Skip to content

Privacy Policy

Privacy policy

Data Protection Policy

Stedox Customers and Potential Customers
Stedox Employees and Job Applicants

1. Introduction

Every individual values their privacy, including our customers and employees. However, the operation of our business would not be possible without the processing of personal data. As the data controller, we primarily process contact details of individuals within our customer companies, as well as personal data of our employees. The same applies to potential customers and job applicants. Personal data refers to any information that relates to an identified or identifiable individual, such as name, email, personal identification number, or photographs.

Stedox processes personal data related to its customers (including potential customers), employees, and job applicants in accordance with this data protection policy and applicable legislation. We may update this policy as our business evolves or as laws change. Therefore, we encourage you to review this policy periodically to stay informed.

2. Data Controller

The data controller for the processing of personal data described in this policy is Stedox Ab Oy (hereinafter referred to as “Stedox” or “we”):

Stedox Ab Oy
VAT number: 3006223-7
Industrivägen 6, door 1
68660 Jakobstad
Finland
www.stedox.com
Email: saul@stedox.com
Tel: +358 44 3662259

Matters related to data protection, customer and marketing registries, and personnel issues are handled by Saul Sundström.

3. Purposes and Legal Bases for Processing Personal Data

We collect, store, and process personal data about customers and employees for predefined purposes. We always ensure that there is at least one legal basis for the storage and processing of personal data. The primary purposes and legal bases for processing personal data are:

  • Marketing and customer communication: We produce digital marketing, email marketing, and targeted advertising content, as well as social media advertising for potential and existing customers. The legal basis for this processing is primarily our legitimate interest. However, individuals have the right to opt out of direct marketing at any time. In some cases, direct marketing may also be based on consent (e.g., newsletter subscriptions).
  • Business development: We may process personal data to develop our business and improve our services. The legal basis for this is our legitimate interest.
  • Compliance with legal obligations: We may process personal data to fulfill legal obligations (e.g., accounting, taxation, or employment laws).
  • Employee administration: Personal data related to employees is collected and processed primarily for administrative purposes, such as fulfilling employment contracts, monitoring projects and time usage, payroll, and taxation. The legal basis for this is the fulfillment of contracts, legal obligations, or, in some cases, employee consent.
  • Recruitment and job applicants: During recruitment, we process personal data primarily to prepare employment contracts or with the consent of the candidate. For job applicants, we may also process data obtained from third parties (e.g., LinkedIn or references) with the applicant’s consent.

4. What Personal Data Does Stedox Collect? From What Sources?

We primarily collect and process personal data related to our customers’ contact persons, employees, and job applicants.

Customers and Potential Customers

We collect personal data primarily from the individuals themselves. For potential customers, we may also collect data from LinkedIn, company websites, or seminars. Typical personal data collected includes:

  • First and last name
  • Email address
  • Job title
  • Contact details (phone number, address)
  • Company information (name, contact details, VAT number)
  • Communication history (emails, meeting notes, call logs)
  • Marketing consent or opt-out preferences

Employees

We collect personal data primarily from the employees themselves or with their consent from other sources. Typical data includes:

  • Name and contact details
  • Tax information
  • Salary and payroll details
  • Employment contract details
  • Work hours and attendance records
  • Sick leave information

Job Applicants

We collect personal data from the applicants themselves or with their consent from other sources (e.g., LinkedIn, references, or aptitude tests). Typical data includes:

  • Name and contact details
  • Education, work experience, and skills
  • Application and CV
  • References and recommendations (with consent)
  • LinkedIn profile (with consent)
  • Results of aptitude tests (with consent)

5. Who Processes Personal Data at Stedox?

Personal data is typically processed by Stedox employees as part of their job responsibilities. Access to employee data is more restricted than customer data, as only a smaller group of employees handles personnel administration.

We may also use third-party service providers for processing personal data, particularly for:

  • Cloud storage
  • Marketing automation and CRM systems
  • Financial management and payroll services
  • Website maintenance and visitor analytics
  • Email marketing and project management

We ensure that all third-party providers maintain confidentiality and process data lawfully and only on our behalf.

In some cases, we may disclose personal data when required by law, court order, or regulatory authorities. We may also share data in connection with business acquisitions or mergers.

6. Does Stedox Transfer Personal Data Outside the EU?

Personal data is generally not transferred outside the EU. However, since much of our data is stored and processed electronically using cloud-based services, some service providers (e.g., Google, Mailchimp) may be located outside the EU. In such cases, we ensure that adequate safeguards are in place, such as:

  1. Transferring data to countries with an adequate level of data protection as approved by the EU Commission.
  2. Transferring data to companies certified under the EU-US Privacy Shield.
  3. Using EU standard contractual clauses.

7. How Long Does Stedox Retain Personal Data?

We do not retain personal data longer than necessary for the purposes for which it was collected or as required by law or contracts. Retention periods vary depending on the purpose, legal basis, and situation. Data may be deleted when:

  • Consent is withdrawn
  • A request for deletion is made (and no other legal basis exists)
  • The contractual relationship ends
  • The data is outdated or incorrect

Retention periods may also be determined by legal requirements (e.g., accounting, taxation, or employment laws) or statutory limitation periods for legal claims.

8. How Does Stedox Store and Protect Personal Data?

Personal data is stored almost exclusively in electronic form and is protected in accordance with industry standards. We use reputable service providers for data storage and processing. Data is treated confidentially and is not publicly disclosed or sold for marketing purposes. Our premises are also securely locked and protected.

9. Is Providing Personal Data Mandatory? What Happens If You Don’t Provide It?

Most personal data is provided voluntarily, particularly for potential customers and job applicants. However, providing personal data is mandatory in certain cases, such as fulfilling contractual obligations or employment relationships. For potential customers, we typically request an email address and other contact details to facilitate communication.

10. Does Stedox Use Cookies on Its Website?

We use cookies on our website to provide the best possible user experience. Cookies are small text files stored on the user’s device that provide information about how the website is used. We use cookies to:

  • Develop our services and website
  • Analyze website usage
  • Target and optimize marketing

Users can allow or block cookies in their browser settings. Blocking cookies may limit access to certain website features.

11. Your Rights Regarding Your Personal Data

You have the following rights regarding your personal data:

  • Withdraw consent: If processing is based on your consent, you can withdraw it at any time by contacting us.
  • Access and rectification: You can request access to your data and ask us to correct inaccurate or incomplete information.
  • Object to direct marketing: You can opt out of direct marketing at any time.
  • Object to processing: You can object to processing based on legitimate interests if there are no overriding reasons for continued processing.
  • Restrict processing: In certain situations, you can request that we restrict the processing of your data.
  • Data portability: If processing is based on consent or a contract, you can request your data in a machine-readable format for transfer to another provider.

12. How to Exercise Your Rights

You can exercise your rights by contacting us via email at saul@stedox.com or by using the contact details below. We may ask you to verify your identity (e.g., by providing a signed request or a copy of your ID). If you believe your data has been processed unlawfully, you can file a complaint with the relevant supervisory authority (e.g., the Data Protection Ombudsman).

13. Updates to This Policy

We may update this policy as our business or data processing practices evolve or as laws change. Updates will take effect once the revised policy is published. We encourage you to review this policy regularly.

14. Contact Information for Data Protection Matters

Stedox Ab Oy
VAT number: 3006223-7
Industrivägen 6, door 1
68660 Jakobstad
Finland
www.stedox.com
Email: saul@stedox.com
Tel: +358 44 3662259

Matters related to data protection, customer and marketing registries, and personnel issues are handled by Saul Sundström.