Privacy Statement 2021-01-26

Since privacy and data protection are at the core of our business, it is of paramount importance to us that when processing personal data, we do so in lawful and responsible manner. With personal data we mean any piece of information relating to an identified or identifiable person (‘data subject’) that allows us to identify a person directly or indirectly. Processing of personal data refers to any operation or set of operations which is performed on personal data, such as collection and storing of personal data.

The standard for our personal data processing operations are the relevant national and international regulations and we adhere to the rules and principles set forth in the European General Data Protection Regulation (GDPR).

We want to be transparent about our data processing. You can find more information about Privaon’s data processing from the chapters below. We may update this Privacy Statement from time to time. If we make any substantial changes to our processing, we openly seek to inform you.

Privaon as a Processor and Controller

Privaon acts as processor for the personal data that we process in the context of providing DPO365. Privaon acts as a controller for the personal data concerning our sales and marketing efforts relating to DPO365.

Privaon as a processor

Processor refers to a company or other party which is processing personal data on behalf of the controller and according to the instructions received from the controller.  Privaon acts as processor for the personal data that we process in the context of providing DPO365. Our corporate customer remains the controller for the personal data.

Privaon as controller

Controller refers to a company or other party which is in charge of the processing and determines how the personal data is processed.   DPO365 contains links to websites that don’t belong to or are not operated by Privaon. Such companies have their own policies for data protection. We recommend that you take a look at their privacy notices before using their services.

Contact Information

If you have any questions or comments, please contact us by using Privaon’s DSAR Chatbot or by calling us:

  • Privaon Oy
  • Upseerinkatu 1-3
  • 02600 Espoo
  • +358 50 328 1446

Collection and Use of Personal Data

Our core business is not the collection of your personal data. Therefore, we process only a minimum amount of personal data necessary to operate our business, to offer and provide our services. In the context of DPO365, we will only process your personal data for predefined purposes, and we make sure that we have legal grounds for it.

As Processor, we process personal data for the following purposes:

  • To provide our services. This includes processing contact information, billing information and other information which you have directly provided to us to:
    • Provide demo or trial of our product,
    • Setup a user account,
    • Provide, operate and maintain the Services,
    • Process and complete transactions.
  • To enhance customer experience. This includes the processing usage information, log information, information collected by cookies and other similar technologies, customer feedback to:
    • Making recommendations of using to service,
    • Prevent and investigate fraudulent or non-authorized activity,
    • Manage our customers’ use of the Services, respond to enquiries and, comments and provide customer service and support,
    • Send customers technical alerts, updates, security notifications, and administrative communications.

We process your personal data in this context based on the contract that we have in place with you or our legitimate interest for security purposes (e.g. the prevention and investigation of fraudulent activities).

As Controller, we process personal data for the following purposes:

  • To market and advertise our products. This includes processing, for example, contact information, information about purchases, your requests and information about your preferences. We may obtain your personal data also from publicly available sources, such as from your company’s website, LinkedIn or Fonecta Finder.
  • To conduct market research. This includes processing of necessary contact information and the answers you have provided for us. The contact details of the potential participants are collected among our business contacts and from publicly available sources.

In this context, we process your personal data based on our legitimate interest to advertise our services. Our marketing research is based on our interest to gain insights from customers, potential customers and other stakeholders. With regards to electronic direct marketing, we process your data only if you have given your consent for it.

More information

As a we are a company dependent on business operations, we do marketing for our business contacts. We keep records of our clients’ and potential clients’ details to market and provide more information about our products and services. This could mean for example invitations to our events and other marketing activities to promote our services.
We use online advertising networks, social media companies and other third-party services to send marketing communication and display ads on other websites and services you may use. You can ask us to remove your data from these channels at any time by contacting us. You can unsubscribe from our mailing list by using the unsubscribe link in the relevant email.

Disclosures and Data Sharing

We use third-party service providers to provide our services and to help operate our business efficiently. As a responsible company, we always use various contractual and other arrangements to ensure that our service providers process your personal data in accordance with the laws and good data processing practices. Some of our service providers or their support functions are located outside the EU and EEA.

To ensure the confidentiality and high level of protection for your data, we have a data processing agreement with every service provider we use for the personal data processing. Our processors do not have the permission to process your information in any ways beyond the agreed services.

