Privacy Policy

We ensure that your personal data is processed appropriately, in accordance with applicable legislation and with respect for your privacy. This page provides more detailed information on how we process your personal data.

We continuously develop our services and therefore reserve the right to update this Privacy Policy.

Prepared on 5 April 2022, last updated on 19 May 2026.

1. Controller and Contact Details

Controller: Lakihelppi Oy (3264049-1)
Contact details: Katariina Ruuskanen, katariina@lakihelppi.com

If Lakihelppi refers a customer to its partner and the matter falls within Lakihelppi’s field of business, Lakihelppi and the partner act as joint controllers in the matter.

Lakihelppi cooperates with various partners. To perform an agreement, Lakihelppi may receive personal data through these partners or disclose personal data to a partner.

If you have any questions about our Privacy Policy, please contact us. We are happy to help.

2. What Personal Data Do We Process?

Business Operations and Customer Relationships

We process relevant and necessary data for conducting our business and managing customer relationships.

This includes, among other things, customer and personal data for carrying out assignments.

We also process data concerning cooperation, assignments and contractual relationships, data concerning stakeholders and partners, and data concerning the production, management and development of our operations and services.

We process data that we need for possible training, events or projects.

The data processed may also include data concerning persons who have contacted us or potential partners, customers or stakeholders, as well as data concerning their employees or other representatives.

We also process personal data for the purpose of fulfilling the rights and obligations of the parties and, where necessary, to avoid conflicts of interest.

Data may also be collected from joint activities, depending on the form of such activities.

The data processed relates to the contact details, identification details or related background information of the above-mentioned parties or their representatives. The data may include, for example, name, position, organisation, invoicing details, contact details, order details, identification details or other information related to handling assignments. The data is mainly collected directly from the aforementioned parties or their representatives.

When ordering or for the purpose of handling an assignment, the Customer may provide information that is considered sensitive personal data or health data, such as information concerning family circumstances, assets or health. For the same reasons, we may process data concerning minors and persons with limited legal capacity. For the same purposes, the Customer may also disclose personal data or other information concerning third parties. Such data may include, for example, names, personal identity codes, family relationship information or other information concerning third parties. For this reason, it is important that the person disclosing the data informs these third parties of the contents of this Privacy Policy.

The legal basis for processing is legitimate interest based on the customer relationship, another relationship, the service provider or invoicing. In addition, the legal basis is the preparation and performance of an agreement or assignment and compliance with statutory obligations, such as accounting and taxation. The legal basis may also be consent.

Marketing and Customer Communications

We process data concerning customers and potential customers for sales and marketing purposes, as well as for informing and communicating about our operations. Data may be processed, for example, for creating and sending newsletters, invitations, opinion or marketing surveys, customer feedback forms or other surveys. The data collected may include, for example, name, contact details or other identification details. The legal basis for processing is legitimate interest, consent or agreement.

Website Data and User Tracking

We process cookies and website visitor data for the purpose of business development and ensuring the functionality of the website. The data collected may include, for example, pages visited, duration of the visit and the source from which the user arrived at the website. As a rule, the legal basis for processing is consent.

We also use Leadoo user tracking to monitor how users navigate our website. We combine the data with user information collected, for example, through chat interactions. Leadoo uses ETag tracking, which differs from cookie-based tracking by combining data from multiple user sessions. More detailed information on what the system tracks can be found in Leadoo Marketing Technologies Oy’s privacy practices. If you do not want to be tracked, you can clear your browser cache. More information on how Leadoo works can be found here.

Other Data

We process data concerning job applicants and employees for recruitment decisions and for carrying out tasks related to employer obligations. Other data processed may include data that the data subject has voluntarily provided, for example through a contact request or another communication channel. The legal basis for processing is consent, agreement or legitimate interest.

3. How Do We Process and Store Your Data?

Processing and Storage

We store data for the duration of the customer, partner, employment or cooperation relationship and for 10 years after its termination. Data may be deleted at the customer’s own request after the relationship has ended. We may separately notify you of either a shorter or longer retention period.

We exercise due care in storing and processing data and protect data security with firewalls, passwords and various generally accepted technical methods. Manually maintained materials are stored in locked premises to which unauthorised access is prevented. Data storage and processing are carried out through service providers known to be secure. Data is protected with strictly limited access rights and processed only for the purpose for which it was collected. All personal data is treated confidentially.

Disclosure of Data

As a rule, we do not disclose or transfer data to third parties unless separate consent has been given.

An exception may be an obligation related to legislation or an official requirement, the legality of which is always assessed on a case-by-case basis.

Another exception may be the disclosure of data based on a contractual relationship with a service provider or subcontractor, where the data may be processed to perform the service for the controller. In such cases, the appropriate and lawful processing of personal data is ensured by agreements and, where necessary, confidentiality agreements.

As a rule, we aim to store data within the EU or EEA. However, if suitable providers of tools and file management services are not available, we may have to use service providers located outside the EU and EEA, which means transferring data to third countries.

We may use artificial intelligence technology to process data in order to improve the performance of our services, analyse data and provide personalised services to our users. This may mean, for example, tracking user behaviour, personalised content and automated decisions. When we use artificial intelligence for development and analysis, we always use anonymised data. When we use artificial intelligence in handling assignments, we aim to minimise the personal data provided to the AI, but we cannot guarantee complete anonymity. We use artificial intelligence that complies with data protection legislation and protects users’ privacy.

4. What Rights Do You Have?

You have the right to:

know whether we process personal data concerning you and receive copies of such data, unless we have a legal reason to refuse to provide the data;

know how and for what purposes we process your personal data;

request correction of data concerning you if it is incorrect or incomplete. You may request restriction of processing or deletion of data on grounds provided by law, provided that storage of the data is not based on compliance with a statutory obligation;

withdraw your consent to the use of personal data if the use has been based on consent. Withdrawal does not affect processing carried out before the withdrawal or the lawfulness of such processing. If the processing of data is based on consent, you also have the right to receive such data in a machine-readable format and transfer it to another controller;

object to the processing of personal data concerning you, profiling and processing operations;

object when your personal data is processed for direct marketing purposes or when processing is based on legitimate interest. In this situation, the situation must be specified in the objection request, which we may refuse to comply with only on grounds provided by law;

lodge a complaint with the competent supervisory authority if you feel that we have failed to comply with data protection regulations.

Email Communications

Lakihelppi is committed to responsible and lawful communications.

We do not target marketing communications at consumers without the consent required by law. Any email marketing is directed at companies and relates to their business or professional role.

We aim to ensure that our communications are relevant to the recipient. Communications are based on publicly available company information or an existing customer relationship. We respect all requests not to receive messages, and such requests are processed without delay.

We do not use purchased or rented email lists, nor do we share contact details with third parties for marketing purposes.

We continuously develop our communication practices to ensure that they meet applicable legislation and the principles of good email communication.