Privacy policy

This is the privacy policy of Hion Digital Oy in accordance with the EU’s General Data Protection Regulation (GDPR). This privacy policy was created on 30.9.2019 and updated on 6.6.2025.

1. Data controller and contact information

Data controller
Hion Digital Oy
Åkerlundinkatu 11 B,
33100 Tampere,
Business ID: 1639413-9

Contact information for register-related matters: Jenny Salmimäki, Marketing Lead, info@hiondigital.com

2. Purpose of processing personal data

Hion Digital Oy processes personal data for the following purposes:

Managing the customer relationship Hion Digital Oy processes personal data to maintain the customer relationship, provide information about services, carry out customer service, and communicate between the customer and Hion Digital Oy.

Marketing Hion Digital Oy may use personal data for marketing, such as sending newsletters, implementing campaigns, and displaying targeted advertising. The customer has the right to object to marketing at any time.

Providing and developing the online service Hion Digital Oy processes personal data to deliver the online service, improve the user experience, analyze the use of the service, and develop the service.

Recruitment Hion Digital Oy processes personal data to carry out recruitment processes.

3. Legal basis for processing

In accordance with the EU’s General Data Protection Regulation (GDPR), the legal basis for processing personal data is:

  • Contract: For managing the customer relationship and providing services, the basis for processing is the contract between the customer and Hion Digital Oy.
  • Legitimate Interest: For marketing, providing and developing the online service, and recruitment, the basis for processing is the legitimate interest of Hion Digital Oy. Hion Digital Oy has assessed that its legitimate interest does not override the rights and freedoms of the data subjects.
  • Consent: Personal data may be processed in certain situations, such as for direct marketing, if the data subject has given their consent.

4. Data content of the register

Hion Digital Oy’s customer, marketing, and online service user registers contain the following personal data:

  • Contact information, such as name, company/organization, position, email address, phone number, address
  • Customer relationship information, such as information on ordered services and their changes, billing information, contract information, customer service events
  • Information related to the use of the online service, such as IP address, information on the use of cookies, information on website usage
  • Marketing-related information, such as information on marketing permissions and prohibitions, information on participation in marketing campaigns, and information on reading or reacting to newsletter messages
  • Other information, such as other information related to the customer relationship and ordered services

5. Regular sources of data

Primarily, personal data is collected directly from customers when they register for or use services, or otherwise contact Hion Digital Oy. Information is collected through the website via cookies and other tracking technologies, as well as through newsletter subscription forms, webinar registration forms, or other forms. Personal data may also be collected or purchased from other sources, such as a business register or third-party services. Personal data is also collected from job applicants themselves. In recruitment situations, third-party sources are not used. Separate references are requested separately if needed.

6. Retention period of personal data

Hion Digital Oy retains personal data only for as long as is necessary to fulfill the purposes for which it was collected. The retention period depends on the purpose of the data and may vary for different data groups.

  • Customer relationship information: Generally retained for the duration of the customer relationship and for 10 years thereafter.
  • Information related to the use of the online service: Generally retained for 6 months.
  • Marketing-related information: Retained as long as the person has given their consent for marketing.
  • Job application information: When applying for a specific position, the applicant’s data is deleted 6 months after the recruitment process has ended. If a job applicant sends an open application or connects with Hion Digital through the recruitment system, the applicant’s data is retained for 24 months from the date of application.

Hion Digital Oy regularly deletes unnecessary personal data.

7. Data disclosures and transfer of data outside the EU or EEA

Hion Digital Oy may disclose personal data to third parties only if there is a legal basis for doing so. Personal data may be disclosed, for example, in the following situations:

  • Legal obligations: Personal data may be disclosed to authorities if required by law.
  • Processors: Hion Digital Oy may use service providers who process personal data on behalf of Hion Digital Oy. Such service providers may include, for example, IT service providers, marketing agencies, and accounting firms.
  • Business arrangements: Personal data may be disclosed in connection with corporate transactions.

As a rule, Hion Digital Oy does not transfer personal data outside the EU or EEA. However, if personal data is transferred outside the EU or EEA, Hion Digital Oy ensures that the level of data protection is sufficient by using the EU-U.S. Data Privacy Framework, which has been approved by the European Commission.

Personal data processors used by Hion Digital

Hion Digital Oy uses the following service providers who act as personal data processors on behalf of Hion:

  • Pipedrive
  • Leadoo
  • Teamtailor
  • Google Analytics
  • Google Cloud
  • Leadfeeder
  • Mailchimp
  • Demio
  • Severa
  • Foxie
  • Oneflow
  • Meta
  • LinkedIn

8. Principles of register protection

Hion Digital Oy is committed to protecting personal data appropriately. The processing of personal data always complies with data protection law and the EU’s General Data Protection Regulation (GDPR). Hion Digital Oy has implemented the following measures to protect personal data:

  • Technical measures: We use appropriate technical measures, such as firewalls, encryption methods, and access control, to protect personal data.
  • Organizational measures: We have appointed a data protection officer and trained our staff in data protection matters. We have also prepared internal guidelines and procedures for processing personal data.
  • Administrative measures: We regularly monitor the processing of personal data and assess the level of data security.

The processing of personal data is confidential. All persons processing personal data are bound by a duty of confidentiality.

9. Rights of the data subject

The data subject has the following rights:

  • Right of access: The data subject has the right to know what personal data has been collected about them and how it is processed.
  • Right to rectification: The data subject has the right to demand the correction of inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): The data subject has the right to demand the deletion of their personal data in certain situations.
  • Right to restriction of processing: The data subject has the right to demand the restriction of the processing of their personal data in certain situations.
  • Right to data portability: The data subject has the right to receive their personal data in a machine-readable format and transfer it to another controller.
  • Right to object: The data subject has the right to object to the processing of their personal data in certain situations.
  • Right not to be subject to automated decision-making: The data subject has the right not to be subject to a decision based solely on automated processing.

The data subject can exercise their rights by contacting the email address provided at the top of this policy. Contact should be made in writing or by email, preferably from the email address that identifies the data subject in the register. Hion Digital Oy aims to respond to data subjects’ requests as quickly as possible and within one month at the latest.

10. Updating the privacy policy

Hion Digital Oy will update this privacy policy as necessary. This may be due to, for example, changes in legislation, changes in the processing of personal data, or updates to official guidance. The latest version of the privacy policy is always available on the Hion Digital Oy website.

11. Supervisory authority

The processing of personal data is supervised in Finland by the Data Protection Ombudsman.

Office of the Data Protection Ombudsman:
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Telephone exchange: +358 29 56 67000
Email: tietosuoja@om.fi

The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they consider that Hion Digital Oy has processed their personal data unlawfully.

Kysy tai etsi hakusanoilla tekoälyavustetulta hakukoneeltamme.