Privacy statement

This is a privacy statement for Socio-technica Ltd, a consultancy company in matters technological and social.

This privacy statement describes how we, Socio-technica Ltd, process personal data for our Client, collaboration and partnership register in accordance with § 10 and § 24 of the Finnish Personal Data Act (523/1999) and the EU’s General Data Protection Regulation (EU) 679/2016.

We also collect a limited amount of personal data about the visitors of our website through cookies. We detail these practices separately in our cookie statement:

1. Data controller

Socio-technica Ltd
Business ID: FI31033868
Address: Sofiankatu 4 C, 00170, Helsinki
Contact: info()
Tel. +358 45 1138301

2. Contact person for matters concerning the register

Joonas Lindeman, CEO and Head of Research

Contact: joonas.lindeman()
Tel: +358 45 1138301

3. Name of the register

Socio-technica client, collaboration and partnership register

4. Data content of the register: What personal data do we process?

The register contains the following information on data subjects:

  • first and last name
  • organisation, its field or operation as well as contact details
  • position and responsibilities in the organisation
  • email address
  • phone number

Contractual information (such as the billing details) and information about the nature of the collaboration (such as its specific objectives and timing) can be attached to the personal information.

We also have to collect the IP addresses of the visitors to our website to protect it from malicious attacks. You can read more about our practices with visitors’ IP addresses from our cookie statement.

5. Regular data sources of the register: Where do we get personal data from?

We collect personal data when we are approached through the contact form on our website, through email or phone calls as well as when such data is provided to us in person by and about data subjects themselves. We also collect data from publicly available sources in accordance with applicable legislation.

6. The purpose of processing personal data: Why do we process it?

We collect data into our register to initiate communication and develop relationships with (potential) customers to our consultancy services or other (potential) partners with whom the form of collaboration is to be determined.

When we are approached through the contact form on our website as well as in cases where personal data is provided to us by data subjects themselves and on themselves by email, on the phone or in person, the legal basis of processing the data lies in the legitimate interests of the data controller. The same legal basis of legitimate interests also applies in cases where data is obtained from publicly available sources and processed according to applicable legislation.

We have identified and justified the legitimate interests through a Legitimate Interest Assessment the results of which you have a right to obtain by request. The legitimate interests concern Socio-technica Ltd being able to conduct its business as a consultancy company.

The data in the register will not be used to profile or to execute automated decision-making.

7. Storage period of the data: How long will we keep it?

We will retain personal data in the register only as long as it is necessary for us to meet legal obligations and to be able to serve the purposes stated above in this privacy statement.

However, if at any point you request us to delete your data from our Client, collaboration and partnership register, we will do so without delay. Without such a request, personal data will generally be removed within 24 months after collection, unless

  • being able to maintain an agreed upon partnership or being able to keep providing services to a client requires a prolonged processing
  • applicable laws (related to verification of business transactions, for instance) require a prolonged processing.

8. Register protection

The access to the register is only allowed for Socio-technica employees and associates who specifically require it due to their work.

We use suitable and appropriate technical and organisational security measures to protect the data and to keep in confidential. For instance, our web traffic is protected by an SSL certificate in order to make the connection between your browser and the server more secure.

Unfortunately, no organization can guarantee complete security of data due to factors such as unauthorized entry or use as well as hardware or software failure that may compromise the security of data.

9. Disclosure of personal data in the register to third parties

We, the data controller, will only disclose the personal data of data subjects in the register to third parties in two cases:

  • When required to do so by law. The processing is done on servers based in Finland, in the EU.
  • When we have to rely on specialized ICT service providers to be able to provide our services. Such providers may process personal data. They will safeguard the data in accordance with contractually agreed upon terms and data protection legislation. Our website and emails are hosted by Hostingpalvelu Oy (based in Finland, in the EU) who may transfer data to its sub processors outside of the EU under contractually agreed upon conditions.

Beyond the Socio-technica client, collaboration and partnership register, our website relies on third parties in the form of cookies that it sets. Our cookie practices are detailed in a separate cookie statement.

10. Rights of data subjects: What rights do you have?

You, as a data subject, have the right to (see Articles 12-23 of the GDPR):

  • request information from the data controller on the collection and processing of your personal data. (“the right to information”)
  • access copies of your personal data that you have provided to the controller and inspect the data saved in the register („right of access“) – The Finnish Office of the Data Protection Ombudsman can instruct you further (
  • have it deleted („right to be forgotten“)
  • correct inaccurate personal data („right to rectification“)
  • restrict the controller from processing data concerning you, under certain conditions („right to restrict processing“)
  • object to the processing of your personal data („right to object to processing“)
  • withdraw your consent on processing data concerning you – this right relates to our cookie practices which we detail here:
  • be informed on potential security breaches of the controller
  • lodge a complaint with a supervisory authority.
The contact details for the supervisory authority in Finland are the following:

    Office of the Data Protection Ombudsman
    Visiting address: Lintulahdenkuja 4, 00530 Helsinki
    Postal address: P.O. Box 800, 00531 Helsinki, Finland
    E-mail: tietosuoja(at)
    Switchboard: +358 (0)29 566 6700
    Registry: +358 (0)29 566 6768

In matters concerning the processing of personal data, you can contact our company by email at the address mentioned in Section 2.

11. Changes to our privacy policy

In case we change our privacy policy, we will make the changes visible in this statement and date them. We will also give a clear notification of any significant changes to our privacy policy when the applicable law so requires.   

Last updated: 31.10.2020