top of page

Privacy policy

According to the Data Protection Regulation, the data controller has a duty to clearly inform data subjects. This leaflet fulfills the information obligation.

1. The controller

Promenade Insight Oy

Business ID 3241495-3

Linnoitustie 6

02600 Espoo

Contact information for the register

Promenade Insight Oy, CEO Annarita Koli

Linnoitustie 6

02600 Espoo

+358 40 519 1380

annarita.koli (at)

2. Registered

Promenade Insight Oy's customers and visiting users (visitors to the website, people who fill in the contact form, people who sign up for webinars and subscribe to the newsletter).

3. Purpose of personal data

The personal and business information of Promenade Insight Oy's customers and visiting users is collected, processed, used and modified for customer relationship management, service delivery, direct marketing, distance selling and customer contacts. In addition, the data may be used for statistical and business development purposes.

4. Personal data to be stored in the register

The register contains the following information:

Customer register: name and business ID of the organization, name and contact details of the contact person (s), billing information, information about the services ordered, content produced by the customer himself, such as customer feedback.

Visiting users: the user's IP address and metadata about the hardware on which the user is visiting the service.

Users who filled in the contact form: name, organization, e-mail address, telephone number, subject of contact.

Users who signed up for the webinars and newsletter subscribers: name, organization, email address.

The register information of the research services provided by Promenade Insight Oy to its customers is described in the Description of Processing Operations and Subprocessors file, which is provided to customers in connection with the customer agreement.

5. Rights of the data subject

The registrant has the following rights, the use of which must be requested to annarita.koli (at)

Right of inspection

The data subject can check the personal data we have stored.

Right to rectify data

The data subject may request the correction of incorrect or incomplete information concerning him.

The right to restrict processing n

The data subject may request the controller to restrict the processing of personal data concerning him. The right exists, for example, when the data subject disputes the accuracy of personal data. In that case, the processing shall be limited to the period during which the controller can verify their accuracy.

Right of objection

The data subject may object to the processing of personal data if he or she feels that the personal data has been processed unlawfully. 

Prohibition of direct marketing

The data subject has the right to prohibit the use of the data for direct marketing.

Right of removal

The data subject has the right to request the deletion of data if it is not necessary to process the data. We will process the deletion request, after which we will either delete the data or provide a valid reason why the data cannot be deleted. 

It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) specified in the Accounting Act (Chapter 2, Section 10). Therefore, the accounting material cannot be deleted before the deadline.

The right to transfer data from one system to another

The data subject has the right to obtain the personal data provided to the controller in a structured, commonly used and machine-readable form and, if he so wishes, to transfer such data to another controller.

Withdrawal of consent

If the processing of personal data concerning the data subject is based only on consent and not, for example, on the basis of customer relationship or membership, the data subject may withdraw consent.

Right of appeal

The data subject has the right to lodge a complaint with the Data Protection Officer if he or she feels that we are in breach of the applicable data protection legislation when processing personal data.

Contact information of the Data Protection Supervisor:

6. Regular sources of information

Customer information is regularly obtained from the customer himself when the customer relationship is established or via an online form.

7. Regular disclosures

We have ensured that all of our service providers comply with data protection laws. We regularly use the following service providers:

• Google Analytics

• Wix Ascend (web portal contact form and webinar and newsletter registration system)

8. Duration of processing

As a rule, personal data is processed for as long as the customer relationship is valid.

The subscriber can unsubscribe from our marketing list via the link in each of the marketing emails we send or upon request.

9. Processors of personal data

The controller and its employees process personal data. We may also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that the personal data will be processed in accordance with applicable data protection law and only within the limits of the mandate given.

10. Data transfer outside the EU

Customer information may be transferred outside the EU or the European Economic Area on Wix Ascend in connection with newsletter subscriptions and webinar registrations. When data is transferred outside the EU and the EEA, we ensure an adequate level of protection of personal data, including by agreeing on matters relating to the confidentiality and processing of personal data as required by law.

Third parties do not have the independent right to use the information received from Promenade Insight Oy for a wider use than the assignment.

11. Automatic decision making and profiling

We do not use the information for automatic decision making or profiling.

12. Updating the registry description

This Privacy Policy has been updated on 10/31/2021.

bottom of page