SuomiLog in:

Privacy policy statement

Privacy policy statement complying with the Personal Data Act (523/99) and the EU's General Data Protection Regulation

Updated 14 December, 2020

1.   Controller

Rapal Oy, Hevosenkenkä 3, 02600 Espoo, Finland,

2.   Contact person for matters relating to the data file

Reetta Niinimäki, Data Protection Officer

Contact information for the Controller:

Data Protection Officer:

3.   Name of the file

Data file based on customer relationship and factual connection with Rapal Oy and its subsidiary

4.   Purpose of the data file

Personal data are used to manage contacts based on customer relationship and factual connection, to deliver and invoice orders, to control customer events, to implement the rights and responsibilities of parties, to develop and analyze the controller’s operations, to handle customer communication and profiling, to provide and personalize services, to carry out (targeted) marketing and advertising, to prevent and investigate abuse as well as to plan and develop business. The data may also be processed based on and in accordance with permission granted by the data subject.

Personal data in the data file may be used, as permitted by applicable legislation and subject to permission or prohibition, for the controller’s direct advertising, distance selling, other direct marketing, opinion polling, market research and other equivalent personalized mail. 

The personal data in the data file will be removed when the purpose for their use has ended, unless otherwise provided in legislation valid at the time.

5.   Data contained in the file

The data file contains data related to the customer relationship management of present and potential customers. Data pertaining to the following groups can be handled in the data file:

  • The first and last names of the user and/or subscriber
  • The user’s and/or subscriber’s addresses, email addresses and phone numbers as well as other related data, such as country of residence and language
  • The name and contact information of the user’s and/or subscriber’s organization
  • The start and end date of the factual connection

Based on the user’s and/or subscriber’s notifications, data pertaining to the following groups can also be handled in the data file:

  • Occupational status, title or profession and field of duties of the user and/or subscriber
  • Digital identification, such as social media profile address and web page, of the user and/or subscriber
  • Interests indicated by the user and/or subscriber as well as other data that the data subject has added or supplied through customer service
  • Permissions and prohibitions indicated by the user and/or subscriber
  • Event and user analytics, such as behavioral data collected through cookies
  • Data related to the user’s device, such as the terminal, IP address, operating system

6.   Regular sources of data

Personal data are collected from the data subject or the party that has made a group subscription on the subject’s behalf by phone, mail, email or in a similar manner as well as from the controller’s systems during registration for and use of services through cookies and corresponding techniques. Personal data can also be collected, for example from social media related to the controller’s operations, where data about the data subject is available.

The permission to collect and process personal data is based on the selection that users of our software make in the software.

7.   Disclosure and processing of data outside the EU or the EEA

Rapal Oy may disclose data to the authorities as permitted and obligated by valid legislation. Personal data are not disclosed to external parties.

Personal data may also be processed outside the EU or the EEA, since we use the cloud-based Hubspot software as the platform for our marketing automation and website. In this case, personal data will be transferred in compliance with the EU’s standard clauses. Read more about Hubspot’s privacy policy at  

We are using Leadfeeder tool on our webpages. Leadfeeder is a lead generation tool for B2B companies. Leadfeeder identifies companies visiting websites based on the IP address of the visit. Read more about Leadfeeder's privacy policy at

The controller may disclose data, as permitted and obligated by valid legislation, to select cooperation partners for marketing purposes, for example, unless the data subject has prohibited such disclosure.

8.   Principle governing file protection

The controller must ensure that

  • Personal data can only be accessed by individuals specified by Rapal Oy, who have the right to process personal data within the scope of their work.
  • These individuals can access the system with their personal user ID and password.
  • The data are collected in databases protected (using a firewall) with passwords and other technological means.

9.  Right of access, right to prohibit processing, right of rectification and right of transfer Right to inspect, prohibit and correct data

The data subject has the right to access their data stored in the data file and have erroneous data rectified. The data subject also has the right to restrict or oppose data processing and prohibit it as well as to have their data transferred to another data file, if technically feasible and possible in view of the nature of the service. The request for access to data must be submitted in writing and signed to the Data Protection Officer in charge of data file-related matters (contact information under item 2). Requests for access must be responded to within two weeks of the request. The data subject may file an appeal with the supervisory authority, Office of the Data Protection Ombudsman.