Privacy Statement of the Customer and
Marketing Data Filing System of Cesim Ltd

1. General

Cesim Ltd (later “Cesim” or “we”) is committed to ensuring the confidentiality and data protection of personal data at its possession. This privacy statement is applied to personal data that we collect in relation to our customer and marketing data filing system (later “Data Filing System”). The personal data and their processing is described in this privacy statement. Additional information regarding the processing of personal data in the Data Filing System is provided by our contact person Veijo Kyösti,

We may update this privacy statement from time to time, for example due to changes in applicable legislation. We will use reasonable efforts to inform you of any possible changes and their effects in due time beforehand. Therefore, we advise you to review this privacy statement always after becoming aware of any changes. This privacy statement was last updated on March 31st, 2021.

2. Data Controller

Name: Cesim Ltd
Address: Kalevankatu 16 B 3, 00100 Helsinki, Finland
Tel: +358 9 406 660
Business ID: FI07488512

3. Whose Personal Data Do We Collect?

We process the personal data of the representatives of our customers and potential customers (later also “you”) in the Data Filing System.

4. What Categories of Personal Data Do We Process?

We process the following categories of personal data:
- your name;
- your contact details: email address and telephone number;
- the organization you are representing and your position in the organization; and
- information concerning the exploitation of our electronic services and content (e.g. subscription to a newsletter), technical information sent to our server by your browser (e.g. IP-address, browser, browser version, the webpage from which you came to our webpage) as well as the cookies sent to your browser and information related to them (additional information on cookies and similar technologies below in Section 12).

5. Which Sources Do We Use to Collect Personal Data?

We collect personal data primarily from the data subjects themselves (e.g. your contact requests through our webpage and business cards delivered to us). In addition, personal data of potential customers are obtained from public sources, such as the website of the organization you represent.

6. Basis for, Purposes and Impacts of Processing Your Personal Data

The basis for processing your personal data is our legitimate interest based on the purposes of use determined below.

If you are already our customer:

The purpose of the processing of your personal data as an existing customer is in particular the management and maintenance of our customer relationships. In addition, your personal data are processed for the sales and direct marketing of our products and services and for carrying out our research and product development. By processing your personal data, we are able to provide better services for you and develop our products and services to better fit the needs of our customers. The processing of your personal data will have no other impact on you.

If you are our potential customer:

The purpose for which the personal data concerning our potential customers are used is carrying out direct marketing and other sales and marketing measures regarding our services and products, i.e. standard marketing procedures such as sending marketing messages by email. The processing of the personal data of our potential customers has no other impacts than targeting of marketing messages.

We do not further process your personal data for other purposes than those described in this privacy statement.

7. Regular Disclosures and Transfers of Your Personal Data to Third Parties

We may disclose your personal data to our business partners for the purpose of carrying out sales and marketing measures regarding our services and products.

Your personal data may also be transferred to our subcontractors. Currently our subcontractors are:
- Amazon Web Services, Inc;
- Hubspot, Inc.;
- SugarCRM, Inc.

Our subcontractors may process your personal data only for the purposes defined in this privacy statement. We always ensure that our subcontractors do not process the personal data transferred to them for any other purposes.

We may also be required to share your personal data with competent authorities in accordance with legislation concerning the processing of personal data.

8. Transfers of Your Personal Data outside the EU or European Economic Area

We transfer your personal data outside the European Union or the European Economic Area using the standard contractual clauses in accordance with data protection legislation to Hubspot, Inc. which is located in the United States.

In all situations, we transfer your personal data outside the EU or the European Economic Area in accordance with the GDPR and only based on one of the lawful grounds mentioned below:- the EU Commission has decided that the recipient country in question ensures an adequate level of protection;
- we have established appropriate safeguards for the transfer of personal data by using the standard data protection clauses approved by the Commission. You shall then have the right to obtain a copy of such standard clauses by contacting us in the manner described in the section ‘Contacts’; or
- you have given your explicit consent for the transfer of your personal data or another lawful basis for the transfer of your personal data outside the EU or EEA exists.

For the sake of clarity, the servers of our subcontractors Amazon Web Services, Inc. and SugarCRM, Inc used in the processing of personal data are located in Europe.

9. Principles for the Retention of Your Personal Data

The personal data of our existing customers shall be retained in the Data Filing System for as long as the customer relationship exists. After the termination of the customer relationship, your personal data shall be retained for a maximum of one year following the termination of the customer relationship.

The personal data of our potential customers shall be retained in the Data Filing System for as long as you hold a position to which our marketed product or service is related, provided that you have not prohibited direct marketing. In such case information on the prohibition of direct marketing can be retained in the Data Filing System. Your personal data may be retained for longer if applicable legislation or our contractual obligations towards third parties require a longer retention period.

10. Rights of a Data Subject in Relation to the Processing of Personal Data

As a data subject you have the right, at any time, to object to the processing of your personal data for direct marketing purposes. You may give us channel-specific consents and prohibitions concerning direct marketing (e.g. prohibit marketing messages sent by e-mail but allow marketing messages sent by mail).

In addition, you have the right to, according to applicable data protection legislation, at any time:
- be informed about the processing of your personal data;
- obtain access to data relating to you and review your personal data we process;
- require rectification and completion or erasure of inaccurate and incorrect personal data;
- object to the processing of your personal data on grounds relating to your particular situation in so far as the processing of your personal data is based on our legitimate interest; and
- obtain a restriction of processing of your personal data.

You should present your request for exercising any of the aforementioned rights in the manner described in the ‘Contacts’ Section of this privacy statement. We may ask you to specify your request in writing and to verify your identity before processing the request. We may refuse to fulfil your request on grounds set out in applicable data protection legislation.

You also have the right to lodge a complaint with the supervisory authority concerned or with the supervisory authority of the EU member state of your habitual residence or place of work, if you consider that we have not processed your personal data in accordance with applicable data protection legislation.

11. Principles of Data Security

We respect the confidentiality of your personal data. Tangible material containing personal data shall be kept under lock and key in a space to which only separately appointed persons have access. Personal data processed digitally are protected and stored in our information system accessible to persons on a need-to-know basis only. Such persons have personal user credentials and passwords.

12. Information on Cookies and Similar Technologies

We use cookies on our website and services.

A “Cookie” is a commonly used small text file that the internet browser installs on your computer or other terminal when you visit a website. The browser sends information on your visit back to the website when you revisit it. All contemporary websites use cookies in order to offer you a more personal browsing experience.

Each cookie is separately installed on each terminal you use and cookies can be read only by the server that installed the cookie. Because the cookie is bound to the browser, and is not distributable between separate browsers or terminals in general (unless a browser, plugin or other application separately enable this), your choices relating to the management of cookies are applicable only to each separate browser. A cookie cannot control software, and it cannot be used as a medium for viruses or other malware, nor to harm your terminal of files. A single user cannot be identified solely through the use of cookies or similar technologies.

13. Contacts

All requests concerning the use of the rights mentioned above, questions about this privacy statement and other contacts should be made by e-mail Veijo Kyösti to the address You may also contact us through or in person in our offices or in writing:

Cesim Ltd
Veijo Kyösti
Kalevankatu 16 B 3
00100 Helsinki, Finland


Last updated on 31 March, 2021