Privacy statement for the customers

This privacy statement describes the processing of your personal data if you are a corporate or private customer of Hedengren Group.

Hedengren protects the personal data of its customers and users of its services and processes personal data in accordance with currently applicable legislation and best practices.

This privacy statement describes the personal data that Hedengren collects about you, the reason for collecting it, and how it is used. It also informs you about your rights as a data subject and how you can exercise them.

Controller and contact information

Controller: Hedengren Group (“Hedengren”)
Contact details:
Oy Hedengren Ab/Tietosuoja, Lauttasaarentie 50, FI-00200 Helsinki
Tel. +358 207 638 000 (switchboard)



“Personal data” refers to any information that can be linked to you or used to identify you. We collect personal data when you become our customer, use our services, participate in events organised by us, or otherwise deal with us by submitting a contact request or subscribing to our newsletter. We may also collect information about our corporate customers ourselves.
We receive the personal data we process mainly from you or the organisation you represent, as well as by collecting data about your purchases and services you use. Information is also obtained from external sources, such as public registers, service providers and partners.

Personal data that you provide yourself or we collect based on your behaviour    

•    Name and contact details at work, such as your email address, telephone number and postal address; the private contact details of consumer customers
•    Position or role
•    Information of the organisation
•    Address for invoicing and delivery
•    Data about purchased products and services and offers made
•    Data about invoicing and payments
•    Your responses to surveys and questionnaires
•    Customer feedback and other contacts
•    Data related to registration such as username and password
•    Log information related to the use of the product information system at the website
•    Web identifiers, such as IP address and data collected using cookies and other similar technologies, if you have given your consent
•    Any dietary information of participants in trainings and events
•    Information about the newsletter subscription
•    Marketing consents and declinations

Information obtained elsewhere

We obtain information from different information services and other service providers, such as Faktanet Oy and Suomen Asiakastieto Oy. At the beginning of a new customer relationship, we may also check the credit score of your organisation, or the personal credit score of consumer customers or owners of companies. If you are the owner or a key person of the company you represent, we may also process other background information that relates to you.  


Managing customer relations and selling products and services

Hedengren processes personal data to establish, manage and maintain a customer relationship. The data is also processed in connection with the ordering, delivery and invoicing of products and services. In addition to this, the personal data of the key persons of companies is processed to identify the business partner. The processing of data is based on the agreement between your organisation or you and Hedengren.  
We also process personal data to contact you, as needed, about orders or products purchased or when you contact us yourself, for example to obtain additional information. In this case as well, the processing of your personal data is based on the contract between your organisation or you and Hedengren.

Marketing and communication

Hedengren processes personal data for marketing purposes and to establish target groups for marketing. Data is used in the marketing of products and services and for sending invitations to events and trainings. Data helps us to personalise marketing according to your interests.

We also use personal data for customer communication. We may send you information and news about our products and services.

External media are also used in marketing. We use both target groups defined by Hedengren and third parties in advertising. Cookie information of your usage of Hedengren’s website may also be used to target advertising if you have given your consent.  

The processing of your personal data for marketing and communication purposes is based on Hedengren’s legitimate interest. If you do not wish to receive marketing, you can opt-out by sending a message to To cancel a newsletter subscription, click on the ‘Unsubscribe’ link at the end of the email you received.

Service and business development and reporting

We use your personal data on the basis of a legitimate interest in the development of products and services and in the development of sales and marketing. Personal data is also used in business analysis and reporting and when handling customer feedback, the results of customer satisfaction surveys and complaints.

Complying with statutory obligations and preparing for legal claims

We process personal data to fulfil our legal obligations and to comply with decisions from the authorities. Examples of these are the statutory obligation to keep records and obligations concerning taxation. We also process personal data to be prepared for legal claims, such as claims arising from the company's liability for defects.

Security and misuse

We process your personal data to ensure the data security of our services and communication networks. Camera surveillance is used to ensure that our premises are safe and secure. Where necessary, we also use personal data to prevent and investigate cases of misuse.


