Get In Touch

Privacy policy

Privacy Policy for Ceegon Oy’s Customer Register

This document serves as the register and privacy policy statement required under the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR).

Prepared on March 20, 2025. Last modified on April 28, 2025.

1 Data Controller

The data controller for the register is:

Ceegon Oy (Business ID: 2490832-0)
Contact person for register matters: Petri Pajarinen
Address: Sahankuja 7, 90800 Oulu, Finland
Phone: +358 40 5310460
Email: info@ceegon.com

2 Name of the Register

The name of the register is Ceegon Oy’s Customer Register.

3 Purpose of Processing Personal Data

Personal data is processed for purposes related to managing, administering, and developing customer relationships, providing and delivering services, and developing services and billing. Data is also processed to investigate complaints and other claims.

Additionally, personal data is used for customer communications, including information updates, news, and marketing activities, including direct marketing and electronic direct marketing.

Customers have the right to prohibit direct marketing targeted at them.

The data controller processes the data itself and uses subcontractors operating on behalf of and for the account of the data controller.

4 Legal Basis for Processing

The legal bases for processing personal data under the GDPR are:

  • The data subject has given consent to the processing for one or more specific purposes (GDPR Article 6(1)(a));

  • Processing is necessary for the performance of a contract to which the data subject is a party or for taking steps prior to entering into a contract at the data subject’s request (GDPR Article 6(1)(b));

  • Processing is necessary for the purposes of the legitimate interests pursued by the data controller or a third party (GDPR Article 6(1)(f)).

The mentioned legitimate interest is based on the relevant and appropriate relationship between the data subject and the controller resulting from the data subject being a customer of the controller and where processing occurs for purposes that the data subject could reasonably expect at the time of data collection and within the context of the relationship.

5 Register Data Content (Categories of Personal Data Processed)

The register may contain the following personal data of each data subject:

  • Basic personal and contact information: [first name, last name, address, phone number, email address];

  • Information related to the person’s company or organization and their role or job title in that entity;

  • Direct marketing permissions and prohibitions;

  • Website addresses, IP addresses, social media profiles, information on ordered services, billing information, and other data related to the customer relationship and services.

6 Regular Sources of Information

Personal data is collected primarily from the data subjects themselves.

The information is obtained directly from customers, for example via online forms, emails, phone calls, social media, customer meetings, or other situations where the customer provides their information.

Personal data is also collected and updated from publicly available sources as permitted by applicable law to fulfill the customer relationship and the controller’s obligations.

7 Retention Period of Personal Data

Personal data is retained only as long and to the extent necessary for the original or compatible purposes for which it was collected.

The necessity of storing data is reviewed every 5 years from the start of the customer relationship; in any case, personal data will be deleted 5 years after the end of the customer relationship, provided all related obligations have been fulfilled. For example, accounting documents are retained for five years after the end of the fiscal year.

The controller regularly evaluates the necessity of data retention according to internal practices and ensures that inaccurate, incorrect, or outdated data is deleted or corrected promptly.

8 Recipients and Regular Disclosures of Personal Data

Personal data will not be disclosed to external parties.

9 Transfers Outside the EU/EEA

Ceegon Oy generally does not transfer or disclose personal data outside the European Union or the European Economic Area.

If necessary, data may be transferred outside the EU/EEA in accordance with applicable data protection laws.

Processors handling personal data on behalf of Ceegon Oy include:

  • Canva

  • Facebook Inc.

  • Google LLC

  • LinkedIn Corporation

  • Microsoft Corporation

  • Zoner Oy

  • The Rocket Science Group LLC d/b/a MailChimp

10 Principles of Register Protection

Materials containing personal data are stored in locked premises accessible only to designated and authorized personnel.

The database containing personal data is located on a server kept in a locked facility with appropriate firewall and technical protection.

Access to databases and systems is restricted to persons with separately granted personal usernames and passwords. Access rights are limited to individuals who need to process the data lawfully. System activities are logged.

Employees and other persons processing personal data are bound by confidentiality obligations.

11 Data Subject Rights

Under the GDPR, data subjects have the following rights:

  • Right to obtain confirmation whether personal data is being processed, and if so, access to the data and information about its processing (GDPR Article 15);

  • Right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (GDPR Article 7);

  • Right to have inaccurate or incomplete personal data corrected without undue delay (GDPR Article 16);

  • Right to have personal data erased without undue delay under certain conditions (GDPR Article 17);

  • Right to restrict processing under certain conditions (GDPR Article 18);

  • Right to data portability, i.e., to receive personal data provided to the controller and transmit it to another controller (GDPR Article 20);

  • Right to object to processing, including for direct marketing purposes (GDPR Articles 21 and 22);

  • Right to lodge a complaint with a supervisory authority if the data subject considers that the processing violates the GDPR (GDPR Article 77).

Requests regarding the exercise of data subject rights should be addressed to the contact person mentioned in Section 1.

12 Web Analytics

The following services collect anonymized data about visits to the website without collecting personal information:

  • Google Analytics

  • Google Tag Manager

  • Google AdWords

  • Mailchimp

  • Meta

13 Targeted Marketing

Based on website visits, we may engage in targeted advertising on the following platforms:

  • Instagram

  • Google

  • Facebook

  • TikTok

  • LinkedIn

  • Uusikatu 24 F 61
  • 90100 Oulu, Finland

Professionals in mobile devices field testing, quality assurance and approvals.

Privacy

Cookies

  • ©2025 Ceegon Oy