Cookies contain a unique, anonymous identifier that allows us to identify and count the browsers that visit our site.

Cookies do not move online on their own, but they are only placed on the user’s terminal device along with the website the user accesses. Only the server that sent the cookie can later read and use the cookie. Cookies or other technologies do not harm the user’s terminal device or files, and cookies cannot be used to run programs or spread malware.

We use cookies to collect technical information about your terminal device and information about the use of our websites. This information includes, for example:

  • device-related information, such as device type, browser version, screen size, operating system, IP address;
  • a unique cookie or mobile identifier;
  • information about the use of the website, such as information about page views, time and duration spent on the website, navigation on the website or content viewed; and
  • information about websites opened through customer or marketing communications.

We may use session cookies, which expire when the user closes the web browser, as well as persistent cookies, which remain on the user’s device for a certain period of time or until the user deletes them. Persistent cookies typically last from a few months to a few years.

The so-called first-party cookies are set by the website shown in the address bar. Additionally, our website uses so-called third-party cookies, which are cookies from third parties such as ad technology providers and social media services.

We categorize cookies according to their purpose as follows:

We categorize cookies according to their purpose as follows:

  • Necessary cookies: These cookies are necessary to use our services and their features, such as logging in or implementing chat functionality. These cookies are always enabled.
  • Analytics cookies: These cookies allow us to learn how our websites are used. In our services, we use, among other things, Google Analytics, a web analytics service provided by Google Inc., to analyse the use of our websites and to develop our websites to serve our users even better. The information stored in the cookies used by Google tools is forwarded to Google servers around the world for storage. As a result, such data may be processed on servers located outside the user’s country of residence. Google uses this information to evaluate how users browse content on pages and to generate summary reports on site usage. In addition, Google compiles reports on the services offered in connection with the websites and produces statistics on the use of the Internet. Google may also transfer information to third parties where required to do so by law, or in cases where the third party processes the information on Google’s behalf.

Advertising cookies: These cookies are used to target advertising elsewhere on the Internet. Advertising cookies are primarily third-party cookies. Some of these third parties process data as independent controllers, and for more information on the processing of personal data, please refer to their privacy policies. Advertising cookies are set by Google, Facebook and LinkedIn, among others.

6. What kind of rights do you have as a data subject?

To the extent permitted and mandatory by law, we enable the following rights:

  • Right of access: You have the right to obtain confirmation that personal data concerning you is being processed or not being processed. If your personal data is processed, you have the right to access the personal data, provided that the disclosure of the data does not adversely affect the rights and freedoms of others. 
  • Right to rectification and erasure of data: Upon your request, we will rectify or delete personal data that is incorrect, incomplete or unnecessary in relation to the purpose of the processing. The data will not be deleted if it is necessary, for example, to establish, exercise or defend a legal claim.
  • Data portability: You may also choose to have the personal data you have provided, which we process automatically based on consent or contract, transferred to you or a third party in a machine-readable format.
  • Right to prohibit direct marketing and related profiling: You can object to the disclosure and processing of your data for direct marketing purposes at any time.
  • Right to withdraw consent: You may withdraw your consent at any time.
  • Right to objection and restriction: You may object to processing based on legitimate interest on grounds relating to your personal situation. For example, in such a situation, the processing is restricted for the time when the grounds for objecting to the processing are assessed. The processing may also be restricted, for example, when you contest the accuracy of the personal data, in which case the processing will be restricted for a period during which we can verify the accuracy of the data. If there is a compelling and legitimate reason for the processing which overrides your rights or freedoms, or if the processing is necessary for the establishment, exercise or defense of a legal claim, we will contact you to continue processing the data.
  • Right of complaint: You can lodge a complaint with an authority if your personal data has been processed in violation of this privacy policy and the legislation in force at the time. The contact details of the supervisory authority, the Data Protection Ombudsman, can be found at: tietosuoja.fi

To exercise the rights described above, please contact us at the address set out in section 1. We ask you to verify your identity so that we can ensure that the information is not disclosed to any person other than the data subject themselves.

You can control cookies in the following ways:

  • Website cookie settings: You can consent to the use of cookies in the website’s cookie settings. You may refuse or withdraw your consent at any time.
  • Blocking cookies: You can block cookies in your browser settings. Blocking cookies may affect the functionality of the website.

7. Where is the data transferred and disclosed?

.

We use subcontractors in the processing of data. We guarantee through contractual arrangements that the data is processed in accordance with the legislation in force at the time. If we transfer data outside the EU or EEA, we ensure an adequate level of protection of personal data, for example, by agreeing on matters related to the confidentiality and processing of personal data as required by law, such as by utilising the EU’s standard contractual clauses.

We do not disclose the data we process as a data controller to third parties for their own, independent purposes, except in the cases mentioned below:

  • Authorities: We may disclose personal data as required by the competent authorities and based on the legislation in force at the time.
  • Partners: We may disclose the contact information of our corporate customers to our partners and principals for their justified purposes.
  • M&A transactions: If we sell, merge or otherwise restructure our business, personal data may be disclosed to buyers and their advisors.
  • Debt collection and legal claims: We may disclose your information to selected partners for the purposes of collecting our receivables and for the exercise and defense of legal claims.
  • Consent: With your consent, we may disclose your personal data to our partners.

8. How is the data protected?

We use appropriate technical and organisational security measures to protect personal data against unlawful processing. Such means include the use of firewalls and encryption technologies, limited access rights, instructing personnel involved in the processing of personal data, and careful selection of subcontractors.

9. Can changes be made to this privacy policy?

We are constantly developing our operations and may change this privacy policy. The changes may also be based on changes in legislation or official guidelines. We recommend that you review the content of the privacy policy regularly.

This privacy policy was last updated on 27.2.2026