The purpose of this Privacy Notice is to inform how and why VETROSPACE Oy (later the “Controller” or “we”) collects, stores and processes personal data of customers, prospects and business partners.

This Privacy Notice also describes how VETROSPACE website https://www.vetrospace.com use cookies and similar techniques to collect technical and usage data.

Personal data refers to any information relating to an identified or identifiable natural person, as defined in the General Data Protection Regulation (EU 2016/679) (“GDPR”). 

We process personal data in accordance with applicable data protection legislation, including the GDPR. 

VETROSPACE Oy
Business ID: 2859854-2
Otto Korhosen katu 1, 20660 Littoinen, FINLAND

For data protection inquiries, please contact:

Pepe Yli-Kaila, COO, pepe.yli-kaila@vetrospace.com +358 40 545 8864

The following table sets out the purposes for which we process personal data and the corresponding legal bases under the GDPR:

We only collect personal data that is relevant and necessary for the purposes described above.

Sources of data

Personal data is collected primarily:

• directly from the data subject (e.g. contact forms, downloads, communication)
• during contractual relationships
• from publicly available sources (e.g. trade registers, company websites) or from business partners where there is a legitimate basis for sharing such data

Categories of personal data

User and contact data

• name
• email address
• phone number
• company name, role and position
• preferred language
• project-related information (e.g. site requirements, technical specifications, project timelines) 

Relationship and communication data

• information related to business relationships and agreements
• communication history (emails, calls, meetings)
• marketing permissions and preferences

Financial data

• invoicing and payment details (where applicable)

Website and analytics data

• IP address
• device and browser information
• usage data (pages visited, duration, interactions)

Cookies and tracking technologies

We use cookies and similar technologies to understand how our website is used and to improve user experience.

These include:

• analytics tools (e.g. Google Analytics)
• marketing tools (e.g. LinkedIn, Meta platforms)

Cookies are managed through a consent tool (Cookiebot), where users can:

• accept or reject non-essential cookies
• withdraw consent at any time

More information is available in our Cookie Policy.

Personal data is retained only as long as necessary for the purposes described in this Privacy Notice.

Typical retention periods:

• inquiries and contacts: up to 24 months
• customer and partner relationships: for the duration of the relationship and as required by law
• financial data: six (6) years from the end of the financial year, or ten (10) years for financial statements, as required by the Finnish Accounting Act (kirjanpitolaki 1336/1997)
• marketing data: until consent is withdrawn
• website analytics and cookie data: depending on the cookie category, from the duration of a browsing session up to six (6) months (for specific retention periods per cookie, please refer to the cookie declaration on our website)

When personal data is no longer required, it is deleted or anonymized without undue delay and in any event within a reasonable timeframe.

We may share personal data with third parties where this is necessary for the purposes described in this Privacy Notice, including the provision of our services, the fulfilment of contractual obligations, and compliance with legal requirements.

Service providers

We use trusted service providers to support our operations. These providers process personal data only on our behalf and in accordance with our instructions, and we have entered into data processing agreements pursuant to Article 28 of the GDPR with the providers. Such service providers include:

• IT and hosting services
• CRM and communication tools
• marketing and analytics platforms
• legal, accounting and administrative services

Partners and resellers 

In order to serve customers effectively, we may share relevant contact and project information with:

• authorized Vetrospace partners and resellers
• local distributors responsible for sales and delivery

The role of each partner or reseller in relation to personal data processing is assessed on a case-by-case basis. Depending on the arrangement, such parties may act as independent data controllers, joint controllers, or processors. Where a partner acts as a processor, a data processing agreement pursuant to Article 28 of the GDPR is concluded. Where a partner acts as an independent data controller, it is responsible for processing personal data in accordance with its own privacy practices and applicable data protection legislation.

Business transactions

Personal data may be disclosed in connection with:

• mergers
• acquisitions
• financing arrangements

In such cases, personal data will only be disclosed to the extent necessary for the transaction, and the receiving party will be required to process the data in accordance with applicable data protection legislation. Where feasible, data subjects will be informed of any material changes to the controllership of their personal data.

International transfers

Some of our service providers, including HubSpot Inc., Microsoft Corporation, Meta Platforms Inc., and Cloudflare Inc., are established in the United States. If personal data is transferred outside the EU/EEA, appropriate safeguards are applied in accordance with Chapter V of the GDPR, such as:

• standard contractual clauses approved by the European Commission
• an adequacy decision by the European Commission, including the EU-U.S. Data Privacy Framework

Under the GDPR, the data subject has the following rights:

• Right of access – to obtain confirmation and access to personal data
• Right to rectification – to correct inaccurate or incomplete data
• Right to erasure – to request deletion under certain conditions
• Right to restriction – to limit processing in certain cases
• Right to object – especially to direct marketing
• Right to withdraw consent – at any time
• Right to data portability – to receive personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller

Requests can be submitted using the contact details above.

We will respond within one (1) month of receiving the request, in accordance with applicable legislation. This period may be extended by a further two (2) months where necessary, taking into account the complexity and number of requests. In such cases, the data subject will be informed of the extension within the first month.

The data subject also has the right to lodge a complaint with a supervisory authority. The competent supervisory authority in Finland is the Office of the Data Protection Ombudsman (tietosuojavaltuutetun toimisto), P.O. Box 800, FI-00531 Helsinki, Finland, email: tietosuoja(at)om.fi, website: www.tietosuoja.fi.

We do not use automated decision-making, including profiling, as referred to in Article 22 of the GDPR.

We may update this Privacy Notice from time to time, for example due to changes in legislation or our operations. In the event of material changes, we will publish a notice on our website prior to the changes taking effect.

The latest version will always be available on our website, together with the date on which it takes effect. Previous versions of this Privacy Notice are available upon request.