Privacy policy

  1. Data controller
Heeros Oyj
Business ID: 1598868-0
Hermannin rantatie 8, 00580 Helsinki
+358 40 774 1777
  1. Contact person regarding the privacy policy

All inquiries regarding this Privacy Policy should be directed to CEO Niklas Lahti,, +358 40 774 1777.

  1. Name of the policy

Privacy policy for Heeros Oyj’s digital assets known now or after, including but not limited to i) ii) and, and iii) its own social media channels including LinkedInFacebookInstagramYouTube etc.

  1. Purpose of and grounds for processing personal data

The processing of personal data is primarily based on the legitimate interest of Heeros Oyj to ensure the functionality and security of our website, and to provide information and services required by data subjects visiting the digital assets listed above. Personal data are also processed in order to develop and customize the website content for parties who are interested in our products and services. We also process personal data to monitor the number of website visitors and to compile statistics concerning the use of the website.

The Heeros Oyj uses the collected data for user profiling such as understanding the most popular pages for our visitors and users, visitor’s interests, and the similar to tailor our marketing activities such as email marketing, sales automation, advertising and remarketing, and customer support. Keeping this information is essential to the Heeros Oyj’s operation and marketing activities and helps us to improve our website and services.

Through this website, we also collect contact details from potential clients, including representatives of corporate clients, through forms, which can be filled in, in order to receive further information about our products and services.

In addition, we collect content of chat discussions through our chat service, which is designed to provide customer service and information to website visitors. When you use our chat service, we may process your personal data to manage the chat feature. In addition, we record our conversations to verify events and safeguard the rights of the parties involved. Records can also be used to train our staff and to ensure and improve the quality of our services.

Through this website and its integration with a 3rd party Job Application Management system, we also collect job applicants’ personal data, which are used for making recruitment decisions. Our recruitment privacy policy is available in Finnish at

  1. Data content

Certain identification data of the data subject can be stored through our website. These include the following:

Browser and website usage information:

  • Technical, Usage and Location Information
  • Cookie information
  • Content of forms, chat, and email conversations

Technical, Usage and Location Information

We automatically collect information on how our users and visitors interact with the Heeros Oyj’s digital assets, such as the IP address, date and time, browser, operating system, device, pages viewed, items hovered or clicked (sometimes called events), and location information.

How cookie information is used

The Heeros Oyj uses 3rd Party Cookies on its digital assets explained above to collect information such as the number of visitors to the site, the most popular pages, visitor’s interests, and the similar to tailor our marketing activities such as email marketing, sales automation, advertising and remarketing, and customer support. Keeping these cookies enabled is essential and helps us to improve our website and services.

Information collected through web contact forms, chat and email conversations

  • Contact details. Your name, email address, telephone number, interest in our solutions, and your role in the company you work.
  • Company-related data. This information is regarding the company you work for, including the company’s name, business ID, company’s address(s), company’s industry, and size of the company.
  1. Storage period of personal data

We keep the data we have collected from our data subjects for different periods of time depending on many factors such as what it is, the source of information, how we use it, and how they have been configured by our data subjects:

  • Immediate deletion.Some of the data can be deleted whenever our data subjects decide and will be deleted immediately (and gradually in back ups). These include; content you have created or uploaded to our digital assets e.g. images or customer data you have added to the system yourself.
  • Automatic deletion or anonymization.Some of the data we have collected is deleted or anonymized automatically upon a set period of time, such as browser and website usage information, advertising data, analytic data, or cookies. This process is set by 3rd party systems we use and may take up to 18 months.
  • Manual Op out.For business related purposes we have to keep some data until you opt out manually from our digital assets or send a request to us for such deletion. These include your contact details you have provided when filling up a form on our digital assets, company information, or chat history with our support team.
  1. Regular sources of data

Visitors: our visitors are the primary source of the personal, company, and technical information we collect, including the registration, contact Information, etc. that they provide us through the Heeros Oyj’s digital assets or otherwise.

