Privacy Policy

This Privacy Notice (hereinafter the “Notice”) describes how Lehtovuori Oy and its group companies collect, process, and disclose personal data. The Notice applies in particular to contact persons of customers and business partners, website visitors, and other stakeholders.

1. Data Controller

The data controller under applicable data protection legislation is the company within the Lehtovuori Group with which you have a customer relationship or otherwise interact (hereinafter the “Company”). The Company is responsible for ensuring that personal data is processed in accordance with this Notice and applicable data protection laws.

Contact Details of the Data Controller

Finbin / Lehtovuori Oy
Business ID: 2544559-1
Address: Hopeatie 4, 33470 Ylöjärvi, Finland

Data Protection Officer: Patrik Hämälä
Address: Hopeatie 4, 33470 Ylöjärvi, Finland
Email: patrik.hamala@lehtovuori.fi

2. Processing of Personal Data

Personal data may be collected in various ways. The Company may process, where necessary, the following categories of personal data:

  • Basic information and contact details: name, title, position, company, email address, telephone number, address;
  • Customer relationship and/or order information: orders, deliveries, complaints, customer service events;
  • Billing and contract information: contract and invoicing details, payment-related information;
  • Communications: inquiries, email correspondence, and other transaction history;
  • Website usage information: cookies and analytics (see section 9).

The Company does not process unnecessary personal data and strives to minimize the scope of processing.

3. Purpose of Processing Personal Data

The Company processes personal data for the following purposes:

  • Managing customer relationships and fulfilling contracts (offers, orders, deliveries, warranty and complaint matters);
  • Invoicing, payment monitoring, and accounting obligations;
  • Communication and customer service;
  • Business development and reporting (e.g. quality management, production and supply chain efficiency);
  • Marketing and communications (e.g. newsletters) where permitted;
  • Information security and prevention of misuse;
  • Compliance with legislation and official authority obligations.

4. Legal Basis for Processing Personal Data

The Company processes personal data on the following legal bases:

  • Contract and pre-contractual measures (e.g. quotations, orders, deliveries);
  • Legal obligation (e.g. accounting, taxation, official requests);
  • Legitimate interest (e.g. B2B communication, maintaining customer relationships, information security);
  • Consent (e.g. certain cookies/marketing where required).

If processing is based on consent, consent may be withdrawn at any time.

5. Possible Transfers and Disclosures of Personal Data

Personal data may be processed by:

  • The Company’s personnel to the extent required by their duties;
  • Service providers (processors), such as:
    • IT and cloud services (e.g. email, file storage, cybersecurity);
    • ERP/CRM and other business systems;
    • Accounting firms and auditors;
    • Transportation and logistics partners (for arranging deliveries);
    • Marketing tools (only where permitted);
  • Authorities where required by law.

Personal data may be disclosed to companies belonging to the Lehtovuori Group for the management of customer relationships, sales, and business operations. The Company does not sell personal data to third parties.

6. Transfers of Personal Data Outside the EU or EEA

Personal data may be transferred outside the EU or EEA. In such cases, transfers are carried out using safeguards in accordance with data protection legislation, such as the European Commission’s Standard Contractual Clauses.

7. Retention Periods for Personal Data

The Company retains personal data only for as long as necessary for the intended purpose or to fulfill legal obligations. Typical retention periods include:

  • Customer and contract data: duration of the contractual relationship + 5 years;
  • Invoicing and accounting records: the period required by accounting legislation (generally at least 6 years from the end of the financial year);
  • Marketing register: until consent is withdrawn or a marketing prohibition is given, however no longer than 2 years from the last activity;
  • Complaint and warranty data: duration of the warranty period + 2 years;
  • Customer service and contact data: up to 2 years from the handling of the matter;
  • Website analytics data: up to 14 months;
  • User accounts (online store): for as long as the account is active, and no longer than 2 years from the last login.

8. Rights of the Data Subject

Under applicable data protection legislation, you have the following rights:

  • Right of access to personal data;
  • Right to rectification of personal data;
  • Right to erasure under certain conditions;
  • Right to restriction of processing under certain conditions;
  • Right to object to processing based on legitimate interest (particularly direct marketing);
  • Right to data portability where processing is based on consent or contract and carried out by automated means;
  • Right to withdraw consent (where processing is based on consent).

Requests may be sent to the data controller referred to in section 1. We may request additional information to verify your identity.

If you believe that the processing of your personal data is not appropriate, you have the right to lodge a complaint with the supervisory authority. The Office of the Data Protection Ombudsman: https://tietosuoja.fi/.

9. Cookies and Website Tracking

The Company’s website may use cookies and similar technologies:

  • Essential cookies: required for website functionality;
  • Analytics cookies: used for statistics and website development;
  • Marketing cookies: targeted communications (where applicable).

The Company requests consent for non-essential cookies through a cookie banner, and users may change their settings later.

10. Sources of Personal Data

The Company primarily obtains personal data:

  • Directly from you (e.g. contact requests, orders, agreements);
  • From your company and/or employer (B2B contact persons);
  • From public sources (e.g. company contact information) within permitted limits.

11. Automated Decision-Making and Profiling

The Company does not make decisions concerning you based solely on automated processing (including profiling) that would have significant effects, unless separately informed otherwise.

12. Information Security

The Company protects personal data with appropriate technical and organizational measures (e.g. access control, logging, encryption, backups) and restricts access to data only to persons who need it for their work duties.

13. Changes to the Notice

The Company may update this Privacy Notice. We will publish the current version on our website and indicate the latest update date at the end of the Notice.

14. Contact Information

If you have questions about this Notice or would like more information about the processing of your personal data, you may contact us by email at: info@finbin.fi

Last updated: [21 April 2026]

Browse compare