Skip to content
Menu

Admicom Oyj Privacy Notice

Please note that this text is an English translation of Admicom Oyj’s Finnish privacy notice (“Tietosuojailmoitus”). The official version of the privacy notice is available in Finnish.

Contents of this Page

Admicom Group as a Data Processor

Admicom Group (hereinafter “Admicom”) as a data processor

Admicom provides a range of different services to its customers. These services involve the processing of customers’ data and may also involve the processing of personal data. The purposes of the processing are determined by our customers. In such cases, the customer acts as the data controller. Admicom acts as the data processor and processes the data in accordance with the instructions given by the customer. When acting as a data processor, Admicom complies with the data processing agreement concluded with the customer in accordance with the General Data Protection Regulation. The customer has given its consent and guarantees that

  • the customer owns or is otherwise entitled to transfer the data to Admicom for processing and that the customer is responsible for the accuracy, correctness, content and reliability of the data and for compliance with legal requirements.
  • As the data controller, the customer is obliged to notify the authorities and/or the data subject of a breach or unauthorised disclosure of personal data in the manner required by law.

When acting as a data processor, Admicom is obliged to take technical and organisational information security measures to protect privacy on behalf of the customer acting as the data controller.

As a data processor, Admicom does not process personal data in any way other than that authorised in the agreement concluded with the data controller.

If data subjects have, for example, questions, comments or requests concerning the personal data processed by Admicom, they must be sent to the data controller. As a data processor, Admicom does not disclose personal data to data subjects if the data controller has not instructed it to do so. If the police or another authority requests the disclosure of personal data, Admicom will immediately inform the data controller and disclose the data only on the basis of a court order.

Upon request, Admicom provides customers and partners with non-public information about its internal systems and data processing routines. This may depend on the terms of a non-disclosure agreement.

Admicom Oyj – Automatic Data Collection

Automatic data collection in Admicom Group (hereinafter “Admicom”)

Admicom uses commonly used digital marketing methods and tools to collect data on users of our websites. We collect this data to improve the usability and content of our websites, to target advertising and marketing, and to identify visitors’ areas of interest. As a rule, the data is collected by means of cookies (see below), and it cannot be linked to an individual person unless the website visitor fills in and submits their own personal data via the website.

Cookies are small text files containing character strings that allow the browser to be uniquely identified. They are sent to the computer by the site or by a third party. Most browsers are set to accept cookies. However, you can change your browser settings so that the browser refuses to accept third-party cookies or notifies you when cookies are being sent. Third-party cookie tools are also used on Admicom Group’s websites, allowing you to manage your consent to the use of cookies on the site.

With regard to the Google tools used by Admicom on its websites, you can prevent Google from collecting and processing the data generated by the Google cookie by downloading and installing the Google Analytics Opt-out Browser Add-on in your browser. This add-on is available at: https://tools.google.com/dlpage/gaoptout.

User Tracking

We use Leadoo’s user tracking to monitor how our users move on our website and combine this data with user information collected, for example, via chat interactions. Leadoo uses etag tracking, which technically differs from cookie-based tracking but is subject to the same legal principles as cookies. Please refer to the privacy policy of Leadoo Marketing Technologies Oy (https://leadoo.com/privacy-policy/) to learn more about what is tracked in the system. For GDPR purposes, we act as the controller and Leadoo as the data processor. If you do not want to be tracked, you can clear your browser cache. For more information about how Leadoo works, please see: https://leadoo.com/privacy-policy-processor/

We use Hotjar on our website to better understand how our users interact with the site and to optimise our services and user experience. Hotjar allows us to visualise user interactions, which helps us better understand their experience and identify potential issues and friction points to improve our services. To provide these services, Hotjar uses first-party cookies and other technologies to collect personal data and device information about our users on our behalf. This may include personal data such as online identifiers (e.g. device IP address, user ID), identifiers (e.g. name, email address – only if we have explicitly collected them), technical information (e.g. device type and screen size, browser information), geographical location (country only), behavioural data (interaction with our website, such as clicks, taps, scrolls) and any other personal data that the user has expressly submitted through Hotjar. Hotjar may also use this personal data to develop and improve its tools and services for our and our users’ benefit. For more information, please refer to Hotjar’s privacy policy.

