Privacy Policy
Updated: 25.6.2026
In this privacy policy, we explain how Intellisys Oy processes personal data in connection with its websites, contacts, customer relationships, preparation for cooperation, expert services, EU projects and other project activities.
1. Data Controller
Intellisys Oy
Business ID: 0791988-8
Address: Bomansonintie 7, 00570 Helsinki
Website: www.intellisys.fi
Contact person for data protection matters: Juhani Talvela
Email: [email protected]
2. What personal data do we process?
We process personal data that we receive from an individual, a customer, a partner, a company or organization representative, parties to an EU project or other project, funders or public sources when it is necessary for communication, evaluation of cooperation, provision of services, implementation of projects or fulfillment of statutory and contractual obligations.
The personal data processed may include, for example:
- person’s name
- job title, role and area of responsibility in the company or organization
- company or organization name
- e-mail address
- telephone number
- company website address
- the content of the contact and related background information
- information about the company’s operations, development needs, business activities, innovations, projects, service needs or cooperation opportunities
- information related to the company’s or entrepreneur’s background, expertise, experience, education or CV to the extent that it is necessary for the evaluation of cooperation, the provision of a service, the implementation of a project or expert assessment
- information about customers, companies, contact persons and services provided in an EU project or other project
- information about the project’s service events, advice, participation, impacts, reporting, monitoring and any de minimis or other supporting information, if necessary for the implementation or reporting of the project in question
- information necessary for a customer relationship, offer, contract, project or cooperation negotiation
- information related to invoicing, accounting, contract management and reporting
- notes related to communications, meetings, assessments and customer service
- information collected from public sources about competitors, markets, people, companies, products, services, intellectual property rights, publications, funding, projects or other material relevant to the client’s assignment
We do not seek to collect unnecessary personal data. We ask that you do not provide us with sensitive personal data unless it is necessary and specifically justified for the processing of the matter, project, service or obligation in question.
3. For what purposes is personal data used?
We process personal data for the following purposes:
- responding to contacts
- preparation of customer and cooperation relationships
- Understanding the situation, needs, background and development goals of a customer, company or partner
- preparing offers, plans, studies, analyses, reports and contracts
- providing consulting, expert, innovation, IP, IPR, financing and development services
- planning, implementation, monitoring, reporting and evaluation of projects, EU projects, projects and assignments
- Documentation of clients served and services provided in projects as required by the financier, main implementer, project partners, authorities or audits
- Preparing market, competitor, technology, intellectual property, financing and operating environment reports to meet the needs of the client or project
- customer relationship maintenance and communication
- invoicing, accounting, contract management and compliance with legal obligations
- service development, quality assurance and documentation of operations
- drafting, presenting or defending any legal claims
4. Legal basis for processing personal data
The processing of personal data is based on one or more of the following grounds, depending on the situation.
Contract preparation and implementation
We process personal data when a person, company or company representative contacts us, requests an offer, prepares cooperation or when Intellisys Oy provides agreed services.
Legitimate interest
We process personal data on the basis of legitimate interest, for example to maintain customer and collaboration relationships, maintain contact, develop services, plan business activities, and prepare and implement expert services, reports, analyses, and project activities.
Legitimate interest may apply, for example, when the processing is related to a substantive customer, collaboration, project or stakeholder relationship or when personal data is processed to the extent necessary for the customer’s assignment in connection with competitor, market, technology or background information collected from public sources.
When we process personal data based on legitimate interest, we assess the necessity of the processing and strive to limit the processing to the information that is essential for that purpose.
Legal obligation
We process personal data to fulfill legal obligations, for example in connection with accounting, taxation, regulatory obligations and other legal documentation or retention obligations.
Contractual and project financing obligations
In EU projects and other publicly funded projects, personal data may also be processed to fulfill project agreements, funding decisions, funder conditions, reporting requirements, audit requirements and other obligations related to the implementation of the project.
Depending on the project, Intellisys Oy may act as an independent controller, joint controller or processor of personal data. The role is determined by the project agreements, the responsibilities of the parties and who determines the purposes and means of processing personal data.
Consent
In some situations, we may process personal data based on consent, for example in connection with newsletters, event invitations or other separately approved communications. Consent can be withdrawn at any time.
5. Where do you get your personal data?
Personal data is mainly obtained from:
- from the person themselves
- from customer or partner representatives
- contact forms, emails, phone calls, meetings and other communications
- contract, tender, project, reporting and customer documents
- From the main implementers, sub-implementers, financiers, partners or service processes of EU projects and other projects
- from public sources, such as company websites, the trade register, patent and trademark databases, business registers, LinkedIn, news sources, publications, project registers, financier databases and other professional or public sources, if the information is necessary for the customer, project, study, analysis or service production
6. To whom is personal data disclosed?
Personal data is processed on behalf of Intellisys Oy only by those persons who have a need to process the data due to their work duties.
