Privacy Policy

Privacy Policy

Effective date: 29th January, 2026

Controller: Ltd Checkmark Oy (Business ID: 2278277-9)

Registered address: Hallipussi 5, 76100 Pieksämäki, Finland

Contact for privacy matters: checkmark@checkmark.fi,  Tel: +358 20 123 0700


This Privacy Policy applies to personal data we process in the EU/EEA under the General Data Protection Regulation (GRPR)
1. Overview – this Privacy Policy applies to you if you:  
  • Represent a company that is a customer, potential customer, or other business contact
  • Represent a supplier, vendor, or partner
  • Visit our website
  • Contact or communicate with us
  • Subscribe to our news, marketing, or information updates
2. Purposes of processing 

We process your personal data in order to: 

  • Communicate with you regarding inquiries or ongoing business
  • Administer, negotiate, and execute agreements
  • Provide customer‑service, support and troubleshooting
  • Send newsletters, marketing or updates (based on your consent or legitimate interest, depending on the relationship)
  • Plan and arrange events
  • Manage claims, ensure security, prevent abuse
  • Comply with legal obligations such as accounting, taxation and regulatory
    requirements
3. Legal bases for processing

When relying on legitimate interests, we ensure that such interests are not overridden by your rights and freedoms. 

Depending on the purpose, we rely on: 

  • Performance of a contract (Art. 6(1)(b) GDPR)
  • Legal obligations (Art. 6(1)(c))
  • Legitimate interests (Art. 6(1)(f))
  • Consent (Art. 6(1)(a)), specifically for marketing or optional cookies
4. What personal data we process 

Typical categories include: 

  • Name, title/role, employer/company details 
  • Email address, phone number, postal address
  • Contract, order and account information
  • Communication history and preferences
  • Website usage data (only when you have given consent for non-essential cookies)
5. Sources of data 

We primarily receive your data: 

  • Directly from you when you contact or interact with us
  • From the company you represent
  • From service providers that support our operations (e.g., CRM, analytics — only where lawfully permitted)
  • From publicly available sources where relevant
6. Who is responsible for your data?

Ltd Checkmark Oy (Business ID: 2278277‑9) is the controller for the processing of personal data described in this Privacy Policy.

If you interact with other members of our wider group or ecosystem through joint projects, the relevant company will act as controller for that interaction. 


7. Who can access your personal data? 
Your personal data may be accessed by:

Internal recipients

  • Checkmark employees who need the information to perform their work
  • Other group entities if necessary for service delivery

External recipients / processors

  • We share personal data with carefully selected processors such as:
  • IT service providers
  • Cloud/hosting and security service providers
  • CRM and communication platforms
  • Marketing service providers (only when you have given consent)
  • All processors act under written data processing agreements
8. International data transfers 
For services provided by US-based companies, we rely on the EU-US Data Privacy Framework where applicable. If  data is transferred outside the EU/EEA, we ensure appropriate safeguards such as:
  • Adequacy decisions, or
  • Standard Contractual Clauses (SCCs)
9. Retention periods 

We retain personal data only as long as necessary:

  • Contract/account information: contract duration + statutory periods
  • Accounting and invoicing data: per Finnish statutory bookkeeping rules
  • Support data: typically up to 36 months
  • Marketing data: until consent is withdrawn or after defined inactivity
  • Cookie identifiers: according to our Cookie Policy and consent preferences
10. Your rights 

You have the right to:

  • Access your personal data
  • Rectify incorrect or outdated data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Object to processing (especially marketing)
  • Data portability
  • Withdraw consent at any time or lodge a complaint with the Finnish Data Protection Ombudsman
11. Supervisory authority
Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki
PL 800, 00531 Helsinki

tietosuoja@om.fi  

+358 29 566 6700
 
12. Security

We apply appropriate technical and organizational measures, including access controls, encryption where appropriate, audit logs, and vendor due diligence. We continually review our security practices to ensure they remain effective. 

 

13. Cookies

Our website uses cookies according to our Cookie Policy. Non-essential cookies require consent. 

 

14. Changes to this policy

We may update this Privacy Policy, and the latest version will always be available on our website.