Last updated on 27 May 2025.

Privacy Notice for the Customer and Marketing Register of Admicom Oyj


1. Scope of Application

This Privacy Notice applies jointly to the processing of personal data relating to customers, customer relationships, prospective customers and marketing activities of Admicom Oyj and Admicom Finland Oy. The controller is the group company responsible for the relevant customer relationship and/or marketing activity at any given time (hereinafter referred to as the “Controller”, “we” or “Admicom”). This Privacy Notice also applies to Admicom’s websites, for which Admicom Oyj acts as the Controller.

This Privacy Notice describes the processing of personal data carried out by Admicom in relation to customers, prospective customers and marketing.

Personal data means any information relating to an identified or identifiable natural person, such as a name, address, email address or telephone number. We process personal data in order to provide our services and to serve our customers.

2. Controller

Admicom Oyj
Business ID: 2800085-4

&

Admicom Finland Oy
Business ID: 1878875-6

Väinönkatu 26 A, 40100 Jyväskylä
Support phone: +358 44 433 3888
Email: privacy@admicom.com

3. Register

Admicom’s customer and marketing register of customers, customer contact persons and representatives, and prospective customers.

4. Purpose of Processing and Legal Basis

Personal data is processed for the purposes of managing and analysing customer relationships, providing and delivering services, carrying out onboarding projects, and for the development and planning of business operations, as well as for marketing, telesales, opinion and market research, and customer communications (including newsletters), and for complying with statutory obligations.

In addition, personal data is processed to ensure and maintain the functionality of our websites, to develop them, to analyse website usage and visitor activity, and to target advertising.

The legal basis for processing personal data is:

  • the maintenance of a customer relationship or performance of a contract, where the data subject is the customer;

  • for customer contact persons and representatives, the Controller’s legitimate interests (conducting and promoting business). Personal data is also processed for business development and planning, marketing, telesales, opinion and market research, and customer communications on the basis of legitimate interest. In such cases, the Controller performs a balancing test prior to processing;

  • the use of necessary cookies is based on legitimate interest (transmission of communications and ensuring security);

  • for non-essential cookies, marketing campaigns, newsletter subscriptions and events, the legal basis is the data subject’s consent;

  • certain processing is based on the Controller’s legal obligations, including compliance with accounting, taxation and anti-money laundering legislation.

The Controller does not carry out automated decision-making or profiling.

5. Categories of Personal Data

The register may include the following categories of personal data:

  • identity and contact details (such as first and last name, organisation name, Business ID, position, postal address, telephone number, email address, customer number and, in limited cases, personal identity code);

  • information on the commencement and termination of the customer relationship or other relevant connection;

  • data relating to the management of the relationship and communications (including purchases, cancellations, delivery data, invoicing and debt collection data, feedback, complaints and customer service records such as calls, call recordings, emails and support messages);

  • user-related data (such as usernames, system data, software data and change logs);

  • for financial services customers: statutory customer due diligence data and information concerning financial standing and politically exposed person status;

  • direct marketing consents and prohibitions;

  • data relating to the use of digital services and content (e.g. newsletter subscriptions);

  • marketing and sales promotion data, including activities targeted at the data subject and participation in such activities;

  • cookie-related data such as IP address;

  • event-related data, including participation and dietary or allergy information.

Provision of personal data is not mandatory; however, certain data is required to establish a customer relationship, provide services and comply with legal obligations, including anti-money laundering requirements.

6. Sources of Personal Data

Personal data relating to the data subject is primarily collected from the data subject themselves or from the organisation they represent, for example at the commencement of a customer relationship or during the course of the relationship, including through the various services provided by Admicom that the data subject uses, as well as in connection with marketing activities such as promotional draws, competitions and events.

Personal data may also be collected and updated from the registers of Admicom’s partners, from authorities and organisations providing personal data services, and from publicly available sources such as the websites of organisations.

If you visit our website, personal data may also be collected through the cookies in use.

