1. Data Controller

Company: Ouneva Group / Ouneva Oy
Business ID: 0157948-0
Address: Teollisuustie 21
Postal Code: FI-82730
City: TUUPOVAARA

2. Person Responsible for Registry Matters

Company: Ouneva Group / Ouneva Oy
Name: Riitta-Elina Räty
Address: Teollisuustie 21
Postal Code: FI-82730
City: TUUPOVAARA
Email: riitta.raty@ouneva.fi

3. Data Protection Officer

Company: Ouneva Oy
Address: Teollisuustie 21
Postal Code: FI-82730
City: TUUPOVAARA
Email: tietosuojavastaava@ounevagroup.fi

4. Name of the Register

Visitor register of the website ounevagroup.fi

5. Purpose of the Register

The purpose of the visitors’ register of the website ounevagroup.fi is to improve the operation and user experience of the website, to target marketing, and to manage and create customer relationships.

The register is used to monitor and analyse the use of the website and the behaviour of visitors. This information is used for:

  • improving the content and functionality of the website,

  • targeting marketing communications and measuring their effectiveness,

  • identifying leads and managing customer relationships,

  • supporting customer service and sales.

The processing of personal data is based on the explicit consent of the visitor, which is requested via a cookie banner or settings interface. Consent applies particularly to the use of cookies and tracking technologies (e.g. Leadfeeder, HubSpot, Google Analytics, Meta/Facebook Pixel) and to any data submitted through contact forms.

Visitors have the right to withdraw their consent at any time.

6. Basis for Data Collection and Processing

The processing of personal data is based on the data subject’s explicit consent in the following situations:

Cookies and tracking technologies: the website uses cookies and other similar technologies (such as Leadfeeder, HubSpot, Google Analytics and Meta/Facebook pixel) to track and analyse visitors’ behaviour. The use of these is based on the user’s consent, which is requested through the cookie banner or settings.

Contact forms and other communications: if a user submits contact information, for example via a contact form, the processing is based on the user’s consent and the fact that the information is used to contact and possibly establish a customer relationship.

The data subject has the right to withdraw his or her consent at any time.

7. Data Content of the Register

The register may include the following data about website visitors:

Technical and cookie data:

  • IP address

  • Browser type and version

  • Operating system and device type

  • Visit time and duration

  • Pages visited and actions taken

  • Data collected via cookies and tracking technologies (e.g., Google Analytics, Leadfeeder, HubSpot, Meta/Facebook Pixel)

Data provided by the user:

  • Name

  • Email address

  • Phone number

  • Company and position

  • Additional voluntary information

Marketing automation data:

  • Email open and click data

  • Form submission data

  • Customer stage and interests

8. Data Retention Period

Personal data will be kept only for as long as necessary for the purpose for which it is collected or for the fulfilment of legal obligations. The retention periods are determined as follows:

Data collected through cookies and tracking technologies will be kept for a maximum of 26 months, depending on the type of cookie, unless the user withdraws consent earlier.

Data provided through contact forms will be kept for a maximum of 12 months from the date of contact, unless the customer relationship is continued or the user requests deletion of the data earlier.

Data processed in marketing automation systems (e.g. HubSpot) will be kept as long as the user is on the marketing list or until consent is withdrawn.

Data may be kept for longer periods if necessary to comply with a legal obligation or to establish, exercise or defend a legal claim.

9. Regular Data Sources

The web analytics services used on the Website collect non-personally identifiable information about visitors to the Website, including, but not limited to:

  • estimated age, gender, country, city and language of the visitor

  • information on the web service provider

  • number and duration of sessions, site usage data

  • technical characteristics of the terminal device

  • the interests estimated on the basis of web browsing

  • phrases entered in the search fields of the site

This information is collected through cookies and other tracking technologies and cannot be linked to an identified person without the user’s active communication. For example, if a user contacts us via a form and provides personal information, this information is not stored in the analytics tools.

The online analytics services through which data is collected are:

Google Analytics
http://www.google.com/intl/fi/policies/privacy/

HubSpot
https://legal.hubspot.com/privacy-policy

LinkedIn
https://www.linkedin.com/legal/cookie-policy

Meta (Facebook) Pixel
For more information about Facebook’s privacy and cookie policies, please visit: https://www.facebook.com/privacy/policy

10. Regular Disclosures and Transfers Outside the EU/EEA

Regular disclosures and transfers of data outside the EU or the European Economic Area

There is no regular transfer of data outside the Ouneva Group companies. Companies belonging to the Ouneva Group are:

  • Alsiva Oy (business ID: 0962501-5).

  • Jotwire Oy (Business ID: 0657122-6)

  • Ouneva Oy (Business ID: 0157948-0)

  • Valukumpu Oy (Business ID: 2126932-4)

  • Top Speed Oy (Business ID: 2677355-4)

  • Ase Utra Oy (Business ID: 1743053-3)

The information you enter on Ouneva Group websites will be transferred outside the EU and EEA when using the Hubspot service. The database of Hubspot Inc. service provider is located in the USA in the region of East 1-Virginia. Hubspot Inc. complies with the EU-US Privacy Shield.

When using Google Analytics, your personal data will be transferred outside the EU and EEA. Google complies with the EU-US Privacy Shield.

Except as set out above, your personal data will not be transferred outside the EU or EEA.

11. Use of Cookies

We use cookies on our website. A cookie is a small text file sent to and stored on a user’s computer that enables the website operator to identify frequent visitors, facilitate visitor logins and allow the compilation of aggregate information about visitors. This feedback allows us to continuously improve the content of our website. Cookies do not harm users’ computers or files. We use them to provide our customers with information and services tailored to their individual needs.

If a user visiting our website does not want us to receive the above information through cookies, most browsers allow you to disable the cookie function. This is usually done through the browser settings.

However, it should be noted that cookies may be necessary for the proper functioning of some of the pages we maintain and services we provide.

12. Register Security

The data is transferred over an SSL-secured connection.
Electronic data is protected by a firewall, usernames and passwords.
Access to the data is restricted to those persons employed by the controller who need the data for their tasks.

13. Automated Decision-Making

No automated individual decisions (Article 22 of the EU General Data Protection Regulation) are taken.

14. Rights of the Data Subject

The data subject has the right to check what data concerning him or her has been stored in the personal data register. The written request for inspection must be signed and sent to the person responsible for the register.

The right of inspection is free of charge and is exercised no more than once a year.

The data subject has the right to request the rectification or erasure of inaccurate or outdated data or the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with Articles 18 and 21 of the EU General Data Protection Regulation.

Data subjects have the right to withdraw their prior consent to the processing of their data or to lodge a complaint with a supervisory authority about the processing of their personal data.

Data subjects also have the right to object to the use of their data for direct marketing purposes.