Privacy Policy

Data Privacy Policy

This Data Privacy Statement explains how Oy Arbonaut Ltd (“we”, “us”, or “the Company”) collects, uses, and otherwise processes personal data in the course of its business activities.

For the purposes of this statement, personal data means any information relating to an identified or identifiable natural person, as defined in the EU General Data Protection Regulation (GDPR).

This statement applies to all individuals whose personal data we process, including customers, partners, website users, event participants, and other stakeholders, regardless of the communication channel used. These channels may include, but are not limited to, telephone communications, websites, digital services, social media platforms, initiatives or projects, and in person events.

This Privacy Statement applies to personal data already collected as well as to personal data that may be collected in the future. It provides general information on our data processing practices and does not cover every possible processing activity in detail. Where necessary, additional privacy notices, contractual terms, participation conditions, or other supplementary documents may apply and provide more specific information.

Oy Arbonaut Ltd processes personal data in accordance with applicable data protection legislation, including the Finnish Data Protection Act and the EU General Data Protection Regulation (GDPR). We are committed to processing personal data lawfully, fairly, transparently, and securely.

This Privacy Policy has been prepared in accordance with Sections 10 and 24 of the Finnish Personal Data Act and Articles 12–14 of the GDPR (prepared on 1 February 2021 and updated on 9 February 2021).

Data Controller

Oy Arbonaut Ltd is responsible for the data processing described here. If you have any data privacy concerns, you can contact us.

Responsible persons and contacts

Collection and Processing of Personal Data

Personal data refers to any information relating to an identified or identifiable natural person. Anonymous data that cannot be linked to a specific individual is excluded.

We primarily process personal data that you provide to us directly, for example when you contact us, use our websites, participate in events, subscribe to newsletters, or interact with us via social media. We also process personal data received from our customers, business partners, event participants, website visitors, and other contacts in the context of our business relationships.

In particular, we may process the following categories of personal data:

• Identity and contact details, such as name, title, date of birth, address, email address, telephone number, professional role, industry, and areas of interest
• Communication data, including correspondence and other communications with us
• Professional information, such as job function, company affiliation, and business activities
• Financial data, including bank or payment card details (where relevant)
• Event-related data, such as registrations, attendance, and participation preferences
• Website and usage data, including interactions with our websites
• Technical data, such as IP address, browser type, language settings, operating system, time zone, access times, and referring URLs
• Image and video material, such as photographs or recordings taken at our events
• Marketing and communication data, including newsletter engagement and communication preferences
• Publicly available or third-party information, such as data from public registers, business partners, or publicly accessible sources
• Any other information that you choose to provide to us

Where required by law or expressly provided by you or competent authorities, we may also process sensitive personal data.

This list is not exhaustive. In specific cases, additional personal data may be processed.

If you provide us with personal data relating to other individuals (e.g. colleagues or family members), you must ensure that these individuals are aware of this Privacy Statement and that you are authorized to share their data.

In addition to data collected directly from you, we may obtain personal data from permitted third-party sources, including employers, business partners, public registers, company websites, media publications, and professional networking platforms. Such data typically includes business contact details relevant to professional and commercial contexts.

Purpose of the Processing of Personal Data

Personal data is processed for the purposes of communicating with customers, managing and maintaining customer relationships, and carrying out marketing activities.

Personal data is not used for automated decision‑making or profiling within the meaning of the GDPR.

Information Content and Use of the Register

When you submit a contact request through our website (www.arbonaut.com), we collect and store the personal data you provide—such as your name and email address—in order to respond to your enquiry.

If you contact us by telephone or email, we may store your name, telephone number, and/or email address in our communication systems to facilitate ongoing and future communication.

We do not sell or otherwise disclose your personal data to third parties for their own purposes. However, we use certain third‑party analytics and marketing tools—including Google Analytics, Facebook Pixel, YouTube, and Leadfeeder—to analyze website usage and improve our online services. These tools collect aggregated and anonymized data about website visitors. The information collected does not allow us to directly identify individual users.

Regular Transfers of Data and Transfers of Data Outside the EU or the EEA

We use cookies and similar technologies on our website, including those provided by Google Analytics, Facebook, YouTube, and Leadfeeder. The information collected through these cookies is used to analyze website usage and improve our online services. Such data may be transmitted to and stored on servers operated by these third parties, some of which may be located outside the European Union (EU) or the European Economic Area (EEA). In those cases, the data is processed in accordance with applicable data protection laws and appropriate safeguards.

We also partner with Microsoft Clarity and Microsoft Advertising to better understand how visitors interact with our website. These services collect usage data—such as behavioral metrics, heatmaps, and session replays—using first‑party and third‑party cookies and similar tracking technologies. The collected data helps us improve website functionality, optimize content, enhance security and fraud prevention, and support marketing and advertising activities.

For more information on how Microsoft collects and processes personal data, please refer to the Microsoft Privacy Statement. the Microsoft Privacy Statement.

Registry Security Principles

Personal data is processed with due care and appropriate technical and organizational measures are applied to ensure data security. Information stored in electronic systems is protected against unauthorized access, loss, alteration, or disclosure.

Where personal data is stored on internet servers, the physical and digital security of the server infrastructure is ensured by appropriate safeguards. Access to personal data is restricted to authorized employees only, and solely to the extent necessary for the performance of their duties. All persons processing personal data are bound by confidentiality obligations.

Right of Access and Right to Rectification

Every person in the register has the right to check the information stored in the register and to request correction of any incorrect information or the completion of incomplete information. If a person wishes to check the information stored about him/her/them or to request correction. If necessary, the controller may ask the applicant to prove his/her/their identity. The controller will respond to the customer within the time limit set by the EU Data Protection Regulation (generally within one month of the request).

Requests for access or rectification must be submitted in writing to This email address is being protected from spambots. You need JavaScript enabled to view it.. The data controller may request verification of identity where necessary. Requests will be handled in accordance with the time limits set out in the EU General Data Protection Regulation (GDPR), generally within one month of receipt.

Cookies

We use cookies to personalize content and ads, to provide social media features and to analyse our traffic. We also share the information about your use of our website with our social media, advertising, and analytics partners who may combine it with other information that you've provided to them or that they've collected from your use of services. Our website uses cookies used by Google, Facebook, Leadfeeder, and YouTube, among others.

Learn more

For more information, please contact Heli Hiltunen, This email address is being protected from spambots. You need JavaScript enabled to view it..