Privacy policy

Eurosec Oy (”Eurosec” or ”we”) is committed to protecting and ensuring the confidentiality and privacy of the personal data it possesses in accordance with the General Data Protection Regulation (EU 2016/679, the “GDPR”).

This privacy policy applies to personal data that Eurosec collects about you when you contact us as a decision maker, contact person or representative of a (prospective) corporate customer, supplier or partner or when you visit our website.

With this privacy policy Eurosec informs you about the processing of your personal data in the above mentioned situations.



Eurosec Oy
Business ID: 1039419-7
Höyläämötie 11 A, 4th floor
00380 Helsinki

Contact person for matters concerning the register:
Sanni Siilin
Eurosec Oy
00380 Helsinki


Purpose of the processing of personal data

Eurosec processes and collects personal data for the following purposes:

  • establishing, managing and developing customer/supplier/partner relationships as well as thereto related contractual relationships,
  • planning and developing business activities and services,
  • sale of services and products,
  • to provide information, communicate and market services and products, and
  • invoicing.


Legal basis for the processing of personal data

The legal basis for the processing of personal data is Eurosec’s legitimate interest where the processing is related to the establishing, managing and developing of customer/supplier/partner relationships (including the entering into a contract with the organisation you represent and the management of such a contract). Eurosec also processes personal data based on its legitimate interest when providing and developing its services and when processing personal data for the purposes of communicating, marketing and invoicing and where the mentioned activities are related to a customer/supplier/partner relationship.

In some cases, we may also process your personal data to perform a contract to which you are a party or to carry out pre-contractual measures at your request.

Eurosec also processes personal data based on your consent for marketing purposes and possibly through cookies, depending on the type of consent you have given for the use of cookies. Our cookie policy can be found here.


Contents of the register

  • first and last name
  • contact details (phone number, email address)
  • name and contact details of the company you represent
  • your position in the company you represent
  • consents and prohibitions concerning direct marketing
  • data related to marketing and sales promotions (for example, marketing measures targeted to the data subject)
  • payment information such as payment method, payment date, IP address, account number
  • technical information sent by your browser to Eurosec’s server (e.g. IP address, browser, browser version, page from which you accessed our website)


Your rights

To the extent permitted by the GDPR you have the following rights. Requests regarding the use of these rights shall be sent to

  • Right of access: You have the right to access the personal data we store about you.

  • Right to require your personal data to be rectified: If you think the personal data we hold about you is incorrect or incomplete, you can always request that we rectify such data.

  • Right to object: You have the right to object to the processing of your personal data if the processing is based on Eurosec’s legitimate interest. In this case, however, we may continue the processing if, for example, we have a compelling legitimate interest to the processing which overrides your interests. You can always object to direct marketing.

  • Right to restrict processing: You have the right, in certain circumstances, to request that the processing of your personal data is restricted. For example, if you consider that the processed personal data is inaccurate, the processing is unlawful or Eurosec no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims, you have the right to request that Eurosec restricts the processing of your personal data.

  • Prohibition of direct marketing: You have the right to prohibit the use of your data for direct marketing.

  • Right to erasure: You have the right to request the erasure of your data. Such a situation may arise, for example, if the processing is no longer necessary for the purposes for which Eurosec collected the data. We will process the request for erasure, after which we will either erase the data or provide a justified reason why the data cannot be erased. Please note that Eurosec may have a legal or other right not to erase the requested data (see section 9 “Data retention period” below).

  • Withdrawal of consent: If the processing of your personal data is based on your consent you can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing of personal data that we have carried out prior to the withdrawal.

  • Right to lodge a complaint: You have the right to lodge a complaint with the Data Protection Ombudsman, if you consider that we process personal data in breach of applicable data protection legislation.


The contact details of the Data Protection Ombudsman: 
Lintulahdenkuja 4, 00530 Helsinki
Phone number: 029 566 6700

Additional information:  


Regular sources of data

Personal data is primarily obtained from you by telephone, online, on the website of the company you represent, in meetings or other similar manners and in connection with the entering into agreements and during the course of a contractual or other similar relationships.

Personal data may also be collected and updated from publicly available sources like company websites and the trade register.


Regular disclosures of personal data

In order to provide you with the best possible service, we may disclose data to our partners, who will process your data only to the extent necessary to provide the service in question. These partners are processors in accordance with the GDPR, with whom we have entered into GDPR-compliant data processing agreements.

Eurosec uses service providers to process personal data for the following services:

  • Paytrail
  • Lime Technologies Finland Oy
  • Visma Software Oy
  • Fellowmind
  • Procountor
  • Maatio Oy
  • Teamtailor
  • DB Schenker
  • DHL
  • TNT Fedex
  • HRX Oy
  • Leadoo
  • Trustmary
  • Samsung


Eurosec may also disclose personal data to the extent permitted and required by applicable law, for example to authorities.


Transfer of personal data outside of the EU or the EEA

As a general rule, Eurosec does not transfer personal data outside of the EU or the EEA.

If the purpose of the processing of personal data or the technical implementation of the processing so requires, personal data may be transferred outside the EU and the EEA. In this case Eurosec will comply with the requirements of the GDPR and the primary transfer tool used by Eurosec are the standard contractual clauses of the EU Commission, provided that the EU Commission has not adopted an adequacy decision for the receiving third country.

The personal data processors used by Eurosec are also through data processing agreements committed to using the standard contractual clauses of the EU Commission as the primary transfer mechanism, if personal data is transferred outside the EU/EEA.


Retention period of personal data

As a general rule, personal data is processed as long as your and Eurosec’s relationship is active and the processing of your personal data is necessary for the purposes of processing in accordance with this policy, however taking into account retention periods set forth in mandatory and applicable laws (for example the accounting act).

Personal data processed based on a contractual relationship with a customer/supplier/partner is stored for the duration of the said relationship. After this, we will retain your data in case of any legal claims for a further three years, calculated from the end of the financial year during which the relationship ended.

Eurosec may process your personal data for marketing purposes for one additional year from the end of the financial year during which your relationship with Eurosec has ended. After this we consider your relationship with Eurosec passive.

Data relating to marketing and sales promotion (targeted marketing measures, participation in Eurosec’s marketing events) is stored for a period of three years, calculated from the end of the financial year in which the relationship with Eurosec has ended. If there is no above-mentioned relationship between you and Eurosec, marketing related data is retained for a period of three years, calculated from the performance of the last marketing measure.

After a withdrawal of consent Eurosec no longer processes personal data for purposes requiring consent. You can opt out from Eurosec’s marketing list by clicking on the relevant link in each marketing email sent by Eurosec.


Automated decision-making and profiling

We do not use data for automated decision-making or profiling.


Principles of register security

Electronically processed data is protected by firewalls, passwords and other methods generally approved by the information security industry. Access to the register is restricted to those of Eurosec’s employees whose duties require the processing of the data in the register. All employees are bound by a secrecy obligation. We store your data in accordance with the from time-to-time applicable legislation and only for as long as it is necessary to fulfil the purposes described in this policy.


Consequences of failure to provide data

In case you do not provide all of the requested personal data to Eurosec, we might not be able to establish, manage and develop a customer/supplier/partner relationship with you or the legal entity you represent or communicate about our services with you.


Changes to the policy

Eurosec reserves the right to amend and update this policy. The up-to-date version of the policy is always found on Eurosec’s website. We recommend that you review the contents of the policy on a regular basis.

To the extent any discrepancies between this English version and the Finnish version of the personal data policy exists, the Finnish version will prevail.