We may have to disclose certain information to public or law enforcement authorities when this is required by law. We only do so on the basis of an adequate legal warrant or subpoena issues by a Finnish or other relevant Court.
In case of mergers or acquisitions, the acquiring entity may obtain access to relevant customer data assets.

Some of our service providers or their support functions are located United States. When the processing involves transferring personal data outside EU or EEA, we use appropriate legal mechanisms to ensure the same level of data protection as in the EU. The measures we rely on are the model contractual clauses issued by European Commission.

ProcessorPurposesCategories of Personal DataPersonal Data Transfers Outside of the EU/EEA
Koivu CloudService deliveryName



User photo (optional)

No by default. It is possible the support tasks may transfer some personal data outside EU/EEA.
Google FirebaseUser authenticationTokenNo by default. It is possible the support tasks may transfer some personal data outside EU/EEA.
Microsoft AzureUser authenticationTokenNo by default. It is possible the support tasks may transfer some personal data outside EU/EEA.
ZendeskCustomer supportName



Support request

No by default. It is possible the support tasks may transfer some personal data outside EU/EEA.

Data Security

Privaon has appropriate security policy and procedures in place to protect personal data from loss, misuse or unauthorized access.

We guarantee that your data is kept confidential and secure. All the employees authorized to process your data are committed themselves to confidentiality. We have a role-based access control, meaning that each employee is given access to resources and personal data based on the employee’s needs and job description. All networks and services used by our employees are protected with appropriate security measures.

We have a procedure to manage data breaches which allow us to assess the possible risks, notify the relevant authorities and alert you in case your personal data may have been affected. We regularly educate all employees to ensure the protection of your personal data.

Your Rights

When Privaon is processor: The controller is responsible for the lawful processing of your personal data and executing your rights as a data subject. The customer using DPO365 has access to all their personal data and can execute their rights in the service. Upon request, Privaon assists customers executing their data protection rights.

When Privaon is controller: You have several rights concerning your personal data, such as right to access, update, delete and have a copy of such data. We seek to ensure that you can exercise your rights efficiently. You can exercise your rights by using the Privaon’s DSAR Chatbot.

  • When you have given a consent for the processing, and you do not want us to continue processing your data, you have a right to withdraw your consent at any point. You can unsubscribe from mailing list by using the unsubscribe link in the relevant email. You can also withdraw your consent by using Privaon’s DSAR Chatbot at the bottom of this page
  • When we process your data, we have taken your rights and interests into consideration. Especially when we process your data on the basis of our legitimate interests, for example for marketing and research purposes. We have assessed the processing and we ensure that it will not cause any significant intrusion into your privacy, or any other undue impact on your interests and rights. If you wish to hear more about the conducted assessments, please contact us. You have the right object to such processing at any time by contacting us.
  • You have the right to obtain a confirmation whether your personal data is being processed or not and if you wish, receive a copy of such data. This right is known as the right to access.
  • We want that your personal data is correct and up to date. You can always contact us to have your data corrected, updated and completed. This right is known as the right to rectification.
  • In principle, you have right to have your personal data erased in part or in full. If you request the erasure of your personal data, we will assess whether we can erase such data. Please notice that we may have a legal right or obligation to keep your data for certain period of time. This right is known as the right to erasure or the right to be forgotten.
  • If you object to processing, contest the lawfulness of the processing or the accuracy of the data, or if you need your data in legal proceedings, you have right to ask us to restrict the processing of your personal data until the matter has been solved. This right is known as the right to restriction of processing.
  • If you consider that the processing of personal data relating to you infringes the GDPR, you have the right to lodge a complaint with your local data protection authority. If you need more help with the exercise of this right, please contact us by using Privaon’s DSAR Chatbot.


If you wish to exercise your rights, or if you have any other question relating to the processing of your data or this privacy statement, please contact us by using Privaon’s DSAR Chatbot at the bottom of this page.


Service ( The Service only uses strictly necessary cookies which help make the Service navigable by activating basic functions such as page navigation and access to secure Service areas. Without these cookies, the Service would not be able to work properly.

Website ( We use cookies and other similar technologies to collect data on the usage of our Services. By analyzing our Service usage, we aim to maintain and further develop our Services. For example, we get information on which service pages you go to and how you navigate between the pages. In order to develop our Service, it is important to know what kind of Service content is most efficient and functional. The collected data also helps us to provide more personalised services and marketing to you. We can for example create target audiences and send them more relevant and personalised communication such as advertising and messages. You can always disable cookies altogether in the browser settings or you can delete cookies from the browser and disable all targeted advertising and communication based on your previous visits on our website.

