Privacy Policy

Ahola Digital Oy Ab Privacy Policy

Ahola Digital Oy Ab is committed to protecting your individual rights and keeping your personal data safe. There are various ways that you might interact with us, and for work or law-related reasons, we need your personal data. We handle your data in a lawful, fair, confidential, secure, and transparent manner.


This Privacy Policy external is meant to help you understand what information we collect about you, why we collect it, our storing and sharing practices, and what your privacy rights are. This Privacy Policy applies to the personal data processed in our external registry. The external registry contains the personal data of Ahola Group subsidiaries and external business partner’s employees as well as customers’ or applicants’ personal data.


In this Privacy Policy, when we write «you», we mean you as an employee, customer, applicant, or other person in contact with us. When we write «we» (or any similar terms like «us» or «Ahola Digital») in this Privacy Policy, we mean Ahola Digital Oy Ab.


The privacy policy for the services administered by Ahola Digital Oy Ab can be found in each application or set of applications.


In addition to this Privacy Policy, you can read more details about the setting and use of cookies in our Cookie Policy found in the lower left corner of our website


Data controller

Ahola Digital Oy Ab
Tervahovintie 2-4
67100 Kokkola

Corporate ID: 2203169-2
Phone: +358 20 7308130


Contact information for register matters

Email: [email protected]


Name of the registry

External registry


How do we use your personal data and what is the lawful basis for doing so?

The processing of personal data is based on a legal basis for processing that is appropriately chosen for each tool we use. Information is gathered either via consent or in the legitimate interest of Ahola Digital. A balance test has been carried out where the interest of Ahola Digital is weighted against your interest and fundamental rights.


Ahola Digital’s policies require personal data to be used for all access control. We have defined standard tools that all employees and external business partners commit to use, and that are used for external contact as well. Using a legitimate interest represents a real and immediate need – e.g. for performing work tasks, work management, information security, statutory work task monitoring, using purchased services, data security, customer service, sales, marketing, and customer support.


The use of personal data in marketing, sales, and recruitment activities in our business does not override your interests, basic rights, or freedoms. We only collect personal data that is needed to identify and communicate with a person. We do not use personal data for direct marketing or user profiling. We never process children’s personal data.


How long do we keep your personal data?

We will keep your data for as long as they are needed for the purposes for which your data was collected and processed or required by laws and regulations. Data is deleted after the end of the employment, customer, or application relationship, but for some tools, the activities performed remain.


What personal data do we collect?

The external registry contains all or some of the following information:

  • Name
    Display name
    Phone number
    Profile picture
    Activity status
    Browser information
    ISP information: name and Asn record
    External user ID
    Third party user account IDs


How do we collect your data?

We only collect information you provide directly to us.


Who do we disclose your personal data to?

Your personal data can be shared with others to the extent we are under statutory obligation to do so and to fulfill the services and agreements we have with you. We may share your personal data with others such as authorities.


Data flow descriptions for each tool we use include information about what data is obtained and where the servers are located. We prioritize tools with options within the EU, but some tools store data outside of the EU.


We use third party applications to collect, store and convey the data. For more information about their policies, please visit:


How do we protect your personal data?

We use appropriate technical, organisational, and administrative security measures to protect any information we hold from loss, misuse, and unauthorised access, disclosure, alteration, and destruction.


All personal data we collect is treated confidentially. The data in electronic form is stored in information systems that use a personal username and password for authentication, which are issued only to persons employed by Ahola Digital or external business partners. Employees of the company have the right to access the data in the register only when their job requires it.


What are your data protection rights?

You have the right to obtain information on the processing of your personal data. A summary of how personal data is processed is disclosed in this privacy policy.


You have the right to access your personal data we are keeping about you. You can check what personal data is stored in the register and/or ask for a copy of it.


You have the right to rectify your data. If the data we are keeping about you is incorrect or incomplete, you are entitled to have the data corrected or completed. You also have the right to request Ahola Digital to delete obsolete personal data.


You have the right to request the erasure of your data and be forgotten in these cases:
– you withdraw your consent to the processing and there is no other justified reason for processing,
– you object to the processing and there is no justified reason for continuing the processing.


You have the right to restrict the processing of your data. If you contest the correctness of the data that we have registered about you or the lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data. The processing will be restricted to storage only, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.


You have the right to object to the processing of your data. You can always object to the processing of your personal data if the processing is based on Ahola Digital’s legitimate interest.


You have the right to data portability. You have a right to receive personal data that you have provided to us in a machine-readable format.


You have the right to not be subject to a decision based on automated processing. At Ahola Digital we do not use automated decision-making.


Not all of these rights can be exercised in all situations, depending on factors such as the basis for the processing of personal data. Your request to exercise your rights will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.


How to contact us?

Ahola Digital has appointed a Data Protection Officer that you can contact by sending a message to [email protected] or by sending a letter to:


Ahola Digital Oy Ab
Data Protection Officer
PL 550


If you wish to exercise your Individual Rights please send us a message after which we will set up a meeting to confirm your identity. We treat your personal data with the utmost care and we cannot share or change your personal data without confirming your identity. The deadline for giving an answer is usually 1 month. In the case of complex or multiple requests, the deadline may be 3 months.


How to contact the data protection authority?

If you believe that the data protection regulation has been violated in the processing of your personal data, you have the right to file a complaint with the supervisory authority. You can also file a complaint in the Member State where you have a permanent residence or place of employment.


The contact details of the national supervisory authority are:


Office of the Data Protection Commissioner
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PO Box 800, 00531 Helsinki
Switchboard: 029 566 6700
Registry office: 029 566 6768
[email protected]