Updated: April 11, 2025

1. Data Controller

SJR Consulting Oy (Business ID: 3100697-4)
Minna Canthin katu 4
70100 Kuopio, Finland
info(at)sjrconsulting.fi

2. Contact Information

All inquiries regarding data protection, requests for inspection, and other matters related to the processing of personal data can be addressed in writing or by email to:
info(at)sjrconsulting.fi
SJR Consulting Oy, Minna Canthin katu 4, 70100 Kuopio, Finland

3. Name of the Register

SJR Consulting Oy Customer and Decision-Maker Register

4. Purpose and Legal Basis of Processing Personal Data

The purposes of processing personal data are:

• Delivering products and services

• Creating, managing, maintaining, and developing customer relationships

• Business, product, and service planning and development

• Customer satisfaction surveys and other communications

• Opinion and market research, and organizing events

• Direct marketing and targeted marketing across various channels (including newsletters)

• Analysis, profiling, segmentation, and statistical reporting for the above purposes

The legal bases for processing are:

• GDPR Article 6(1)(a): Consent

• GDPR Article 6(1)(b): Performance of a contract or pre-contractual measures

• GDPR Article 6(1)(c): Compliance with legal obligations

• GDPR Article 6(1)(f): Legitimate interests of the controller, such as customer relationship management and direct marketing

5. Data Content of the Register

The register may contain the following information about current and potential customers and partners’ representatives:

• Contact details: name, email address, phone number, job title

• Professional interests and other information provided by the data subject

• Customer feedback, contacts, chat conversations, and call recordings

• Customer and contract information: orders, service usage history, marketing communications

• Event participation, marketing actions, direct marketing consents or prohibitions

• Technical details of communication services: IP address, browser information, location data, protocols, device information

Not all data categories apply to every data subject. The data content depends on the customer relationship and the services used.

6. Regular Sources of Data

Data is collected from:

• The data subject themselves during service or website use

• Contacts, forms, contracts, and customer events

• Public sources: company websites, trade registers, business directories

In the case of cookies, data collection is based on consent, which can be given or withdrawn through the cookie banner.

7. Disclosure of Data

Data is not disclosed to third parties without a lawful basis. Data may be disclosed in the following cases:

• To subcontractors involved in service delivery

• To providers conducting customer satisfaction surveys or organizing events

• To technical service providers of marketing services

All partners are bound by data processing agreements compliant with the GDPR.

8. Transfer of Data Outside the EU or EEA

Data may be transferred outside the EU or EEA only if the receiving country ensures an adequate level of data protection (e.g., by a European Commission decision) or if the transfer uses the European Commission's standard contractual clauses.

9. Retention of Personal Data

Data will be retained only as long as necessary for the purposes defined above or to meet legal obligations. More detailed information on retention periods is available upon request from the data controller.

10. Register Protection

Data is stored in technically secured systems, which employ measures such as password protection, access control, firewalls, and up-to-date security solutions. Access rights are limited to those employees who require the data for their duties.

11. Data Subject Rights

The data subject has the right to:

• Access their personal data

• Request rectification or deletion of their data

• Restrict processing of their data

• Object to the processing of their data, including direct marketing

• Transfer their data to another controller

• Withdraw consent at any time

Requests can be submitted in writing to the contact information provided in section 2.

12. Cookie Policy

Our website uses both session and persistent cookies. Cookies are used for:

• Improving the functionality of the site

• Analyzing and developing site usage

• Targeting advertising and communications

Cookies alone cannot be used to identify individuals.
We use the following cookie services:

• Google Analytics: Google Analytics cookies

• YouTube, Google Ads: Google cookies

• Facebook: Facebook cookies

• LinkedIn: LinkedIn cookies

• X (Twitter): X cookies

Third-party cookies may collect data that is transferred outside the EU. Cookie management options are available through browser settings and via our cookie banner.

13. Additional Information

If you would like more information about our data protection practices or request the deletion of your personal data, please contact:
info(at)sjrconsulting.fi