Privacy Policy

Krios Business Consulting Oy | Business ID: 2779875-3
Effective date: 24 May 2026

1. Data Controller

Krios Business Consulting Oy
Kappelikuja 6, 02200 Espoo, Finland
Email: antti.saaksvuori@krios.fi
Phone: +358 50 353 9260
Websites: https://www.krios.fi | https://www.norma.krios.fi
Managing Partner: Antti Saaksvuori

2. What Personal Data We Collect and Why

2.1 Contact Form (norma.krios.fi)

When you submit the contact form on norma.krios.fi, we collect your name, email address, and the content of your message. This data is used to respond to your enquiry and to manage our potential business relationship. Where relevant, your contact details may be added to our CRM system (Pipedrive) for the purposes of customer relationship management, sales process tracking, and maintaining contact history. The legal basis for processing is our legitimate interest (GDPR Article 6(1)(f)).

2.2 Email Correspondence

When you correspond with us by email — whether in response to a contact form submission or any other communication — your email address and message content are retained as part of the email thread. Official company email is handled through Microsoft 365. For certain outreach activities, we also use Google Workspace accounts, through which both outgoing and incoming messages are retained. The legal basis for processing is our legitimate interest (GDPR Article 6(1)(f)).

2.3 Website Analytics

We use Google Analytics 4 on krios.fi, and plan to introduce it on norma.krios.fi in the near future. This involves the collection of anonymised usage data and IP addresses. The legal basis is your consent (GDPR Article 6(1)(a)), provided via the cookie consent banner.

2.4 Technical Data

When you visit either of our websites, your browser automatically transmits technical information including your IP address and browser type. This data is processed for security and to ensure the proper functioning of the website. The legal basis is our legitimate interest (GDPR Article 6(1)(f)).

3. Sources of Personal Data

We collect personal data directly from you through our websites. In addition, for the purposes of business development and outreach, we may collect publicly available contact information from sources such as LinkedIn and company websites. In such cases, we collect only information that is professionally relevant and publicly accessible, and we use it solely for legitimate business communication purposes.

4. Direct Marketing

We may use contact details obtained through our websites or other legitimate sources to send you information about our services that may be relevant to you or your organisation. This activity is carried out on the basis of our legitimate interest (GDPR Article 6(1)(f)) and is directed at business contacts acting in a professional capacity.

You have the right to object to the use of your contact details for direct marketing purposes at any time. Every marketing communication we send will include a clear and easy way to opt out. You may also contact us directly at antti.saaksvuori@krios.fi to request that we stop sending marketing communications. We will action all such requests promptly.

5. Data Processors and Third Parties

We use the following third-party services that act as data processors on our behalf:

Microsoft Corporation — business email (Microsoft 365) and file storage (OneDrive). Data is processed primarily within the European Union.
Pipedrive OÜ — CRM system used for customer relationship management, sales process tracking, and contact history. Contact data obtained through our websites may be stored in Pipedrive. Data may be processed in the United States or other countries outside the European Union under appropriate safeguards (Standard Contractual Clauses).
Google LLC — website analytics (Google Analytics 4) on krios.fi and norma.krios.fi, and Google Workspace accounts used for certain business email correspondence. Data may be processed in the United States under appropriate safeguards (Standard Contractual Clauses).
Netlify, Inc. — website hosting for norma.krios.fi. Data may be processed in the United States under appropriate safeguards (Standard Contractual Clauses).
Formspree Inc. — contact form submission processing for norma.krios.fi. When you submit the contact form, your name, email address, and message are transmitted to Formspree for delivery. Data may be processed in the United States under appropriate safeguards (Standard Contractual Clauses). For more information, see Formspree's Privacy Policy.

We do not sell your personal data to third parties. All third-party processors are contractually bound to process personal data only on our instructions and in accordance with applicable data protection law.

6. Automated Decision-Making

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects on individuals. Should we introduce such processing in the future, this policy will be updated accordingly.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described above.

Data	Retention Period
Contact form submissions	2 years from last contact
CRM data (Pipedrive)	2 years from last contact
Email correspondence (Microsoft 365 / Google Workspace)	2 years from last contact
Analytics data (Google Analytics 4)	14 months (Google default setting)
Technical/server logs	As determined by the hosting provider

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access — you may request a copy of the personal data we hold about you.
Right to rectification — you may request correction of inaccurate or incomplete data.
Right to erasure — you may request deletion of your personal data.
Right to restriction — you may request that we restrict the processing of your data.
Right to data portability — you may request your data in a structured, machine-readable format.
Right to object — you may object to processing based on our legitimate interests, including direct marketing.
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at antti.saaksvuori@krios.fi.

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu): www.tietosuoja.fi.

9. Cookies

For detailed information about the cookies used on our websites, please refer to our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available on our websites. Material changes will be communicated by updating the effective date at the top of this document.