7. Disclosure and Transfers of Personal Data

Personal data may be disclosed to competent authorities or other parties where required by applicable legislation or official regulations.

Personal data may be disclosed to prospective purchasers in connection with corporate transactions, such as where Admicom sells or otherwise reorganises its business. Data may also be shared within the Admicom group for administrative purposes. In such cases, the legal basis for disclosure is the Controller’s legitimate interests (improving business efficiency and reducing overlapping processing activities).

Personal data may also be transferred to service providers selected by the Controller, who process data on behalf of the Controller on the basis of a service agreement between the parties. Such parties include, for example, our accounting service providers and the providers of the software solutions we use.

8. Transfers Outside the EU/EEA

As a general rule, personal data is not transferred outside the European Union or the European Economic Area, unless such transfer is necessary for the purposes of processing personal data or for the technical implementation of such processing. In such cases, any transfer of personal data shall be carried out in accordance with the requirements of applicable data protection legislation.

9. Data Subject Rights

The data subject has the right to access the personal data stored about them in the register. You may request information from the Controller regarding the personal data collected about you and obtain access to such data. You may also request confirmation from the Controller as to whether personal data concerning you is being processed.

Upon request by the data subject, we will rectify and supplement personal data as necessary, or delete any data that is inaccurate, unnecessary, incomplete, or outdated in relation to the purposes of processing.

You may request the restriction of the processing of your personal data in certain circumstances, for example where you contest the accuracy of your personal data and the Controller is verifying its accuracy. Restriction of processing means that your personal data may only be processed on limited grounds. Such grounds include, for example, the establishment, exercise or defence of legal claims.

You have the right to object to the processing of your personal data where such processing is based on the Controller’s legitimate interests. In such cases, the Controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your rights as a data subject.

Under certain conditions, the data subject has the right to request the transfer of their personal data from one system to another (data portability). You may, under certain conditions, request the Controller to provide you with personal data concerning you that you have provided to the Controller, and to transmit those data to another controller.

The data subject also has the right to withdraw their consent where processing is based on consent.

The data subject has the right to lodge a complaint with a supervisory authority. You may lodge a complaint with the national supervisory authority, the Office of the Data Protection Ombudsman, if you consider that your personal data has not been processed appropriately or that your rights have not been adequately fulfilled. Complaints can be submitted at:
https://tietosuoja.fi/ilmoitus-tietosuojavaltuutetulle

The data subject may submit requests relating to the processing of personal data by contacting Admicom using the contact details provided below. A response to such requests will be provided without undue delay and no later than one (1) month from receipt of the request. Where necessary, Admicom may request additional information to verify the identity of the data subject.


10. Data Retention

Admicom retains personal data only for as long as necessary for the purposes for which it was collected, and as long as a lawful basis for processing exists or retention is required to comply with statutory obligations. When the personal data we have collected is no longer needed and there are no grounds for its retention, it will be securely deleted or destroyed.

Personal data is retained at least for the duration of each customer relationship. Contact details are updated or removed once we are informed of any changes in contact persons. Following the termination of a contractual relationship, the need to retain personal data relating to the concluded relationship is assessed every two years, taking into account factors such as any outstanding invoices and/or claims. Based on this assessment, unnecessary personal data will be deleted. As a general rule, personal data is not retained for more than ten (10) years after the end of the customer relationship.

Personal data contained in accounting materials is retained in accordance with statutory requirements (including the retention obligations under the Accounting Act) for a maximum of ten (10) years from the end of the financial year to which the accounting materials relate. Statutory customer due diligence data relating to financial services customers (formerly accounting services customers) is retained for five (5) years following the termination of the permanent customer relationship, as required under anti-money laundering legislation.

The need to retain personal data collected for marketing purposes is assessed every two years, and unnecessary data is deleted based on this assessment. Prospect data is stored in our customer relationship management system, and inactive prospect data is automatically deleted once the predefined retention period of two years has expired. Where our marketing activities are based on the data subject’s consent (including newsletters), such data is retained for as long as the consent remains valid.

Data collected for events, such as information on special dietary requirements, is retained for one (1) month following the end of the event.

