Privacy Policy


Diffo Solutions Oy

Privacy Policy

Register description in accordance with Section 10 of the Personal Data Act (523/1999)

Data controller

Diffo Solutions Oy

Business ID: 2990791-7

Address: Lentokatu 2, 90460 OULUNSALO

Domicile: OULU

Telephone: 040 024 9495


Contact person for registration matters

Timo Pernu

Address: Lentokatu 2, 90460 OULUNSALO

Telephone: 040 024 9495


The contact person for the register will respond to questions and feedback concerning this register within 20 working days at the latest.

Name of the personal register

Diffo Solutions Oy Privacy Policy

Purpose of processing personal data

We process data only for predefined purposes and only to the extent that processing is necessary. We process data for the following purposes:

  • To provide and develop services
  • To provide services to our customers, to maintain and develop customer relationships, to provide services and to develop customer loyalty.
  • Customer and marketing communications
  • To conduct surveys and research
  • To ensure the availability and functionality of the website and to prevent and investigate abuse
  • To comply with legal obligations such as accounting legislation
  • For business planning and development
  • To deliver the service purchased by the customer on Diffo’s own platform

Data to be registered

We collect and process data only for predefined purposes. As a general rule, we collect data from individuals themselves. Data may also be collected in connection with the use of our website(, or or other services. In addition, information may be obtained from external sources such as our partners and public registers.

The information we process can be divided into two categories: ‘information provided by the individual‘ and ‘information collected about the use of the website‘.

Information provided by the individual

Information is obtained directly from an individual, for example, when an individual subscribes to our newsletter, submits a request for a quote, participates in surveys, polls or contests, or communicates with us by telephone, SMS, email or other similar means.

Such information may include:

Basic information

  • First and last name, address, telephone number, e-mail address
  • Age, gender, occupation or title, city.

Information related to business affiliation

  • Company details such as name, business ID, address, etc.
  • Subscription details
  • Contract and tender information
  • Billing and payment information
  • Customer feedback and contacts

Information on potential customers

  • Employer name
  • Name, surname, title, telephone number, e-mail address

Data collected through contact forms

Information provided in response to questionnaires and surveys

Competition responses

Comments and likes on our website

Information on marketing authorisations, consents and prohibitions

Other information collected with user consent

Data collected from the use of the website

In addition to the information provided by the user, we collect information about how and when our website(, or is used. This information is collected through the use of cookies and other similar technologies. Cookies do not allow us to identify the user of our website.

Personal data may be linked to cookies if an individual provides personal information, for example, by filling in a contact form on the website or subscribing to our newsletter. Personal data may also be linked to cookies if a user accesses our website via a link in a marketing message we send.

Such information includes:

  • Website usage and browsing data
  • The website that referred you to the website and the website to which you have been redirected from the website
  • Technical information relating to the user’s terminal equipment, such as type of operating system and software versions
  • Browser type and language settings
  • IP address
  • Other information provided by the user with his/her consent

Processing of data

We will always process personal data in compliance with applicable data protection legislation and good data management and processing practices. We will ensure that we always have a legal basis for processing personal data as provided by law.

We process personal data on the following grounds:

  • Contract (e.g. customer or similar contractual relationship)
  • (e.g. provision and development of services, business reporting, prevention of abuse, customer service, direct marketing).
  • Consent (e.g. direct marketing, cookies)
  • Legal obligations (e.g. accounting or other mandatory legislation)

Where we process personal data on the basis of legitimate interest, you have the right to object to the processing of your personal data under the conditions set out in the legislation.

We will only process the data to the extent and for as long as there are legitimate grounds for the processing or the processing is otherwise necessary for the purposes for which the data are intended.

We are committed to properly destroying unnecessary and outdated data. We will only keep the data for as long as necessary to fulfil the purpose of the predefined processing. Data may be kept longer after the end of the customer relationship or other basis for processing personal data, if required by applicable law.

We make reasonable efforts to keep the personal data we hold accurate by deleting unnecessary data and updating outdated data. The information will be recorded in the register as it is received from the individual and will be updated as and when the individual informs us. You always have the right to inspect the information about you and, if necessary, to request that it be corrected or deleted.

