Privacy Policy

Annie Advisor Ltd (hereinafter the ”Company”) is committed to following good privacy practices. The purpose of this document is to inform the user of this website (hereinafter data subject) about the relevant privacy policies and practices. Personal data shall mean any information by which an individual can be identified.

Last updated: 5th October 2022

Company contact information:

Annie Advisor Oy
Address: Vilhonkatu 4 B 18 A, 00100 Helsinki, Finland
Telephone: +358 40 847 2763

1. Data controller and processors

The data controller is the party who is responsible for the handling of personal data. A processor, on the other hand, is the party who handles personal data on behalf of the controller based on a contract between the controller and the processor.

This privacy policy covers the websites where the Company is the data controller, through which the Company receives and processes personal data and the handling of the received data, i.e. the following:

the website

Annie Advisor Ltd customer information

Personal data is not transferred to third parties. The Company does not use external data processors. Personal data is not transferred, processed or stored outside the EU/EEA area.


2. Categories of personal data and the legal basis for processing

Personal data will be processed in accordance with and in accordance with the provisions of the General EU Data Protection Regulation (hereinafter “GDPR”) and applicable national data protection law. Personal data will only be processed for the purposes mentioned below, and there is always a legal basis for such processing based on the data protection legislation mentioned above.

The following categories of personal information will be processed in connection with the provision of the Company’s website and services:​


3. Information security

The Company protects personal information related to the Company’s websites or services with reasonable, appropriate safeguards to prevent unintentional data leakage, unauthorized processing of personal information, and accidental or unauthorized destruction, use, alteration or disclosure of personal information. The company has implemented appropriate technical and organizational measures to secure personal information. The above measures, such as restricting the access of the Company’s personnel and processors to personal data and storing and processing personal data in encrypted form, have been decided taking into account the harmfulness and probability of possible data leaks, the sensitivity of processed personal data, the conditions under which they are stored and developments in security technology.


4. The data subject’s rights

The data subject under the GDPR has the following rights with regard to personal data, as further explained in Articles 15-21 of the GDPR:

Right to access: the data subject has the right to request confirmation of the processing of his or her personal data in connection with the Company’s website or services and to have access to his or her data

Right to rectification: the data subject has the right to ask the data controller to correct their erroneous or incomplete personal data processed in connection with the Company’s website or services

Right to be forgotten: the data subject has the right to request that personal data concerning him or her be deleted if they are no longer needed for the purpose for which they were collected or processed, if the data subject opposes processing and there are no compelling legal grounds for processing, if personal data are processed unlawfully or if personal data are deleted in order to comply with a legal obligation

Right to restrict processing: the data subject has the right to request a restriction on the processing of personal data if the accuracy of the personal data is disputed, if the processing is illegal or the controller no longer needs such data but the data subject has justified opposition to the deletion, or whether there is a legal basis for the processing

Right to object: the data subject has the right to object to the processing of his personal data insofar as the data is processed in connection with the Company’s website or services under Article 6 (1) (f) GDPR, in which case the controller must prove that there is a compelling legal basis for processing. processing of such personal data

Right to transfer: the data subject has the right to have personal data concerning him and the right to have the above data transferred to another controller in so far as the processing is based on Article 6 (1) (b) of the GDPR

In addition, the data subject always has the right to complain to the competent data protection authority about the processing of his or her personal data in connection with the Company’s website or services. The competent data protection authority in Finland is the Data Protection Commissioner:


5. Contact information for personal data matters

The Company strives to ensure that the personal information it processes is properly up-to-date, accurate and complete. If the data subject wishes to report inaccurate information, request the deletion of personal data relating to him or her or otherwise have questions, comments or other matters related to these security policies, or if the data subject wishes to complain about the processing of personal data of the Company or its customers, they can contact the Company at: In case of personal information processed by the Company on behalf of its customers, the data subject can contact the contact information provided by the customer (i.e. the data controller).

Upon contact, the data subject may be asked to provide proof of identity for data protection reasons.


6. Changes to the Privacy Policy

Changes to this Privac Policy can be made from time to time by uploading an updated version of the document to the Company’s website, after which the updated version will apply. If material changes are made to the data protection policies, the Company will also endeavor to inform about them by other means, such as e-mail, notice in a service maintained by the Company or by notifying the website or social media pages within a reasonable time before the changes take effect.