Privacy Policy

Marketing and Sales Register — Privacy Notice

Prepared: 24 May 2018

Last updated: 31 October 2025

Wapice Ltd
Yliopistonranta 5, FI-65200 VAASA, FINLAND
Business ID: 1572040-6
Tel. +358 10 277 5000
Email: tietosuoja@wapice.com

Data files related to marketing are managed by Anssi Turunen.

Email:marketing@wapice.com

Tel: +358 10 277 5000.

Sami Kinnunen
Tel. +358 10 277 5000
Email: tietosuojavastaava@wapice.com

Marketing and Sales Register

We process personal data to manage and develop our sales and marketing activities, including relationship management with customers, potential customers, and other business contacts.

The purposes include:

• Maintaining and developing existing customer relationships
• Identifying and contacting potential customers (“prospects”)
• Organizing, inviting, and following up on events, fairs, and marketing campaigns
• Managing subscriptions, newsletters, and marketing communications
• Supporting our business operations, analytics, and reporting
• We only collect and process personal data necessary for these purposes.

Processing is primarily based on legitimate interest related to Wapice’s business activities and relationship management (Article 6(1)(f) GDPR).

For specific marketing activities requiring consent (e.g., newsletter subscriptions), processing is based on consent (Article 6(1)(a) GDPR).

When processing personal data for contractual negotiations or agreements, the legal basis may also be performance of a contract (Article 6(1)(b) GDPR).

We process data related to customers, potential customers, and event participants, including:

• Name, title, role, company, and contact information (address, email, phone number)
• Information about customer relationship status and interactions
• Communication history (meetings, emails, calls, or event participation)
• Source of contact (e.g., trade show, event, or referral)
• Notes on interests, preferences, or discussions related to Wapice’s offerings
• Consent and marketing preferences
• Technical data such as newsletter click or open rates, where applicable

Temporary data from event arrangements (e.g., dietary preferences for catering) are deleted immediately after the event.

Data are stored for up to five (5) years after the last recorded contact or interaction, unless required to be retained longer for legal or operational reasons.

Personal data are collected from:

• The data subject directly (e.g., website forms, business cards, event registrations, or direct communication)
• Public sources (e.g., company websites, LinkedIn, or other public directories)
• Event organizers or partners when the person has attended a joint event
• Wapice employees’ manual entries based on business interactions

Event participation information may also be collected from event portals or contact forms. Paper-based contact forms are entered into the CRM system and securely destroyed after processing.

Data may be disclosed within Wapice Ltd for internal sales and marketing purposes.

We do not sell or share personal data with external parties for their own marketing purposes.

Subcontractors and service providers (e.g., marketing automation, event management, or CRM providers) may process data on behalf of Wapice under a written data processing agreement.

We use the Salesforce CRM system for managing sales and marketing data.
Salesforce may process data in countries outside the EU/EEA. Adequate safeguards are applied:

• Binding Corporate Rules (BCRs) approved by supervisory authorities
• Standard Contractual Clauses (SCCs) for subcontractors outside the corporate group

Further information is available on Salesforce’s website:
https://www.salesforce.com/eu/company/privacy/

Additionally, limited marketing contact data may occasionally exist in Excel or similar formats, for example, temporary mailing lists (“Christmas card lists”) or event-specific contact exports. These are stored securely and deleted after their use.

We use appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, and destruction.

Manually processed data

• Stored in locked premises, accessible only to authorised personnel.
• Printed contact forms are digitised and then destroyed securely (e.g., placed in confidential waste bins).

Electronically processed data

• Access is role-based and regularly reviewed.
• Systems are protected according to industry best practices (encryption, firewalls, access logging).
• Data lifecycle management ensures deletion or anonymisation after the retention period.

We do not use automated decision-making or profiling that would have legal or similarly significant effects on individuals.

You have the right to:

• Request access to your personal data and receive a copy of it
• Request rectification of inaccurate or incomplete data
• Object to processing based on legitimate interest
• Request restriction or erasure of your personal data when legally applicable
• Withdraw consent at any time when processing is based on consent
• Lodge a complaint with the supervisory authority (Office of the Data Protection Ombudsman, Finland)

Requests related to your rights can be sent to tietosuoja@wapice.com

Our systems may generate log data for security and technical maintenance purposes (per Information Society Code 917/2014). Logs are used only for ensuring service security and stability and are not combined with marketing data.

Wapice continuously develops its operations and may update this privacy notice accordingly.
Substantial changes will be communicated separately when relevant.

Recruitment register

Recruitment register is available on Wapice’s career site: https://jobs.wapice.com/privacy-policy.

Whistleblowing channel

This Privacy Notice explains how the personal data received through Wapice whistleblowing channel may be processed and how the privacy rights of individuals may be exercised.

