Cookies & Privacy policy


This Privacy Policy describes what personal information Ave Group Oy (hereafter, ”the Company”) collects, how it is processed, for what purposes and to whom it may be disclosed. The Privacy Policy also provides information on the Company’s obligations with respect to the processing of personal data.

The company shall pay particular attention to the protection of data and shall comply with EU General Data Protection Regulation (2016/679) and all other applicable data protection legislation and good data processing practices in all processing of personal data.

This Privacy Policy applies to all services provided by the company. In addition to customer personal information, this Privacy Policy applies to the processing of personal data of potential customers, as well as to the processing of personal data of business customers, partners, services providers and subcontractors.

Personal data is any information which is related to an identified or identifiable natural person (”data subject”) as defined in the Data Protection Regulation. Information that does not directly or indirectly identify the data subject is not personal information.


Registrar: Ave Group Oy
Business ID: 2733824-7
Address: Norokatu 5, 15170 Lahti
Contact person: Pekko Nieminen


Personal data is processed, for example, for the following purposes:

* ordering the Company’s products and services as well as for, administration, development, quality assurance and communicating 

* business planning and product development

* services relating to personalized customer service and targeted customer communications and monitoring of service use

* marketing and target marketing to customers and potential customers

* Marketing campaign organizer /subscriber

* to ensure the safety of services and to prevent abuse

The legal basis for the processing of registered personal data is the contractual relationship between the Company and the registrant based on the provision/subscription or purchase of the product or service provided by the company. The processing of personal data is also based on legal obligations such as accounting obligations. Processing for customer relationship management and direct marketing is based on the legitimate interest of the Company. 

Electronic direct marketing and subscribing to the Company newsletter are based on the consent or legitimate interest of the data subject. The registrant has the right to withdraw consent at any time (see data subject rights below).


The Company only collects personal data on data subjects that is relevant and necessary for the purposes described in this Privacy Policy. Processed information on the registrant/data subject may include:

Contact information

Name, address, phone number, email address

Customer transaction information and contract information

Information on agreements, contracts, and customer feedback between the Company and the data subject or the Company and the entity represented by the data subject, as well as communications, complaints and other communications between the data subject and the Company

Consent given by registrant

Consent of the registrant to electronic direct marketing as well as consent withdrawal.

Behavioral and technical identification data

Monitoring the registered online behavior and company services, for example through cookies or similar technologies. Information to be collected may include, for example, the user’s IP address, pages used, browser-related specifications, web address, session time and duration.


The provision of the information referred to in paragraphs 1-3 above is necessary to fulfill the contractual and legal obligations between the Company and the data subject and to provide the services of the Company. The provision of the information referred to in paragraph 4 is voluntary and may be withdrawn at any time by the data subject.

Personal data is primarily collected from the data subjects themselves, for example, when making an offer, entering into a contract or during a customer relationship. The registrant may also have provided information to the company by, for example, subscribing to an e-newsletter, social media services or the company’s website.

The Company uses external service providers for marketing, which process the contact details of the data subjects for marketing purposes (e.g. in a newsletter – contact email address).

Personal data may also be collected from the entity on whose behalf the data subject is acting. In addition, information may be collected in situations permitted by law.

The Company’s subcontractors, contractors and partners provide the Company with the data subject’s personal information in situations required by law and contractual obligations.

The Company utilizes online service’s visitor tracking services, e.g. Google Analytics, which utilizes browser cookies and other identity information. More information on these can be found in this service’s own privacy statements.


The Company will retain personal data for as long as is necessary for the purposes described in this Privacy Policy, unless the law requires that personal data be retained longer (such as special legislation, accounting or reporting obligations related liabilities and accountabilities) or unless the Company requires information in order to establish, file or defend a legal claim or to resolve a similar dispute.

Storage time of personal data and the data retention criteria will vary from one category of personal data to another, depending on the purpose for which a particular category of personal data is used. 

Personal data will be processed for the duration of the customer and contract relationship and the time required after the conclusion of the customer and contract relationship. Potential customer information is primarily retained for 1 year.

In the case of entities, the retention of personal data of a representative shall be linked to the length of time for which the data subject acts as a representative for the company.

When personal data is no longer needed as defined above, the data will be deleted within a reasonable time.


