Skip to content

Privacy policy

Website visitors, marketing activities and business communication, and partners
Updated 1.2.2022

This privacy policy describes how Efima Plc (“Efima”) processes personal data in connection with the use of Efima’s website and in marketing and business activities. In addition, we process the contact information of our partners, such as our subcontractors, as well as the contact information of our customers or potential customers.

The purpose of this privacy policy is to provide information on, for example, what personal data we process and for which purposes they are processed. This privacy policy also describes the data protection principles generally followed by Efima in its operations and explains the rights of the data subject.

1. Data controller and contact information

Efima Plc, business ID: FI22501236

Mannerheimintie 3B, 5th floor, 00100 Helsinki
Phone: +358 10 470 5450

2. Personal data and the purpose of data processing

Efima processes personal data in its marketing or when a user visits Efima’s website.

For marketing purposes, we collect information from customers or potential customers directly from themselves, for example, through the website’s contact forms or when registering for events. With respect to marketing and corporate communications, we may also collect personal information from other sources of public information, such as our prospective customers’ websites, or from other public sources, such as LinkedIn. We target marketing or corporate communications only based on the person's role and/or position in the company they represent, and not personally.

We collect information of our partners’ and subcontractors’ contact persons primarily directly from the person in question, or if necessary, the information can also be received from the organization that the person represents.


Purpose of processing Category of personal data collected Legal basis of processing
Marketing activities such as email newsletters, or other marketing or corporate communications, managing customer relationships or, for example, informing about changes in the business, developments or other current affairs, communicating about our products, and targeting marketing. Identification data, contact information such as email address, and the name of the organization and job title within the organization. Consent or legitimate interest. Processing is based on customer relationship or marketing to potential customers.
Website administration and transmission of messages in communication networks. The information is processed, for example, when collecting domain identification information in order to provide the website to the visitor and to ensure the functionality of the website. Online identification data (including IP address and cookie information) Legitimate interest. The processing of data is necessary for the realization of Efima's legitimate interests to provide the service requested by the user (operation of the website) (functional cookies only).
Measuring website usage and developing the website using, for example, statistical or analytical cookies. Online identification data (including IP address and cookie information) Consent. The processing of data is based on the consent obtained during the visit to the website.
Fulfillment of contractual or other obligations related to subcontracting and partnerships. Identification data, contact information such as email address, and the name of the organization and job title within the organization Legitimate interest. Fulfillment of contractual or other obligations.


3. Data protection

Efima has implemented appropriate technical and organizational measures to ensure the security of data processing and compliance with the data protection legislation. This includes sufficient safeguards against unauthorized processing and accidental loss, destruction or damage.

Efima’s tools for website maintenance and marketing and business activities and communication are browser-based with appropriate technical security mechanisms and processes. Furthermore, access to any personal data is limited to designated roles in the organization. Personnel involved in the processing of personal data are instructed and trained in the processing of personal data in accordance with Efima's data protection policy. Efima makes agreements with all its personal data processors to ensure they also comply with the processing principles set out in this privacy policy.

4. Data recipients and information on the transfer of personal data to outside the European Union or European Economic Area

Efima uses subcontractors, service providers and consultants with the operation of our website, our services and data processing, who may act as processors of personal data to a limited extent and only to the extent necessary for producing their services. Personal data will also be disclosed to Efima's partners on a limited and necessary basis, for example when organizing events. In case, in which personal data may be processed in countries outside of the EU and the EEA, Efima makes prior assessment of the level of data protection and takes contractual and/or other protection measures to ensure an adequate level of data protection. For example, Efima uses standard contractual clauses approved by the European Commission and, if necessary, additional protection measures and obligations if the target country is not considered to have an adequate level of data protection according to the European Commission.

Efima does not sell or otherwise disclose the personal information it processes to third parties for their marketing purposes.

5. Data storage period and deletion of personal data

Personal data will only be stored for as long as is necessary for the purposes of the processing described in this privacy policy, or if required by mandatory legislation. Thus, storage and deletion times may vary depending on the basis and purpose of the processing.

For marketing and business activities, we retain the information for as long as it is deemed necessary to manage the customer relationship and fulfill obligations. If the processing of personal data is based on data subject’s consent, the personal data will, in principle, be stored for 5 years, but the data will be deleted if requested by the data subject. Information on the prohibition of direct marketing will remain in the register unless the data subject also requests its deletion.

6. Cookies

Efima's online services use cookies (small text files stored on your device) to provide and develop our services. We also use cookies to personalize content and target advertising. Some cookies are session-specific, which are automatically deleted when you close your browser, while some cookies are stored for a longer period of time (e.g. the cookies stored when you fill in a web form).

You can control the use of cookies, for example, in your browser’s settings. For more information about cookies, see the privacy or help documentation for each browser. Certain features of the services are determined by cookies, so blocking and deleting cookies (browser and other options) may impair the functionality and user experience of

Below is a more detailed description of how we use cookies on our website.

  1. Strictly necessary cookies

    Necessary cookies help to make the website usable by allowing basic functions such as navigating the page and using the protected areas of the website. The website will not work properly without these cookies.

  2. Functional cookies

    Functional cookies allow the storage of information that changes the appearance or functions of the website. This information includes, for example, the language or region you selected.

  3. Performance cookies

    Performance cookies help website owners understand how users interact with the website by collecting and reporting information.

  4. Targeting cookies

    Targeting cookies are used to track visitors on websites. The goal is to show ads that are relevant and engaging to individual users, and thus more valuable to publishers and third-party advertisers.

  5. Social media cookies and links to third-party services

    Our website contains links to third-party services or sites. Such links include, for example, Twitter and Facebook sharing buttons, which, when clicked, typically take you to a service provider's service or website, and through which the service providers themselves may place cookies, pixels, or the like on the user's computer. The processing of personal data in connection with the services and websites of these third parties is governed by their own data processing principles and cannot be influenced by Efima. We encourage you to review the privacy practices of those third parties before clicking on any third-party links on our website.

A more detailed list of the cookies used on the website is described separately in the website's cookie banner.

7. Rights of data subjects

The law guarantees the data subject the various rights described below, which Efima is committed to follow. A data subject's rights request can be sent to If necessary, Efima may request additional information to verify the data subject’s identity. Exercising some rights may be subject to certain additional conditions.

  • Right of access: you have the right to receive confirmation on whether or not your personal data is processed in relation to the Website, and you also may have access to a copy of that personal data.

  • Right to rectification: you have the right to request Efima to rectify any inaccurate or incomplete personal data concerning you.

  • Right to erasure: you have the right to request that personal data concerning you is erased if it is no longer necessary for the purpose for which it was collected and processed, and there are no legitimate grounds for Efima to continue processing that data.

  • Right to restriction: in certain situations you have the right to restrict the processing of your personal data, for example, in case where the personal data is no longer needed but instead of being erased, the processing is being restricted.

  • Right to data portability: you may have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format for being able to transmit the data to another controller. This right applies in automated processing if the processing is based on consent or contract.

  • Right to object: on grounds relating to your particular situation, you have the right to object the processing of your personal data, provided that there are no legitimate grounds for processing which override data subject’s rights.

  • Right to withdraw consent: if processing is based on your consent, you may withdraw this consent at any time.

  • In addition, the data subject has the right to lodge a complaint with the supervisory authority, the Office of the Data Protection Ombudsman in Finland, regarding the processing of your personal data in Efima. The website of the Office of the Data Protection Ombudsman can be found here.