Contact Data Protection Statement

Effective Date: 17 October 2017

Protecting the integrity of your data, whether about you, your company, your transactions, your products or your service, is our highest priority. The commitment to keep your personal data confidential and secure at all times and the personal data processing practices in our business activities are explained below. Your personal data is processed in accordance with all applicable laws and regulations.

When you are representing our customer or vendor company and engaged with us (e.g. using or buying the services, or selling products or services to us) (“Business Activity”), this Contact Data Protection Statement (“Statement”) is intended to provide you with general information on the processing of your personal data (“Contact Data”).

We arrange and process the Contact Data we collect in two data files, one for our customer contacts and another for our vendor contacts. Additional and more detailed data protection information applicable to each of these data files and Contact Data processed in the context of them is available in:

(each “Description”, further references to this Statement below include also the contents of the relevant Description or both Descriptions unless otherwise stated case by case).

In case of possible discrepancy, the information provided in the relevant Description prevails over the information presented in this Statement.

Please read this Statement carefully prior to accessing or participating in any Business Activity. By accessing or participating in the Business Activity and/or submitting (directly or indirectly) your Contact Data in connection with the Business Activity, you express your understanding to the processing of your Contact Data in the manner provided in this Statement. Otherwise, we expect you will immediately discontinue accessing or participating in the Business Activity, and you will not provide or will cease to provide your Contact Data to us. However, please note that absence of your Contact Data might fully or partially prevent us from fulfilling or executing the Business Activity.

Our Data Collection Methods

Accessing or participating in some Business Activities may require you to register personally for a user account in which you will need to provide us with certain basic Contact Data. Depending on the Business Activity, it is also possible that all or certain Contact Data is collected interactively from you (e.g. in a sales meeting or by phone) without subjecting you to any computerized data collection method.

In addition to collecting Contact Data from you personally, we may collect your Contact Data from your employer (or your colleagues or superiors) or from our own employees and other persons providing services for us.

Furthermore, in the course of your participation in any Business Activity electronically, we may automatically track certain Contact Data concerning you, such as IP address, the source of visit and type of your web browser even prior to explicitly requesting any of your Contact Data.

The Data We Collect and Process

Basic Contact Data consists typically of your name, email address, street address, country of residence, telephone number and the name of your employing company (if applicable).

In addition, we may collect other types of Contact Data that are necessary for the Business Activity in question. Detailed information concerning the types and processing of Contact Data is available in the relevant Description.

Generally, to the extent permitted by applicable laws and regulations, we retain your Contact Data at most ten (10) years after the last Business Activity where you have been involved. Additionally, as the case may require, we may have to extend Contact Data retention on the grounds of establishment, exercise or defense of legal claims or execution of our internal investigations. This retention period is justified due to our obligations or needs related to e.g. product and service warranties, product liability statutes as well as burdens of proofs in possible litigation situations.

The Purposes of Data Collection and Processing

The primary purpose of collecting and processing your Contact Data is to make the Business Activity and related products and services available for you. Additionally, among other defined processing purposes, we may use your Contact Data to communicate with you.  For instance, we may provide additional information relating to our services or other similar topics. The information may contain advertising in the form of electronic direct marketing or otherwise. If direct marketing is included in the Business Activity, we take into account related special safeguard requirements, including consistently providing you with the option to unsubscribe from our marketing activities. We may also use your Contact Data for research and development purposes such as improving and developing our IT systems and business processes. All detailed purposes of processing of your Contact Data are available in the relevant Description.

At all times and independent of any single purpose of processing we strive for efficient and secure Contact Data processing. This includes continued development of the Business Activities to ensure high quality and a broader scope and availability of our services.

Lawfulness of Processing of Contact Data

Processing of your Contact Data is generally and primarily based on legitimate interest of the data controllers. Based on defined purposes of uses of Contact Data and relationship between data controllers and Contact Data subjects, the primary legitimate interest of the data controllers is the possibility to conduct justified and lawful business according to applicable legislation.

Secondarily, for certain Contact Data subjects, our processing of Contact Data is based on direct or indirect contractual relationship.

