Privacy Policy

Privacy policy

This service is provided by Helsinki Partners, a city-owned non-profit organisation, responsible for the strategic development and promotion of the city of Helsinki. The company is owned by the city and works to promote Helsinki internationally.

Tuomas Uusiheimo
Carmen Nguyen

Data Protection Description regarding Helsinki Partners Ltd Partner, Customer and Cooperation Partner Data File.

1 Controller

Helsinki Partners Ltd (Business ID 3209009-8)
Kasarmikatu 36 A, Helsinki 00130

2 Contacts about data file

Helsinki Partners Ltd (business ID 3209009-8) (”HP” or ”Data Controller”) 
Kasarmikatu 36, 00130 Helsinki 

3 Name of the data file

Helsinki Partners Ltd Partner, Customer and Cooperation Partner Data File

4 Purpose and grounds for processing personal data

Data subject’s personal data is processed based on 

  • A contract between HP and the data subject
  • HP’s lawful interest (e.g. direct marketing) or 
  • Data subject’s consent.

The purpose for the use of the data subject’s personal data is:

  • Maintaining, developing, analysing and creating statistics of the data subject’s use of HP websites
  • Customer communications and collection of customer feedback to and from data subjects 
  • Implementing and collecting opinion and market surveys to and from data subjects 
  • Direct marketing, targeting online advertising and profiling of data subjects 
  • Planning and developing business operations and services for data subjects
  • Identifying users and management of access rights

5 Content of the data file and groups of data subjects

The data file contains the following personal data about data subjects (e.g. the decision-makers and contact persons, including subscribers of newsletters, persons who have submitted a request for contact and/or feedback, and those participating in events): 

  • Name, title, enterprise, postal address, e-mail address, telephone number 
  • Data about the data subject’s work tasks and position in business life or a public task 
  • Bans on direct marketing 
  • Segmentation data 
  • Login credentials and usage log of electronic services 
  • The language the contact person has used 
  • Different kinds of cookies 
  • Customer history 

6 Regular sources of personal data 

The personal data in the data file is regularly collected from the data subject based via different means (e.g. via telephone, in meetings or another similar way). The data subject may also submit data to HP based on their consent. Personal data may also be collected and updated from public and private registers. 

7 Disclosure and transfer of personal data outside the EU or the European Economic Area 

HP discloses the personal data of data subjects to its cooperation partners in order to promote the development of its customer companies’ business operations, the realisation of investments and the acquisition of solutions. 

HP uses the services of external service providers for certain tasks relating to the processing of the data subject’s personal data, such as maintaining newsletter subscription lists, the provision of certain digital services and the processing of data for marketing purposes. 

If HP uses an external service provider’s services for processing of the data subject’s data, each service provider is obliged to enter into a separate data processing agreement with HP in which the external service provider’s obligations are agreed upon pursuant to applicable data protection laws. 

HP may also disclose or transfer the data subject’s personal data to third parties, such as potential purchasers and/or their advisors or competent authorities, as they may be required from time to time. Such disclosures shall be conducted in accordance with applicable data protection laws. 

The data subject’s personal data may be processed within the EU and European Economic Area. However, the data subject’s personal data may be transferred, transmitted, accessed or otherwise processed outside the EU and the European Economic Area, e.g. to the United States, or to other countries, when providing services to data subjects. 

The appropriate level of data protection of personal data is always ensured when personal data is transferred outside the EU and European Economic by applying the safeguards required by applicable data protection laws (e.g. standard contractual clause stipulated by the European Commission).

8 Data file protection principles and data retention periods 

Only the employees of HP who have the right to process the data subject’s personal data for their work performance, or sub-processors when applicable, are authorised to use the systems containing the data subject’s personal data.  

All users have personal login credentials for the used systems containing personal data. The personal data is collected into databases that are protected using firewalls, passwords and other technological measures. Databases and their backup copies are located on cloud services.  

The data subject’s personal data is retained as long as is necessary for the purposes set out in this Data Protection description. Primarily, personal data is retained as long as HP’s legitimate or contractual interests require so and to the maximum extent permitted by law.   

HP shall assess the necessity of retaining the data subject’s personal data regularly, in addition to which HP takes care of all reasonable measures used to ensure that the data file contains no incompatible, unnecessary, outdated or erroneous personal data of the data subject. 

HP shall delete all personal data without undue delay if HP has no legitimate, contractual or administrative grounds to process such personal data pursuant to this Data Protection description or any applicable legislation. 

More information on data retention regarding cookies can be found in HP’s website’s cookie policy. 

9 The data subject’s rights 

Data subjects have the following rights based on data protection laws. 

Right of access to personal data 

The data subject has the right to access their personal data recorded in the personal data files, and to verify that their personal data is no longer stored in the data files. 

Right to information rectification 

The data subject has the right to submit a request to HP to correct any and all errors regarding their personal data stored in the data files.  

Right to request deletion of personal data 

The data subject has the right to request the deletion of their personal data from data files if there are no legal grounds for HP for processing such personal data. 

Right to limit the processing of personal data 

The data subject may request that the processing of their personal data shall be restricted on the criteria stipulated in the currently applicable data protection laws. 

Right of objection to the processing of personal data 

The data subject has the right to prohibit HP from processing their personal data for the purposes of direct mail, distance selling and other direct marketing purposes and for the purposes of conducting market and opinion research. 

Right to transfer personal data from one system to another 

Provided that the data subject has submitted to HP information which is processed based on the data subject’s consent, the data subject shall have the right to receive such information in machine-readable form and the right to transfer such information to another controller than HP. 

Right to withdraw consent 

If the processing of personal data is based on the data subject’s consent, the data subject shall have the right to withdraw their consent at any time.  

The processing of the data subject’s personal data that has been processed prior to the withdrawal of the data subject’s consent does not become unlawful if the data subject later revokes their consent. 

Right to appeal to the appellate authority 

The data subject shall have the right to lodge a complaint with the competent supervisory authority if he or she considers that HP has not complied with the appropriate data protection laws. The national appeal body is the Office of the Data Protection Ombudsman 
(in Finnish Tietosuojavaltuutetun toimisto) (


If HP requires data subjects to provide HP with personal data and the data subject does not provide such data to HP, HP will not necessarily be able to provide all services data subjects may require. In such cases, HP shall not be responsible for any direct or indirect consequences the data subject incurs or may incur for not providing such personal data to HP. 

HP does not perform automated decision-making and profiling concerning data subjects’ personal data. 


Cookies are small text files that HP websites store on the data subject’s computer, mobile device or other devices when using HP’s websites. 

HP uses cookies to provide, among other things, HP’s electronic services to the data subject, to customise the data subject’s service experience and to develop and monitor HP’s services. 

When using HP websites, the data subject has the opportunity to choose which non-essential cookies he or she consents to. Necessary cookies can be set despite the data subject’s consent based on legislation. 

The data subject can also change the settings of their browser and delete the set cookies from the browser after using HP’s websites. 

Third-party data protection descriptions 

HP websites may contain links to external sites and content owned or operated by third parties.  

When accessing such external sites or services, the data subject must read and accept any and all third-party data protection descriptions. Such external sites or services are not subject to HP’s control. HP shall not be responsible for external sites’ or services’ content or their processing of the data subject’s personal data. 

Additional information 

If the data subject has any questions regarding HP’s Data Protection description or wishes to exercise their rights, please contact HP at   

HP may update this Data Protection description by reporting it on HP website or otherwise electronically. 

This Data Protection description was last updated and is valid from 9.6.2023