Effective Date: 24.09.2025
Last Updated: 25.09.2025
Company name: Ravogen Oy (“we”, “our”, “us”)
Registered address: Yliopistonkatu 5, 00100 Helsinki
Contact email: [ insert contact email ]
Data Protection Officer (DPO) or data privacy contact:
Name: Aleksi Koskinen
Email: aleksi.koskinen@ravogen.com
Postal address: Yliopistonkatu 5, 00100 Helsinki
If you are a data subject (user, customer, visitor) and want to exercise any of your data protection rights, or if you have a question or complaint about how we handle your personal data, you can contact the DPO or data privacy contact above.
We may collect and process the following categories of personal data:
Information you provide directly (e.g. name, email, phone number, billing address, payment details, correspondence).
Information collected automatically when you use our website or services (e.g. IP address, browser type, cookies, usage logs, location, session data).
Information from third parties or public sources (e.g. referrals, publicly available directories, partner data).
We only collect special category or sensitive personal data when:
you have explicitly consented to us doing so, or
we have a lawful basis and additional justification under GDPR / applicable law.
We rely on one or more lawful bases under GDPR:
Contractual necessity: to provide services, fulfill orders, manage accounts.
Consent: for marketing communications or optional features.
Legitimate interests: to respond to inquiries, improve services, protect systems.
Legal obligation: to comply with laws or regulations.
Vital interests: to protect someone’s life or safety.
If we rely on consent, you may withdraw it at any time. If we rely on legitimate interest, we ensure these do not override your fundamental rights.
Your personal data may be used for the following purposes. We only use your personal data for the specific purposes set out in this policy, unless we reasonably believe that we need to use it for another compatible purpose and will notify you in advance if that is the case.
To register and manage your account, provide our services to you, fulfill contractual obligations, and administer any orders or subscriptions.
To communicate with you — e.g. to respond to inquiries or service requests, send confirmations, billing, or other service-related messages.
To send marketing or promotional materials, newsletters, or other communications if you have provided your consent or unless you have opted out.
To personalize your experience on our website or services, for example by remembering your preferences or tailoring content.
To conduct website analytics and performance monitoring, measure user activity, detect technical issues, and improve our website and services.
To detect, prevent, or investigate security issues, fraud, or abuse, and to protect our services, users, or third parties.
To comply with legal obligations, resolve disputes, enforce our terms and conditions, or protect our legal rights.
We may share your personal data with third parties in the following circumstances:
Service providers and processors: Companies or individuals who provide services to us or help deliver our services — for example, payment processors, hosting providers, data analytics services, email delivery services, customer relationship management (CRM) platforms, marketing platforms, etc. These providers process personal data on our behalf under data processing agreements.
Affiliates and group companies: [ If applicable: “We share personal data within our corporate group for internal business purposes and customer service.” ]
Professional advisors and auditors: Such as legal advisors, accountants, auditors, consultants, or other professional advisors, where necessary for providing advice or complying with legal obligations.
Regulatory or law enforcement authorities: If required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of us, our users, or others.
Business transfers: If we are involved in a merger, acquisition, sale of company assets, or financing, personal data may be transferred as part of that transaction, subject to confidentiality protections.
Your consent: Where you have given explicit consent for us to share your personal data for a specific purpose.
Other third parties: [ Specify, if relevant—for example, if you integrate with third-party partner services where users can choose to share data .]
We require all third parties to handle personal data securely and in compliance with GDPR and other applicable data protection laws, and we enter into data processing agreements or similar contracts where required.
If your personal data is transferred outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place, as required under GDPR. These may include:
Use of Standard Contractual Clauses (SCCs) approved by the European Commission.
Transfers to countries that the EU has recognized as having an adequate level of data protection.
Other appropriate technical and organizational safeguards, such as binding corporate rules, or obtaining your explicit consent where required.
Details of the relevant safeguards and countries to which data is transferred are available upon request by contacting [ insert contact point ].
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The criteria used to determine retention periods include:
The length of time we have an ongoing relationship with you and provide services to you.
Whether there is a legal obligation to retain certain data for a specific period (for example, tax, accounting, or regulatory requirements).
