Privacy Statement

1. General

This privacy statement describes how Younite AI Oy (“[Younite AI or the “data controller”) processes personal data. The data protection statement applies to our website, marketing, and customer relationship management, the processing of personal data related to the products and services we offer, and the recruitment of new employees.

We comply with applicable data protection legislation in all processing of personal data. Data protection legislation refers to valid data protection legislation, such as the European Union's General Data Protection Regulation (2016/679) and the Finnish Data Protection Act (December 5, 2018/1050). The concepts related to data protection, which are not defined in this data protection statement, are interpreted in accordance with the data protection legislation.

Our services and website may also contain links to external websites and services operated by other organizations. This Privacy Statement is not suitable for their use, so we recommend that you read the privacy statements that apply to them separately.

"Personal data" means all data concerning natural persons ("data subject") from which the person can be directly or indirectly identified, as defined in more detail in the data protection regulation.

2. Data Controller & Data Protection Officer

Controller: Younite AI Oy
Business ID: 2875730-4
Address: Kirkkokatu 13 B, 90100 OULU

Contact information for data protection matters:
Mikael Häkkilä,
Email address:

3. Purpose & Legal Bases of Personal Data Processing

The purposes of use (and legal grounds in parentheses) for processing personal data are:

  • Delivering products and services, including customer contracts and handling of orders (contractual relationship or its preparation, legitimate interest)

  • Customer service and communication and customer satisfaction surveys (legitimate interest, consent)

  • Invoicing, credit decisions and debt collection (legitimate interest)

  • Marketing, including market research, other marketing promotion and analysis, as well as generating statistics and measuring the effectiveness of marketing (legitimate interest)

  • Direct marketing, including electronic direct marketing and telephone marketing, as well as planning and measuring the effectiveness of advertising and marketing, as well as combining and updating personal data for direct marketing purposes (legitimate interest, consent)

  • Management of stakeholder relations and subcontracting and cooperation with service providers (legitimate interest, contractual relationship or its preparation)

  • Improving the user experience of our website and other services and tracking user traffic (consent)

  • Development of our services (legitimate interest)

  • Internal and other administrative measures (compliance with legal obligation)

  • Handling warranty and fault liability matters as well as processing complaints and handling court and official procedures (compliance with statutory obligations)

  • Preventing and investigating abuses, as well as ensuring information security, the safety of persons and property (legitimate interest)

  • Receiving and processing job applications, evaluating and selecting job applicants and meeting the needs related to the recruitment process (legitimate interest, preparation of a contractual relationship) and carrying out a suitability assessment (consent)

  • Carrying out other statutory obligations (e.g. activities related to accounting and taxation) and reporting obligations (statutory obligation)

When we process personal data based on a legitimate interest, we evaluate the benefits and possible harms of the processing to the data subject and have assessed that the rights and interests of the data subjects do not override the legitimate interest. Upon request, we provide more information about the processing of personal data based on a legitimate interest.

If we process personal data in order to comply with the requirements of legislation or to fulfill certain part of our reporting obligations, the legal basis for the processing is primarily to comply with a statutory obligation.

4. Processed Personal Data & Data Sources

Information Group
Examples of Information Content

Personal and contact information*

Name, telephone number, address, and email address of the customer and/or representative or subcontractor.

Information about products and services (including orders within) and customer communications*

Information about processed orders, order delivery time, invoicing information, and information related to contracts, customer communication, and complaints.

Information related to marketing (including direct marketing) and events, as well as consents and prohibitions given by the data subject

Contact information for marketing, as well as information collected in connection with events and occasions. Consents and prohibitions regarding direct marketing.

Information regarding the use of websites and other electronic services

IP address, electronic communication identification data, search and browsing data, browser and operating system data and registration data

Information related to the recruitment process

Name, date of birth, address, telephone number, e-mail address, basic education and degrees with date of completion, other completed education, skills, current position and previous positions (employer, position title and position description), possible referees and other information provided by the job seeker to the registrar

* Marked information is necessary

We collect personal data directly from the data subject, for example in connection with a transaction, or when the data subject buys or orders our products or services either himself or on behalf of the organization he represents, or in connection with registration, when the data subject visits our website or our other electronic services, subscribes to our newsletter, responds to a customer satisfaction survey or otherwise communicates with us.

We also receive personal data from other external sources, such as private registry services and registries maintained by authorities, such as the Patent and Registration Board.

In a recruitment situation, information is primarily collected from the registered person himself. In addition, with the data subject's consent, personal data can also be collected from other sources, such as from the service provider carrying out the suitability assessment. Personal data can also be collected from referrers notified by the data subject.

5. Retention of Personal Data

We retain personal data for as long as is necessary to fulfill the purposes defined in the privacy policy and for as long as required by law (for example, responsibilities and obligations related to accounting obligations or reporting obligations), or for the purpose of a trial or similar disagreement situation. 

Contracts and related customer contact information are kept for the duration of the customership and for 6 years after the end of the customership due to the long-term life cycle of business products.