From other sources. We collect personal, company, and technical information from other sources, including but not limited to:

  • Referrals, people who recommend other people and their friends to us.
  • 3rd Party Platforms, these include advertising platforms, content on third-party sites or platforms, and social networks.
  • 3rd party data providers, including information services and data licensors.

From automatic collection. We and our service providers may automatically collect information about our visitors, their devices, their activity on our digital assets, and other sites and online services.

  1. Regular disclosures of data and categories of recipients

We disclose personal data to the service providers of the analytics tools, our partners, and affiliates, and 3rd party marketing agencies that we use their services on our digital assets from time to time.

In addition, processing of personal data may be outsourced to service providers, partners, affiliates, and 3rd party marketing agencies in accordance with data protection legislation and the limits set therein. We use agreements to ensure that the service providers acting on our behalf process personal data in compliance with our instructions and this privacy policy.

  1. Transfer of data outside the EU or the EEA

We may transfer our visitors and users’ personal, company or technical information to other countries outside the EU or the EEA and make it accessible to our partners, sub-processors, affiliates and third party service providers internationally, from time to time. However, at all times, we will take measures to safeguard the information in accordance with this Privacy Policy wherever it is processed.

  1. Right of the data subject to object to direct marketing

By using our digital assets, our visitors give their explicit consent to Heeros Oyj to do direct marketing at Heeros Oyj’s sole discretion. However, the data subjects can prohibit direct marketing from the data controller separately for each marketing channel, including in relation to profiling for marketing, sales, or customer support purposes.

  1. Other rights of the data subject

Right of the data subject to access the data

The data subjects have a right of access to their data in the register. The access request must be made in accordance with the instructions given in this privacy policy. The right of access can be refused on the grounds set out in law. Exercising the right of access is generally free of charge, except if doing so would require a disproportionate effort from our technical staff. The data subjects may access, review, correct, update, change or delete their information at any time. To do so, they must contact us in accordance with section 12 of this privacy policy with their name and the information requested to be accessed, corrected or removed.

In the following cases we may decline exercising the right to process requests that are unreasonably repetitive, systematic, would require disproportionate technical effort, conflict with privacy of others, would be extremely impractical, or for which access is not otherwise required.

We may retain data subject’s information as necessary to comply with legal obligations, resolve disputes, or in backup disks.

Right of the data subject to request rectification, erasure or restriction of processing of personal data

If the data subjects become aware of or observe an error in the data, which they cannot rectify on their own, they can request the data controller to rectify the data in accordance with section 12 of this privacy policy. The data subjects may also request the data controller to erase or supplement any data contained in the register that conflicts with the purpose of the register or is incorrect, unnecessary, incomplete or outdated.

The data subjects also have the right to demand that the data controller restricts the processing of their personal data, e.g. while the data subject is waiting for the data controller’s response to a request for the rectification or erasure of the data.

Right of the data subject to object to processing of personal data

The data subjects have the right to object to processing of their personal data by the data controller on grounds related to their particular situation if the processing is based on the data controller’s legitimate interest.

The data subjects can make their objection in accordance with section 12 of this privacy policy. When presenting their request, the data subjects must specify the particular situation based on which they are objecting to processing. The data controller can refuse to comply with the objection on the grounds set out in law.

Right of the data subject to data portability

If the data subjects have provided data for the register themselves and such data are processed based on the data subject’s consent, the data subjects generally have the right to receive the data in a machine-readable format and to transmit them to another data controller.

Right of the data subject to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with the competent supervisory authority if the data controller has not complied with the data protection regulations applicable to its operations.

Right to withdraw consent

If personal data are processed based on the data subject’s consent, the data subjects have the right to withdraw their consent by giving a notice to the data controller in accordance with section 12 of this privacy policy.

  1. Contacts

In case of questions related to the processing of personal data and situations related to the exercise of their rights, the data subjects should contact the data controller. The data subjects can use their rights by sending an email message to Heeros CEO Niklas Lahti at

  1. Changes to the policy

Heeros Oyj can make changes to this privacy policy in case of changes to the methods or purposes of the processing of personal data.