Privacy Policy

According to the EU General Data Protection Regulation (EU 2016/679)

1. Data controller

Asoma Oy “Asoma”

Kutomotie 18, 00380 HELSINKI

(Business ID: 0106718-6)


2. Person responsible for the register

Nina Ertiö,, +358 468782511


3. Register name

Asoma Oy Customer and Marketing Register


4. Purpose and legal basis of data processing

The register contains contact persons of customer companies, potential customers, and users of our website.

The personal data is processed for customer service, management and analysis of customer relations and other relevant contacts, customer communication and marketing. The information can also be used to plan and develop Asoma’s business and services, as well as to measure customer numbers.


5. Register contents

The register may contain the following data when necessary:

  • Basic personal information (name)
  • Contact information (phone number, email address, address)
  • Order history
  • Delivery history


6. Register processing principles and protection

  1. Manual material: Manual materials are kept in a locked room and are only available to authorized persons.
  2. Digitally stored data: Personal data included in the register is kept confidential. The use of the register is instructed in Asoma’s organization, and access to the data contained in the register, stored in the IT system, is granted only to those Asoma employees who have the right to use them for their duties. Asoma requires all IT service providers it uses to maintain confidentiality and appropriate data security and to comply with the principles of the Personal Data Act. The IT system is secured by using protective software. Access to the system requires each user to enter their username and password. The network and hardware where the register is located are protected by a firewall and other appropriate technical measures.

7. Regular sources of information for the register

The information to be included in the register is generally obtained directly from customers themselves, from messages sent through our website forms, email, phone calls, social media or other contact, where the customer volunteers the information. Information received through the use of websites (such as cookies or similar techniques) is also included in the register. The data is entered into the register as received from the customer and updated according to what the customer reports to Asoma.

Asoma uses cookies on its websites to improve the user experience. Cookies are small text files sent to and stored on the user’s computer through the browser’s request. Cookies can be disabled by adjusting the browser settings.


8. Storage period of personal information

We store personal data only for as long as necessary to fulfill the purposes described in this notice. In addition, some information may be retained longer to the extent necessary to fulfill statutory obligations and to demonstrate their appropriate implementation.


9. Disclosure of personal information to third parties and outside the EU or EEA

Your information will not be disclosed to third parties without your explicit consent. We only provide our service providers with personal information required to perform services for Asoma (such as deliveries). In these cases, we strictly adhere to the General Data Protection Regulation (EU 2016/679). The transfer of information is restricted to a minimum.

Personal data contained in the register is not disclosed or transferred outside the European Union or the European Economic Area.


10. Your right to inspect, amend and prevent the use of your personal information

Each person recorded in the register has the right to access information about their personal data contained in the register. A request for examination must be sent in writing and signed to the person responsible for the register’s matters.

A request for examination can also be made in person at the address given above. When making a personal request for inspection, the customer must present valid identification.

Asoma responds in writing to requests for data inspection. The customer has the right to demand correction, deletion and supplementation of their falsely recorded information.