Skip to main content
Privacy

Privacy and data protection policy

Privacy and personal data policy in accordance with the EU General Data Protection Regulation (GDPR). Drafted 1 Jan 2024, updated 15 May 2026.

1. Data controller

Avania Consulting Oy
Business ID: 3112934-1
Isokatu 56, 90100 Oulu, Finland
Phone: +358 45 676 8809

2. Contact person for the registry

Janne Kuntola
Email: janne.kuntola@avania.fi
Phone: +358 45 676 8809

3. Name of the registry

Avania Consulting Oy customer registry.

4. Legal basis and purpose of processing

The legal basis for processing personal data is a customer relationship, the customer's consent, a contract or the legitimate interest of the data controller. Personal data is processed for the following purposes:

  • Order processing and service delivery
  • Customer service and communications
  • Business development and reporting
  • Billing and obligations under accounting law
  • Marketing (electronic direct marketing requires a separate consent)

5. Data content

The following data is stored in the registry:

  • Name and company
  • Contact details: phone number, email address, postal address
  • IP address and other technical system log data
  • Ordered products and services and related pricing and billing information
  • Customer feedback and reviews

6. Sources of data

Data stored in the registry is collected from the data subject themselves via the website forms, email, phone, contracts, customer meetings and other situations where the customer provides their data.

7. Regular disclosure and transfers of data

Data is disclosed as needed to the following parties:

  • Payment service providers for processing order payments
  • Accounting partners for fulfilling statutory obligations
  • Delivery partners for fulfilling orders
  • Service providers assisting in the operation of our business
  • Authorities when required by law

Customer reviews and feedback may be published online under a separate agreement. Data is not transferred outside the EU or EEA.

8. Principles of registry protection

Care is taken in handling the registry, and data processed by information systems is appropriately protected. When registry data is stored on servers, the hardware is properly maintained. The data controller ensures that stored data, server access rights and other information critical to personal data security is processed confidentially and only by employees whose job description requires it.

9. Right of access and right to require correction

Every person in the registry has the right to review the data stored about them and to require correction of any inaccurate data or completion of incomplete data. The request is sent in writing to the data controller.

10. Other rights related to processing of personal data

A person in the registry has the right to request the deletion of their personal data from the registry ("right to be forgotten"). The data subject also has the other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests are sent in writing to the data controller. If necessary, the data controller may ask the requester to prove their identity. The data controller responds to the customer within the time specified in the EU GDPR (generally within one month).

11. Cookies and analytics

Our site uses cookies to improve the user experience and for analytics. You can block cookies through your browser settings if you wish. For more information about cookies, see your browser's help.