Disclosures and Transfers of Contact Data

Your Contact Data is generally not disclosed (to be independently processed for purposes other than ours) to third parties outside our affiliates. In some circumstances, we may have to disclose your Contact Data by law, because a court or the police or other law enforcement agency has asked us for it. Your Contact Data may, however, be transferred to our affiliates or to third parties (e.g. subcontractors) who process Contact Data on our behalf for the purposes described in this Statement and in the relevant Description. In this way, we do not release the Contact Data from our effective control.

Due to technical and practical requirements, your Contact Data may be processed in locations other than the country in which you are situated, including locations outside the European Union or European Economic Area (incl. Switzerland). Therefore, countries to which your Contact Data may be sent/accessed from may have a different standard of data protection than the country in which you are situated. However, in all such cases, the processing of Contact Data shall be in accordance with applicable legislations (e.g. justified by EU Commission standard contractual clauses) and our data processing policies and instructions.

We may also share your Contact Data with a purchaser or potential purchaser of our business.

We may provide aggregate statistics about our customers, sales, traffic patterns, and other related Business Activity information to reputable third parties, but these statistics are anonymized and will not include your Contact Data.


Unfortunately, the transmission of information via the internet is not completely secure. We cannot fully guarantee the security of your Contact Data transmitted to us; any such transmission is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorized and illegal access, alteration and denial of use of your Contact Data.

Use of Cookies

From time to time, we may place information on your computer which allows us to recognize your computer. This information is commonly known as a “cookie”. Typically, cookies enable collection of certain information regarding your computer, including your internet protocol (IP) address, your computer’s operating system, your browser type and the address of any referring sites. Cookies are intended to improve availability and quality of the Business Activity. A separate Cookie Statement explains the cookies in detail (references to this Statement above and below include also the contents of the Cookie Statement unless otherwise stated case by case). In case of possible discrepancy, the information provided in the Cookie Statement prevails over information of this Statement and relevant Description.

Your Rights

At any time, you have the right to:

  • Object the processing of your Contact Data;
  • Opt-out as a recipient of any of our marketing activities (including electronic direct marketing), opinion polls or market research.

At any time, you have also the right to:

  • Gain access to your Contact Data;
  • Verify the accuracy of your Contact Data;
  • At your request, have your incomplete, inaccurate or outdated Contact Data modified or erased; and
  • Under certain circumstances, restrict the processing of your Contact Data;
  • Under certain circumstances, be forgotten by us;
  • Receive your Contact Data which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller when the processing is necessary for performance of a contract where you are involved; and
  • Lodge a complaint with a supervisory authority.

For more detailed description of your rights, please see the Description. In order to use these rights, contact us to the contact information provided below or in the Description.

Other Websites

Our Business Activity related information sources may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites are separate from our websites and do not operate under this Statement or any other data protection communication of us, but have their own privacy policies, data protection statements or similar announcements. We do not accept any responsibility or liability for these policies, statements and announcements or the lack of them or your use of such websites. Please check these policies, statements and/or any other data protection documents before you submit any Contact Data to these websites.

Changes to This Statement 

From time to time, this Statement may have to be changed or amended. In addition, the access to the Business Activity may be modified or revoked at any time with or without notice. It is therefore recommended that you revisit this Statement periodically to review any changes to this Statement.

Our Responsibility and Contacting Us

Promeco Group Oy (FI21752500) as the parent company of Promeco Oy (FI18640129) and VM-Group Oy (FI07851860), (also “Promeco”, “we”, “us”, “our” above and below), are the data controllers for your personal data. Promeco has the general responsibility and ultimate mastery on Contact Data and Promeco Group Oy is responsible for transfers of Contact Data outside EU/EEA, as well as centralized IT subcontracting. Other companies belonging to Promeco group of companies may act as data processors for your personal data on behalf of the data controllers.

If you want to contact us on data protection related matters, please send us an e-mail at

Additional Business Activity data protection contact information (including mailing address and telephone numbers) is available in the relevant Descriptions.