Last updated: May 15, 2023

Fortaco Group (“we”) respects your privacy and is committed to protecting your personal data. This Privacy Notice (“Privacy Notice”) will inform you as to how we process your personal data on our website. Regarding this data, we shall be acting as a data controller in the meaning provided by the EU data protection legislation.

The Privacy Notice does not address, and we are not responsible for, the privacy practices of any third parties. Fortaco disclaims all responsibility for the processing carried out by third parties, also in cases where our services include hyperlinks or other links to third-party websites or services. Privacy and security are important to us, and we process all personal data with due care and in accordance with applicable laws and regulations.

[This privacy notice is provided in a layered format. You can click through to the specific areas set out below.]


The data controller for the processing described in this notice is:

Fortaco Group Oy (‘Fortaco’)

If you have questions regarding this privacy notice, please contact us at Contact us | Fortaco Group.


We use cookies on our website to improve the service. Cookies are small text files stored on your terminal equipment, such as computers, tablets, or smartphones, when you browse websites. Cookies contain character strings that enable functions to be performed and contain information on how you have interacted with websites. The purpose of cookies is not to harm your device, nor do they read other information from your equipment’s hard drive or spread viruses. Data can be stored in cookies while you use online services or visit websites, and in between visits.

Cookies and similar technologies provide various functionalities common to modern websites. Cookies are used widely in both public-sector and commercial websites. They are a key component of safe, efficient, and user-friendly functioning of services based on electronic communication.

The cookies we use have been categorised based on their functionality. Cookies have different functionalities which determine whether they are regarded as necessary or non-necessary (voluntary) cookies. Necessary cookies are cookies that are necessary for our website or services to function. These cookies are automatically activated and do not require your consent. Other cookies are not necessary for the website or service to function and require your consent to be activated.

You can also choose to give your consent only to some voluntary cookies or to withdraw all or some of your consents.

You can find information regarding how different cookies are used in the cookie settings. In the cookie settings, you can also enable and disable the categories of cookies as you prefer.


In the following, we will tell you which categories of personal data we may collect about you and how we collect it. A table explaining the purposes for which we process your personal data and the lawful bases we rely on can be found in Section 4.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

A. Identity Data includes your first name, last name and company name.

B. Contact Data includes your email address or other online contact information, telephone number and address.

C. Consent Data includes data on consents you have given for cookies or electronic marketing when you sign up for our email list.

D. Technical Data includes your IP address, browser type and version, preferred language, geographical location using your IP address, operating system and computer platform, the full Uniform Resource Locator (URL) clickstream to and from our services, including date and time; and areas of our services you have visited. Technical data also includes data on necessary cookies such as remembering preferences.

E. Cookie Data includes data on non-necessary cookies. We need your consent for processing these cookies.

F. Enquiry Data includes data on enquiries you have submitted in our services.

Identity (A), contact (B), Consent (C), and enquiry (F) information is provided directly by you through the website. Technical (D) and cookie (E) data is collected directly from your use of our website and interaction within it.


We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

i. Where you have given your consent cf. GDPR Article 6 (1) (a).

ii. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests cf. GDPR Article 6 (1) (f).

We have set out below a description of all the ways we plan to use your personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/ActivityType of dataLegal basis for processing including basis of legitimate interest
To operate our website, prevent unlawful activity and offer you information on our services as well as to offer you the possibility to: 
– contact us;
– give feedback
(A) Identity
(B) Contact
(C) Consent
(D) Technical
(E) Cookie
(F) Enquiry
We have a legitimate interest to maintain our website and use necessary cookies to provide you the experience you explicitly request.
For quality improvement and trend analysis(D) Technical
(E) Cookie
With your consent.
For statistical and analytical purposes
We may gather Technical and Cookie Data and anonymous and aggregate data to generate reports and statistics. We may use statistics and reports for sales and marketing purposes.
(D) Technical
(E) Cookie
With your consent.
Direct marketing 
We process personal data for the purposes of direct marketing, such as sending of newsletters or similar marketing materials. You can unsubscribe from receiving such material at any time.
(A) Identity
(B) Contact
(C) Consent
With your consent for receiving direct marketing.

