Privacy notice
We protect your privacy, and want you to feel safe when you share your data with us. We handle your data confidentially.
1. This policy
This Policy is issued by each of the controller entity listed in Section 12 below (together, “Advania”, “we”, “us” and “our”) and is addressed to individuals outside our organisation with whom we interact, including customers, visitors to our websites, other users of our services, personnel of corporate customers and suppliers, applicants for employment, and visitors to our premises (together, “you”). Defined terms used in this Policy are explained in Section 13 below.
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.
2. Information about processing of personal data
Advania protects your privacy, and we want you to feel safe when submitting your personal data to us. It is important to us to be open about how we manage your personal data and give you information in a way that makes you understand how we will process them.
In this Policy, which applies to all of Advania's customers, suppliers and partners in the local country, we want to inform you about how we handle your personal data as it relates to visits to our websites, registering an account in our e-shop or mailing list, when your employers buy our products or services, or in other contacts made with us. Advania works continuously with privacy matters, and therefore we may update this Policy. You will find the latest version on this page.
This Policy was last updated on March 2025.
3. Collection of personal data
We collect personal information e.g.:
- when those data are provided to us (e.g., where you contact us);
- in the course of our relationship with you (e.g., we provide a service to you or the organization you work for);
- when you make personal data public (e.g., if you make a public post about us on social media);
- when you visit our websites and digital channels; and
- when you register to use any of our websites or services.
We collect personal data from different sources such as other companies in the Advania group, the company or organisation you work for, partners which we collaborate with (e.g. carrying out events) and external persons that we communicate with.
In some cases, we may also collect personal data from public registers or public authorities (e.g., from the Finnish Patent and Registration Office if you are a board member, managing director or authorized signatory).
4. Purposes of processing personal data
Advania uses your personal data for the purposes and on the legal bases provided below:
| Purpose | Personal data | Legal basis |
| Visitors of our website and digital channels | ||
| Follow up and evaluate the use of our website and digital channels, for example analysing the number of visitors and activities on our websites. This is carried out using cookies and similar technologies which allow us to analyse visitor and user statistics. |
|
Consent (Article 6.1 a) of the GDPR). The processing relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose. |
| Provide tailored marketing and tailored content on our website and in our digital channels by using cookies and similar technologies to provide you with content which we believe are of interest to you, for example based on your interactions with our digital channels, including our website (such as browsing behaviour and websites visited). |
|
Consent (Article 6.1 a) of the GDPR). The processing relies on the consent that you provide by accepting the use of cookies and similar technologies for the same purpose. |
| Contact persons at customers, suppliers and partners | ||
| Management of the relationship with contact persons at customers, suppliers or partners, e.g. communication before and during contractual relationship, registering you as a contact person and managing orders and invoices and following up and evaluating the business relationship. |
|
|
| Management of customer service inquiries, e.g., reception, investigation and responding to requests |
|
Advania's legitimate interest in being able to manage customer service inquiries, to the extent that such legitimate interest is not overridden by the interests, fundamental rights or freedoms of customers (Article 6.1 f of the GDPR). |
| Customer and supplier credit checks, including to verify the identity of contact persons at customers and suppliers to assess risks and to comply with applicable laws aiming to prevent money laundering and terrorism financing. |
|
Our legitimate interest under Article 6.1 f) of the GDPR/UK GDPR (as applicable) to carry out customer and supplier credit checks to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms. Fulfil legal obligation (Article 6.1 c) of the GDPR). Where we need to take measures to comply with applicable legislation, for example to prevent money laundering and terrorism financing, the processing of your personal data is necessary to fulfil such legal obligation. |
| Follow up and evaluate sales and campaigns with customer contact persons e.g. to compile statistics of orders and in general to better understand what services and products that are used by our customers. This in order for us to obtain a better understanding and insight in our customers' behaviours and patterns, to allow us to develop and improve our business. |
|
Advania’s legitimate interest in following up and evaluating sales and campaigns, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Maintaining records of sales, finance, corporate audit, and supplier management. |
|
Advania’s legitimate interest to carry out the processing for the purpose of managing and operating the financial affairs of our business, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Provide offers and marketing in different channels, e.g. via e-mail, regarding our products and services. We will only send you communication for marketing purposes if you have not objected (opted-out) to such communication. |
|
Advania’s legitimate interest to provide offers and marketing, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Contact persons at prospective customers | ||
| Communicate regarding our products and services, e.g. including to provide offers and marketing in different channels (e.g. via e-mail) as well as carry out sales meetings and demos. We will only send you communication for marketing purposes if you have not objected (opted-out) to such communication. |
