Into Security

Register and Privacy Policy 

Updated: 25.2.2025 

This registry and privacy statement concerns Into Security Oy (and its subsidiary Into Certification Oy). The statement describes how we handle personal data on our website and in our services. It is of utmost importance to us to protect privacy and ensure that the processing of personal data is carried out transparently, lawfully, and securely. 

Data Controller 

Into Security Ltd
Business ID: FI34709122
Address: Keilasatama 5, 02150 Espoo, Finland
Email: info@intosecurity.fi
 

Into Certification Ltd
Business ID: FI32030386
Address: Keilasatama 5, 02150 Espoo, Finland
Email: info@intosecurity.fi
 

Register name 

Company’s customer register, marketing register, stakeholder register, online service user register, employee register 

Legal basis and purpose of personal data processing 

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Finnish legislation on the following grounds: 

  • Implementation of the agreement and provision of services 
  • Managing customer relationships, responding to requests for proposals, implementing auditing and certification services 
  • Entitled benefit 
  • Development of our services, website visitor tracking, and quality control (e.g., use of cookies), possible contacts with customers and partners within the framework of the existing customer relationship. 
  • Consent 
  • Direct marketing (e.g. newsletters, event invitations). Consent is documented, voluntary, specific, informed, and unambiguous 
  • Tax obligation 
  • Accounting, tax-related information, and other obligations set by legislation 

The purpose of processing personal data is to communicate with customers, maintain customer relationships, manage employment relationships, marketing, and similar purposes. 

Information is not used for automated decision-making or profiling. 

Content of the register 

We process personal data mainly from the following groups: 

  • Contact Information: Name, email address, phone number, organization, position in the company, accounts/profiles on social media services. 
  • Technical specifications: IP address, browser type, device information, data stored by cookies. 
  • Customer relationship information: Order, contract, billing, and payment information, possible complaints, and information about contacts. 
  • Marketing information (based on consent): Participation in events, subscription to newsletters, marketing permissions and prohibitions. 
  • Employment-related information: In addition to contact details, personal identification number and bank account details 

The IP addresses of website visitors and cookies necessary for the operation of the service are processed on the basis of legitimate interest, for example, to ensure data security and to collect statistical data about website visitors in cases where they can be considered personal data. Consent for third-party cookies is requested separately if necessary. 

Regular data sources 

The data to be stored in the register is obtained from the customer, among other things, from messages sent via web forms, by email, by phone, through social media services, from contracts, customer meetings, and other situations where the customer provides their information. 

Contact information for companies and other organizations can also be collected from public sources such as websites, directory services, and other companies. 

Information is retained for as long as necessary for the purposes of data collection or for the period required by law 

Regular disclosures of data and transfer of data outside the EU or EEA 

We use reliable service providers in the processing of personal data (for example, for the maintenance of IT systems and cloud services), who process data on our behalf based on written agreements and comply with data protection legislation. 

  • We do not share your information with third parties for advertising purposes. 
  • Data will only be transferred outside the EU/EEA area if it is necessary for the purpose of processing, and always in compliance with data protection legislation (e.g. standard contractual clauses approved by the EU Commission). 

We use, among others, the following external solutions and partners: Microsoft, WordPress, Google, Procountor, Visma Severa and Sign, Gandi, Huld Oy.

Principles of Register Protection 

In the processing of the register, care is taken, and the data processed through information systems is adequately protected. When register data is stored on Internet servers, the physical and digital security of their hardware is appropriately maintained. The data controller ensures that stored data, as well as access rights to the servers and other information critical to the security of personal data, are handled confidentially and only by those employees whose job it is to do so. 

Cookies 

We use cookies on our website to improve the functionality, analytics, and user experience of the web pages. You can choose to block the use of cookies in your browser settings or accept or reject the cookie notifications on our site. Deleting or blocking cookies may affect the operation of some services or features. 

Right to Access and Right to Request Correction and Deletion of Information 

Every person registered has the right to check the information stored in the register and to request the correction of any incorrect information or the completion of any incomplete information. If a person wishes to check the information stored about them or request corrections to it, the request must be sent in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond to the customer within the time frame specified in the EU General Data Protection Regulation. 

The person registered has the right to request the deletion of their personal data from the register (“right to be forgotten”). Likewise, data subjects have other rights under the EU General Data Protection Regulation, such as the restriction of processing personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond to the customer within the time frame set by the EU data protection regulation. 

Changes to the Privacy Policy 

We reserve the right to update this privacy policy to reflect changing operations, legislation, or regulatory requirements. The current privacy policy is always available on our website. 

Contacts 

If you have any questions about this privacy policy or wish to exercise your rights as a data subject, you can contact us: 

Into Security Ltd and Into Certification Ltd
Keilasatama 5 
02150 Espoo, Finland
Email: info@intosecurity.fi 

If you feel that data protection regulations have been violated, you have the right to file a complaint with the Data Protection Ombudsman (www.tietosuoja.fi). 

Thank you for reviewing our privacy policy. We are continuously committed to data privacy and security to provide reliable services to our customers and partners.