Privacy Policy


This privacy policy contains the terms of use of PlanMill Oy’s website and its marketing register.

Dated May 1, 2018

PlanMill Oy will follow procedures and processes to protect personal data according to the requirements of data protection legislation. This privacy policy includes the grounds for collecting data and the purposes for which the collected data is used.

We can make changes to this privacy policy so that the users of the website and persons included in the marketing register are always aware of how their data is processed. The valid and applicable privacy policy is always available at PlanMill Oy’s website.

Privacy Policy of the Customer Register

Privacy Policy of the Supplier/Cooperation Partner

Privacy Policy of the Jobseeker

Terms of use of the website

1. General information

PlanMill Oy (“the Supplier”) is committed to protecting the privacy of visitors and users of the Supplier’s website, including but not limited to the following website (, and all related chat forums, directories and databases) (collectively referred to as “the Website”). This Agreement on the terms of use is valid between PlanMill Oy and the user of the service (“the User”).

If you do not accept these terms of use, do not use the Website. When you use the Website, you accept these terms of use and agree to comply with them.

2. Data other than personal data

The Supplier may collect data other than data classified as personal data from its users using various methods. This data is necessary for monitoring the use of the Website, and we use the data to improve the Website.

3. Personal data

The Supplier collects and processes certain personal data of the users of the Website and other data that the User has submitted on different types of contact request forms through the Supplier’s website, server sub-pages or sub-domains (e.g. or by email.

Based on the data submitted on the website, we can grant access to those parts and contents of the online service that the User has requested.

By collecting and processing personal data, we may also send targeted marketing messages to the User. If the User does not approve the use of his or her information as described above, the User can prevent the use of his or her information by sending a written request to

Additional information on the processing of personal data and the User’s right below in the marketing register.

4. Disclosure of data

The Supplier can submit statistics to third parties including use and user data and data other than personal data, but these statistics do not contain identifier information.

5. Safety

The website is protected using technical and organizational means. The website data is saved on servers and systems that are protected using firewalls, passwords and other technical means. Access to personal data is only granted if necessary for the processing of the data. All data processors have the obligation to observe secrecy.

6. Use of cookies

We also use cookies and other similar technologies on the website Cookies are small text files stored on your device for the purpose of collecting and remembering useful information, to improve the functionality and usability of our website. We can use also cookies and other similar technologies for statistical purposes, such as compiling statistics on the use of the website to understand how users use it and to improve the user experience.

You can block the storing of cookies, limit the use of cookies or remove cookies from your browser. Given that cookies enable the functioning of our website, limiting their use may have an effect on the usability of the website.

Read more about using cookies.

7. Approvals

When the User delivers personal data through the Website, the User gives the Supplier and/or third parties the consent to use the data as described on the Website in question.

An approval on the Website only applies to the user data stored on the Website. If the User has submitted the data to the Supplier in another way than through the Website, an approval issued on the Website does not affect the use of the data in question.

8. Trasferring personal data outside the EEA

We can transfer personal data outside the EU or the European Economic Area when our partner carrying out a commission is located outside these area. In such cases, we ensure the appropriate protective measures to ensure the rights and freedoms of data subjects in accordance with the applicable data protection legislation, such as the EU’s General Data Protection Regulation (2016/679).

For example, a service provider implementing marketing for us can transfer personal data to the United States in connection with the production of the service. In a case such as this one, the appropriate measures protecting personal data are carried out in such a way that the service provider is committed to what is referred to as the Privacy Shield arrangement between the United States and the EU, or we use the model data protection contract clauses approved by the EU. You can find further information on the Privacy Shield arrangement here

9. Website of third parties

This privacy policy only applies to the Supplier’s Website. The Website may contain links to websites of third parties. We are not responsible for the privacy practices of other websites. We recommend the User to check the privacy policies of the websites that he or she uses.


1. Data controller and register

Data Controller

PlanMill Oy (Business ID 2062705-4)

Hämeentie 19, 00500 Helsinki, Finland


PlanMill Oy’s marketing registers

Contact person in matters concerning the register

PlanMill Oy

Thomas Hood

Hämeentie 19

00500 Helsinki, Finland

Tel. +358 10 322 9110

You can also contact by email at or by calling our switchboard.

2. Data stored in the register

The register contains data on the data subject’s role in the company, corporation or public position and other data necessary in view of the purpose of the register. The data includes basic company info as well as the names and contact information of company decision-makers and key persons.