|
Advania’s legitimate interest to provide offers and marketing, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| End users/persons working at our customers | ||
| Management of end user data, for example keeping track of which equipment that is assigned to a specific user working for a customer of ours. |
|
Advania's legitimate interest in managing end user data, to the extent that such legitimate interest is not overridden by their interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Visitors at our premises | ||
| Visitor registration for safety and evacuation reasons. |
|
Advania’s legitimate interest to register visitors for safety and evacuation reasons, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). CCTVs are clearly sign-posted. |
| CCTV monitoring to ensure the safety on our premises and to detect and prevent crime. |
|
Our legitimate interests under Article 6.1 f) of the GDPR/UK GDPR (as applicable) to ensure safety on our premises and to detect and prevent crime, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms. CCTV’s are clearly sign-posted. |
| All individuals above and other external persons | ||
| Sending of newsletters, including marketing of our products and services. |
|
Advania’s legitimate interest in being able to inform about and market its operation, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Management of events, meetings and similar activities organized by us or in cooperation with our partners, including follow up of such events. |
|
Advania's legitimate interest in managing events, to the extent that such legitimate interest is not overridden by the interests, fundamental rights or freedoms of the relevant data subjects (Article 6.1 f) of the GDPR). If you submit health data (allergies), we will ask for your explicit consent (Article 9.2 a) of the GDPR). |
| Conducting surveys |
|
Advania’s legitimate interest in conducting surveys, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Development and improve our products and services, e.g. to draft reports, analyses and compile statistics of business various activities. |
|
Advania’s legitimate interest to developing and improving our products and services, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Updating, ensuring and improving the technical functionality of our computer systems and websites and ensuring security in our systems, e.g. in connection with backups, access controls and troubleshooting. |
|
Advania’s legitimate interest to improve services and products as well as the technical functionality of our computer systems and websites and to ensure technical functionality and security in our systems, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Respond to legal requests, e.g. from law enforcement, tax authorities and other authorities |
|
Fulfil legal obligation (Article 6.1 c) of the GDPR). The processing of your personal data is necessary to fulfil our legal obligations. If there is no explicit legal obligation the processing is based on Advania’s legitimate interest to respond to such requests, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Complying with our legal and regulatory obligations under applicable law. |
|
The processing is necessary to fulfil our legal obligations (Article 6.1 c) of the GDPR). |
| Establishing, exercising and defending legal claims: e.g. including collection, review and production of documents, facts, evidence and witness statements. |
|
Advania’s legitimate interest to establish, exercise and/or defend legal claims, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Manage sale and restructuring of all or parts of the business if all or parts of our business would be sold, or in any other way transferred or restructured. |
|
Advania’s legitimate interest to manage sale and restructuring of our business, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
| Engaging in recruitment activities (advertising positions, interviewing, analysing suitability for the relevant position, and recording hiring decisions, offer details and acceptance details, carrying out tests and background checks). |
|
Performance of a contract (Article 6.1 (b) of the GDPR). The processing is necessary to take steps at your request prior to entering into a potential employment agreement with you. Advania’s legitimate interest in carrying out its recruitment activities and handling job applications (to the extent that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms) (Article 6.1 f) of the GDPR); |
5. Information about health and events
We care about your personal data and therefore want to inform you that based on your explicit consent, we may collect health information (allergies) to organize events according to your desires and needs when food or drinks are served (the legal basis of your consent is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way). We will ask for your explicit consent to the processing of this information alongside the invitation or registration to the specific event. Your personal data is stored for 1 month after the event has ended. Please contact us (our contact details are in Section 12below) to revoke your consent or to update the information that is registered about you. Read more about how we process your personal data in our privacy information below.
6. Data security
Advania ensures that your personal data is handled in accordance with appropriate technical and organisational security measures to protect against illicit or unauthorized access to said information as well as destruction, loss, alteration, unauthorized disclosure and other unlawful or unauthorized forms of processing, in accordance with applicable law. At Advania, we only handle necessary information, and only by those who need it in order to provide the best service to our customers, suppliers and other people who come into contact with Advania.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although Advania will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any personal data that you send to us are sent securely.
7. Disclosure of personal data
Our processors
We transfer your personal data to companies processing personal data on our behalf and under our instructions e.g. in the area of IT-services.
