Privacy Policy
Last updated: June 2026
Privacy Statement
Ovido Oy ("Ovido" or "we") processes personal data of users of our product data management platform ("Platform") and visitors of Ovido.fi ("Website"), referred to jointly as "Services". "Customer" refers to organisations using the Platform. "User" or "you" refers to Customer representatives and unregistered Website visitors.
This statement may be updated from time to time. We will not make substantial changes or reduce your rights without notifying Users who have provided their email address. The current version is always available on the Website.
This statement covers processing by Ovido as data controller only. It does not apply to processing by Customers or other third parties — please refer to their respective privacy policies.
Controller contact details
Ovido Oy Company ID: 3456057-5 Lapinlahdenkatu 16 C, 00180 Helsinki, Finland +358503424261 antti.toponen@ovido.eu www.Ovido.fi
Contact person: Antti Toponen — antti.toponen@ovido.eu — +358503424261
Personal data we process
We process two categories of personal data: User Data and Analytics Data.
User Data is collected directly from you or your organisation, or generated through your use of the Services. This includes email address, password, marketing preferences, and payment details.
Analytics Data is logged automatically when you visit the Services. It may constitute personal data when combined with User Data and will be treated accordingly. This includes:
- Device information: device type and ID, country, IP address, browser type and version, operating system, internet service provider, advertising identifier
- Usage information: time spent in the Services, interactions, visit timestamps, sections visited
We use cookies, pixel tags, and web beacons to collect Analytics Data. You can configure your browser to refuse cookies, though some parts of the Services may not function properly as a result. The Website uses Google Analytics — you can opt out via the Google Analytics browser add-on.
Purposes and legal grounds for processing
We process your personal data for the following purposes:
- Providing the Services — to deliver the Platform and Website, respond to support queries, and resolve complaints
- Legal obligations — to fulfil bookkeeping, tax reporting, and other statutory requirements
- Claims and legal processes — for claims handling, debt collection, fraud prevention, and network security
- Customer communication and marketing — to notify you of changes to the Services and to market relevant offerings
- Quality improvement — to analyse usage trends and conduct satisfaction surveys, using anonymised data where possible
The legal grounds for processing are contractual necessity, legitimate interests (weighed against your right to privacy), legal obligation, and consent where specifically requested. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.
International transfers
Personal data is stored primarily within the European Economic Area. Where we or our service providers access data from outside the EEA, we ensure adequate protection through Standard Contractual Clauses or other appropriate safeguards. Contact us for further information.
Recipients of personal data
We share your personal data only where necessary:
- Customers, who access User Data as independent controllers to receive the Services
- Authorised service providers (data storage, accounting, sales, marketing, payment processing), acting as data processors under appropriate contractual protections
- Legal and regulatory authorities, where required by law or to protect the rights and safety of Ovido, Users, or the public
- Acquirers, in the event of a merger, acquisition, or asset sale, subject to continued confidentiality obligations and User notice
- Third parties with your explicit consent, which may be withdrawn at any time
Retention periods
Most User Data is deleted 90 days after your Customer organisation terminates its subscription, unless further retention is required by law or for legitimate interests such as bookkeeping or claims handling. Analytics Data is retained for 12 months.
Your rights
You have the following rights regarding your personal data:
- Access — view or obtain a copy of the data we hold about you
- Withdraw consent — withdraw any consent previously given
- Rectification — correct or complete inaccurate or incomplete data
- Erasure — request deletion of your data, subject to legitimate grounds for retention
- Object — object to processing beyond what is necessary for Service provision or legal compliance
- Restriction — request that processing be restricted while other requests are pending
- Data portability — receive your data in a structured, commonly used format for transfer to another controller
- Direct marketing opt-out — prohibit use of your data for direct marketing or related profiling at any time
To exercise any of these rights, contact us by letter or email with your full name, email address, and phone number. Additional identity verification may be required. We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.
Complaints
If you consider our processing of personal data to be inconsistent with applicable data protection law, you may lodge a complaint with the Finnish Data Protection Ombudsman: www.tietosuoja.fi
Information security
We implement administrative, organisational, technical, and physical safeguards including encryption, pseudonymisation, firewalls, secure facilities, and access controls. We regularly test our Services and infrastructure for security vulnerabilities.
In the event of a security breach likely to affect the privacy of Users, we will notify affected parties and relevant authorities as required by applicable law.