This website is owned and operated by:

  • Privaon
  • Hevosenkenkä 3, A-tower 8th floor
  • 02600 Espoo, Finland
  • Phone: +358 50 328 1446
  • VAT : FI26478002

The information in this Cookie Policy is provided to you in an open and transparent way, so that you can see how cookies are used to enrich your visitor experience and make an informed choice to allow their usage. However, if you wish to delete cookies, this can be done via settings in your web browser. Below you can read more about our use of cookies.


When you visit this website your online device will automatically receive one or several cookies, which are transferred from this website to your internet browser.

What is a cookie?

A cookie is a small text file. It does not contain any personal information and is not able to collect information.  Two types of cookies can be used, “session-only” and “persistent”. “Session-only” cookies are deleted when you end your browser session. “Persistent cookies” remain on your device for the time period set in the cookie after which time they delete themselves. However, these cookies may be renewed every time you visit the website.

Cookie types

It is common to distinguish between first-party cookies and-third party cookies. First-party cookies are allocated to the website that you visit while third-party cookies come from a third-party, such as a web analytics program.

Why do we use cookies?

We use cookies to assess content usage and to compile statistics about the use of the website in order to improve the user experience. This data may be used to define where the visitors come from, what content is viewed and for how long. This information cannot be used to identify a visitor as an individual.  Both first-party and third-party cookies may be used on this website.

How long will cookies be stored on my computer?

Cookie lifetime may vary. Some cookies will disappear when you close the browser while others exist for longer. For more information on cookie expiry see the cookie declaration.


Pixels are codes on our website, which allows us to optimize marketing (retarget website visitors, reports) and track conversions. By using pixels, we can offer well-targeted and interesting content. Read more about pixels we use: Linkedin’s Insight Tag and Facebook pixel. In addition, we use open tracking in our newsletter. Open tracking helps us to develop more interesting content to our newsletter.

Read more about the service providers that we use.

Google Analytics

For website analytics we use Google Analytics, a web analytics service provided by Google. Google Analytics collects first-party cookies, data related to the device/browser, IP address and on-site activities to measure and report statistics about user interactions on our website. Google Analytics uses IP addresses to derive the geolocation of the visitors in our website, and for the security of the service.

We have applied IP masking which means that Google Analytics will anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. The anonymization is done as soon as technically feasible at the earliest possible stage of the collection network which means that the full IP address is never written to disk.

You can prevent Google’s collection and use of data by downloading and installing the browser plug-in available or use other advertising and tracking prevention tools.

We also use Google Analytics to analyse data from AdWords and DoubleClick Cookies. You can deactivate this data processing in Google’s privacy settings here.

Can I still visit the website if the cookie-function is disabled?

Yes. Should you have cookies disabled on your online device, you will continue to have the same access to the website content as with cookies enabled. However, some functions such as surveys and tools might operate with reduced functionality or not at all.

How to avoid or delete a cookie?

You can manage your cookie preferences when you enter our websites by clicking “Manage Preferences” shown in the cookie banner. You can later access preferences by clicking a cookie icon shown in lower left corner our web site.

You can alter your browser settings to not accept cookies or delete the cookies from your computer. Different web browsers may use different methods for managing cookies. Please follow the instructions below, from the most common web browser manufacturers directly, to configure your browser settings*.

* These links are to third party sites, over which we have no control – no liability can be claimed if they are inaccurate.

Cookie Policy

What is a cookie?

A cookie is a small datafile that is saved on your computer, tablet or mobile phone. A cookie is not a program that can contain harmful programs or viruses.

How/why the homepage uses cookies

Cookies are necessary for the homepage to function. Cookies help us get an overview of your visit to the homepage so that we can continually optimise and adjust the homepage to your requirements and interests. For example, cookies remember what you might have added to a shopping cart, if you have previously visited the page, if you are logged in and what languages and currency you want displayed on the homepage. We also use cookies to target our ads to you on other homepages. On a very general level, cookies are used as part of our services in order to show content that is as relevant as possible to you.

How long are cookies saved?

