Skip to content

Aveso Privacy Policy

Aveso Oy – Privacy Policy

Last updated: 6 May 2026

This privacy policy explains how Aveso Oy processes personal data. The policy complies with the EU General Data Protection Regulation (GDPR, EU 2016/679) and the Finnish Data Protection Act (5 December 2018/1050).

Data Controller and Contact Persons

Data Controller:

Aveso Oy

Finnish Business ID: 2649376-3

Address: Lemminkäisenkatu 34, 20520 Turku

Email: info@aveso.fi

Data Protection Officer:

Email: vesa.ohlsson@aveso.fi

Principles of Personal Data Processing

Purposes of processing and legal bases

Website analytics and digital marketing measurement

  • Purpose: Analysis of website usage, website development, and optimization of marketing
  • Legal basis: legitimate interest

Website contact forms and sales lead management

  • Purpose: Responding to contact requests and handling sales leads
  • Legal basis: consent

Cookie consent management

  • Purpose: Collection, management, and documentation of cookie consents
  • Legal basis: consent

Surveys and event registrations

  • Purpose: Organizing events and collecting feedback
  • Legal basis: consent / legitimate interest

Marketing communications

  • Purpose: Sending newsletters and marketing communications
  • Legal basis: consent / legitimate interest

Categories of Personal Data

  • Name, email, phone number
  • Company and job title
  • Information related to forms and events
  • Cookie identifiers, IP addresses (anonymized), browser information

Sources of Personal Data

Personal data is collected:

  • directly from the data subject (e.g. Aveso forms and event registrations)
  • in connection with the use of Aveso’s website (cookies and analytics)
  • from public sources (e.g. company websites and registers)

Recipients of Data

  • Aveso’s management, HR, sales, and marketing personnel
  • Service providers (analytics, marketing, event systems, and IT services)

Transfers of Data Outside the EU/EEA

Data may be transferred outside the EU/EEA through the infrastructure of service providers.

Transfers are carried out using the European Commission’s Standard Contractual Clauses (SCC).

Data Retention Periods

  • Website analytics: up to 14 months
  • Cookie consent: up to 12 months
  • Contacts and leads: up to 24 months
  • Events and surveys: up to 24 months
  • Marketing communications: until subscription is cancelled

Legitimate Interest – Justification

The processing of personal data is based on legitimate interest when processing is necessary for:

  • developing Aveso’s business
  • maintaining Aveso’s customer relationships
  • carrying out Aveso’s B2B marketing

Aveso regularly assesses that the processing does not infringe the rights and freedoms of the data subject.

Is Providing Data Mandatory?

Providing personal data is generally voluntary.

In some situations, providing data is a prerequisite for delivering a service (e.g. contact request or event registration).

Automated Decision-Making

Aveso does not carry out automated decision-making or profiling based on personal data that would have legal effects on the data subject.

Data Processors

Aveso Oy has GDPR-compliant data processing agreements with all service providers that process personal data on our behalf.

Data Security

Personal data is protected by appropriate technical and organizational measures:

  • access control and restricted user rights
  • secure data transfer (HTTPS)
  • logging and information security practices

Rights of the Data Subject

You have the right to:

  • access your data
  • rectify incorrect data
  • request deletion of data
  • restrict processing
  • object to processing (especially marketing)
  • transfer data from one system to another
  • withdraw consent

You also have the right to lodge a complaint with the supervisory authority (Data Protection Ombudsman).

Contact

For matters related to data protection, you may contact:

Email: vesa.ohlsson@aveso.fi

Contact Us

    How can we help?