Other controllers
We also transfer personal data to other companies, organisations and authorities acting as independent controllers of the personal data received. A list of the categories of such external recipients can be found below.
| Recipient category | Purpose and legal basis | Personal data |
| Accountants, auditors, consultants, lawyers and other outside professional advisors to Advania, subject to binding contractual obligations of confidentiality | To fulfil our legal obligations (Article 6.1 c) of the GDPR) and to achieve our legitimate interest in maintaining business continuity, sourcing finance, managing a proposed sale or merger of our business, and such other purposes necessary for the running of our business such as to establish, exercise and defend legal claims, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
|
| Legal and regulatory authorities (e.g., The Tax Agency) | To fulfil our legal obligations (Article 6.1 c) of the GDPR). |
|
| Customer, suppliers and partners | Advania's legitimate interest in being able to manage the relationship with contact persons at customers, suppliers or partners (Article 6 f) of the GDPR). |
|
| Law enforcement agencies, courts, agents, parties and counterparties |
To fulfil our legal obligations (Article 6.1c of the GDPR) and to achieve our legitimate interest in establishing, exercising and defending legal claims (e.g., in the case of a dispute), to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
|
| Licensors for products and services resold by Advania | Advania's legitimate interest in managing agreements with licensors, e.g., for the licensor to know who the end customer is and their contact person for administration purposes to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
|
| Customer credit check providers | Advania´s legitimate interest under Article 6.1 f) of the GDPR to carry out customer credit checks to the extent such legitimate interest is not overridden by your interests, fundamental rights or freedoms. |
If you run business through sole proprietorship:
|
| Advisors and buyers for the entirety or part of the business and its operations. | Advania's legitimate interest in being able to carry out sales of the entirety or parts of the business, e.g., in relation to company inspections to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). |
|
| Other companies in the Advania group |
Advania's legitimate interest in being able to:
|
|
Your personal data may also be disclosed to relevant third party providers, where our websites use third party advertising, plugins or content. We use such third party providers to maintain the functionality of our websites (to achieve our legitimate interest, to the extent that such legitimate interest is not overridden by your interests, fundamental rights or freedoms (Article 6.1 f) of the GDPR). If you choose to interact with any such advertising, plugins or content, your personal data may be shared with the relevant third party provider. We recommend that you review that third party’s privacy policy before interacting with its advertising, plugins or content.
8. Data retention
Summary
We take every reasonable step to ensure that your personal data are only retained for as long as they are needed in connection with a lawful purpose.
We take every reasonable step to ensure that your personal data are only processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your personal data are as follows:
(1) we will retain personal data in a form that permits identification only for as long as:
(a) we maintain an ongoing relationship with you (e.g., where you are a user of our services, or you are lawfully included in our mailing list and have not unsubscribed); or
(b) your personal data are necessary in connection with the lawful purposes set out in this notice, for which we have a valid legal basis (e.g., where your personal data are included in a contract between us and your employer, and we have a legitimate interest in processing those data for the purposes of operating our business and fulfilling our obligations under that contract; or where we have a legal obligation to retain your personal data),
plus:
(2) the duration of:
(a) any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your personal data, or to which your personal data are relevant); and
(b) an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any personal data that are relevant to that claim),
and:
(3) in addition, if any relevant legal claims are brought, we continue to process personal data for such additional periods as are necessary in connection with that claim.
During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our processing of your personal data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
- permanently delete or destroy the relevant personal data; or
- anonymize the relevant personal data.
9. Cross-border data transfers
Because of the international nature of our business, we may transfer personal data within the Advania group, and to the third parties listed above. For this reason, we may transfer personal data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
If an exemption or derogation applies (e.g., where a transfer is necessary to establish, exercise or defend a legal claim) we may rely on that exemption or derogation, as appropriate. We also rely upon adequacy decisions by the EU Commission where personal data is transferred to countries and recipients covered by such decision (i.e. when the EU Commission has decided that such country and/or recipient provides an adequate protection for personal data). Where no exemption or derogation applies, and we transfer your personal data from the EEA or the UK (as applicable) to recipients located outside the EEA or the UK (as applicable) who are not in jurisdictions that have been formally designated by the European Commission as providing an adequate level of protection of personal data, we do so on the basis of appropriate Standard Contractual Clauses. You may be entitled to request a list of the relevant countries to which your personal data may be transferred and a copy of our Standard Contractual Clauses by reaching out to us using the details provided in Section 12 below.
Please note that when you transfer any personal data directly to any Advania entity established outside the EEA, we are not responsible for that transfer of your personal data. We will nevertheless process your personal data, from the point at which we receive those data, in accordance with the provisions of this privacy information.
10. Your rights
Subject to applicable law, you may have the following rights regarding the processing of your personal data. To submit a request in accordance with the data subject's rights, you may contact us using the details provided in Section 12 below. If we receive a request from you, we may request additional information to ensure that we are providing the information to the right person.