How long cookies are saved on your device can vary. The time when they are scheduled to expire is calculated from the last date you visited the homepage. When cookies expire, they are automatically deleted. You can view a complete list of cookies below.

This is how you can reject or delete your cookies

You can always reject cookies on your computer, tablet or phone by changing your browser settings. Where these settings can be found depends on the type of browser you are using. If you do change the settings, please be aware that there will be some functions and services that you cannot use because they rely on the homepage being able to remember the choices you have made.
You can choose to not receive cookies from Google Analytics here.

Deleting cookies

You can delete cookies that you have previously accepted. If you are using a PC with a recent version of a browser, you can delete your cookies by using these shortcut keys: CTRL + SHIFT + Delete.

If the shortcut keys do not work and/or you are using an Apple computer, you must find out what browser you are using and then click on the relevant link:

Remember: If you are using several different browsers, you must delete the cookies in all of them.

Do you have any questions?

Should you have any questions or comments in connection with this information and/or our processing of personal data, you are welcome to get in touch with us. The cookie declaration itself is updated every month via Cookie Information. If you have any questions regarding the Cookie Information, you can send an email to


Cookie declaration last updated on 26.04.2021

Strictly necessary 2

Strictly necessary cookies help make a website navigable by activating basic functions such as page navigation and access to secure website areas. Without these cookies, the website would not be able to work properly.
NameProviderPurposeExpiryData ProcessorData Processor Privacy Policy
CookieInformationConsentdpo365.comSupports the website’s technical functions.a yearCookie Information
AWSALBCORSwidget-mediator.zopim.comSupports the website’s technical functions.7 daysAmazon Web Services

Functional 3

Functional cookies make it possible to save information that changes the way the website appears or acts. For instance your preferred language or region.
NameProviderPurposeExpiryData ProcessorData Processor Privacy Policy
__cfduid.zopim.comCollects information about the users and their activity on the website, which is used to deliver personalized customer service and content.a monthZendesk
AWSALBwidget-mediator.zopim.comCollects information about the users and their activity on the website, which is used to deliver personalized customer service and content.7 daysZendesk
__zlcmid.dpo365.comCollects information about the users and their activity on the website, which is used to deliver personalized customer service and content.a yearZendesk

Statistical 4

Statistical cookies help the website owner understand how visitors interact with the website by collecting and reporting information.
NameProviderPurposeExpiryData ProcessorData Processor Privacy Policy 2 yearsGoogle Analytics
_ga.dpo365.comCollects information about the users and their activity on the website for analytics and reporting purposes.2 yearsGoogle Analytics
_gat_gtag_UA_xxx_xxx.dpo365.comCollects information about the users and their activity on the website for analytics and reporting purposes.a few secondsGoogle Analytics
_gid.dpo365.comCollects information about the users and their activity on the website for analytics and reporting purposes.a dayGoogle Analytics

Marketing 1

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and interesting to the individual user and thus more valuable for publishers and third-party advertisers.
NameProviderPurposeExpiryData ProcessorData Processor Privacy Policy
_lfa.dpo365.comCollects information about the users and their activity on the website. The information is used to track and analyze user behaviour and to deliver targeted advertising.2 yearsLeadfeeder

Unclassified 1

We are in the process of classifying unclassified cookies together with the providers of the individual cookies.
NameProviderPurposeExpiryData ProcessorData Processor Privacy Policy
pll_languagewww.dpo365.comPendinga year  

Your consent applies to the following domains:

Retention Periods

When Privaon processes personal data as processor, we process customers’ personal data as long as we have a valid contract with the customer. Upon termination of contract, all customer data is deleted after 12 months.

When Privaon processes personal data as a controller, we have determined retention periods based on the purpose of the processing and the applicable legislation. For example, the accounting related laws require us to store your personal data for a certain period. We review the personal data we collect (e.g. the information of our business contacts) regularly to ensure that the personal data we have is up to date and is not retained longer than needed or required by the relevant laws.

When not limited by applicable legislation, the retention periods are defined as follows:

  • We retain your personal data for two years after the termination of the service agreement unless no other retention times are defined in the agreement.
  • If you are listed as a potential customer, your personal data is erased when we have no reason to assume that you would be interested in our services. This usually takes place if we have not been in touch with you for past 12 months.

If you wish to have more detailed information about our retention times, please contact us by using Privaon’s DSAR Chatbot at the bottom of this page.