FIPrivacy policy
Data Controller
Atoz Oy (Business ID: 2842989-6)
The data controller is responsible for the processing of personal data and for ensuring that such processing is carried out in accordance with applicable data protection legislation.
Visiting address:
Finlaysoninkuja 17, 33210 Tampere
Data protection contact person:
Tommi Puonti
Email: tommi.puonti(at)atoz.fi
Phone: +358 45 130 6341
Purpose of Processing Personal Data
Personal data is processed for the following purposes:
- managing and developing customer relationships
- responding to contact requests
- carrying out recruitment processes
- analyzing and improving website performance
- marketing communications, if the data subject has given consent
- business development and service improvement
Legal Basis for Processing
The processing of personal data is based on one or more of the following legal grounds:
- Contract – e.g., processing related to recruitment or customer relationships
- Consent – e.g., for marketing communications or cookies
- Legitimate interest of the controller – e.g., website analytics and business development
- Legal obligation – e.g., accounting or regulatory requirements
Personal Data Collected
The register may include the following data:
Contact forms
- name
- company
- email address
- phone number
- message content
Recruitment
- name and contact details
- CV and work history
- education details
- possible portfolios and applications
Website usage
- IP address
- browser and device information
- website usage analytics
- cookie-related identifiers
Sources of Data
Personal data is mainly collected:
- directly from the data subject
- via website forms
- through recruitment systems
- via analytics and tracking tools
Recipients of Data
Data may be processed in the systems of the following service providers:
- cloud services and office applications
- customer relationship management systems (CRM)
- recruitment systems
- website analytics and marketing services
Service providers act as data processors on behalf of the data controller.
Transfer of Data Outside the EU/EEA
Personal data may be transferred outside the EU/EEA, for example in connection with cloud services.
In such cases, transfers are carried out in accordance with EU data protection legislation, for example:
- based on Standard Contractual Clauses (SCC) approved by the European Commission
- in accordance with an adequacy decision of the EU
Data Retention Period
Data is retained only as long as necessary to fulfill the purposes of processing.
Examples of retention periods:
- recruitment applications: up to 24 months
- contact requests: up to 12 months
- customer relationship data: for the duration of the relationship and as required by law
- analytics data: as defined by the service provider
Rights of the Data Subject
The data subject has the following rights:
- right of access to their data
- right to rectification
- right to erasure ("right to be forgotten")
- right to restriction of processing
- right to object to processing
- right to data portability
- right to withdraw consent at any time
Requests can be sent to the contact details of the data controller.
Right to Lodge a Complaint
The data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of personal data violates data protection legislation.
In Finland, the supervisory authority is:
Office of the Data Protection Ombudsman
Cookies
The website uses cookies for the following purposes:
- technical functionality of the site
- analytics and usage statistics
- possible marketing
Users can manage cookie settings via their browser settings or through the website’s cookie banner.
Data Security
Appropriate technical and organizational measures are used to protect personal data, such as:
- access control
- encrypted connections
- service providers’ security practices
- staff training
Updates to This Privacy Notice
This privacy notice may be updated, for example due to changes in legislation or service development.
Last updated: March 20, 2026