Privacy Policy

This is Etha Oy’s privacy policy that follows the EU’s General Data Protection Regulation (GDPR). In this privacy policy, we describe how and in which situations personal data is processed and what rights you have as a data subject.

Written March 13, 2023. Updated October 1, 2025.

1. Controller and contact information

Etha Oy (1790018-7)
Vaasanpuistikko 14 B 11
65100 Vaasa
E-mail: info@etha-consultancy.com
Phone: +358 (0)2900 20440 

2. Person in charge of the register 

Caroline Kullbäck
E-mail: caroline.kullback@etha-consultancy.com
Phone: +358 (0) 504024759

3. Purpose and reasons for processing personal data

To develop the products, services, and operations of Etha Oy, to carry out tasks appropriately, and to follow the law, Etha Oy processes personal data mainly for the following purposes and reasons:

  1. The development of products, services, and operations. It is in your and our interest that our products are suitable and modern. We want to be at the forefront of our industry’s development. The personal information you give us by, for example, using our website, helps us realise these goals. This type of personal data processing is based on a legitimate interest.
  2. Providing a smooth website experience. A smooth and user-friendly website makes it more functional and faster to browse. This kind of data processing is also based on a legitimate interest.
  3. The processing of job applications. Etha maintains a job applicant register, which is used for collecting personal information (person’s name, contact information, curriculum vitae) about jobseekers with their consent. Jobseekers’ personal information is collected from the open job applications and possible certifications submitted by them. In addition, we process your personal information to, for example, evaluate the suitability of your work experience, invite you to an interview, and use certain data as the basis for a possible contract of employment. Processing this data may be based on legitimate interests depending on the situation.
  4. The processing of invitations and sign ups. We consider different events to be great opportunities to meet new people and network. As you sign up for an event, we must process your registration. Additionally, Etha Oy maintains an event register where personal data is collected (person’s name and alternatively company/organisation) mainly for invitations. This kind of data processing is based on a legitimate interest.
  5. The management of matters related to the customer relationship. Personal information is processed for handling and managing matters related to customer relationships (offering products and services, sales, delivery and invoicing, managing supplier relationships, and possible processing of support requests and reclamations). In this context, the processing of personal data can be based on both a contract and a legitimate interest.

Regarding personal data processing based on a legitimate interest, Etha Oy has carried out a balance test between your interests and basic rights as well as our interests.

Regarding personal data processing based on your consent, you always have the right to withdraw your consent. For example, you have the right to change your settings on the website or your browser so that cookies are not collected.

4. Categories of personal data the processing affects

The personal data categories to be processed depend on the type of data subject. The different types of personal data categories are:

  1. Technical user data, such as cookies, IP addresses, language settings, location data, software and hardware versions, and which pages you have visited and reacted to.
  2. Basic contact information, such as name, e-mail, address, postal code, and web address.
  3. Information about your position, such as employer, job title, and industry.
  4. Announcements about events.
  5. Marketing permits and prohibitions.
  6. Consents.
  7. Interests.
  8. Certificates, work experience, skills and other work-related information, such as transcript of study records, referees, suitability assessments, and salary requests.
  9. Pictures. For example, pictures of resumes.
  10. Social security number. 
  11. Customer information, such as a legal or physical person and a corresponding office, and other information we need or you deliver to us to process the matter.
  12. Payment information, such as paid amounts, billing addresses, contact persons, and account numbers.

5. Data minimisation

The personal data processed by Etha Oy is limited to what is necessary for each specific purpose. This principle is ensured, for example, by keeping the digital tools used for customer relationship management, sales, and marketing separate from those used for processing job applications. As a result, access to job application data is restricted to personnel involved in recruitment, who ensure that such information is stored only in the appropriate systems. In practice, this means that personal data related to job applications is not automatically transferred to tools used for other purposes.

6. The sources used by Etha Oy

Your personal data is primarily collected through your own activity, for example when you use our website, contact us directly, or sign up for an event. In some cases, we may also obtain personal information from other sources, such as your employer’s website or referees you have named.

We also use cookies and similar technologies to automatically collect certain information when you visit our website or interact with our emails. Through these systems, personal data such as contact details, communication history, and customer interactions may be stored and processed as set out in this privacy policy. This helps us improve the usability of our online presence and measure the effectiveness of our communications and marketing activities, and support in management of matters related to the customer relationship.