Regular data sources

Data is stored in the marketing register based on contact forms received from PlanMill Oy’s public website (including test IDs and contact us). In addition, personal data can be obtained from other sources to the extent allowed by applicable laws, such sources including the Trade Register, the Population Information System, the Business Information System or the address data system of Posti.

You do not have to give us your personal data, but in that case, we may be unable to offer you our service.

The user rights of PlanMill Oy’s employees are transferred to the marketing register through the company’s user management system.

Storage period

Personal data is stored only for a long as it necessary to carry out the purposes of use defined in this register.

Personal data is stored for the duration of the customer relationship. Personal data can also be stored as necessary after the end of the customer relationship to the extent allowed or required by the applicable law. For example, after the customer relationship has ended we typically store personal data that is necessary to respond to requirements or claims, in accordance with the valid provisions concerning the period of limitation. We may also store personal data as necessary to comply with your decision to opt out of direct marketing, for example.

The personal data is removed once its storage is no longer necessary pursuant to the law or the fulfilment of either party’s rights or obligations.

The storage periods for personal data concerning the PlanMill Oy’s employees are related to the terms of their employment contracts and can be reviewed by consulting the employment contract or the Supplier’s personnel instructions.

3. Register’s purpose and legal basis for processing personal data

We only collect and process personal data necessary for carrying out our business, managing customer relationships and for appropriate commercial purposes.

We process your personal data for the following purposes:

Sales and marketing

We can contact you to tell you about the properties of new products, for example, or to market and sell you other products or services. We can also process your personal data for the purposes of marketing research and customer surveys. The processing of personal data is based on our legitimate interest to provide information as part of a service and to market our other products to you. You have the right to object to your personal data being processed for the purposes of direct marketing at any time (see paragraph 6 of this register).

Service development, data security and internal reporting

We also process personal data to ensure the data security of the product and the website, to improve the quality of the product and the website, and to develop the product. We can also compile internal reports on the basis of personal data; these reports are put at the disposal of our management for the appropriate management of our business. In these cases, the processing of personal data is based on our legitimate interest to ensure the appropriate data security of our product and website and to receive adequate and appropriate information for the product’s development and the management of our business.

Other purposes you have consented to

We also process your personal data for other purposes, if you have given us your consent for such processing.

4. Personal data transfers and disclosures

We can disclose personal data to third parties

  • to the extent allowed or required by law, such as to carry out a request for information made by a competent authority or in relation to legal proceedings.
  • when our partners process personal data on our behalf and according to our instructions. We always ensure the appropriate processing of your personal data.
  • in the event that we are party to a merger, corporate arrangement or the disposal of business or a part thereof.
  • when we consider the disclosure to be necessary for the realisation of our rights, protecting the safety of you and others, investigating misuse, or responding to a request made by an authority.
  • at your consent to the parties the consent applies to.

5. General principles of personal data use and protection

PlanMill Oy’s employees’ privilege management is carried out using a role-based user management process in which each employee is given only those privileges required for their task and job description.

Data in the marketing register may also be updated by a contractual partner of PlanMill Oy. In this case, PlanMill Oy is responsible for the activities and data security of its contractual partner, as it would be for its own.


Google’s tag manager and analytics (securing data).

6. Rights of data subjects

According to the current data protection legislation, the marketing register contains personal data that constitutes a person register. With respect to this, the data subjects have rights to their data as provided for in regulations and laid down in the legislation.

You have the right to check your personal data. You can also request the rectification, update or erasure of your personal data at any time. However, please note that the personal data necessary for carrying out the purpose defined in this Policy or the retention of which is required by law cannot be erased.

You have the right to object to or restrict the processing of your personal data to the extent required by the applicable law.

In accordance with the applicable law, you have, in some cases, the right to data portability, i.e. the right to receive your personal data in a structured, commonly used and machine-readable format and the right to transmit the data to another controller.

When we process your personal data on the basis of your consent, you have the right to withdraw the consent you have given at any time. After this, we will not process your personal data unless there is some other legal basis for such processing.

You can exercise your rights by sending a request to us to the address

If you think that the processing of your personal data is inappropriate, you have the right to contact to the Data Protection Ombudsman in the matter. The contact details of the Data Protection Ombudsman are available here.

7. Data security

We carry out the appropriate measures (including physical, digital and administrative measures) to protect personal data against loss, destruction, misuse and unauthorised access or disclosure). For example, personal data can only be accessed by the people who need it to carry out their work.

8. Contacts

If you have any further inquiries about this Policy or the processing of your personal data, please send us an email to the address