Home Privacy Policy

Privacy Policy

At the Algol Group, we are committed to protecting the privacy of our service users. We process personal data appropriately and only to the extent necessary for our operations. Our data processing practices are based on the EU General Data Protection Regulation (2016/679) and the Finnish Data Protection Act (1050/2018).

Algol Oy is responsible for data protection administration at a group level. Algol Group companies act as independent data controllers for their own customer and stakeholder registers. If you conduct business with our Group companies, we ask you to review their specific privacy statements on their respective websites.

This page and the statements mentioned herein apply to the processing of personal data carried out by Algol Oy (the parent company). In this statement, we explain how we process your personal data in our various registers. We update these privacy statements when necessary and indicate the date of the change in the statement. If changes are significant, we may also communicate them through other means, such as email or by posting a notice on our website. We recommend that you visit our site regularly and take note of any possible changes.

If you have questions regarding our procession of personal data after reading our statements, please get in touch.

Algol Oy
Karapellontie 6
02610 Espoo, Finland

Email: gdpr@algol.fi

Contact Persons:
Tor Edgren, Group Corporate Responsibility Manager
Charlotta Horsma, Corporate Counsel

Privacy Policy for Algol Oy’s Customer and Stakeholder Register

This statement describes how Algol Oy processes personal data in connection with website visits, contacts, marketing, and customer and cooperation relationships.

1. Name of the Register

Algol Oy’s customer, stakeholder, supplier and marketing register.

2. Websites and Contacts

When you visit Algol Oy’s website, we collect information as follows:

Browsing the website does not require registration. We only ask for your personal data when you send us inquiries or feedback via the forms on the website.

In the forms, we ask for your name, company, phone number, and/or email address. The information you send via forms is protected. Data is stored on the server for six months from the receipt of the form. Information provided for managing a customer relationship is stored for the duration of the relationship, for example, in the customer register (CRM).

Personal data is also collected, for example, in connection with registrations (Webropol forms, Google Forms). Data is processed only for the specific purpose intended.

3. Data Controller and Contact Information

Algol Oy (0106435-6)
Karapellontie 6, 02610 Espoo
PL 13, 02611 Espoo
Email: gdpr@algol.fi

Contact persons:
Tor Edgren, Group Corporate Responsibility Manager
Charlotta Horsma, Corporate Counsel

4. Data Content of the Register

The register may contain the following information about the Data Subject:

Name, email, phone number, title, job role or position in the company, company/organization and its contact details, classification data provided by the Data Subject or publicly available, order, billing, and delivery information, details regarding products and services ordered or in the offer phase as well as expressed areas of interest including changes to them, data collected via cookies, data collected by the website and the marketing platform in use, data collected by the newsletter tool, registration and participation data from events and surveys (identified responses including potential dietary information), and other transmitted information, potential opt-outs from direct marketing, data collected from social media channels, information about the device used by the Data Subject (such as device type, browser, IP address, and other device data), and any other information collected with the Data Subject’s consent.

The personal data processed is necessary for its intended purposes.

The Data Controller processes personal data for the following purposes:

  • Managing and administering business-related customer and stakeholder relationships and contracts.
  • Maintaining and developing customer and stakeholder relationships.
  • Customer communication and marketing.
  • Fulfilling the rights and obligations of the Data Subject and the Data Controller.
  • Purposes related to web services and analyzing the use of services and products, providing and developing services, identifying customers and data subjects, and generating statistics.
  • Fulfilling the Data Controller’s statutory obligations.

The legal bases for processing personal data under the EU General Data Protection Regulation are:

  • Consent of the Data Subject
  • Contracts related to the customer relationship
  • Legitimate interest of the Data Controller
  • Statutory requirements

The analytics of the publishing system we use for customer communication and marketing collect data to develop services. The information collected includes the time messages are opened and link clicks/timestamps.