Whether retention is necessary for resolving disputes, enforcing our agreements, or protecting our legitimate interests (for instance, to defend legal claims).
Whether you have requested deletion or withdrawal of consent (and any associated regulatory requirements).
After the retention period expires, or if you ask us to delete your data and it is lawful to do so, we will either securely delete or anonymize your personal data so that it can no longer be associated with you.
Where feasible, we may also aggregate or anonymize data so it can no longer be linked back to you, in order to retain it for statistical or analytical purposes without identifying individuals.
Under the GDPR, you have the following rights in relation to your personal data, subject to certain conditions or exemptions:
Right to be informed — the right to know what personal data we collect, how we use it, who we share it with, and how long we keep it.
Right of access — the right to obtain confirmation that we are processing your personal data, and to request a copy of that data.
Right to rectification — the right to request correction or completion of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”) — the right to ask us to delete your personal data in certain circumstances, for example if it is no longer needed, or if you withdraw consent and no other legal basis exists.
Right to restrict processing — the right to request that we limit the processing of your personal data under certain conditions, for example while a dispute about accuracy is being resolved.
Right to data portability — if we process your data based on consent or contract, and we process it by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, or request that it be transmitted directly to another controller.
Right to object — the right to object to our processing of your personal data under certain conditions, including processing for direct marketing or for legitimate interests, unless we can demonstrate compelling legitimate grounds for the processing.
Rights related to automated decision-making and profiling — where applicable, the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significantly affects you, and the right to meaningful information about the logic involved, as well as the significance and consequences of such processing.
If you wish to exercise any of these rights, you can contact us using the contact details above, or by submitting a data subject request to [ insert email or contact form link ]. We will respond within one month of receiving your request. In complex cases or where we receive many requests, this period may be extended by a further two months, but we will inform you of the extension and the reason for it. If we refuse a request, we will provide you with reasons for refusal and information about your right to complain to a supervisory authority.
If we are processing your personal data based on your consent (for example, for email marketing or other optional services), you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of any processing that occurred prior to the withdrawal.
You can withdraw consent by:
Clicking the “unsubscribe” or “opt-out” link in our marketing emails, or changing your preferences via [ insert link to preference centre or account settings ]
Contacting us directly at [ info@ravogen.com]
After withdrawing consent, we will stop any processing based on that consent, unless we have another lawful basis to continue processing.
We take the security of your personal data seriously and have implemented appropriate technical and organizational measures to protect it against unauthorized access, loss, misuse, alteration, or destruction. These safeguards include, but are not limited to:
Encryption of data in transit and, where appropriate, at rest.
Use of secure servers, firewalls, access controls, and other security technologies.
Access controls and limiting access to personal data on a need-to-know basis.
Regular review of our information collection, storage, and processing practices, including physical security measures.
Staff training and awareness of data protection and privacy issues.
Processes for ensuring data backups, disaster recovery, and incident response.
Despite our best efforts, no system or method of data transmission or storage is completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect your data has been compromised), please contact us immediately at [ insert contact email ].
If we become aware of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we have procedures in place to assess the risk and, where required by GDPR, to notify the relevant supervisory authority (for example, in Finland, the Office of the Data Protection Ombudsman) and affected individuals within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk. If notification to individuals is required, we will provide clear information about the nature of the breach and the steps we are taking to mitigate it.
Our website or services may contain links to external websites or third-party services that are not operated or controlled by us. Once you leave our website or click on third-party links, we do not accept responsibility or liability for the privacy practices of those third parties. We encourage you to review the privacy notices or policies of any external or third-party sites before submitting any personal data to them.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make significant changes to this policy, we will notify you by posting a notice on our website or by sending you a direct notice (e.g. by email), prior to the changes taking effect. We will also update the “Last Updated” date at the top of this document. We recommend that you review this Privacy Policy periodically to stay informed about how we are protecting your information.
If you have any concerns or complaints about how we process your personal data, please contact us first using the contact information provided above, and we will do our best to address your complaint. You also have the right to complain to a supervisory authority if you believe that your data protection rights have been violated. In Finland, the relevant authority is The Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).
