Last updated: 1 January 2025

Legal

Privacy Policy

How Sanitas Consultancy Oy collects, uses, and protects your personal data.

1. Controller

The data controller is:

Sanitas Consultancy Oy
Y-tunnus: 3186524-2
Espoo, Finland
Email: contact@sanitasinsights.com

If you have any questions about how we handle your personal data, contact us directly at the address above.

2. What data we collect

We collect only the personal data that is necessary for the purposes described in this policy. This may include:

  • Enquiry data: your name, email address, organisation, job title, and the content of your message when you contact us.
  • Communication data: the content of correspondence between us during or in connection with an engagement.
  • Technical data: basic server logs (IP address, browser type, pages visited) generated automatically when you visit this website. We do not use third-party analytics tracking.

We do not collect special categories of personal data (such as health data about you personally) through this website.

3. How we use your data

We use your personal data for the following purposes and on the following legal bases under Article 6 of the General Data Protection Regulation (GDPR):

  • Responding to enquiries (legal basis: Article 6(1)(b) — steps taken at your request prior to a potential contract; Article 6(1)(f) — our legitimate interest in responding to professional enquiries).
  • Conducting engagements (legal basis: Article 6(1)(b) — performance of a contract).
  • Compliance with legal obligations (legal basis: Article 6(1)(c)).
  • Protecting our legitimate business interests, including record-keeping and defending legal claims (legal basis: Article 6(1)(f)).

We do not use your personal data for marketing without your explicit consent. We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

4. How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Enquiry data where no engagement follows: deleted or anonymised within 12 months of the last communication.
  • Engagement-related data: retained for up to 7 years after the end of the engagement, in line with Finnish accounting and professional obligations.
  • Technical log data: retained for a maximum of 90 days.
5. Who we share your data with

We do not share your personal data with third parties except where:

  • it is necessary to perform services for you and you have been informed;
  • we are required to do so by law or a binding order of a public authority;
  • it is necessary to protect our legitimate legal interests.

We use no third-party advertising, analytics platforms, or social media tracking tools on this website.

6. International transfers

Sanitas Consultancy Oy is based in Finland, which is a member state of the European Union. Your data is processed within the European Economic Area (EEA). We do not transfer personal data to countries outside the EEA as a matter of course. If an international transfer is necessary in connection with an engagement, we will inform you and ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR.

7. Your rights

Under the GDPR and the Finnish Data Protection Act (Tietosuojalaki 1050/2018), you have the following rights in relation to your personal data:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may ask us to correct inaccurate or incomplete data.
  • Right to erasure: you may ask us to delete your data, subject to our legal obligations to retain certain records.
  • Right to restriction: you may ask us to restrict how we use your data in certain circumstances.
  • Right to data portability: where processing is based on your consent or a contract, you may ask us to provide your data in a structured, commonly used format.
  • Right to object: you may object to processing based on legitimate interests.

To exercise any of these rights, contact us at contact@sanitasinsights.com. We will respond within one month.

8. Supervisory authority

If you consider that our processing of your personal data infringes applicable law, you have the right to lodge a complaint with the Finnish supervisory authority:

Office of the Data Protection Ombudsman
Tietosuojavaltuutetun toimisto
PO Box 800, FI-00531 Helsinki
tietosuoja.fi

9. Cookies

This website uses only technically necessary cookies required for basic site operation. It does not use tracking, advertising, or analytics cookies. See our Cookie Policy for details.

10. Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. For material changes, we will take reasonable steps to notify relevant parties.