Cookie-related data is retained in accordance with the website’s cookie notice.

11. Amendments to this Privacy Notice

Admicom continuously develops its business operations and therefore reserves the right to amend this Privacy Notice by providing notice thereof. Such amendments may also result from changes in applicable legislation.

Where changes are made to this Privacy Notice, the updated version and the date of amendment will be published. We encourage you to review this Privacy Notice regularly.

Where we make material changes that significantly affect our privacy practices, we may also notify you by other means prior to such changes taking effect.

This Privacy Notice was last updated on 31 March 2026.

12. Contact

If you have any comments or questions regarding this Privacy Notice, or if you have concerns about the protection of your privacy or the use of your personal data, or if you suspect that your privacy has been compromised, please contact us at privacy@admicom.com. You may also send a letter to: Väinönkatu 26 A, 40100 Jyväskylä.

We will treat your enquiry confidentially, and our representative will contact you at the address you have provided where necessary.

 

Privacy Notice for the Recruitment Register of Admicom Oyj

 

1. Scope of Application

This privacy notice describes how Admicom Oyj, Admicom Finland Oy and Bauhub OÜ, all part of the Admicom Group, collect and process the personal data of job applicants in their capacity as data controllers.

This privacy notice applies jointly to job applicants of Admicom Oyj, Admicom Finland Oy and Bauhub OÜ, and to the processing of personal data related to recruitment. The data controller is the group company responsible for the relevant recruitment process and which will act as your employer should an employment relationship be established (hereinafter “Data Controller”, “we” or “Admicom”).

Personal data refers to information that can be used to identify an individual, such as an address, email address or telephone number. We must process personal data in order to assess a candidate’s suitability, carry out recruitment processes and communicate with job applicants.

2. Data Controllers

Admicom Oyj (Business ID: 2800085-4)
Admicom Finland Oy (Business ID: 1878875-6)
Bauhub OÜ (Registry code: 12979880)

Väinönkatu 26 A, 40100 Jyväskylä
Support phone: +358 44 433 3888
Email: tietosuoja@admicom.fi

3. Person Responsible for Register Matters

Helena Marjokorpi
c/o Admicom Oyj
Väinönkatu 26 A 29, 40100 Jyväskylä

4. Registers

Admicom Group job applicant registers

5. Purpose and Legal Basis for Processing Personal Data

The purpose of processing personal data is to assess the suitability of Admicom’s job applicants, to carry out recruitment processes and complete recruitment procedures, as well as for communication with applicants.

The legal basis for processing is the performance of pre-contractual measures at the request of the data subject in order to enter into a contract, as well as the performance of a contract where one has been concluded. In addition, applicants’ personal data may be stored and processed on the basis of their separate consent, for example for future recruitment opportunities.

The Data Controller does not engage in automated decision-making or profiling.

6. Data Content of the Registers

The job applicant register may include the following information for all data subjects:

  • first and last name
  • contact details (postal address, telephone number, email address)
  • responses provided in the job application form
  • other information provided by the applicant, such as CV, job application, salary expectations, etc.
  • data and results collected during suitability assessments or similar evaluations
  • data collected by the recruitment system or website used by the Data Controller, or otherwise provided through such systems

Providing personal data is not a statutory or contractual obligation, and applicants may choose not to provide their data. However, without personal data, the application cannot be processed, and failure to provide the data may prevent the recruitment process from progressing and/or the establishment of an employment relationship.

7. Regular Sources of Data

Personal data concerning the data subject is primarily collected directly from the data subject during the recruitment process, for example through direct contact, via the recruitment system in use, or during interviews. Data may also be collected from referees.

8. Regular Disclosures and Transfers of Data

Data may be disclosed to competent authorities or other parties where required by applicable legislation.

Data may be disclosed to potential buyers in connection with business transactions if Admicom sells or otherwise reorganises its business. Data may also be shared within the Admicom Group for administrative purposes. The legal basis for such disclosure is legitimate interest (improving business efficiency and reducing duplicate processing).

