Privacy Policy

This description of file and privacy policy statement of Taiste Oy complies with the Personal Data Act (sections 10 and 24) and the EU’s General Data Protection Regulation.

Created: 27 November 2018
Updated: 27 August 2025

1. Data controller

‍Taiste Oy, Aurakatu 8, 6th floor, 20100 Turku.

2. Contact person responsible for the filing system

‍Oscar Salonaho, oscar@taiste.fi, +358 45 262 4920

3. Name of the filing system

‍Customer register of Taiste Oy.

4. Legal basis and the purpose of the processing of personal data

Taiste processes the personal data of customers, potential customers and partners. We process data to, for example, respond to requests, deliver our services, send newsletters and maintain customer relationships. The data is not used for automated decision-making or profiling.

‍The legal basis for the processing of personal data, in accordance with the provisions of the EU’s General Data Protection Regulation, is the legitimate interest to use personal data for contacting customers and stakeholders interested in the company.

5. Data content of the filing system

The filing system contains the following information:

Name, title, contact information
Information about the company and position
Requests and communication with Taiste
Customer data (e.g. communication, ordered services, billing information and other information related to the customer relationship and services ordered by the customer)
Information about newsletters, marketing, website visits, events and invitations

Personal data is processed during the customer relationship or for the duration required for the execution of a contract. Personal data may be archived for a longer period if there are legitimate grounds.

We use the data for:

Maintaining customer relationships and contact.
Processing requests and providing services.
Marketing our services and sending newsletters. You can opt out of marketing communications at any time.
Planning and improving our business.

6. Regular sources of information

We collect data directly from the person themselves, for example through contact forms on the website, by email, by phone and in meetings. In addition, information may be collected based on the use of our website using cookies. We may also collect personal information from public information sources, such as a company's website.

7. Cookies

We use cookies on our website. A cookie is a small text file that is stored on the user's device by an internet browser. Cookies can be used to collect information such as browser type, visited webpages and traffic source. We use cookies to improve the usability of our website. Cookies are also used for marketing and analysing purposes. For more information, please visit aboutcookies.org.

8. Regular disclosures of data and data transfer to countries outside the EU or EEA

‍There are no regular disclosures of data to other parties. Data can be published in accordance with what has been agreed with the customer. In addition, the data controller can transfer data to countries outside the EU or EEA, for example, to cloud services that have undertaken to comply with the requirements set out in the General Data Protection Regulation.

9. Principles applied to the protection of the filing system

The processing of personal data in the filing system is carried out with due care, and appropriate measures are taken to protect the data. If personal data is stored on internet servers, appropriate measures are taken to ensure the physical and digital data security of such equipment. The data controller ensures that the personal data is processed in confidence and only by employees whose work duties require them to do so.

10. The right to verify data and right to rectification

‍All data subjects have the right to verify their data stored in the filing system and obtain from the controller the rectification of any incorrect information or the completion of any incomplete personal data.

If data subjects want to verify their personal data stored in the filing system, requests concerning such verification must be sent to the data controller in writing. The data controller may require the requester to provide proof of identity if necessary. The data controller will respond to the customer within the time limit set out in the EU’s General Data Protection Regulation.

11. Other rights related to the processing of personal data

‍Data subjects have the right to request from the controller the erasure of personal data concerning them (“the right to be forgotten”). Furthermore, data subjects have other rights, as set out in the EU’s General Data Protection Regulation, including the right to restriction of the processing of personal data in certain circumstances. Such requests must be sent to the data controller in writing.

The data controller may require the requester to provide proof of identity if necessary. The data controller will respond to the customer within the time limit set out in the EU’s General Data Protection Regulation.