GDPR | TalousTrio

GDPR/Privacy Policy

TalousTrio Oy values transparency and clarity. It is important to us that you know how your data is processed on our website. Under the EU General Data Protection Regulation (GDPR), you have the right to know and better understand how your personal data is processed. Please find below additional information about what data is processed on this page and how.

Our website uses WIX and GROWEO analytics tools, which track traffic on our website, telling us, among other things, how many visitors there are on our website, where they clicked to our website, and which country they are visiting from.

When a visitor leaves our website, we can no longer, and we do not want to, track where they surf. We use visitor analytics tools to provide the best possible financial management here on the internet and to enable us to develop our operations even better.

WIX and GROWEO does not collect information about users of this page.

We do not collect any information about visitors to our website, but if you fill out our contact form, the information you fill out will remain on the list of those who have contacted us through our pages.

The information you fill out in the contact form will only be used to contact you in accordance with your name, i.e. so that we can get back to you.

If you have any questions about this topic, you can contact us at toimisto@taloustrio.fi.

Privacy Policy

This is TalousTrio’s register and privacy policy in accordance with the European Union’s General Data Protection Regulation (GDPR). The purpose of this privacy policy is to provide TalousTrio’s clients with transparent and up-to-date information on how their personal data is processed, for what purposes it is used, and how it is protected.

Prepared on 23 December 2025.

1. Data Controller

TalousTrio Oy
Business ID: 3513070-2

2. Contact Person Responsible for the Register

Henna Heikkilä

henna.heikkila@taloustrio.fi

3. Name of the Register

TalousTrio client register

4. Legal Basis and Purpose of Processing Personal Data

The data subject has the right to object to direct marketing targeted at them.

Personal data is processed on the following legal bases under the EU General Data Protection Regulation (hereinafter also “GDPR”):

the data subject has given consent to the processing of their personal data for one or more specific purposes (Article 6(1)(a) GDPR);
processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR);
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (Article 6(1)(f) GDPR).

Personal data is processed for purposes related to managing, administering, and developing the customer relationship, providing and delivering services, as well as for service development and invoicing purposes. Personal data is also processed for purposes required to handle potential complaints and other claims.

In addition, personal data is processed for customer communication, such as information sharing and newsletters, as well as for marketing purposes. This includes processing personal data for direct marketing and electronic direct marketing purposes.

5. Content of the Register

The register contains the following information: name, position, company/organization, contact details (phone number, email address, postal address), website addresses, IP address, information on ordered services and changes to them, invoicing details, and other information related to the customer relationship and ordered services.

Data is stored only for as long and to the extent necessary for the original or compatible purposes for which it was collected.

The need to retain personal data is reviewed every five years. Personal data is deleted five years after the termination of the customer relationship and after all related obligations have been fulfilled. For example, accounting records are retained for five years from the end of the financial year.

The controller regularly assesses the necessity of data retention in accordance with internal policies and ensures that inaccurate, incorrect, or outdated data is corrected or deleted without undue delay.

IP addresses and cookies necessary for website functionality are processed on the basis of legitimate interest for purposes such as ensuring information security and collecting visitor statistics, where they may be considered personal data.

6. Regular Sources of Data

Data is obtained from the customer, for example via website forms, email, telephone, social media services, contracts, meetings, and other situations in which the customer provides their information.

Information on contact persons of companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.

7. Regular Disclosures of Data and Transfers Outside the EU or EEA

Data is not regularly disclosed to third parties. Data may be published to the extent agreed with the customer.

Personal data is primarily stored within the European Union (EU) and the European Economic Area (EEA). However, the servers of the website platform used by TalousTrio are located outside the EU/EEA, which means that some personal data provided by customers may be processed outside the EU/EEA to enable the provision of the service.

8. Principles of Data Security

The database containing personal data is stored on servers accessible only to designated and authorized personnel due to their duties. The server is protected by appropriate firewall and technical safeguards.

Access to databases and systems is granted only via personal usernames and passwords. Access rights are limited so that only those necessary for lawful processing of data can view and process it.

9. Right of Access and Right to Rectification

Every person in the register has the right to access their personal data and request correction of inaccurate or incomplete data. Requests must be made in writing to the data controller. The controller may request proof of identity if necessary. The controller will respond within the timeframe set by the GDPR (generally within one month).

10. Other Rights of the Data Subject

The data subject has the right to request deletion of their personal data (“right to be forgotten”).

Under the GDPR, the data subject has the following rights:

the right to obtain confirmation and access to personal data processed about them (Article 15 GDPR);
the right to withdraw consent at any time (Article 7 GDPR);
the right to rectification of inaccurate or incomplete data (Article 16 GDPR);
the right to erasure of personal data under the conditions set out in Article 17 GDPR;
the right to restriction of processing under the conditions set out in Article 18 GDPR;
the right to receive personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller (Article 20 GDPR);
the right to lodge a complaint with a supervisory authority (Article 77 GDPR).

Requests relating to the exercise of these rights should be addressed to the contact person mentioned in section 2.

11. Web Analytics

The website uses web analytics services to monitor and improve website usage. These services collect information about website usage in a way that does not directly identify individual users.

Services used:

Wix.com Ltd.
Groweo Oy

Data processing is based on user consent via cookies.

12. Targeted Advertising

Based on website visits, we may show targeted advertising on third-party platforms. Advertising is based on browsing behavior and not directly identifiable personal data.

Services used:

Meta Ads – Meta Platforms Inc., United States
Google Ads – Google LLC, United States

Data may be transferred outside the EU or EEA. Data transfers comply with applicable data protection legislation, such as the EU–US Data Privacy Framework. Processing is based on user consent.