Privacy statement


This privacy statement describes how Amua Oy ("Registrant") processes personal data, what personal data is collected, for what purposes personal data is collected and to which parties personal data may be disclosed, and how you can influence the processing of your personal data. The data protection statement also provides information on the obligations that are followed in the processing of personal data.

This privacy statement applies to Amua Oy's customer work and the provision of services and the processing of personal data in connection with the services. The data protection statement also applies to the processing of personal data of potential customers based on consent.

The controller complies with data protection legislation when processing personal data. Data protection legislation refers to valid data protection legislation, such as the European Union's General Data Protection Regulation (2016/679) ("Data Protection Regulation"), the National Data Protection Act (5 December 2018/1050) and the instructions and regulations of the supervisory authority. The terms related to data protection, which are not defined in this data protection statement, are interpreted in accordance with data protection legislation.


When you visit our site for the first time, you will be asked to accept or deny the use of cookies. The purpose of using cookies and similar technologies is to monitor the use of websites, implement services technically, develop the website's functionality and offer users a better user experience. We also use cookies that are necessary for our site to function as intended.

Cookies are small text files that your browser stores on your computer, mobile device or other device when you use websites. Information is stored in cookies during the use of the site and between visits.

Cookies can be used to collect, for example, your IP address and information about which websites you have visited. If the data collected through cookies is identifiable personal data, the data will be processed in accordance with this privacy statement.

Amua Oy uses the following cookies:

Necessary cookies: Our website has cookies that are necessary for our website to function properly. Necessary cookies are always on, unless you block them in your browser settings.

Performance and user experience cookies: Performance and user experience cookies are used to collect information about how our websites and services are used, so that we can improve the performance and user experience of our pages and our services. We ask for your consent to the use of these cookies when you visit our website. If you do not accept these cookies, we will not be able to improve our website and services as effectively.

The cookies used on our website can be permanent or session-specific cookies. A permanent cookie remains on your device after you close the browser. A permanent cookie remains valid until the deadline set for it, unless you delete it yourself earlier. The session cookie ceases to be valid at the end of the session when you close your browser.


Amua Oy's customer and website visitor register.


Janne Rajala

+358 40 0700 295


The register processes the personal data of Amua Oy's customers, potential customers and website visitors.

The subject of processing is the following personal data:

  • Name

  • Contact information, such as phone number and email address

  • Cookie information

  • IP addresses

  • Location information (country and city)

  • Browser

  • Operating system

  • Referral address


The controller or a partner authorized by it (acting on behalf of the controller) uses the register's personal data in accordance with data protection legislation for the following purposes:

  • Customer relationship creation and marketing

  • Customer relationship management and development

  • Providing, delivering and producing services

  • Contract management and invoicing

The controller has the right to process personal data on the following grounds:

  • Based on the consent of the registered person: The registered person has given his consent to the processing of his personal data (potential customers).

  • Based on the agreement: Conclusion and execution of the agreement between the controller and the customer.

  • On the basis of a legitimate interest: The controller has a legitimate interest based on the customer relationship to use customer data in the development of services and for the marketing of products and services under the conditions and restrictions defined in legislation.


The data is collected directly from the registrants themselves. Information is obtained from customers, potential customers and website visitors in connection with the contact form and other contacts (phone and email contacts).

Information is also collected with the help of cookies and similar technologies in accordance with the procedures allowed by the regulations in force at any given time.


In principle, personal data is not disclosed to outside parties. Data can also be transferred to Amua Oy's partners for processing for the purposes specified in section six.


Amua Oy does not transfer personal data outside the EU or EEA.

However, the pages are provided by a third party, Shopify. Shopify collects and stores personal data provided with your consent in secure locations in accordance with the data protection regulation. If necessary, in order to provide the service, Shopify can transfer data outside the EU and/or the EEA in compliance with EU-approved protection mechanisms, such as the EU Commission's standard clauses regarding the transfer of personal data.


Personal data is stored as long as the data controller uses the data for the purposes described in section six. Personal data stored in the register are deleted when there is no longer a legal basis for their processing.

The personal data of customers and partners' representatives is kept for a maximum of two years after the end of the customership or collaboration or until the data subject requests the deletion of the data. Personal data may have to be stored even longer than this, if the applicable legislation or contractual obligations binding the data controller towards third parties require a longer storage period.

Personal data collected on the basis of consent is stored for a maximum of two years.


The data security of the register and the confidentiality, integrity and usability of personal data are ensured by appropriate technical and organizational measures.

Only persons employed by Amua Oy or its authorized operators, whose duties require the processing of personal data, have access to the information. Register data is protected with personal usernames and passwords. Personnel and partners are required to commit to keeping the register's personal data confidential.


The registered person has rights according to data protection legislation. Please note that the more precise application of the rights in each individual situation depends on the purpose and situation of personal data processing.

As a general rule, the data controller does not charge the data subject a fee for processing the request. However, if the data subject's requests are obviously unfounded or unreasonable, such as for example if they are presented repeatedly, the data controller may charge the data subject a reasonable fee based on the administrative costs of processing the request.

The right to get access to personal data and to receive a copy of personal data: The registered person has the right to receive confirmation of whether the registered person's personal data is being processed, as well as the information defined in the data protection legislation about the processing of personal data. In addition, the data subject has the right to receive a copy of the personal data being processed.

Right to check and correct information: The registered person has the right to check what information about him/her has been stored in the register. The registered person has the right to demand the correction of incorrect or inaccurate personal data.

Right to deletion of data: The registered person has the right to have his personal data deleted without undue delay, provided that:

  • Personal data is no longer needed for the purposes for which it was collected or for which it is otherwise processed

  • The data subject withdraws the consent on which the processing was based, and there is no other legal basis for the processing

  • Personal data has been processed illegally

  • Personal data must be deleted in order to comply with a statutory obligation based on Union law or national legislation

Right to restrict processing: Restricting the processing of personal data means that, in addition to storage, the personal data subject to the restriction may only be processed:

  • With the consent of the registrant

  • To prepare, present or defend a legal claim

  • To protect the rights of another natural or legal person

  • For reasons of important public interest of the Union or a Member State

The data subject has the right to have the data controller limit the processing if:

  • The data subject disputes the accuracy of the personal data, in which case the processing is limited until the controller ensures the accuracy of the data

  • The processing is against the law and the data subject opposes the deletion of personal data and instead demands the restriction of their use

  • The controller no longer needs the personal data in question for the purposes of processing, but the data subject needs them to prepare, present or defend a legal claim

The right to withdraw consent: If the processing of personal data is based on the data subject's consent, the data subject has the right to withdraw the consent he gave to the processing at any time without affecting the legality of the processing carried out prior to this consent. However, the registered person's personal data can be stored if compliance with the legal obligation of the data controller requires the storage of personal data.

The right to transfer data from one system to another: The data subject has the right to receive the personal data concerning him, which he has provided to the data controller, in a structured, commonly used and machine-readable format, and the right to transfer the data in question to another data controller, if it is technically possible.

The right to file a complaint with the supervisory authority: The registered person has the right to file a complaint with the supervisory authority if the data subject considers that the processing of personal data concerning him/her violates applicable data protection regulations.

Updated 3/6/2024