Vanico Oy

Privacy Statement

Privacy Statement - Register and Data Protection

This is the register and data protection privacy statement in accordance with the European Union General Data Protection Regulation (GDPR) by Vanico Ltd. Created on 01.08.2023. Last modification on 29.08.2023.

1. Data Controller
Name: Vanico Ltd (our website:
Business ID: 2513987-7
Address: Metsontie 2 C 12
Postal Code: 04320
City: Tuusula
Phone Number: +358 105 059 640

2. Person Responsible for Register Matters
Company: Vanico Ltd (our website:
Name: Ivan Koval
Address: Metsontie 2 C 12
Postal Code: 04320
City: Tuusula
Phone Number: +358 105 059 640

3. Data Protection Officer
Company: Vanico Ltd (our website:
Name: Ivan Koval
Address: Metsontie 2 C 12
Postal Code: 04320
City: Tuusula
Phone Number: +358 105 059 640

4. Purpose of the Register

Personal data is processed for purposes related to the management, administration, and development of customer relationships, offering and delivering services, service development and billing. Personal data is also processed for the purpose of resolving possible complaints and other demands.
Additionally, personal data is used in communication directed at customers, such as informational and news purposes as well as marketing, including direct marketing and electronic direct marketing. Information is also needed for recruiting new employees to the company.
Customers have the right to refuse direct marketing targeted at them.
The data controller processes the data themselves and also utilizes subcontractors to process personal data on behalf and for the account of the data controller.

5. Basis for Collecting and Processing Data

Customer information is collected and processed with the customer's consent or for the fulfillment of a contract with the customer.

The legal bases for processing personal data are the following under the General Data Protection Regulation (GDPR):

- The data subject has given consent to the processing of their personal data for one or more specific purposes (GDPR Article 6(1)(a)).
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (GDPR Article 6(1)(b)).
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (GDPR Article 6(1)(f)).

The legitimate interest of the data controller is based on a relevant and appropriate relationship between the data subject and the data controller resulting from the data subject being a customer of the data controller. Processing is carried out for purposes that the data subject could reasonably expect at the time of data collection and in connection with the appropriate relationship.

6. Content of the Register

What we collect: contact forms, call back request forms, newsletter forms, and job applications.

The register contains the following personal data for all registered individuals:

- Basic personal and contact information: [first name, last name, place of residence, phone number, email address, year of birth, professional qualifications, CVs];
- Information related to the individual's company or other organization and the individual's position or title in that company or organization;
- Permissions and restrictions related to direct marketing.

7. Storage Period of Data

Data collected in the register is retained only for as long as necessary in relation to the original or compatible purposes for which personal data was collected or for the development of customer service.

The need to retain personal data is evaluated approximately once a year and in any case, information related to the data subject is removed from the register after the customer relationship with the data controller has ended, and obligations and actions related to the customer relationship have been completed.

The data controller regularly evaluates the need for data retention according to their internal rules of conduct. Additionally, the data controller takes all reasonable measures to ensure that inaccurate, incorrect, or outdated personal data is promptly deleted or corrected in relation to the processing purposes.

8. Regular Sources of Information

Personal data is collected from the data subject themselves.

Personal data is also collected and updated within the limits of applicable legislation from generally available sources related to the implementation of the customer relationship between the data controller and the data subject. These sources enable the data controller to fulfill their obligations related to maintaining customer relationships.

Data is collected from registers maintained by authorities within the limits allowed by law (e.g., Data is also collected through the Google Analytics analytics tool.

9. Regular Disclosures of Data and Transfer of Data Outside the EU or the European Economic Area

Data is not routinely disclosed to external parties. Some external service or software providers used by the company may store data outside the EU or the European Economic Area.

10. Use of Cookies

We use the cookie function, or cookies, on our website. A cookie is a small text file sent to the user's computer and stored there, allowing the website administrator to identify frequent visitors to the site, facilitate visitor logins, and enable the creation of composite information about visitors. This feedback allows us to constantly improve the content of our pages. Cookies do not harm users' computers or files. We use them to provide our customers with information and services tailored to their individual needs.

If a user visiting our site does not want us to obtain the above-mentioned information through cookies, most browser programs allow the cookie function to be disabled. This is usually done through the browser's settings. However, it is good to note that cookies may be necessary for the proper functioning of some pages we maintain and the services we provide.

11. Register Protection

Data is transmitted over an SSL-protected connection. Electronic data is protected by firewalls, usernames, and passwords. Data access is restricted to employees of the data controller who require the data for their tasks.

12. Automated Decision-Making

Automated individual decision-making (Article 22 of the GDPR) is not carried out.

13. Rights of the Data Subject

The data subject has the right to review the information stored about them in the personal data register. A written request for review must be sent, signed, to the person responsible for register matters.

The right to review is free of charge and can be exercised once a year.

The data subject has the right to request the correction or deletion of incorrect or outdated data, or the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with Articles 18 and 21 of the EU General Data Protection Regulation.

The data subject has the right to withdraw any consent previously given for the processing of their data or to lodge a complaint with the supervisory authority regarding matters related to the processing of their personal data.

The data subject also has the right to prohibit the use of their data for direct marketing purposes.

14. Web Analytics

The following services collect anonymized information about visits to the site without personal information: Google Analytics, Tilda Analytics.

15. Targeted Marketing

Based on visits to the site, we may conduct targeted advertising in the following services: Facebook, Google Ads.