We may use service providers to process personal data, such as:
- email and cloud service providers
- website technical service providers
- financial management and accounting service providers
- customer relationship management, document management and project management services
- IT support, information security and system maintenance service providers
- expert and subcontracting services when necessary to implement a service or project
Service providers process personal data on behalf of Intellisys Oy and in accordance with its instructions, unless the service provider acts as an independent controller, for example due to its own statutory obligation.
In EU projects and other projects, personal data may be disclosed or reported to the main implementer of the project, other sub-implementers, the financier, authorities, auditors or other parties referred to in project agreements, funding decisions or legislation, if the disclosure is necessary for the implementation, monitoring, reporting, payment, supervision or auditing of the project.
We may also disclose personal data to authorities or other parties when required by law or if it is necessary for the establishment, exercise or defense of legal claims.
7. Will personal data be transferred outside the EU or EEA?
We strive to primarily use services where personal data is processed within the EU or EEA.
However, some of the technical services we use may process or transfer personal data outside the EU or EEA. In such cases, we ensure that there is a basis for the transfer in accordance with the GDPR, such as standard contractual clauses approved by the European Commission or another appropriate transfer mechanism.
8. How long is personal data stored?
We retain personal data only for as long as necessary to fulfill the purposes described in this statement, to fulfill contracts, to manage rights and obligations, or as required by law, project funding terms or regulatory requirements.
Retention periods are determined, for example, as follows:
- Information related to contacts is generally retained for as long as necessary to process the matter or assess potential cooperation.
- Information related to customer and collaboration relationships is retained during the customer or collaboration relationship and thereafter for as long as necessary for rights, obligations, contractual liabilities, quality assurance or possible requirements.
- Personal data related to EU projects and other publicly funded projects will be retained for at least the duration of the project and 5 years after the end of the project, unless the funding decision, project agreement, funding provider’s instructions, audit requirement, law or other obligation requires a longer retention period.
- Information about customers served in projects, service documentation, reporting information and any support information will be retained for the time required for project implementation, monitoring, reporting, payment, supervision and auditing.
- accounting and invoicing information is stored in accordance with statutory retention periods
- Personal data included in surveys, analyses, competitor and market surveys or expert reports prepared for the client will be retained for as long as necessary for the execution of the assignment, the customer relationship, documentation, quality assurance or possible legal requirements.
- unnecessary and outdated data will be deleted or anonymized within a reasonable period of time when there is no longer a reason for its retention
9. Competitor, market and background information collected from public sources
When we provide expert, innovation, IP, IPR, financing, market or competitor reports to a client, we may collect information from public sources. Such sources may include, for example, company websites, public registers, news, publications, patent and trademark databases, project registers, financier databases and professional networks.
This information may include personal information, such as individuals’ names, job titles, roles, work history, expertise, or publicly disclosed professional information.
We process such personal data only to the extent necessary for the client’s assignment, project, study or analysis. We do not seek to create detailed personal profiles of individuals unless it is justified and lawful for the assignment or service.
10. How is personal data protected?
We protect personal data using appropriate technical and organizational measures.
These may include, for example:
- limiting access rights
- passwords and user authentication
- storing data in secure systems
- limiting the processing of personal data only to those who have a legitimate need for it
- choosing service providers from the perspective of information security and data protection
- confidentiality obligations in contracts and cooperation relationships
- deletion or anonymization of data when it is no longer needed
- maintaining project-related information in accordance with project terms and documentation requirements
11. Cookies and website technical information
Our website may use necessary technical cookies or similar technologies to ensure the functioning of the website.
More information about cookies on the cookie policy page.
12. Rights of the data subject
The data subject has rights to their personal data under the General Data Protection Regulation. Depending on the situation, these rights include:
- the right to receive information about the processing of personal data
- the right to access your own information
- the right to request correction of incorrect or incomplete information
- the right to request deletion of data
- the right to request restriction of processing
- the right to object to the processing of personal data
- the right to transfer data from one system to another if the processing is based on consent or contract and takes place automatically
- the right to withdraw consent if the processing is based on consent
You can exercise your rights by contacting the contact person mentioned in section 1.
Not all rights can be exercised in the same way in all situations. For example, statutory obligations, contractual obligations, project funding conditions, audit requirements or the processing of legal claims may affect whether data can be erased or processing restricted immediately.
13. Right to lodge a complaint with a supervisory authority
If the data subject believes that personal data is being processed unlawfully, he or she has the right to lodge a complaint with the supervisory authority.
In Finland, the supervisory authority is:
Office of the Data Protection Ombudsman
www.tietosuoja.fi
14. Changes to this Privacy Policy
We may update this privacy policy if our operations, services, websites, project activities, systems we use, or privacy requirements change.
An up-to-date privacy policy is available on our website.