Data may be transferred to selected partners and service providers who process data on behalf of the Data Controller under a cooperation agreement, such as providers conducting suitability assessments. In such cases, the processor is not entitled to use the data for its own purposes, and processing is carried out solely on behalf of the Data Controller in accordance with its instructions and a data processing agreement.

9. Transfers of Data Outside the EU or EEA

As a rule, data is not transferred outside the European Union or the European Economic Area, unless necessary for the purposes described above or for technical reasons related to data processing. In such cases, transfers are carried out in compliance with applicable data protection legislation.

10. Protection of the Register

A. Manual Material

Personal data is protected against unauthorised access and unlawful processing (e.g. destruction, alteration or disclosure). Each person processing the data may only access the personal data necessary for their duties.

Documents are stored in locked facilities protected from unauthorised access. Documents are printed only when necessary, and paper copies are destroyed after use.

B. Data Processed Electronically

Electronically processed data is protected by firewalls, passwords and other generally accepted technical security measures.

Access to the data is restricted to authorised employees of the Data Controller and its service providers, based on granted access rights.

11. Exercising the Data Subject’s Rights

The data subject has the right to access the personal data stored about them. You may request information about the personal data collected and obtain access to it. You may also request confirmation as to whether your personal data is being processed.

At the request of the data subject, we will rectify or supplement personal data, or delete data that is incorrect, unnecessary, incomplete or outdated for the purposes of processing.

You may request restriction of processing in certain situations, for example if you contest the accuracy of your data. Restriction means that your data may only be processed on limited grounds, such as for the establishment, exercise or defence of legal claims.

You may object to the processing of your personal data where processing is based on the Data Controller’s legitimate interest. In such cases, the Data Controller must cease processing unless it can demonstrate compelling legitimate grounds overriding your interests.

You also have the right to data portability under certain conditions, meaning you may request your personal data in a structured format and transfer it to another controller.

You have the right to withdraw your consent where processing is based on consent.

You also have the right to lodge a complaint with a supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman (https://tietosuoja.fi).

Requests related to personal data processing can be submitted by contacting Admicom using the details below. Responses will be provided without undue delay and no later than one (1) month from receipt of the request. We may request additional information to verify your identity.

12. Data Retention

Admicom retains personal data only for as long as necessary for the stated purposes and as long as there is a legal basis for processing or a legal obligation to retain the data. When data is no longer needed, it is securely deleted.

As a rule, personal data is retained for 18 months from the date it was provided for recruitment purposes. This retention period is based on Finnish legislation concerning equality and non-discrimination, with an additional buffer period.

Data may be retained longer based on the applicant’s consent, for example for future recruitment. Consent is requested separately before the end of the retention period. If consent is not given or is withdrawn, the data will be deleted.

13. Changes to the Privacy Notice

Admicom continuously develops its operations and therefore reserves the right to amend this privacy notice. Changes may also be based on changes in legislation.

If changes are made, an updated version and revision date will be published. We encourage you to review this notice regularly.

Where significant changes are made, we may notify you by other means before they take effect.

This notice was last updated on 24 April 2026.

14. Contact Details

If you have any questions or comments regarding this privacy notice, or concerns about privacy or data usage, please contact us at:

tietosuoja@admicom.fi
Väinönkatu 26 A, 40100 Jyväskylä

All enquiries will be handled confidentially, and we will respond as necessary.

 

Privacy Notice for the Partner and Supplier Register of Admicom Oyj


1. Scope of Application

This Privacy Notice applies jointly to the processing of personal data relating to partners and suppliers of Admicom Oyj and Admicom Finland Oy. The controller is the group company responsible for the relevant partnership or supplier relationship (hereinafter referred to as the “Controller”, “we” or “Admicom”). This Privacy Notice also applies to Admicom’s websites, for which Admicom Oyj acts as the Controller.

This Privacy Notice describes the processing of personal data carried out by Admicom in connection with partner and supplier relationships.

Personal data means any information relating to an identified or identifiable natural person, such as a name, address, email address or telephone number.

