Privacy policy


We use cookies to track site usage and trends to enhance your user experience.

Cookies are small data files that a web site you visit may save on your hard drive. They usually include an anonymous unique identifier. A cookie cannot retrieve any other data from your hard drive or pass on computer malware. Cookies collect e.g. the following data: downloaded webpages, browser type, operating system and date and time of browsing.

You can remove or block cookies using the settings in your browser, but in some cases doing so may prevent the website from fully functioning or block your access to certain parts of the website.

We also use Google Analytics to help us understand and analyze how users use our web site. Google Analytics cookies collect anonymous data of the traffic on our website and do not provide us with any personally identifiable information.

You can manage your cookie settings here:
Cookie settings


Privacy policy for Epec Oy’s customer, partner and marketing register.


1. Controller

Epec Oy
Business ID: FI15690673
Tiedekatu 6
60320 Seinäjoki
Telephone +358 20 7608111


2. Contact person for register matters

Manager, ICT Operations & Security
Mika Heiskanen

3. Name of register

Epec’s customer, partner and marketing register.

4. What is the legal basis for and purpose of the processing of personal data?

The basis of processing personal data is the company’s legitimate interest based on a customer relationship or other relevant connection between the parties or the performance of a contract.

The basis of processing personal data is:

  • The delivery and development of our products and services
  • Fulfilling our contractual and other promises and obligations
  • Taking care of the customer relationship and communications
  • Organizing events
  • Collecting feedback, deviation and satisfaction data and other similar measuring of customer experience
  • Sending of a newsletter and other electronic direct marketing
  • Targeting advertising in our and others’ online services.

5. What data do we process?

We process the following personal data of our customers or other data subjects (like individuals participating in our trainings) in connection with the register:

Customer/partner data of the register

  • Customer /partner
  • Customer number
  • Contact person(s)
  • Role of the contact person and title and/or prefix of name
  • Contact details
    • Address
    • Telephone number
    • E-mail
    • Language
  • Customer history (e.g information relating to orders, invoicing and debt recovery)
  • Customer feedback and contacts
  • Possible prohibitions of direct marketing
  • Information relating to trainings and events, such as participation data
  • Technical data relating to the use of our website, such as IP-address and cookies
  • Possible profiling data collected from the use of our website, such as what pages has the user browsed and for how long
  • Possible other data relevant for the purpose of use of the register.

6. From where do we receive data?

We receive information primarily from the data subject him/herself or from the company he/she represents by telephone, online, in events or in other similar ways.

In addition, for the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

7. To whom do we disclose data and do we transfer data outside of EU or EEA?

We do not regularly disclose personal data to third parties. Data may however be disclosed to authorities under compelling provisions.

We use subcontractors that process personal data on behalf of and for us. We have outsourced the IT-management to an external service provider, to whose server the data is stored. The server is protected and managed by the external service provider.

We do not disclose personal data outside of EU/EEA.

8. How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system.

The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.

We store the data as long as it is necessary for the purpose of processing the data. We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

9. What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent.

As a data subject, you have a right to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.

For specific personal reasons, you also have a right to object profiling and other processing concerning you, when processing the data is based on the customer relationship. In connection to your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request on the basis of the law.

As a data subject you have the right to object processing at any time free of charge, including profiling in so far

10. Who can you be in contact with?

All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section 2.

11. Changes in the Privacy Policy

Should we make amendments to this privacy protection statement, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review these privacy protection principles from time to time to ensure you are aware of any amendments made.