Data Protection Policy

Updated on October 28, 2019

Simosol Oy has undertaken to comply with EU’s General Data Protection Regulation (GDPR) that is applied in all EU countries starting from May 25, 2018. 

The purpose of this data protection policy is to inform natural persons of the processing of their personal data. In order to be able to send a message via the contact form on Simosol Oy’s website, the person must accept the terms of this data protection policy.

Data Controller

Simosol Oy (business ID: 2090992-4)

Hämeenkatu 10, FI-11100 Riihimäki, Finland

Tel. +358 44 040 5859

Contact Person Responsible for the Register

Atte Saukkola

c/o Simosol Oy

Hämeenkatu 10

FI-11100 Riihimäki, Finland

Data Content of the Register

Simosol Oy’s contact register contains the following information on natural persons:

  • Name

  • E-mail address

  • Message content

Legal Basis and Intended Purpose of Personal Data Processing

In accordance with EU’s General Data Protection Regulation, the legal basis for personal data processing is the person’s consent (documented, voluntary, individualized, conscious, and unequivocal).

The data shall not be used for automated decision making or profiling, and the data shall not be released to third parties.

The personal data shall be used for:

  • Responding to contacts

  • Developing Simosol Oy’s operations, services, and products

  • Improving the client experience

  • Analytical and statistical purposes


Regular Release of Data and Data Transfer Outside the EU or EEA

The data can be released in accordance with the requirements of competent authorities or other entities and in a manner that is based on the applicable legislation. Primarily, the data shall not be transferred outside the European Union or the European Economic Area unless it is necessary for the abovementioned intended purpose of personal data processing or the technical implementation of data processing, in which case the requirements of the personal data protection legislation shall be complied with.

Without prejudice to the abovementioned, when carrying out assignments outside the EU or EEA, the data can also be transferred outside the European Union or the European Economic Area to the extent necessary for the assignment.

Right to Check the Data and the Right to Demand the Rectification of Data

When the related legal requirements are met, the client has the following legal data protection rights: 

  • Right to obtain access to personal data (GDPR, Article 15)

  • Right to demand the erasure of data (GDPR, Article 17)

  • Right to demand the rectification of data (GDPR, Article 16)

  • Right to demand the restriction of processing (GDPR, Article 18)

  • Right to transfer the data from one system to another (GDPR, Article 20)

  • Right to file a complaint with the supervisory authority (GDPR, Article 77)

  • Right to withdraw consent (GDPR, Article 7 paragraph 3)

  • Right to object to certain processing activities (GDPR, Article 21) 

The request must be submitted to the data controller by sending e-mail to The data controller may ask the person who has made the request to prove their identity, if necessary. The data controller shall respond to the client within the period determined in EU’s General Data Protection Regulation (usually in within a month).

Erasure of the Client’s Data

We shall store the client’s personal data as long as it is necessary for the purposes specified in this data protection policy. If necessary, we shall, if and as long as it is permitted by the law, also store the client’s personal data for other specific purposes, such as the defense of our rights.

Data Protection Principles

The personal data of our clients shall be transferred in a safe and encrypted manner. For this purpose, we use the SSL (Secure Socket Layer) coding system.

Contacts and the related personal data shall only be processed by persons who work for the data controller and need the data for their work tasks and contacting the clients.

Due to service development and legislative changes, we reserve the right to amend the data protection policy.