Access to personal data is only granted to Hedengren’s personnel who, based on their job description, need to process personal data. All persons who process personal data are bound by a nondisclosure agreement.

Hedengren also uses external service providers for processing personal data. Service providers process personal data for the provision of services, and they do not have the right to use the data for their own purposes. Processing is based on data processing agreements.

We use external processors, for example, for customer satisfaction surveys, electronic marketing, the organisation of events, invoicing, the processing and collection of payments, the delivery and maintenance of systems and the provision of various technical platforms.


The disclosure of personal data refers to situations in which your personal data is disclosed to another controller, who will use the data for its own purposes. We disclose personal data in accordance with the applicable data protection laws and regulations and the basis set out in them.

To get the products you ordered transported your personal data is disclosed to transportation companies. In cases of payment delays your personal data may be disclosed to debt collection companies.


We primarily process your personal data within the European Union and the European
Economic Area. However, some of the service providers we use may occasionally transfer
personal data to subcontractors located outside of Europe, such as companies providing
internet traffic and other infrastructure services. This means that your data may be
transferred, in particular, to the United States.

We ensure that any international transfers are necessary and that they are carried out in a
controlled manner in compliance with legal requirements. We ensure through contractual
means that each data transfer is covered by a transfer mechanism as required by law, and
that this mechanism is supplemented with appropriate safeguards aimed at ensuring data
confidentiality and compliance. As a primary data transfer mechanism, we use adequacy
decisions made by the European Commission, specifically the Data Privacy Framework
arrangement for the United States (Article 45 of the General Data Protection Regulation),
and secondarily, the European Commission's standard contractual clauses (Article 47 of the
General Data Protection Regulation). You can read the standard contractual clauses on the
EU's website:

If you would like more information on international transfers, please contact


Where your data relates to purchases and payment transactions, we store the data in accordance with the laws and regulations on accounting. If the basis for processing personal data is Hedengren’s legitimate interest, the retention period is three years from the last contact. An exception to this is contact information obtained from publicly available sources, which will be updated and stored permanently. The information contained in agreements will also be stored permanently.


You have the rights provided by data protection law to the personal data processed at Hedengren.

You have the right to know what information Hedengren is processing about you. You also have the right to receive a copy of the data and necessary information related to the data processing. You also have the right to have inaccurate, outdated, or incomplete information about yourself rectified or supplemented.

You have the right to request the deletion of information concerning you under certain conditions. Personal data may be deleted, for example, if it is no longer needed for the original processing purposes or if you object to the processing of your personal data for direct marketing. Please note that despite of your request, Hedengren may have to continue processing your information, for example to comply with legal obligations.

In certain situations, you have the right to demand that the processing of your personal data is restricted so that Hedengren only has the right to retain such personal data.

If the processing of your personal data is based on consent or contract, you have the right to have your data transferred to another data controller. The right applies to data that you have provided to Hedengren yourself and that is stored in an electronic information system. If technically possible, data controller must transfer your information directly to another controller.

In certain situations, you have the right to object processing of your personal data if the processing is not based on legal obligation or contract.

You have the right not to be subject to a decision that is based solely on automated processing, such as profiling, which has legal or other significant effects on you. At the moment Hedengren doesn’t make decisions based solely using automated processing or profiling.  

If you have any questions about the processing of your data or if you would like to exercise your rights, please send your request using the contact information provided at the beginning of the document.

If you suspect that your personal data has been processed in breach of the data protection law, you have the right to file a complaint with the data protection authority, Office of the Data Protection Ombudsman, PO Box 800, FI-00531 Helsinki or


The privacy statement is updated as needed as our operations and services develop. The privacy statement may also be updated according to any legal amendments or changes to the best practices. We urge you to regularly check the latest version of the privacy statement on our website.

This privacy statement was updated on 23 June 2022.