Privacy Policy

Your privacy is of utmost importance to us

Although we provide services to businesses and organizations, there are always people behind them. That’s why we collect, store, and process personal data such as contact information from staff at our client companies and from partners. Personal data refers to all information that can be linked to an identified or identifiable person, such as name, email address, and job title.

We act as the data controller for personal data and process it according to this privacy statement and current data protection legislation. Our privacy policy may be updated due to changes in our operations or legislation, so we recommend regular reviews.

In some cases, we may also act as a data processor for our clients, who themselves act as data controllers. In these situations, we follow our clients’ privacy policies, and the processing of personal data is always based on a clearly defined service and privacy agreement with the client company. We then process personal data solely for that particular client and only for the duration of the agreement.


1. Data Controller

The Data Controller for the processing of personal data described in this privacy statement is Exove Design Oy (also referred to as “Exove Design” or “we”):

  • Name: Exove Design Oy
  • Business ID: 2381776-9
  • Address: Mikonkatu 9
  • Zip Code: 00100
  • City: HELSINKI
  • Phone: 040 592 6218
  • Email:


2. Data Protection Officer

The person responsible for data protection matters in our company is Saku Pekka Sairanen:


3. Purpose of the Register

Collected personal data is used for:

  • Identifying the customer and managing access rights.
  • Delivering orders and maintaining and developing customer relationships.
  • Providing or delivering our services.
  • Marketing and customer communication.
  • Improving our services.
  • Research related to customer projects, including customer-requested surveys. Participation in surveys is voluntary and will be communicated in advance to those participating.


4. Basis for Data Collection and Processing

Customer data is collected and processed with the customer’s consent, or to fulfill a contract with the customer.

For research related to our customer projects, the basis for data collection is the consent given by the individual participating in the research.


5. Data Content of the Register

Information collected from our customers or potential customers:

  • Company Name, Business ID, Email Address, Phone Number, Name, Personal ID, IP Address

Data collected during research related to customer projects:

  • Name, Email Address, Phone Number

The collected data my vary depending on the use case. 


6. Data Retention Period

Personal data is stored as long as it is needed to execute a contract with the customer or for customer service improvement.

Especially for research materials, personal data is stored only until the research is concluded. The conclusion of the research is determined based on what has been agreed upon in advance with the customer. After that, all related personal data is safely deleted or anonymized.


7. Regular Data Sources

We mainly collect and process personal data related to our customers, potential customers, and customer project research.

Data is collected:

  • Primarily from the individual themselves.
  • From registers kept by authorities within legally permitted limits (e.g.,
  • For new potential customers, we may also collect so-called prospect data from sources like LinkedIn, company websites, or using prospecting tools (e.g., LeadFeeder or Albacross).

Data is also collected from our website’s contact forms and usage statistics are collected via the Matomo analytics service.


8. Regular Data Disclosures and Transfers Outside the EU or EEA

Data is not regularly disclosed outside the company. Some of the external service providers we use may store data outside the EU or EEA.


9. Use of Cookies

We do not use cookies on our site.


10. Register Security

Data is transferred over an SSL-secured connection.

Electronic data is protected by a firewall, usernames, and passwords.


11. Automated Decision Making

Automated individual decisions (Article 22 of the GDPR) are not made.


12. Rights of the Data Subject

The data subject has the right to inspect the stored data, to correct or delete outdated or incorrect data, and to object or restrict data processing according to GDPR articles 18 and 21. They also have the right to lodge a complaint with a supervisory authority and to opt out of direct marketing.


13. Supervisory Authority

If you feel that we have processed your personal data unlawfully or have other concerns, you have the right to lodge a complaint with the competent supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman:

  • Website: Office of the Data Protection Ombudsman
  • Email:
  • Phone: +358 29 566 6700
  • Postal Address: PL 800, 00531 Helsinki, Finland


Please note that this is a general translation and for legal purposes, the original Finnish document should be referred to.

Get in touch

Tanja Pulksten

Saku Sairanen


  • (+358) 40 5926218

Follow us