Data processors

As a general rule, the data will be processed by employees of Diffo Solutions Ltd who, by virtue of their job, have access rights, the necessary user IDs and passwords to process the data.

We also use external service providers for the processing of personal data, who process the data on our behalf in accordance with our pre-agreed instructions and the applicable legislation. Such services include email, cloud computing, marketing, customer relationship management, financial management and similar services. We will ensure through appropriate contractual arrangements that third party service providers process the data in accordance with applicable law and only for the purposes set out in this Privacy Policy.

Disclosure of personal data

Disclosure of data will be made within the limits permitted and chargeable by applicable law. Diffo Solutions Ltd has a legal obligation to disclose personal data to public authorities, based on legitimate requests for information received in writing.

To the tax authorities, pension insurance companies, insurance companies, trade unions, public pension funds or employment pension funds, data will be disclosed without the authorisation or consent of the client, when the disclosure of information is expressly provided for by law.

To an auditor chosen by the client, data are disclosed without any specific authorisation for the purpose of implementing the contract between the client and the auditor.

Diffo Solutions Ltd does not sell, rent or disclose personal data to parties other than those specified by law.

In addition, we may disclose information if we determine that disclosure is necessary to enforce our rights, protect the safety of data subjects or others, investigate misconduct, or respond to a request from a public authority.

Websites may contain comment or discussion features, in which case a person may also disclose information to other website users: all such information is public information by default and there is no presumption of privacy for information disclosed in this way.

The data in the register will not be disclosed outside the European Union or the European Economic Area unless requested in writing by the Customer. Transfers of data outside the European Union or the European Economic Area at the written request of the Customer will be made in accordance with the requirements of the European Union’s General Data Protection Regulation on data transfers.

However, some of the cloud, email and similar services we use are located outside the EU, such as in the United States and Canada. We will always ensure that the data transfer is carried out on the basis of the law and with adequate safeguards, such as the country being an Adequate Data Protection country as defined by the EU Commission, the transferee being Privacy Shield certified (for US-based transferees) or the transfer being made using standard contractual clauses published by the EU Commission.

Storage and protection of the register

Customer data is processed only by the Diffo Solutions Ltd employee who is assigned to perform the work in question. The processing of personal data for other reasons is prohibited, even if a Diffo Solutions Ltd employee has access to customer data for his or her role and business reasons. All processors of personal data are also bound by a duty of confidentiality.

Data in physical form

Data in physical form is stored in locked cabinets in a locked room at Diffo Solutions Ltd’s premises. The material in physical form will be kept only for as long as is necessary for the processing of the material. Thereafter, the data will be deleted and destroyed.

Data stored electronically

Data in electronic format is available to Diffo Solutions Ltd on appropriately secured servers. In addition, data is stored and processed on the proprietary servers of third party software such as Pipedrive, SalesForce, MailChimp, Microsoft and Google Analytics. These are subject to their own privacy policies and terms of use and Diffo Solutions Ltd is not responsible for their privacy practices.

Information in electronic format is stored in Diffo Solutions Oy’s information systems, where both technical and software measures are used to ensure data security. To protect personal data, the necessary security measures are used, such as secure connections, firewalls, secure facilities, strong passwords and due diligence. Material in electronic format will be kept only for as long as necessary for the processing of the material. After that, the data will be deleted and destroyed.

In the event that Diffo Solutions Ltd becomes aware of a security breach of the system that is likely to seriously compromise the privacy of customers, customers will be notified of the breach by email without undue delay.

The notification will include information about the data affected by the breach, the likely consequences of the breach, and the actions Diffo Solutions Ltd has taken in response to the breach.

Diffo Solutions Ltd will update the Privacy Policy annually by the Data Protection Officer referred to above.

Right of access and rectification of data

The data subject has the right to inspect the data relating to him/her that are recorded in the personal data file. Before disclosing the data, the identity and rights of the data subject who requested the data will be verified by means of a photo ID or other required measures will be taken to ensure that the data are not disclosed to any person other than the data subject himself/herself. In order to carry out the verification request, the data subject must contact the contact person.

