Privacy Policy and Register

Effective Date: 09.12.2025
Last Updated: 09.12.2025

This Privacy Policy and Register Description explains how Albero Oy collects, uses, stores, and protects personal data. We comply with the EU General Data Protection Regulation (GDPR) as well as applicable national legislation.

1. Data Controller

Albero Oy
Business ID: 1065399-6

Lentokentänkatu 49
33900 TAMPERE, Suomi

[email protected]
+358 50 322 6207

2. Data Protection Contact Person

Pekka Mäkinen

3. Purpose of Processing Personal Data

We process personal data for the following purposes:

  • managing customer relationships and providing services
  • customer communication and marketing
  • developing the website and business through analytics
  • fulfilling legal obligations

The processing of personal data may be partly outsourced to trusted service providers who comply with data protection legislation.

4. Personal Data Processed

We may collect and process, among others, the following types of personal data:

  • Name and contact details (email, phone number, address)
  • Company / organization and possible identification details
  • Communication history (e.g. emails, inquiries)
  • Website usage data (IP address, browser, visited pages, events)
  • Order and customer information

5. Data Sources

Data is primarily obtained from:

  • website contact forms and emails
  • phone calls, events, and meetings
  • contracts and orders
  • website analytics and cookie tools
  • public registers and professional networks (e.g. LinkedIn)

6. Disclosure and Transfer of Data Outside the EU/EEA

We do not sell or regularly disclose personal data to third parties.
Data may be transferred to trusted service providers (e.g. cloud and analytics services), some of which may be located outside the EU or EEA.
In such cases, data transfers are protected using appropriate safeguards, such as the EU–US Data Privacy Framework or the EU Standard Contractual Clauses.

7. Data Security

We handle personal data with care and store it in secure systems.
Our IT systems are protected by firewalls, encryption, and access controls.
Access to personal data is restricted to employees who have the right to process it as part of their work.
Despite careful security measures, no system is entirely secure, and we ask users to keep this in mind when operating online.

8. Data Retention Period

We retain personal data only for as long as it is necessary for the purposes described in this statement or as required by law:

  • Customer and contract data: retained for the duration of the customer relationship and up to 10 years thereafter.
  • Marketing data: retained until the individual withdraws consent or for a maximum of 6 years.
  • Analytics and cookie data: anonymized or deleted after the defined retention period.

9. Data Subject Rights

You have the following rights:

  • To access your personal data and receive a copy of it
  • To request the correction of inaccurate data
  • To request the deletion of your data (“right to be forgotten”)
  • To restrict or object to the processing of your data in certain situations
  • To withdraw your consent at any time (e.g. for newsletters)
  • To lodge a complaint with the Data Protection Authority

Requests can be submitted in writing using the contact details provided in section 2. We may ask you to verify your identity before processing your request.

10. Cookies and Analytics

Our website uses cookies to improve the user experience, for analytics, and for marketing purposes.
You can manage your cookie preferences through the cookie banner or your browser settings.
Some cookies are essential for the proper functioning of the website, while others require your consent.

We use Google Analytics (GA4) and Google Tag Manager. Data may be transferred outside the EU, and such transfers are protected in accordance with the EU–US Data Privacy Framework.

More information about Google’s privacy practices: https://business.safety.google/privacy

We also use Burst Statistics to monitor and improve website traffic. This tool operates in a cookie-free mode and does not collect identifiable personal data or require separate consent. The data is not used to identify visitors and is not shared with third parties.

More information about Burst Statistics’ privacy practices: https://burst-statistics.com/legal/privacy-statement-eu/

11. Links to Third-Party Websites

Our website may contain links to external websites. We are not responsible for the privacy practices or content of these websites, and we recommend reviewing their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on our website and will indicate the date of the update.

Contact for Data Protection Matters:
[email protected]