Companies belonging to the same entity as the company may process personal data in accordance with data protection law. The Company may outsource the processing of personal data to service providers or subcontractors in accordance with this Privacy Policy. The Company shall ensure through adequate contractual obligations that personal data is properly processed. Personal data may be disclosed to the authorities in situations required by law. The Company will not disclose data subject’s personal data for direct marketing. If a company is involved in a merger, acquisition or other arrangement, it may be required to disclose the personal data of its data subjects to third parties.

The transfer of information to a third party generally occurs via electronic data transmission, but the information may also be transmitted by other means, such as telephone or letter.


In the case of transfer of data outside the European Union or the European Economic Area, the Company will ensure an adequate level of protection of personal data by, inter alia, agreeing on the processing of personal data as required by data protection law, such as utilizing model contract clauses approved by the European Commission.


The Company processes personal data in a manner that ensures the appropriate security and protection of personal data in all circumstances, including protection against unauthorized processing and against accidental loss, destruction or damage.

The processing of personal data shall be subject to appropriate technical and organizational safeguards for protection, including the use of firewalls, encryption technologies, secure device space proper access control and access control, and instructions to personnel.

Contracts and other documents kept in their original form shall be kept in locked premises to which access is restricted only to those entitled thereto. Printed documents will be destroyed securely.

All parties processing personal data are bound by the Employment Contracts Act and the confidentiality clauses of the contracts in dealing with matters relating to the processing of registered personal data.

The Company may outsource the processing of personal data to service providers in accordance with this Privacy Policy, providing the Company through adequate contractual obligations ensures that personal data is processed properly and according to law.


Data subjects have the rights guaranteed by data protection law.

The data subject has the right to obtain confirmation that the personal data of the data subject are being processed. The data subject shall have the right to inspect his or her personal data and, on request, to receive the information in writing or electronic form. 

The data subject has the right to request correction of incorrect or inaccurate information. In addition, the data subject has the right to have his or her data deleted in accordance with applicable data protection law. The Company will also remove, correct and complete for processing purposes any detected spontaneous, unnecessary, incomplete or outdated personal data.

The data subject has the right to request the transfer of his or her data to another controller according to the applicable data protection legislation.

In accordance with applicable data protection legislation the data subject also has the right to restrict personal data processing. In addition, in cases where suspected inaccurate personal data cannot be corrected or deleted or the request for removal is unclear, the Company will restrict access to the data.

The data subject has the right to object to the use of data for certain processing purposes. The data subject has the right to prohibit the disclosure and processing of their data for direct marketing purposes.

Requests relating to data subject’s right shall be made at the time of a personal visit, in writing or electronically and shall be addressed to the contact person mentioned in this privacy statement. Identification will be verified before the information is provided. The request for verification shall be answered within a reasonable time and, whenever possible, within one month of the request being made and of the identity verified.

If the data subject’s request cannot be granted, the data subject shall be informed of the refusal in writing. The Company may refuse a request, such as the deletion of data due to a statutory obligation or a statutory right of the Company, such as a service obligation or claim.

Your consent to electronic direct marketing may be revoked or prohibited by directly contacting the Company’s customer service. Also the registrant can leave the company mailing list at any time by clicking the ”unsubscribe” link in the email.


The data subject has the right to complain to the data protection supervisory authority, if the data subject considers that his or her personal data has been processed in violation of applicable law.

Office of the Data Protection Ombudsman
Street Address: Ratapihantie 9, 6. krs, 00520 Helsinki
Postal address: PL 800, 00521 Helsinki
Switchboard: 029 56 66700
Fax: 029 56 66735


Ave Group Oy is continually developing its services and may need to change and update this Privacy Policy. Revisions may also be based on legislation changes. We recommend that you regularly review the contents of this Privacy Policy. Amendments will be posted on Ave Group’s website and any substantial changes will be communicated to registrants via email.

This Privacy Policy was last updated July 18, 2019.

Ave Group - Closing the gap

We close the gap

Strategy and Business model
Toimeenpano ja muutosprojektit


Phone +358 44 517 5286

Visiting address

Norokatu 5
15170 Lahti

© All rights reserved – 2020 – Ave Group Oy. Website by HEIMO Interactive.