7. Recipient categories

Etha Oy processes personal data mainly within its own organisation. In some cases, data may be shared with service providers such as IT, hosting, or consultants who meet privacy requirements. Personal data may also be disclosed in connection with a business reorganisation or sale, to authorities where required by law, during audits or compliance reviews, or to insurers and related parties for purposes such as underwriting, claims, and administration.

8. Personal data retention period

Etha Oy stores personal data as long as it is necessary for the purpose for which it was originally collected. The necessary retention period varies depending on the purpose the data was collected for and to which personal data group your data belongs:

  1. For example, cookies and other personal data we gain access to through your activity on our website or in social media are stored as long as Etha Oy needs them for the development of our products, services, and operations. You can choose (on the website or your browser settings) not to store cookies in your web browser and delete them. When you delete your personal data, Etha Oy no longer stores them.
  2. Personal data is removed from the event register three months after the event. However, Etha Oy may store data for longer if, for example, we want to give you the opportunity to receive invitations to our events in the future as well. In these cases, the retention period varies, but is usually a few years. Upon request, your personal data is removed from the event register. 
  3. Personal data is removed from the job applicant register three months after submitting the application data. 
  4. To maintain our customer relationships, Etha Oy stores personal data for as long as you are our customer or as long as it is deemed necessary. For example, disqualification information may be stored for a longer period of time.

At a minimum, personal data is stored for the period specified by law.

Data is not disclosed to third parties. However, data can be disclosed in accordance with the authorities’ legal requests for disclosure of data.

9. Data transfer outside the EU or EEA

    We primarily store and process your personal data on servers located within the EU and the EEA. We also strive to ensure that all our service providers are based within the EU/EEA.

    However, certain products and services require that personal data may be transferred to, stored in, or otherwise processed in countries outside the EU/EEA. This may occur, for example, when we use third-party IT service providers.

    Where such transfers occur, we or our IT service providers implement appropriate safeguards to protect your personal data in accordance with applicable data protection laws. These safeguards include the use of the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, reliance on adequacy decisions adopted by the European Commission in accordance with Article 45 of the GDPR.

    10. Principles of registry protection

    Databases containing personal data are on a server that is kept in a locked space that can only be accessed by designated and authorised people due to their duties. The server is protected by a firewall and technical protection.

    Access to databases and systems is only possible with separately issued personal user IDs and passwords. Etha Oy has limited access rights and authorisations to information systems and other storage platforms in such a way that the data can be viewed and processed only by the persons necessary for the legal processing of the data.

    The employees of Etha Oy and other people are bound by a separate agreement to comply with professional confidentiality and to keep the information they receive while processing personal data secret.

    11. Rights of the data subject

    You have the following rights under the EU General Data Protection Regulation (GDPR):

    1. Right of inspection. You have the right to check your data and to demand that any errors be corrected. 
    2. Right to object. You have the right to object to data processing if the data has been processed illegally or without permission. 
    3. Right to erasure. You have the right to request the erasure of your personal data to the extent that it is not necessary for the tasks of Etha Oy. 
    4. Right to data portability. You have the right to demand that your data is automatically transferred to another data controller.
    5. Right of appeal. You have the right to file a complaint to a Data Protection Commissioner if you consider that Etha Oy has violated the existing data protection legislation in the processing of personal data. 

    Requests should be sent in writing to the controller to the address specified in the 1st part of this privacy policy. If necessary, the controller may ask the requester to prove their identity. The controller responds to the customer within the time period specified in the EU’s GDPR.

    Cookies

    The website uses the following cookies:

    CookieServiceFunction
    AMCV_AdobeVisitor statistics and monitoring
    _gaGoogleVisitor statistics and monitoring
    _gidGoogleVisitor statistics and monitoring
    _lfaLeadfeederVisitor statistics and monitoring
    aam_uuidAdobeVisitor statistics and monitoring
    Moove_gdpr_popupWebsiteFunctional
    Pll_languageWebsiteFunctional
    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you and your language when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

    Strictly Necessary Cookies

    Strictly Necessary Cookies should be enabled at all times so that we can save your preferences for language and cookie settings.

    3rd Party Cookies

    This website uses Google Analytics, Leadfeeder and Microsoft Clarity to collect anonymous information such as the number of visitors to the site, and the most popular pages.

    Keeping this cookie enabled helps us to improve our website

    Powered by  GDPR Cookie Compliance