• The right not to provide personal data
You have the right not to provide your personal data to us. However, please note that we may be unable to provide you with the full benefit of our websites or services, if you do not provide us with the necessary personal data.
• Right to access
Subject to applicable law, you may have the right to receive confirmation from Advania that your personal data is being processed by Advania and, if so, to access the personal data and the following information:
- the purpose of the processing;
- the categories of personal data being processed;
- the recipients of personal data (in particular if they are located outside the EU/EEA and if that is the case, the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer;
- the period during which the personal data is processed or the criteria used to determine this period;
- information on the rights set out in this section (such as your right to the rectification or erasure of your personal data);
- information about the source from which the personal data has been collected;
- whether your personal data has been subjected to any automated decision-making, including profiling and meaningful information about the logic involved as well as envisaged consequences for you; and
- appropriate safeguards in case of third country transfers of personal data.
Subject to applicable law, you may also have the right, upon request, to receive a copy of your personal data in a commonly used electronic format.
• Right to rectification
Subject to applicable law, you may have the right to rectification of incomplete or incorrect personal data processed by us. Depending on the purpose of the processing you also have a right to have incomplete personal data completed, including by means of providing a supplementary statement.
• Right to deletion
Subject to applicable law, you may have the right to erasure of your personal data. The right to erasure may apply:
- if you have withdrawn a previously given consent under Article 6.1 a) of the GDPR and there is no legal basis for the continued processing of your personal data;
- if the personal data processed is no longer necessary for the purpose or the personal data is otherwise unlawfully processed;
- if you object to the processing under Article 21 of the GDPR where the processing is based on a legitimate interest (Article 6.1 f) of the GDPR) or public interest (Article 6.1 e) of the GDPR) and there are no compelling reasons to continue the processing or you object to processing for direct marketing purposes; and
- if the personal data have to be erased in compliance with a legal obligation.
Where we have made the personal data public and are obliged to erase the personal data according to the above, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
What is stated above regarding the right to erasure does not apply to the extent the processing is necessary for example:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation; or
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89.1 of the GDPR.
• Right to restrict processing
Subject to applicable law, you may have the right to obtain restriction of processing where one of the following grounds applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful, you oppose the erasure of the personal data, and you request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; and
- you have objected to processing pursuant to Article 21.1 of the GDPR pending the verification of overriding legitimate interests.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. If you have obtained restriction of processing, you shall be informed by us before the restriction of processing is lifted.
• Right to withdraw consent
You have the right to withdraw your consent to the extent that Advania’s processing of your personal data is based on consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your personal data in reliance upon any other available legal bases).
• Right to data portability
When the processing of your personal data takes place on the basis of your consent or because the processing is necessary to fulfil or enter into an agreement with you, and provided that the personal data has been collected directly from you, you have the right to receive a copy of your personal data in a common machine-readable format. To submit a request to exercise your rights, please contact us using the details provided in Section 12below.
• Right to object to processing
Subject to applicable law, you may also have the following additional rights regarding the processing of your personal data:
the right to object, on grounds relating to your particular situation, to the processing of your personal data by us or on our behalf, where such processing is based on Articles 6.1 e (public interest) or 6.1 f (legitimate interests) of the GDPR; and
the right to object to the processing of your personal data by us or on our behalf for direct marketing purposes.
11. Complaints
You are welcome to contact us with questions or complaints regarding the processing of your personal data, using the details provided in Section 12below. However, you also always have the right to file a complaint regarding the processing of your personal data to the relevant Data Protection Authority. Details of the Data Protection Authorities for each EEA jurisdiction can be found here. Details of the UK Information Commissioner’s Office can be found here.
12. Details of controller
For the purposes of this Policy, the relevant controller is:
Advania Finland Oy, reg. no. 21116894-5, Tekniikantie 14, 02150 Espoo, Finland, +358 010 397 8000
Advania has appointed a data protection officer whose task it is to help Advania to comply with current data protection legislation. You are always welcome to contact our data protection officer at the email address compliance.fi@advania.com.
Please use this form to send questions and requests regarding the processing of personal data.
13. Definitions
- “Controller” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the controller has primary responsibility for complying with applicable data protection laws.
- “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
- “EEA” means the European Economic Area.
- “GDPR” means the General Data Protection Regulation (EU) 2016/679.
- “Personal data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
- “Process”, “processing” or “processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” means any person or entity that Processes Personal Data on behalf of the controller (other than employees of the controller).
- “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
- “UK GDPR” means the GDPR as it forms part of the laws applicable in the UK by virtue of section 3 of the European Union (Withdrawal) Act 2018, and as applied and modified by Schedule 2 of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419) or as modified from time to time by other laws applicable in the UK).