Skip to content


1 Introduction

The purpose of this Privacy Notice is to inform how and why VETROSPACE Oy (later the “Controller” or “we”) collect, store and process personal data of customers, prospects and business partners of the Controller. Additionally this Privacy Notice describes how VETROSPACE websites, located in URLs, use cookies and similar techniques to gather technical and browser information. Personal data refers to any information relating to a natural person (“data subject”), which allows a person to be directly or indirectly identified, as defined in the General Data Protection Regulation (EU 2016/679).

We are dedicated to processing the personal data in compliance with the General Data Protection Regulation and other applicable data protection and privacy laws (together the “data protection legislation”).

2 Controller and contact information

VETROSPACE Oy (Business ID  2859854-2)
Otto Korhosen katu 1, 20660 Littoinen, FINLAND

3 Legal bases and purposes of processing

The processing of personal data is based on the following legal bases:

-Legitimate interest of the Controller or a third party (such as current or future clients or business partners of the Controller); the legitimate interest being e.g. the performance of an agreement between the entity represented by the data subject and the Controller, or another relevant connection between the data subject and the Controller, as well as other legitimate interests of the Controller as further specified below;

-Consent of the data subject.

We process the personal data for the following purposes:

-Managing and developing business relations and other relevant connections with the client, the business partner or the investor, including business communications and marketing;

-The provision of the services ordered by the entity represented by the data subject, and the execution of obligations related to the provision of the services;

-Invoicing, keeping track of the accuracy of invoicing and the execution of administrative payments and costs;

-Business planning and development.

4 Categories of personal data and sources of data

We only collect personal data relevant and necessary for the purposes outlined in this Privacy Notice. The personal data is mainly collected from the data subjects themselves, for example, in connection with using our web site, entering into agreements and completing forms and questionnaires in that connection, in connection of business communications and marketing as well as otherwise during the contractual relationship. In case of representatives, we may collect personal data also from documents and information supplied. Where required or permitted by the law, we may collect data also from other sources. Such personal data includes in particular the following data:

User data
  • Name and contact information (such as business address, telephone number and email address);
  • Preferred language where applicable;
  • Information concerning the data subject’s employer, title and position or assigned tasks within the entity represented by the data subj
  • Information on the business relationship and information related to the relevant agreement and the data subject’s association to the agreement;
  • Invoicing and payment details;
  • Details on communications and other interaction between the data subject and us, such as information on phone calls and other conversations including emails as well as information concerning executed marketing acts;
  • Possible permissions and prohibitions concerning direct marketing
Analytics data
  • IP address
  • Device and device identification number
  • Browser type and version and preferred language
  • Internet service providers
  • Time and date spent using our Services
  • Duration and sites visited using our Services

VETRSOPACE tracks the behavior of the website users with cookies. We use Google Analytics to analyze this data. These services do not enclose Personal Data of Users to VETROSPACE as they only aggregate the data into analyses of Users and their behavior when using the website.

VETROSPACE uses Facebook, Instagram and LinkedIn services for online marketing. If a user who visits VETROSPACE’s website is logged in to their Facebook or LinkedIn accounts then this fact can be used for targeting ads of VETROSPACE products to the user when he or she uses these services.

A consent for using the cookies mentioned above is requested when the user enters the website for the first time (CookiePro cookie consent). The user has the right to withdraw his/her consent without an effect on the legal grounds of processing before the withdrawal at any given time.

5 Retention of personal data

The retention time of the collected personal data is subject to the legal basis and purpose of processing. In general, all collected personal data will be retained at least for the term of the relevant agreement, unless a longer retention period is required by law (for example regarding obligations and responsibilities related to accountancy or reporting) or unless the data is needed for drafting or presenting a claim or for a legal defence or for resolving any disputes.

When the personal data is no longer needed as defined above, data is deleted within a reasonable time.

6 Transfers and disclosures of personal data

We utilise service providers and third parties to carry out our business and delegate some of our operations to our service providers, and we transfer personal data to such service providers for processing. For example, we use IT service providers e.g. to deliver office and communications software and equipment, and providers of administration services. We also use marketing, legal, accounting and other service providers, to which we may transfer or disclose personal data.

In case of representatives of investors, personal data may also be disclosed to other limited partners (and as applicable, their general partners and/or managers). List of the applicable recipients of personal data will be provided upon request.

In addition, we may share personal data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements.

Where personal data is transferred outside the European Union or the European Economic Area, we ensure by contractual or other applicable measures that the transfers are subject to appropriate safeguards. More information on cross border transfers of the personal data and on the appropriate safeguards applied thereto from time to time is available upon request.

7 Rights of the data subject

The data subject has the rights set out in the General Data Protection Regulation.

  • Right of access: The data subject has the right to obtain a confirmation whether his or her personal data is processed, and to access the personal data about himself/herself and to request to receive the data in a paper copy or in an electronic form.
  • Right to rectification and erasure: The data subject has the right to demand the Controller to correct any incorrect or incomplete personal data and under certain conditions, the right to request the erasure of his/her personal data.
  • Right to restriction of processing: The Controller may be obliged to restrict the processing of personal data in accordance with the conditions set out in the General Data Protection Regulation.
  • Right to object to processing: In certain cases, the data subject may have the right to object to processing of personal data concerning him or her. The data subject always has the right to object the use of his/her personal data for purposes of direct marketing.

The data subject can use these rights by submitting a request to us by using the contact information mentioned in the beginning of this Privacy Notice.

After receiving all the required information to complete the request, including confirmation of identity, we will start the processing of the request. We will contact the data subject at the latest within a period of one month. If the request is denied, the data subject will be informed about the refusal in writing. We may refuse the request (such as erasure of the data) due to a statutory obligation or right.

In case the data subject considers our processing activities of personal data to be inconsistent with the applicable data protection legislation, the data subject has the right to lodge a complaint with the competent data protection supervisory authority.

8 Changes to this Privacy Notice

We may change this Privacy Notice from time to time, whenever necessary. The changes might also be based on the amendments of the legislation. All changes will be made available on our website or otherwise.

Updated 01.07.2022