To the extent that we have referred to our legitimate interest as the legal basis for the processing of personal data specified above, we have conducted a balancing test for those interests to ensure that our interest does not override your interests or fundamental rights and freedoms. Please contact us at Contact us | Fortaco Group if you wish to receive more information on the balancing test.


We do not disclose personal data to third-party controllers outside of Fortaco’s organization unless one of the following circumstances applies:

it is a legal obligation to disclose your personal data to public authorities such as tax authorities or law enforcement authorities.

we may assign your personal data to any person or entity that acquires all or substantially all our business, stock or assets, or with whom we merge.

when it is necessary for the purposes listed in section 4.

when we have your explicit consent for sharing the data outside of Fortaco’s organization for reasons other than those mentioned above.

when we believe in good faith that disclosure is necessary to establish or exercise our legal rights or defend against legal claims, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We may share information, including personal information, with our trusted third-party service providers that we use to provide services to us and process your data on our behalf and under our instruction. These third-party service providers may have access to or process your personal information for the purpose of providing these services for us. We do not permit our third-party service providers to use the personal information that we share with them for any other purpose than in connection with the services they provide to us. These third-party service providers may include IT service providers; hosting service providers; cyber security service providers; and marketing service providers. We have entered into data processor agreements with our data processors.


Personal information may be transferred between Fortaco Group companies or third parties in countries, where the level of protection does not necessarily meet EU legal requirements, in order to carry out the above or fulfil your customer needs.

For our website functions, we use service providers in several geographical locations. As such, we and our service providers may transfer personal data to, or access it in, jurisdictions outside of the European Economic Area or your domicile. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it. We provide adequate protection for the transfer of personal data to countries outside of the European Economic Area through a series of intercompany agreements and agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements.

We use the Standard Contractual Clauses approved by the European Commission (Commission Implementing Decision (EU) 2021/914). The clauses can be found here:

More information regarding the transfers of personal data may be obtained by contacting us using the addresses mentioned in this Privacy Notice.


Fortaco does not store personal data longer than is legally permitted and necessary for the purposes of providing the Services or the relevant parts thereof. The storage period depends on the nature of the information and the purposes of processing.

Retention times per data group:

Identity Data

2 years after last interaction

Contact Data

2 years after last interaction

Consent Data

Until consent is withdrawn, but max. 3 years.

Technical Data

1 year after last interaction

Cookie Data

We use both session-specific cookies and persistent cookies. You can find the retention times of all cookies in the cookie settings.

Session-specific cookies are stored in the memory for the duration of the session and are deleted when you have closed the browser.

Permanent cookies are stored on your computer’s hard drive and are kept for a certain period or until you delete the cookies.


You have certain choices available to you when it comes to your personal information. Below is a summary of those choices and how to exercise them. Please note that some of these choices are legal basis -specific, meaning that they can only be used with specific legal bases.

Under certain circumstances, you have the right to:

Request to know whether we process your personal information.

Request to access your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no relevant reason for us continuing to process it.

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party (also known as data portability). Please note that you do not have this right when processing is based on legitimate interest.

Where our processing is solely based on your specific consent you have the right to withdraw your consent at any time. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise any of the data protection rights that are available to you then please contact us at Contact us | Fortaco Group and we will action your request in accordance with applicable data protection laws.

You have the right to complain to your local data protection authority if you are unhappy with our data protection practices. In Finland you can lodge a complaint with the Office of the Data Protection Ombudsman at Notification to the Data Protection Ombudsman.


This Privacy Notice may be updated from time to time to reflect changes in legal, regulatory, or operational requirements. We encourage you to periodically consult our Privacy Notices for the latest information on our privacy practices.