Privacy Policy

Drafted: November 1, 2023

1. Controllers

Hämeenaho is a group of people from Northern Ostrobothnia, Raahe, proudly continuing the operations of the Hämeenaho family company. Pentti started the business in the 1960s, where actions would match words, and where employees would enjoy their work. Today, we have about 150 employees, many with over 20 years of service at Hämeenaho, and our turnover has developed steadily.

Pentti Hämeenaho Ltd.
Rautaruukintie 35
92100 Raahe

2. Contacts in matters concerning the register

For matters related to the site, you can contact our representatives:

Pauli Sarpola, CEO 
+358 (0)40 026 5507

Antti Pasanen, Sales Director
+358 (0)40 568 4625

3. Register Name and the registered visitor register

We process personal data of visitors to the site in the register.

4. How do we use your personal data?

The sole purpose of processing personal data in the visitor register is to serve our customers and potential customers and provide information through our website. We collect, store, and process personal data only for predefined purposes.

5. What personal data do we collect?

We collect data about visitors through a contact form and cookies. The following types of information may be stored from the registered user of the site with consent through forms and cookies:

  • Name
  • Email
  • Phone number
  • Company
  • Consent information
  • IP address information or other identifiers
  • Information collected through cookies
  • Which pages you visit
  • How long you stay on the site
  • How you arrived at the site
  • Which links you click
  • Other information possibly collected with the registered user’s consent

If a visitor sends a form or email to the site administrators, the sent messages are stored in the site administration, WordPress tool, or email account (Outlook 365 account). This applies to the following addresses:


6. From what sources do we collect personal data?

We primarily collect your personal data from you during contacts or later during the use of our services. We do not actively collect visitor data other than for handling contacts and analyzing visitor numbers.

7. On what basis do we process your data?

We ensure that we always have a legal basis required by law for processing your personal data. We process personal data stored in the visitor register based on your consent.

8. Will your data be transferred or disclosed?

As a rule, your personal data is processed by the personnel of our network in their work. In some cases, your data may be disclosed confidentially to our partners or subcontractors who process personal data based on a written assignment agreement. These include, for example, data center and cloud services for storing data, suppliers of the IT systems we use, and external services purchased to support sales and marketing. Our subcontractors and partners process personal data as agreed, in accordance with our written instructions and only to further agreed, lawful purposes.

9. Will you data de transferred outside the EU or EEA?

Data from the register is not regularly disclosed outside the EU or EEA. However, it is possible that service providers outside the EU/EEA area are used in processing or that the service providers’ clouds are located outside the EU/EEA area, in which case SCC standard clauses are used as the basis for data transfer. Additional protective measures are implemented, such as internal guidelines (on pseudonymization of personal data and the like) and possibly a TIA analysis if the situation requires one. When the organization processing personal data is committed to the EU-USA Data Protection Framework (DPF), it will be used as the basis for transfer during its validity.

10. How long will your personal data be stored?

We will only retain your personal data for as long as necessary to fulfill the purposes described in this policy. Unnecessary data is regularly deleted.

11. How is your data secured?

We respect the confidentiality of your personal data.

Personal data is protected from external use by firewalls, antivirus programs, personal usernames, and passwords. Access to personal data is only by our authorized personnel whose job duties require processing personal data. We disclose personal data confidentially and limitedly based on agreements to our partners, such as our subcontractors. Our partners must commit to implementing adequate data security and to the lawful processing of personal data in all respects. Confidentiality obligations bind personal data processors.

Our website uses TLS-encrypted HTTPS connections, so all personal data is protected in electronic form. You can see this by the lock on the browser’s left side of the address bar. If the data is in manual form, it is stored in locked premises away from outsiders and destroyed securely.

12. What rights do you have?

  1. Right to prohibit direct marketing
    We do not engage in direct marketing.
  2. Right to access data (right to inspect)
    You have the right to know what information about you has been stored in the personal register. You can request an inspection of your data from us as described in section 13 of this statement.
  3. Right to demand correction or deletion of information (right to be forgotten)
    We will delete, correct, or supplement incorrect, unnecessary, incomplete, or outdated information for processing either on our own initiative or at the request of the registered person.
  4. Right to restrict processing
    The registered person has the right to demand the restriction of active processing of their personal data, for example, when they dispute the accuracy of their personal data and demand the correction or deletion of their personal data. In such cases, the personal data may only be stored, not processed in any other way. Limitation of processing is ensured by technical measures.

    Before removing the processing restriction, we will notify the registered person.
  5. Right to object to the processing of personal data
    You have the right to object to the processing of your personal data to the extent that there is no significant reason for the processing that would override your rights or the processing is not necessary for handling a legal claim.
  6. Right to transfer data from one system to another
    To the extent that the registered person has provided information to the customer register that is processed based on the registered person’s consent or assignment, the registered person has the right to obtain such data in a primarily machine-readable format and the right to transfer this data to another data controller. 
  7. Withdrawal of consent
    If personal data is processed based on the registered person’s consent, the registered person has the right to withdraw their consent by notifying us. You can withdraw your consent as described in the “Requests Regarding Rights” section of this statement.
  8. Right to file a complaint with the supervisory authority
    The registered person has the right to file a complaint with the competent supervisory authority if the data controller has not complied with the applicable data protection regulations in its operations.

13. Where can I submit requests regarding rights?

Enquiries and requests related to the register can be submitted either in person on-site by presenting an identity document or by sending an email to:

We respond to requests within one (1) month of the request being made unless there are special reasons to extend the response time. We may also refuse to fulfill your request on a basis provided by applicable law. The exercise of rights is generally free of charge.

14. Where can I find the latest, valid privacy policy?

We always update the latest privacy policy at this address.

15. How do we use cookies?