Wapice Ltd
Yliopistonranta 5
FI-65200 VAASA, FINLAND
Business identity code 1572040-6
Telephone: +358 10 277 5000
Email: tietosuoja@wapice.com

In case you have any questions or requests concerning your personal data or data protection, you may always contact us through the following email address: tietosuoja@wapice.com.

Sami Kinnunen
Telephone: +358 10 277 5000
Email: tietosuojavastaava@wapice.com

Wapice whistleblowing channel.

We will only process personal data that is strictly necessary for the purposes described below and when we have a legal justification to do so. In connection with the whistleblowing channel, we only process personal data for the purposes of reporting and investigating reports of alleged violations or misconduct related to our activities. Personal data concerning various data subjects can be processed in the context of the whistleblowing channel, such as a person making a report, individuals mentioned in a report, a person investigating a report or a person serving as a witness or otherwise being involved in the investigation.

The processing is based on legal requirements compliance, in particular concerning mandatory whistleblowing system, and for the purposes of our legitimate interests, especially to monitor the compliance of our activities with applicable laws and regulations.

Wapice collects and processes the following personal data about you for the mentioned purposes: • whistleblower’s name, phone number and other contact details (all are optional, reports can be filed anonymously) • description of the alleged violation • names of any persons involved in the violation • any documents or evidence related to the violation attached when filing the report • any other relevant detail, evidence or information that may facilitate the investigation We retain your data only for as long as it is necessary for the processing purposes stated above or as long as we have a legal obligation to do so. In any case, if legal or disciplinary proceedings are initiated, the personal data provided will be kept until those proceedings are definitively closed.

We may obtain your personal data in the context of the use of the whistleblowing channel. In particular, we may obtain your personal data because

• you provide it to us (e.g. by filing a report)
• others provide it to us (e.g. because you occur in a report)
• personal data relating to you is generated by using the whistleblowing channel (e.g. because you are involved in the investigation of a report)

Your personal data will be accessed by specially appointed employees at Wapice. We will generally not disclose the personal data to third parties, however, we will transfer your personal data to

• our IT service provider hosting the whistleblowing channel
• our external attorney in connection with the processing of the concern
• relevant authorities when there is a legal obligation to do so

Personal data is not transferred outside the EU/EEA.

In its role as controller, Wapice uses appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against damage and loss. Wapice complies with all applicable data protection legislation and aims to ensure that your privacy is not infringed in any phase of the processing and that the applicable confidentiality requirements regarding whistleblowing reporting are always ensured. External service providers hosting the whistleblowing channel have no access to readable content.

Automated decisions are not made.

You have the right to ask us for information about or access to your personal data. In some circumstances you may also have the right to have your unnecessary or inaccurate data deleted, to object to how we use or share your data, and to restrict how we process your data. Please note that we may not need to stop the processing of your personal data if we can give legitimate reasons to continue using your personal data. The data protection officer will provide advice and guidance in matters related to the rights of data subjects. You can exercise these rights by contacting tietosuojavastaava@wapice.com. If you have any complaints about Wapice’s processing of your personal data, you may contact a data protection authority.

Wapice continuously develops its operations and reserves the right to update this privacy notice. Changes may also be based on changes in legislation. We recommend that you review this notice from time to time. In the case of major operating changes resulting in material changes in the privacy notice, we may also use other means to announce the matter before its entry into force.

What We Collect and Receive

In order for us to provide you the best possible experience on our websites, we need to collect and process certain information. Depending on your use of the Services, that may include:

• Contact us via email — for example, when you inquire about our services, products or open positions, place order, send us questions or comments, or report a problem, we will collect your name, email address, message, etc. We use this data solely in connection with answering the queries we receive.
• Usage data — when you visit our site, we will store: the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more.
• Cookies — We use cookies (small data files transferred onto computers or devices by sites) for record-keeping purposes, analytics, leads, marketing and to enhance functionality on our site. You may also deactivate or restrict the transmission of cookies by changing the settings of your web browser. Cookies that are already stored may be deleted at any time. No tracking cookies will be used on this website unless you opt-in to the use of cookies.

We use Leadoo’s tracking service to follow what users are doing on the site and combine this behavioral data with other data we can gather from e.g. chat interactions. Leadoo uses etag tracking in order to hook together the same users behavior over several sessions – in practice this works similarly to cookie based tracking. Please check out Leadoo Marketing Technologies Ltd’s Privacy Policy for more information on what is tracked and what your rights are. Leadoo works as the Processor and we work as the Controller for the data in terms of GDPR. You can stop the tracking by emptying your browser’s cache after the visit. For more on how Leadoo works as a GDPR compliant processor, see link.