You can cancel the receipt of marketing messages by notifying the controller or by clicking the unsubscribe link provided in every marketing message, after which your data will be removed from the electronic direct marketing subscriber list.

6. Regular Sources of Information

Personal data is collected from:

  • The customer, potential customer, stakeholder representative, or other contacts themselves via telephone, the internet (websites, forms, newsletter subscriptions, event registrations, social media, trade register), email, or other similar means.
  • Cookies or other similar technologies.
  • Information collected during the contract process.
  • Information obtained from customer meetings.
  • Other possible situations where the Data Subject discloses data to the Data Controller.

Additionally, the Data Controller uses Google Ads and Analytics services to collect visitor data to analyze and improve the website and target relevant marketing. Data is automatically saved to the register when a user leaves information on the website or uses the newsletter service.

7. Regular Disclosure of Data

As a rule, the Data Controller does not disclose personal data to third parties. Data may be disclosed if required by a competent authority, to fulfill contractual obligations, or to the extent agreed upon with the Data Subject.

In some situations, data may be disclosed to subcontractors or partners of the Data Controller if necessary for service production (based on legitimate interest) or due to joint marketing measures (based on consent). These parties process personal data confidentially.

We aim to transfer data anonymously whenever possible. Our partners operate according to legal privacy requirements and the controller’s documented instructions. We are responsible for the processing performed by service providers on our behalf as we are for our own actions.

8. Data Transfer Outside the EU or EEA

Data is not regularly disclosed outside the European Union or the European Economic Area. Data may be transferred and stored on a server located outside the EU or EEA if the implementation of the service requires it, in accordance with the GDPR and the Finnish Data Protection Act.

If data is transferred outside the EU/EEA, it always occurs on a legal basis:

  • The European Commission has decided that the recipient country ensures an adequate level of data protection.
  • The Data Controller has implemented appropriate safeguards using standard contractual clauses approved by the European Commission.
  • The Data Subject has given explicit consent for the transfer.
  • There is another legal basis for the transfer.

9. Data Retention Period

Personal data is stored only as long as necessary to fulfill the processing purposes defined in this statement. Data may also be stored as long as legislation, such as the Accounting Act, requires. The Data Controller regularly assesses the necessity of data retention according to internal practices.

10. Rights of the Data Subject

The Data Subject has the following rights. Requests to exercise these rights should be sent to the address mentioned in section 3. The Data Controller may ask the requester to prove their identity. The Controller will respond within the timeframe set by the GDPR.

The Data Subject has the right to inspect their stored data at any time and exercise their “right to be forgotten.” Upon request, the Controller will correct, delete, or supplement inaccurate, unnecessary, incomplete, or outdated data.

Other rights include:

  • Withdrawal of consent: Right to withdraw consent for data collected based on consent
  • Right to object: Right to object to processing based on public or legitimate interest unless there are compelling grounds for processing.
  • Direct marketing ban: Right to prohibit processing for direct marketing, market research, or opinion polls.
  • Right to restrict processing: Right to demand restriction of processing if data is inaccurate or processing is unlawful.
  • Right to lodge a complaint: Right to bring the matter to the Data Protection Ombudsman.

Requests for inspection or correction must be submitted in writing and signed to: Algol Oy, Inspection Request, Karapellontie 6, 02610 Espoo or via email to gdpr@algol.fi.

Newsletter recipients have the right to opt out of receiving the newsletter from the controller. You can remove your email address from the mailing list by clicking the link at the end of the newsletter or by notifying the controller.

11. Principles of Data Security

Personal data is kept confidential. The Data Controller’s network and hardware are protected by firewalls and other necessary technical measures. Access to data is restricted to employees whose job descriptions require it.

The Data Controller reserves the right to change this privacy statement as needed. This privacy statement was last updated on April 22, 2026.

Websites belonging to Algol Group companies use cookies. We collect statistical information about website users primarily to analyze and develop site usage. All collected data is anonymous and cannot be linked to individual users.

Read more about cookies.