top of page
Privacy policy
Updated 26.5.2025
The purpose and legal ground of processing personal data

Toihan is committed to safeguard the processing of the personal data of our owners, customers, suppliers, employees, job applicants and other stakeholders in compliance with good data processing practices and applicable legislation. We require the same from our business partners.

Your privacy is important to Toihan. This website provides you general information on how Toihan collects, uses and protects your personal data. You can also find some general advice about your privacy related rights and how to use them.

Data controller

Data controller, i.e. the legal entity responsible for collection and use of personal data under this Privacy policy, is Toihan Oy whose registered address is Museokatu 8, 00100 Helsinki, Finland.

Why do we process personal data and what is the legal basis?

The main purposes for processing your data relate to your professional relationship with us and include the following:

  • delivery or purchase of products and services

  • managing customer, supplier and business partner relations

  • marketing and development of our products and services

  • providing you information you have requested from us

  • facilitating communication between you and us, including customer and supplier feedback and satisfaction surveys

  • improving customer experience and developing our customer insight

  • operating and improving our websites

  • analyzing, profiling, reporting, segmentation, and statistics for the purposes explained above

We will only process your personal data when the law allows us to. Our legal basis for processing your data is:

  • the performance of a contract between us and a customer, supplier or another business partner as well as taking steps prior to entering into a contract, e.g. to manage requests for information or quotation

  • legitimate interest of Toihan based on a business or other relationship, which includes e.g. relationship management and marketing of our products and services

  • your consent or

  • compliance with a legal obligation

What data is collected?

Toihan collects and processes the following categories of personal data:

  • Marketing preferences, such as newsletter subscriptions, stated interests, and the marketing consents or refusals provided by the customer

  • Service and application usage data, including information about how customers use Toihan’s services, websites, and mobile applications across various devices

  • Technical and device data, such as device type, browser settings, log data, and IP address

  • Cookies and tracking technologies, including data collected via cookies, web beacons, and similar technologies used for website functionality, analytics, personalization, and marketing — in accordance with user consent and applicable legislation. To learn more about cookies and how we use them, please see our Cookie Policy

Storage and protection of personal data

Toihan has taken appropriate technical and organisational measures to restrict access to the personal data it holds and to protect it against loss, accidental destruction, misuse, and unlawful alteration. Access to personal data is restricted on a need-to-know basis to individuals (Toihan’s employees and service providers) who need to access the data for the purposes it was collected for.

Toihan will store personal information as long as required for the limited purposes outlined in Section “What data is collected?” above or as required to meet legal and/or regulatory requirements.

Who has access to your personal data

We may share your data with service providers and business partners that operate and process personal data as data processors on our behalf. These data processors may include IT, technology and tools providers hosting and maintaining our data as well as possible market research partners or other professional service providers.

Such service providers are only allowed to process your personal data to the extent necessary for them to provide the service we have requested from them. We require that all our service providers keep the personal data we provide them confidential and adequately secure. They are also required to comply with the applicable data protection laws, our privacy and information security policies, and the relevant service and other agreements.

In limited circumstances, Toihan may also make your personal data available to other third parties when required by law or if we have a legitimate interest to do so.

Personal data is primarily processed within the EU/EEA. However, it may also be transferred and processed in countries outside the EU/EEA. Toihan will only transfer your personal data outside the EU/EEA if one of the following legal conditions is met:

  • The recipient country is regarded by the European Commission to provide adequate protection for your personal data

  • We have put in place appropriate safeguards for the transfer by using the standard contractual clauses for the transfer of personal data to third countries issued by the European Commission or

  • You have given your consent to the transfer, or there is another legal basis for the transfer under the applicable data protection legislation

How long do we keep your personal data for?

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for or as required by applicable legislation. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data, the time limits on legal claims and the applicable legal requirements.

Your rights

You have the right to access the personal data held by Toihan about you and request a copy of such personal data by contacting us at the email address or address indicated in Section “Contact information” below. You have, when necessary, the right to have the data amended, rectified, or erased, if it is incorrect, inaccurate, imprecise, or outdated, or obsolete as regards the purpose of its processing. You may be requested to verify your identity, specify your request, and may be asked for more information about your request.

If your request related to processing of your personal data is refused or if in your opinion your personal data has not been processed in compliance with applicable data protection laws, you may bring the matter to the attention of the relevant data protection authority.

You may also request to restrict and object to the processing of your personal data, if it could compromise your rights to privacy. You have the right to restrict processing when you contest the accuracy of the data for the period its accuracy is being verified, when the processing is unlawful, or when you have objected to the processing based on legitimate interests, until an overriding legitimate interest for processing is verified. When processing of your personal data is based on consent, you have the right to withdraw your consent at any time.

You have the right to opt out of receiving any electronic direct marketing communications from us by clicking the “unsubscribe” link provided in all marketing communications we send you, and choosing not to receive marketing communications from us in the future.

Contact information

If you have any questions about this Privacy Statement, processing of your personal data by Toihan or you wish to access personal data we hold about you, you may contact:

Toihan Oy
Museokatu 8
00100 Helsinki, Finland

privacy@toihan.com

Changes to this Privacy policy

The privacy statement may be changed from time to time. The up-to-date version can be always found on our website.

bottom of page