Privacy Policy

Privacy policy in accordance with EU General Data Protection Regulation 2016/679. Updated December 2, 2025

1. Data Controller

Data Controller:
Väriset Oy
Business ID 2461882–5
Rajamaankaari 22a
02970 Espoo

(Hereinafter "data controller")

Companies within the Väriset Group that process personal data for customer register processing purposes as data processors on behalf of the data controller are:

a) Väriset Uusimaa Oy 3167184–3
b) Väriset Pirkanmaa Oy 3167183–5
c) Väriset Varsinais-Suomi Oy 3322540-9
d) Väriset Suomi Oy 3498613-8

All companies act as data processors.

2. Contact Details for Registry Matters

info@variset.fi

3. Name of the Register

Väriset Group personal data register concerning the processing of personal data in sales, marketing, and customer relationships.

4. Information Contained in the Register

Our customer, sales, and marketing register may contain the following information about registered individuals: name, address, email address, phone number, apartment identifier, warranty-related and other repair information, billing and payment information, information regarding marketing consent or prohibition, information generated in connection with opinion surveys, information from free-form conversations during chat service use, and information obtained in connection with the use of communication and other services.

Cookies

The Variset.fi website uses cookies to improve user experience, optimize customer communication, and collect information about website usage. By using the website, the user must either accept or reject the use of cookies when visiting the site. In the cookie policy, "cookies" refers to cookies or similar technologies that comply with the requirements of the General Data Protection Regulation.

When visiting our site, information may be collected about the visitor's computer, IP address, browser used, and server. The use of cookies is based on the consent given by the registered individual on the website. Refusing cookies may affect the technical functionality of the site.

What is a cookie?

Cookies are small text files containing information that an opened website creates. They are stored on the visitor's device so that the user can use the various functions of the website. Our website uses session-based, time-limited, and persistent cookies. A session cookie is temporarily stored in the computer's memory while the visitor browses the website. This cookie is deleted when the user closes the web browser or when the session ends. A persistent cookie remains on the visitor's computer until it is deleted.

5. Purpose of Personal Data Processing and Legal Basis for Processing

Personal data is processed for purposes related to managing, developing, and administering customer relationships, implementing contracts or pre-contractual measures, inquiries, preparing and sending quotations, providing and delivering services, communicating project events, handling warranty repairs, and billing. Additionally, the data is used to conduct customer satisfaction surveys.

6. Recipients or Categories of Recipients of Personal Data

The data controller may use third-party services for data processing, for example, in relation to IT services, in which case the data controller ensures lawful processing of data through contractual arrangements and by instructing third parties on data processing. Third parties may vary. These third parties process data only on behalf of and at the instruction of the data controller.

7. Transfer of Personal Data Outside the EU or EEA

Some of the services used by the data controller for personal data processing may operate outside the territory of the European Union member states or the European Economic Area. In such cases, data transfers comply with data protection legislation requirements and use, for example, the European Commission's standard contractual clauses when agreeing on data transfers with data processor parties.

8. Retention Period for Personal Data

Personal data is retained for as long as necessary to fulfill the purpose for which it was collected in accordance with this privacy policy. Personal data retention takes into account inactive personal data, which is regularly deleted. The retention period is affected by, for example, the length of the contract's warranty period.

9. Rights of the Data Subject

a. Right of access to personal data and right to rectification

According to Article 15 of the Data Protection Regulation, the data subject has the right to obtain a free copy of their personal data or otherwise gain access to their own personal data. The data subject has the right to request that the data controller rectify inaccurate and incorrect personal data concerning the data subject without undue delay.

b. Right to erasure

The data subject has the right to have their data erased from the register if the data is no longer needed for the original purposes and there is no longer a basis for processing the data, such as fulfilling a contract or legal obligation.

c. Right to restriction of processing

The data subject has the right to have the processing of data restricted to storage only if the data is inaccurate; the processing is unlawful and the data subject does not want the data erased; the data controller no longer needs the data for processing purposes, but the data subject needs it for the establishment, exercise, or defense of legal claims; or the data subject has objected to the processing of personal data on grounds relating to their particular situation, pending verification of whether the data controller's legitimate grounds override those of the data subject.

d. Right to data portability

The data subject has the right to have their data, which they have provided to the data controller, transferred from one system to another, for example, when the legal basis for processing is the data subject's consent or a contract and the processing.

e. Right to withdraw consent

When processing is based on consent, the data subject has the right to withdraw consent at any time during processing. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

f. Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data has violated data protection regulations. In Finland, the supervisory authority is the Data Protection Ombudsman (www.tietosuoja.fi). Exercising this right does not limit the data subject's other administrative remedies or legal remedies.

10. Potential Risks Related to the Rights and Freedoms of the Data Subject and Applicable Security Procedures

The data controller and the providers of systems related to the customer and marketing register who process personal data on behalf of the data controller are committed to processing and protecting personal data in accordance with applicable legislation. The data communication connection from the user's browser to the data controller's external server is encrypted. Electronically processed material is collected in databases that are protected by firewalls, passwords, and other technical means, and access rights are restricted only to persons whose job duties require the use of the systems. Use of the systems requires a username and password, and only authorized personnel have access to the personal data being processed. System audits are performed regularly to ensure the continuity of data security.