Legal

Privacy Policy

How Athlos Oy collects, processes, and protects your personal data.

Updated: 24.10.2025

In this privacy notice (the "Privacy Notice"), we explain how Athlos Oy ("we" or "us") collects, processes and shares your personal data and what your rights are in relation to your personal data.

When processing personal data, we will always act in accordance with the applicable legislation. In particular, we comply with the General Data Protection Regulation (2016/679).

Controller

Athlos Oy
Business ID: 2752258-9
Klovinpellontie 1–3, 02180 Espoo, Finland
Contact: contact@athlos.fi

As a data subject, you may be a visitor to our website, a representative of our potential or existing customer or a job applicant.

This Privacy Notice concerns the processing of personal data in the following contexts:

  • Visits to https://athlos.fi/
  • The processing of personal data of the representatives of our customers, suppliers and other stakeholders
  • The processing of personal data of job applicants

Purposes for Processing

We will process your personal data only for the purposes described in this Privacy Notice and only to the extent necessary.

Website visitors:

  • Enabling the use of the website and ensuring its security and functionality
  • Improving our website through analytics
  • Marketing analytics and personalised marketing
  • Other legitimate business interests

Representatives:

  • Business relationship management
  • Complying with requirements of applicable law
  • Ensuring and monitoring compliance
  • Billing
  • Communicating with you and third parties
  • Sending marketing communications
  • Other legitimate business interests

Job applicants:

  • Recruitment process
  • Future recruitment needs (with consent)

Categories of Personal Data

Website visitors:

  • Information related to the use of the website (IP address, cookies, website activity, time of visit)
  • Customer service information
  • Contact information (name, email address, phone number)

Representatives:

  • Contact information
  • Specifics related to the business relationship
  • Contents of communications with us

Job applicants:

  • Recruitment information (name, contact details, education, work experience, CV, salary expectations)

Legal Basis

The processing of personal data is based on the following legal bases:

  • Legitimate interest (Article 6(1)(f) GDPR) for website functionality, business relationship management, compliance, billing, communications, and other business interests
  • Consent (Article 6(1)(a) GDPR) for non-essential cookies, marketing analytics, and future recruitment
  • Legal obligation (Article 6(1)(c) GDPR) for tax and corporate compliance
  • Contractual necessity (Article 6(1)(b) GDPR) for recruitment processes

Cookies

We may use cookies and tags on our website. A cookie is a text file stored on your browser or device. You can change your browser settings regarding cookies. Please see the cookie banner on our website for detailed information.

Sources of Personal Data

We primarily obtain your personal data directly from you. We may also collect data from publicly available sources and automatically through cookies when you visit our website.

Retention

We retain personal data only as long as necessary. For website visitors, data is primarily processed during your visit. Contact inquiries are retained for two years. For representatives, data is retained for the duration of the business relationship. For job applicants, data is processed for the duration of the recruitment process.

Disclosures and Transfers

We may disclose your personal data to trusted service providers, public authorities where required by law, or in connection with business reorganizations. When transferring data outside the EU/EEA, we comply with applicable legislation including standard contractual clauses (SCCs) adopted by the European Commission. We may transfer personal data to the United States of America.

Data Security

We have put in place appropriate technical and organisational measures:

  • Access to data is limited to authorised personnel
  • Information systems are protected by firewalls and passwords
  • Staff are trained to handle data appropriately
  • Electronic files are regularly backed up
  • Destruction of personal data is carried out securely

Your Rights

Under GDPR, you have the following rights:

  • Access to your personal data
  • Rectification of inaccurate data
  • Erasure of your personal data ("right to be forgotten")
  • Data portability
  • Objection to processing
  • Restriction of processing
  • Withdrawal of consent

To exercise your rights, contact us at contact@athlos.fi. If you believe our processing violates data protection laws, you have the right to lodge a complaint with a supervisory authority.

Changes

We reserve the right to amend or update this Privacy Notice as necessary.