top of page

Digileaper Oy's data protection and registry information on the processing of personal data. 

According to the data protection regulation, the controller has an obligation to clearly inform the data subjects. This statement fulfills the information obligation. 

1. Registrar

Digileaper Oy, Y-ID: 3086633-1 

Contact information: 
Elektronikatie 10 
90590 Oulu

Contact information for registry matters:  

Digileaper Oy / Harri Takala  
Elektronikatie 10 
90590 Oulu 
+358 40 3413 624 

2. Registered

Digileaper Oy, as the data controller, processes the personal data of our visitors and customers in accordance with the EU General Data Protection Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR) and other applicable data protection legislation. 

3. Purpose of use of personal data  

We use different registers for different purposes:


A. Digileaper Oy's website (

Contact persons: The contact information of the company's contact persons is published on Digileaper Oy's website. Contact information includes first and last name, phone number, email address, photo and job description. The information is essentially related to the performance of work tasks. 

Contact form:There is a contact form on the website. The name, email address and how we can help field provided by the contact person on the form are mandatory information. Other contact information is optional. The information is processed for contacting potential customers. 

Websites use cookies that are stored in the user's web browser memory.  HubSpot uses cookies for website tracking. The cookie information used by HubSpot is transferred and stored on servers that may be located outside the EU. 


B. Customers 

The basis for processing customer data is compliance with statutory obligations. The basis for data processing in connection with customer orders is the execution of the contract. 

Personal data is only processed for predefined purposes, which are as follows:   

  • Customer relationship management 

  • Sending customer newsletters 

  • Customer events 


C. Potential customers related to sales and marketing 

Sales and marketing activities aimed at contact persons of potential business customers are the basis for data processing of sales and marketing customers. Marketing to the contacts of potential business customers is a legitimate interest of the company. 


Personal data is processed  

  • Marketing communication in different channels 

  • Performing various types of sales activities  

4. Personal data to be stored in the register 

The customer register contains the following information:  

Contact information: 

  • company 

  • name  

  • address  

  • email  

  • phone number  

Customer information:  

  • information about purchased products / services 

  • billing information 

  • customer-related sales and marketing activities 


Information based on the customer's orders and Customership and other personal data generated during the customer relationship include, for example: 

  • company 

  • name 

  • email 

  • phone number 

  • professional title 

5. Rights of the data subject

The registrant has the following rights, requests for the use of which should be sent to   


Right of inspection  

The registered person can check the personal data we have stored.   

The right to correct information 

The registered person can ask to correct incorrect or incomplete information about him. 


Right to object 

The registered person can object to the processing of personal data if he feels that the personal data has been processed unlawfully.   

Ban on direct marketing  

The registrant has the right to prohibit the use of data for direct marketing.  


Deletion right  

The registered person has the right to request the deletion of data if data processing is not necessary. We process the deletion request, after which we either delete the data or provide a justified reason why the data cannot be deleted.   

It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires. 

Withdrawal of consent 

If the processing of personal data concerning the data subject is based only on consent, and not e.g. customership or membership, the data subject can withdraw consent. 

The registered person can appeal the decision to the Data Protection Commissioner  

The registered person has the right to demand that we limit the processing of disputed data until the matter is resolved.  

Right of appeal  

The registered person has the right to file a complaint with the data protection commissioner if he feels that we violate the current data protection legislation when processing personal data.  

Contact details of the data protection officer:  

6. Regular sources of information  

Digileaper collects personal data to handle customer relations and/or related assignments. The information is collected after the customer relationship is established or even before the customer relationship begins, e.g. in connection with sales or marketing events. Personal data is processed based on the registered customer relationship or consent. 

Customer information is generally obtained from:  

  • From the customer himself when the customer relationship is created  

  • From the customer himself via an online form 

  • In connection with sales or marketing events 

  • Through prospecting reports  

7. Regular disclosures of information

As a general rule, information is not disclosed outside of Digileaper Oy for marketing purposes, unless the applicable legislation requires otherwise. 

We have ensured that all our service providers comply with data protection legislation. We regularly use the following service providers:  

  • Visma Solutions Oy 

  • HubSpot 

8. Duration of processing 

As a general rule, personal data is processed only as long as it is necessary to fulfill our contractual obligations and/or if the processing is necessary to comply with the legal obligation of the controller.  

9. Protection of personal data

We use appropriate technical and administrative information security solutions to protect personal data against unauthorized access, disclosure, destruction or other unauthorized processing, such as the use of encryption solutions, controlled granting of access rights and monitoring of their use, instructing personnel involved in the processing of personal data.

10. Personal data processors

The controller and its employees process personal data. We can also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with valid data protection legislation and otherwise appropriately.

11. Data transfer outside eta 

Personal data will not be transferred outside the European Economic Area.

12. Automatic decision-making and profiling

We do not use the data for automatic decision-making or profiling.  

bottom of page