top of page

Privacy statement

In this privacy statement, we explain how we collect and process your personal data as part of Kvalida Oy's services and marketing: what data we collect, how it is processed and what rights you have. The data protection statement has been prepared in accordance with the EU data protection regulation (General Data Protection Regulation "GDPR").

The privacy statement applies to Kvalilog produced by Kvalida Oy®users logged in and added to the service, visitors to our website, and persons whose personal data we have collected from other sources.

Contact information of the registrar


Kvalida Oy
Social security number: 2974609-2

c/o Helsingin Revisor Oy
Sinikalliontie 7
02630 Espoo

Contact information of the data protection officer


Kaspar Kork
0400 324 298

Information we collect

  • The user account includes information such as name, e-mail address, password, organization where you are a user, and other information that you can add to your user account.

  • Billing information, contract information and other information and settings of your organization.

  • Automatically collected information that we receive when you use our services, such as the devices you use, browsers, IP addresses, as well as activity logs and user activity data.

  • Contact information that we can collect from public sources or from our partners, or that you give us in another connection.

  • Email messages and other communications when you are in contact with us, and related additional information such as timestamps and notes.

  • Contact information of carefully selected companies and their employees. These people are selected based on their position and role in the company.

We use data

  • To provide the service in accordance with the terms of the contract

  • To provide customer service, support and training

  • For communication and information in the service

  • For the sale and marketing of services

  • For service development, troubleshooting and usage analysis

  • To implement data security

Disclosure of information to third parties

Web identification information of visitors to our website, such as IP address and unique cookie, may be passed on to our trusted partners for targeting and measurement of online advertising.

When you use the service, some of the information in your user account, such as name and email address, is shared with the main users of your organization, and also with other users and organizations of the service when the content you use is shared with several participants.

Transferring data outside the EU/EEA area

To provide the service, we use subcontractors and partners who process data on our behalf, in which case personal data can be transferred to countries where the data is processed. Personal data can also be transferred outside the EU/EEA area. All our partners comply with GDPR requirements for data transfer outside the EU/EEA area.

Legal basis for data use

  • Agreement when the data is used to provide the service for users who have logged in to the service and have a valid user ID.

  • Our or a third party's legitimate interest when the data is used for information, customer service, service development, troubleshooting or implementing information security.

  • Consent when data is used for direct marketing.

  • We also collect contact information of carefully selected companies and their employees. These people are selected based on their position and role in the company.

Data retention period

As a general rule, data is stored as long as the legal grounds for data processing for the purpose in question are valid. We regularly delete information that is no longer necessary.

You have a right

  • Request access to your personal data and the right to request the correction or deletion of said data

  • Request the restriction of the processing or object to the processing and the right to transfer the data from one system to another

  • Cancel consent-based data processing

  • File a complaint with the data protection authority

Data processing when we are not the data controller

The content you add, such as text entries, images and attachment files and all other content that you add while using the service, and the purposes and means of processing of which are not defined by you, are treated as personal data in accordance with the requirements of the GDPR, so that Kvalida Oy acts as a data processor. In this case, the responsibility of the registrar lies with the organization that is the Adder or owner of the content in question in the service.

bottom of page