The data subject also has the right to request the correction of inaccurate information in the register. The request for correction must identify the error to be corrected and specify the corrected data. In order to carry out the request for correction, the data subject must contact the contact person.

The data subject has the right to lodge a complaint with a supervisory authority.

Other rights of the data subject

The data subject has the right to object to the use of data concerning him or her for the purposes specified by law. Such a prohibition may be given at any time to the contact person mentioned above.

All requests relating to the rights of the data subject must be made to the contact person of the register, unless otherwise indicated.

As a data subject, you have the right at any time under the applicable data protection legislation:

  • To have access to your personal data
  • Request rectification or integration of your personal data
  • Request access to or rectification of your personal data, or request the deletion of your personal data
  • Request an amendment or rectification of your personal data, or to have your personal data corrected or rectified
  • Restrict the processing of your personal data
  • Object to processing on the basis of legitimate interest
  • Right to be informed of personal data breaches
  • Withdraw your consent to the processing of your personal data

You also have the right to lodge a complaint with the competent supervisory authority if you consider that we have not complied with the applicable data protection legislation.


We use cookies and similar tracking technologies on our websites(, or A cookie is a small text file that is stored on the user’s terminal device. Cookies do not harm the user’s terminal equipment and cannot contain any malware or viruses.

Cookies contain an anonymous, unique identifier that allows us to assess the reachability of the website and identify users who return to the website. Cookies are browser-specific and do not allow the user to be identified by cookies alone. Personal data may be linked to cookies if an individual provides personal information, for example, by filling in a contact form on the website or subscribing to our newsletter. Personal data may also be linked to cookies if a user accesses our website via a link in a marketing message we send.

Some cookies are “first-party” cookies, set by Diffo Solutions Ltd and related to the website that the person is visiting. For the most part, they enable the functionality of the website and provide information about how people use the website in order to improve the website.

Some cookies are “third-party” cookies, i.e. cookies set by parties outside Diffo Solutions Ltd, belonging to providers of marketing, analytics or social media services. These so-called third parties may place cookies on the user’s terminal device when the user visits the website.

Use of cookies

We use cookies and other similar technologies to monitor and analyse the use of the website and to improve the website. We may also collect information from marketing emails and newsletters, for example, to determine whether messages have been opened and whether any action has been taken on them, such as going to the website.

Third party cookies

We also use cookies provided by third parties on our website, such as analytics tools and measurement systems, to collect and use non-personal information. These include Google Analytics, Facebook software.

Our websites also include social plugins such as Facebook, Instagram and LinkedIn Like and/or Share buttons. These social plugins are embedded in our website, but their functionality and content comes from a third party. Third party services are subject to their own privacy policies and terms of use, and Diffo Solutions Ltd is not responsible for the collection or processing of information by these third parties, including cookies and other tracking technologies and links. We encourage you to review the terms of use and privacy statements of these third party services.

With regard to cookies and other similar technologies, you can influence the collection of data in the following ways:

  • By setting your browser to “Private Browsing”, “Incognito” or “InPrivate” mode, you can browse websites so that no information about the websites you have visited is stored by cookies.
  • You can also prevent the use of cookies by changing your browser settings. However, blocking cookies may affect the functioning of our website.
  • You can also clear cookies in your browser settings or reset the mobile tag in your device settings. By clearing cookies or the mobile identifier at regular intervals, you can change the identifier that is used to build your profile. However, clearing cookies does not completely stop the collection of data, but rather resets the profile based on previous behavioural data.
  • You can prevent the use of website data by Google Analytics by installing a browser add-on to prevent the use of Google Analytics. This add-on prevents the Google Analytics JavaScript running on websites from sharing website traffic data with Google Analytics.

Diffo Solutions Ltd may change this Privacy Policy from time to time. We therefore encourage you to periodically review this Privacy Policy for any changes. Where possible, we will also endeavour to notify you of material changes to the email address provided by you.

This Privacy Policy was last updated on 05.04.2024