top of page

LignoSphere Company Oy

PRIVACY policy

Effective date: 1 June 2025

1. Controller Information

LignoSphere Company Oy (Business ID: 3285966-1)
Tietotie 2 B, 02150 Espoo, Finland
Email: info@lignosphere.com

2. Scope of This Policy

This Privacy Policy describes how LignoSphere Company Oy ('LignoSphere', 'we', 'us', or 'our') collects, uses, and protects personal data when you visit our website, contact us, or otherwise interact with us. We are committed to handling personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Finnish data protection legislation.

3. Personal Data We Collect

3.1 Data you provide directly

When you contact us via our website contact form or by email, we may collect:

  • Full name

  • Email address

  • Company name and job title

  • Phone number (if provided)

  • The content of your message or enquiry

3.2 Data collected automatically

When you visit our website, we may automatically collect:

  • IP address and approximate location (country/region)

  • Browser type and version

  • Operating system

  • Pages visited and time spent on each page

  • Referring URL

  • Date and time of visit

This data is collected via cookies and similar tracking technologies. See our Cookie Policy for details.

4. Purposes and Legal Bases for Processing

We process your personal data for the following purposes:

4.1 Responding to enquiries

Purpose: To respond to messages, questions, or requests submitted through our website or email.


Legal basis: Legitimate interests (Article 6(1)(f) GDPR) — it is in our legitimate interest to respond to people who contact us, and this processing is proportionate and not overridden by your rights.

4.2 Website analytics and improvement

Purpose: To understand how visitors use our website, diagnose technical issues, and improve content and functionality.


Legal basis: Consent (Article 6(1)(a) GDPR) — where analytics cookies are used, we rely on your freely given consent obtained via our cookie banner.

4.3 Compliance with legal obligations

Purpose: To comply with applicable laws and regulations.


Legal basis: Legal obligation (Article 6(1)(c) GDPR).

5. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

  • Contact enquiry data: up to 24 months from the date of last contact, unless an ongoing business relationship requires longer retention.

  • Analytics data: as set by the analytics provider — typically 14 months (see Cookie Policy for details).

  • Data retained for legal compliance: for the period required by applicable law.


When data is no longer needed, we delete or anonymise it securely.

6. Recipients and Data Transfers

6.1 Service providers

We may share personal data with trusted third-party service providers who process data on our behalf, including:

  • Website hosting and infrastructure providers

  • Analytics providers (e.g. Google Analytics)

  • Email service providers
     

All processors are bound by data processing agreements and may only process your data on our documented instructions.

6.2 Transfers outside the EEA

Some of our service providers may be located outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or we rely on an adequacy decision.

6.3 Other disclosures

We do not sell, rent, or trade your personal data. We may disclose data to public authorities where required by law.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — you may request a copy of the personal data we hold about you.

  • Right to rectification — you may ask us to correct inaccurate or incomplete data.

  • Right to erasure — you may request deletion of your data in certain circumstances.

  • Right to restriction of processing — you may ask us to restrict how we process your data.

  • Right to data portability — you may request your data in a structured, machine-readable format.

  • Right to object — you may object to processing based on legitimate interests or direct marketing.

  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

 
To exercise any of these rights, please contact us at info@lignosphere.com.


We will respond within one month. If your request is complex or numerous, we may extend this period by a further two months, and we will inform you accordingly.

8. Right to Lodge a Complaint

If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu):
 
Office of the Data Protection Ombudsman
P.O. Box 800, FI-00531 Helsinki
tietosuoja.fi

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These include access controls, encryption in transit (HTTPS), and regular security reviews of our systems and processes.

10. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The effective date at the top of this document will be updated accordingly. We encourage you to review this policy periodically.

12. Contact

For any questions or concerns about this Privacy Policy or our data processing practices, please contact:

LignoSphere Company Oy

Tietotie 2 B, 02150 Espoo, Finland
Email: info@lignosphere.com

Decorative dotted line separator
bottom of page