Our work requires that we collect, control, and process some personal data about you. We want to respect your privacy, and we are committed to protecting it. This privacy policy includes information about: what personal data we collect; how we use the data; how we collect the data; what is the legal basis for processing the data; who controls and processes the data; how we protect the data; data transfers outside the EU; how long we retain data; and what rights you have regarding your data.
Koskinen Family Business Oy ("Koskinen & Co", "we", "us", or "our") collects, controls, and processes your data according to this privacy policy and applicable legislation, including the EU General Data Protection Regulation (GDPR).
Our services are not directed at individuals under the age of 16, and we do not knowingly collect personal data from children.
Headings and bullets are included only to increase readability of this Privacy Policy, and shall have no relevance for the interpretation of the relevant clause.
We may use your data: (a) to create or maintain customer relationships; (b) to offer services, products or other legitimate interests to you; (c) to provide services, products or other legitimate interests to you; (d) to develop services, products or other legitimate interests; (e) to fulfil requirements of a contract to which you are a party; (f) to take steps to create such a contract; (g) to fulfil requirements of any legal obligations that we are subject to; or (h) to pursue any other legitimate interests that do not override your interests or fundamental rights and freedoms that require protection of your data.
We may collect: (a) your contact details (such as name, email and phone number); (b) your company details (such as company name and job title); (c) your communication details (such as chat transcripts, email correspondence, text messaging and meeting memos); (d) your usage details (such as how you use our website and our other services and products); (e) your relationship details (such as details you have shared with us while using our services and products, and details you have given us access to fulfil requirements of a contract); and (f) any other legitimate personal data necessary for the purposes described in this policy.
We may collect personal data about you: (a) from publicly available sources (such as web or social media); (b) from yourself as you communicate with us or use our products and services; (c) from the sources you have given us access to fulfil requirements of a contract; (d) from shared partners, service providers and other third parties; or (e) from your representative.
There is always a legal basis for collecting and processing your data. The legal basis for processing your data may be: (a) a freely given consent from you; (b) performance of a contract to which you are a party; or (c) fulfilment of our or a third party's legitimate interest.
Our legitimate interests include: maintaining and developing our customer relationships; providing and improving our services; ensuring network and information security; and marketing our services to existing customers and similar prospective customers. However, these interests cannot override your interests or fundamental rights and freedoms that require the protection of your data.
If we process your data based on consent, you may withdraw that consent at any time by contacting us at matias@koskinen.co. Withdrawal does not affect the lawfulness of processing before withdrawal.
The data is accessible, controlled and processed by Koskinen & Co employees.
Some parts of the data processing have been outsourced to third parties. We do our best to ensure that the chosen data processors have appropriate security measures to protect your privacy and to comply with any applicable legislation.
Your data may be processed by third-party service providers, including cloud services, communication tools, and AI-assisted tools. A current list of sub-processors is maintained at www.koskinen.co/legal/sub-processors or is available upon request.
We ensure that all sub-processors have appropriate data processing agreements in place and provide adequate protection for your personal data in compliance with GDPR requirements.
Your data is not transferred elsewhere unless the performance of a contract that you are a party to, other legal obligations that we are subject to, or a public authority demands otherwise.
We retain personal data only as long as necessary for the purposes described in this policy: a) Customer relationship data: For the duration of our business relationship plus six (6) years for accounting and legal compliance purposes; b) Communication records: For the duration of the business relationship plus five (5) years for contractual reference; c) Website usage data: Up to twenty-four (24) months; d) Marketing data: Until you withdraw consent or object to processing.
After these periods, data is securely deleted or anonymised.
Your data may be transferred outside of the EU or EEA by the third parties described above. It is likely that some parts of their data processing processes do transfer the data internationally.
For international data transfers to countries not covered by an adequacy decision of the European Commission, we rely on the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and ensure that any service providers outside the EU/EEA provide adequate protections in compliance with GDPR requirements.
We have done our best to ensure that these third parties have their data servers within the EU or EEA, or have appropriate security measures to transfer your data internationally in compliance with applicable law.
Your data is protected with appropriate security measures. The computers that are used to access your data have been encrypted. The access to the data processing services has been protected with two-factor authentication measures, where applicable, and with strong passwords. A VPN connection is used wherever possible to connect to these services.
We do not use automated decision-making, including profiling, that produces legal effects or similarly significantly affects you.
We use cookies to improve your experience and make sure that you'll see more relevant content on this website and elsewhere on the internet. Cookies are small data files that are stored on your device. Cookies enable us to receive information about how our website is used.
Types of cookies we use: a) Necessary cookies: Required for the website to function properly; b) Analytics cookies: Help us understand how visitors interact with our website; c) Marketing cookies: Used to track visitors across websites to display relevant advertisements.
You may opt out of non-essential cookies when accessing our website for the first time, or by adjusting your browser settings. Please note that disabling certain cookies may affect website functionality.
Under the GDPR, you have the following rights regarding your personal data: a) Right of access: You have a right to know whether we collect, control, and process your data and to obtain a copy of the personal data we hold about you; b) Right to rectification: You have a right, without undue delay, to rectify inaccurate, expired, or incomplete data about you; c) Right to restrict processing: You have a right to restrict what personal data we process about you, how long we process it, and in what ways we process it; d) Right to data portability: You have a right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller; e) Right to erasure: You have a right, without undue delay, to request erasure of your personal data unless the processing is necessary for legal obligations that we are subject to, or for the performance of a contract to which you are a party; f) Right to object: You have a right to object to the processing of your data unless we have a compelling legitimate ground for processing which overrides your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims; g) Right to withdraw consent: Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal; h) Right to lodge a complaint: You have a right to lodge a complaint with the Office of the Data Protection Ombudsman (tietosuoja.fi).
You may exercise any of these rights by contacting us at the details below.
We may update this privacy policy if our work or the legislation changes. The changes come into effect when the updated privacy policy is published.
If the changes result in the expiration of the legal basis for collecting, controlling and processing your data, we make sure that the legal basis is restored. Otherwise, your data will be deleted according to all applicable privacy laws and regulations.
You may contact us for any enquiries about this Privacy Policy:
Koskinen Family Business Oy
Email: matias@koskinen.co
Phone: +358 40 845 7632
Version 2.0: December, 2025