Personal data collected for marketing purposes based on consent will be stored until the given consent is revoked. Information collected for marketing purposes on another legal basis is stored for two years from the active contact of the customer/potential customer with the controller.

Information about the use of the website is stored for one year from the date of data collection.

The data controller keeps the personal data of the job seeker after the end of the recruitment process for as long as is necessary to fulfill the data controller's rights and obligations and to respond to possible demands, however no more than two years after the recruitment decision is made.

After the end of the purpose of use, the personal data will be deleted or made anonymous within a reasonable time.

Upon request, we will provide more information about personal data storage practices.

6. Recipients of Personal Data

Various service providers and other third parties may also be used in the processing of personal data, such as providers of technical solutions or server space or accounting and financial administration service providers. We take care of the agreements required by data protection legislation with the entities we use in processing personal data.

Personal data can be handed over to third parties in situations required by legislation or authorities, or to investigate abuses, and to ensure security. In addition, personal data may have to be disclosed in connection with legal proceedings or similar legal procedures.

If the controller is involved in a merger, business transaction or other business arrangement, personal data may be disclosed to the parties to the arrangement or to parties assisting in the arrangement.

Upon request, we will provide additional information about recipients of personal data.

7. Transferring Personal Data Outside the European Economic Area

When data is transferred outside the European Union or the European Economic Area, the company takes care of the adequate level of protection of personal data, for example by agreeing on personal data processing in the manner required by data protection legislation, such as using standard contract clauses approved by the European Commission. 

Upon request, we will provide additional information regarding the transfer of personal data and the protection mechanisms used.

8. Protection of Personal Data

Data security and the protection of personal data are of the utmost importance to us. We use appropriate technical and organizational safeguards to protect personal data. We also ensure the fault tolerance of our systems and data recovery possibilities. The right of access to personal data is limited only to separately authorized entities. Entities processing personal data have a duty of confidentiality regarding matters related to the processing of personal data.

9. Rights of Registrants

Registrants have rights to their own personal data in accordance with data protection legislation. However, the application of rights in each individual situation depends on the purpose and situation of use of personal data.

  • The right to access personal data. The registrant has the right to receive confirmation as to whether the registrant's personal data will be processed, as well as other information on the processing of personal data in accordance with data protection legislation. The registered person has the right to receive a copy of the personal data.

  • The right to rectification of personal data. Subject to certain restrictions, the registered person has the right to demand the correction or deletion of incorrect or inaccurate information.

  • The right to delete personal data. The registered person has the right, in accordance with the requirements of data protection legislation, to request the deletion of his personal data. Upon request, we will delete personal data, unless the legislation or another applicable exception in accordance with data protection legislation requires us to keep personal data.

  • The right to restrict processing. In accordance with the requirements of the data protection legislation, the registered person has the right to request restrictions for the processing of personal data in certain situations.

  • The right to transfer personal data. The registered person has the right to request the transfer of his personal data to another controller. The right to transfer basically applies to personal data that the data subject has provided to the controller in a structured and machine-readable format, and whose processing is based on the consent or agreement of the data subject, and/or for which the processing is carried out automatically.

  • The right to object to processing. The registered person has the right, in accordance with the requirements of data protection legislation, to object to the processing of personal data based on legitimate interests, including profiling. We can refuse the request if the processing is necessary to fulfill compelling and legitimate interests of the controller or a third party. However, the registered person always has the right to object to the processing of personal data for direct marketing purposes and profiling related to direct marketing.

  • The right to withdraw consent. If the processing of personal data is based on the data subject's consent, the data subject has the right to withdraw his consent to the processing of his personal data. Withdrawal of consent has no effect on the processing carried out prior to the withdrawal.

Exercising rights

We hope that you will contact us if you have any questions regarding the processing of your personal data.

You can send a request regarding the registered person's rights by letter or e-mail using the contact information mentioned in this privacy statement.

The identity of the person making the request can be checked before the request is processed. The request will be answered within a reasonable time and, as a rule, within one month from the time the request is submitted and the identity is verified. If the request cannot be agreed to, the refusal will be notified separately.

10. The Right to File a Complaint with the Supervisory Authority

The data subject has the right to file a complaint with the competent data protection authority if the data subject considers that his personal data has been processed in violation of data protection legislation.

You can find the contact information of the Finnish Data Protection Authority from here.

11. Changes to the Privacy Statement

This privacy statement may need to be changed from time to time. Changes may also be based on changes in data protection legislation. We therefore encourage you to regularly check the privacy policy to detect changes. The latest version is available on our website.

This Privacy Statement has been published on July 1, 2023.

Get in touch

860 Broadway
6th Floor
New York
NY 10003

Aleksanterinkatu 17

Kirkkokatu 13

What’s Your Problem

We don’t mean to be aggressive. We’re just enthusiastic about solving problems. Challenges fuel us.

More ways to connect

© 2024 Younite-AI
Younite-AI is a registered trademark of Finlabs Oy in the European Union, the USA, Japan, and various other jurisdictions. Privacy Statement.