This is a privacy policy in accordance with the Finnish Act of 5.12.2018/1050 and the EU General Data Protection Regulation (GDPR). The document also contains information about the use of cookies and settings on our websites.

Effective date: November 30, 2023


1.1. Company Processing Personal Data (hereinafter referred to as ”We”, ”Us” or “Data Controller”) and contact information for inquiries related to personal data.

Sah-Ko Oy (Ltd.)
Lumijoentie 6
90400 Oulu

Business ID: 1963633-2
Phone: +358 50 330 0475


1.2. Purpose of Collecting and Processing Personal Data

We use personal data for the following purposes:

  • Managing requests for offers, purchase transactions and orders.
  • Managing customer relationships, and maintaining and developing customer relations.
  • Assessing customer needs and collecting feedback and customer experiences.
  • Employee recruitment.
  • Marketing and business development.

Personal data is not used for automated decision-making or profiling.


1.3. Legal Basis for Data Collection

The legal basis for the processing of personal data, in accordance with the EU General Data Protection Regulation, may be:

  • Consent from the individual (documented, voluntary, specific, informed, and unambiguous).
  • A contract in which the data subject is a party.
  • Legitimate interests of the data controller.


1.4. Sources of Data Collection (Regular Data Sources)

Data is obtained from various sources, including electronic forms submitted through our websites, order and customer account information provided for online purchases, messages received via email or postal mail, phone calls, social media services, contracts, customer meetings, recruitment processes, public sources, marketing databases, and other situations where individuals provide their information.


1.5. Types of Data Collected

Depending on the method of contact and context, the collected data may include, for example:

  • Name
  • Company/organization
  • Title and position in the company/organization
  • Phone number
  • Email address
  • Address information
  • Purchase history and payment details
  • Billing and credit information
  • Permissions and consents (e.g. subscribing to electronic newsletters)
  • Product and service preferences (e.g. online store product offerings)
  • Other information related to customer relationships
  • Education, work experience, specialized skills, and other information related to job searches and recruitment.


1.6. Routine Disclosures of Data

Data is not disclosed to parties outside of Sah-Ko for marketing databases or similar purposes. Data may be disclosed within the limits permitted by law and upon request by authorities. Data may be published to the extent agreed upon with the individuals concerned.


1.7. Data Disclosure and Transfer Outside the EU or EEA

Our principle is that collected data is not disclosed or processed outside the company, the European Union (EU), or the European Economic Area (EEA). However, data may be disclosed or processed outside the EU or EEA on a case-by-case basis when person contacting us is located outside of EU or EEA and in other cases when e.g. delivering a product or service or managing customer relationships outside of EU or EEA requires it, and the destination country has an adequately high level of data protection.


1.8. Data Security Principles

Data is stored in information systems protected and located in a way that prevents unauthorized access. Only individuals who require the data for their work, such as order processing and customer relationship management, are authorized to view and process the data. For the other personnel the access to data is prevented. A list of individuals handling data is maintained, and they are instructed on proper data handling.


1.9. Individual Rights

Individuals whose data is stored have the right to:

  • Verify the data stored in the register.
  • Find out where the data was obtained.
  • Know why and for how long the data is needed.
  • Find out if the data has been disclosed and, if so, to whom and outside the EU.
  • Request the correction of incorrect data or the completion of incomplete data.
  • Request the limitation of data concerning them.
  • Object to the processing of their personal data.
  • Request the deletion of data (the “right to be forgotten”).

Checking, correcting, restricting, or deleting data is generally free of charge. If a request is unfounded or excessive, we may charge a reasonable fee or refuse to comply with the request.

In all cases, requests must be made to us in writing, either by email or postal mail. Requests are answered within the time limits set by the EU General Data Protection Regulation (1 month, or 3 months for complex requests). Before fulfilling the request, the individual may be asked to prove their identity – this also applies to requests received via email.


Contact Information for Making Requests

By E-mail:

By Letter:
Sah-Ko Oy
Lumijoentie 6
90400 Oulu

If a person believes that we have violated their rights, they have the right to report the violation to the Data Protection Ombudsman’s office.