Privacy Policy

At Essentum Group, we process personal data of our customers and visitors when you use our websites and services.


Essentum Group (“we”) process personal data of our customers and visitors (“you”) when you use our websites and services. The purpose of this privacy policy is to explain when, why and how we process personal data.

According to General Data Protection Regulation, the personal data controller of a register is obligated to inform register’s data subjects in a clear manner. This statement fulfils this informing obligation.

1. Personal data controller

Essentum Group Oy

  • VAT ID: FI3106871

Postal address

  • Essentum Group Oy
  • Ansakuja 2 # 4
  • 88900 Kuhmo
  • Finland

Contact information

  • Arttu Heikkinen
  • +358 (0) 40 170 4000

2. Data subjects

Persons included in the register are individuals, potential customers and visitors who themselves have joined to the register through websites owned by Essentum Group Oy.

3. Purpose of use of personal data

Grounds for keeping the register:

  • Personal data is being processed based on an existing customer relationship
  • Personal data is being processed based on consent (e.g. a list of potential customers collected at fair, and the form has included giving consent for marketing)

Purpose for the register and the processing of personal data

Personal data is only being processed for predetermined purposes, which are:

  • Customer relationship management
  • Informing about services

4. Personal data recorded in the register

The customer and marketing register contains the following information.

Contact information:

  • Name
  • Address
  • E-mail
  • Phone number

Customer information:

  • Information of bought products and services
  • Gender
  • Age
  • Information that you choose to provide us with (e.g. personal information about yourself and preferences)
  • Information regarding the utilization of digital services (e.g. IP address, website usage, browser and software version)

5. The data subject’s rights

The data subject has the following rights, and requests for their use should be sent in writing to personal data controller’s contact information, mentioned on section 1.

Right to access data

The data subject may check the data we have recorded.

Right to rectification

The data subject may request the rectification of inaccurate or incomplete personal data.

Right to object

The data subject may object to the processing of personal data if the data subject feels that personal data has been processed unlawfully.

Right to forbid direct marketing

The data subject has the right to forbid the use of personal data for direct marketing.

Right to deletion

The data subject has the right to request the deletion of data if personal data processing is not necessary. We will handle the request for deletion and proceed to either delete the data or state a justified reason for not being able to delete the data.

It should be noted that the data controller may have legal or other rights to not delete the requested data. The data controller is obligated to preserve accounting materials for the duration ( 10 years) set out in the Accounting Act (Chapter 2, Section 10). For this reason, materials related to accounting cannot be deleted before that term has expired.

Withdrawing consent

If the processing of personal data is only based on the data subject’s consent and not for instance on a customer relationship or membership, the data subject may withdraw consent.

The data subject may complain of the decision to the Data Protection Supervisor

The data subject has the right to demand us to restrict the processing of controversial data until the matter is solved.

Right to complain

The data subject has the right to complain to the Data Protection Supervisor if the data subject feels that we are violating the effective data protection regulation when processing personal data.

Contact information of the data protection supervisor:

6. Regular information sources

Customer information is regularly obtained from:

  • The customer as the customer relationship is born
  • The customer through an online form

7. regular disclosure of data

We have made sure that all our services provided are complying with data protection legislation. We are regularly using following service providers:

  • Our analytics service providers (Google Analytics and Hotjar), who process personal data for their own purposes as Data Controllers
  • Host and plugin provider of Automattic Inc., based in the USA who is Privacy Shield certified
  • Service providers or data processors that handle your personal data on our instructions (e.g. cloud services and consultants)

8. Duration of process

Personal data is usually processed for as long as the customer relationship exist. The data subject may unsubscribe from our marketing list by clicking the link on each of our marketing e-mails.

9. Personal data processors

The data controller and its employees process personal data. We may also outsource the processing of personal data partly to a third party, in which case we will guarantee with contractual arrangements that personal data is processed in compliance with valid data protection legislation and also otherwise appropriately.

10. Transferring data outside the EU

Personal data is not transferred outside the EU or the ETA.

11. Automatic decision-making and profiling

We are not using the data for automatic decision-making or profiling.