2. Controller

Admicom Oyj
Business ID: 2800085-4

&

Admicom Finland Oy
Business ID: 1878875-6

Väinönkatu 26 A, 40100 Jyväskylä
Support phone: +358 44 433 3888
Email: privacy@admicom.com

3. Register

Admicom Oyj’s partner and supplier register based on cooperation.

4. Purpose of Processing and Legal Basis

Personal data is processed for the purposes of implementing, managing and analysing partner and supplier relationships and other service agreements, as well as for developing, maintaining and planning business operations.

In addition, personal data is processed to ensure and maintain the functionality of our websites, to develop them, to analyse website usage and visitor activity, and to target advertising.

The personal data processed relates to contact persons and representatives of partners and suppliers, and the legal basis for processing is the Controller’s legitimate interests (conducting and promoting business).

Legitimate interest is also the legal basis for the use of cookies necessary for the functioning of our websites (for the transmission of communications over a network and ensuring information security). For non-essential cookies, as well as marketing campaigns and newsletter subscriptions, the legal basis is the data subject’s consent.

The Controller does not carry out automated decision-making or profiling.

5. Categories of Personal Data

The partner and supplier register may include the following categories of personal data:

  • first and last name

  • contact details (postal address, telephone number, email address)

  • position within the company

  • company name and Business ID

  • accounts receivable data and related history

  • personnel changes

  • data collected via cookies used on our website, such as IP address and other cookie-related data

Provision of personal data is not mandatory; however, certain data is required in order to establish a partner or supplier relationship.

6. Sources of Personal Data

Personal data relating to the data subject is primarily collected from the data subject themselves or from the organisation they represent during the partner or supplier relationship, and may also be obtained from the organisation’s website or other publicly available sources.

If you visit our website, personal data may also be collected through the cookies in use.

7. Disclosure and Transfers of Personal Data

Personal data may be disclosed to competent authorities or other parties where required by applicable legislation or official regulations.

Personal data may be disclosed to prospective purchasers in connection with corporate transactions, such as where Admicom sells or otherwise reorganises its business. Data may also be shared within the Admicom group for administrative purposes. In such cases, the legal basis for disclosure is the Controller’s legitimate interests (improving business efficiency and reducing overlapping processing activities).

Personal data may be transferred to service providers selected by the Controller who process data on behalf of the Controller under a service agreement between the parties. In such cases, the processor is not permitted to process the transferred data for its own purposes or within its own registers. Such parties include, for example, our accounting service providers and the providers of the software solutions we use.

8. Transfers Outside the EU/EEA

As a general rule, personal data is not transferred outside the European Union or the European Economic Area, unless such transfer is necessary for the purposes of processing personal data or for the technical implementation of such processing. In such cases, any transfer shall be carried out in accordance with applicable data protection legislation.

9. Data Subject Rights

The data subject has the right to access the personal data stored about them in the register. You may request information from the Controller regarding the personal data collected about you and obtain access to such data. You may also request confirmation as to whether personal data concerning you is being processed.

Upon request by the data subject, we will rectify and supplement personal data as necessary, or delete any data that is inaccurate, unnecessary, incomplete or outdated in relation to the purposes of processing.

You may request the restriction of the processing of your personal data in certain circumstances, for example where you contest the accuracy of your data and the Controller is verifying its accuracy. Restriction of processing means that your data may only be processed on limited grounds, such as the establishment, exercise or defence of legal claims.

You have the right to object to the processing of your personal data where such processing is based on the Controller’s legitimate interests. In such cases, the Controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds which override your rights as a data subject.

Under certain conditions, the data subject has the right to request the transfer of their personal data from one system to another. You may request the Controller to provide you with personal data concerning you that you have provided to the Controller and to transmit those data to another controller.

The data subject also has the right to withdraw their consent where processing is based on consent.

The data subject has the right to lodge a complaint with a supervisory authority. You may lodge a complaint with the national supervisory authority, the Office of the Data Protection Ombudsman, if you consider that your personal data has not been processed appropriately or that your rights have not been adequately fulfilled. Complaints can be submitted at:
https://tietosuoja.fi/ilmoitus-tietosuojavaltuutetulle

Requests relating to personal data may be submitted by contacting Admicom using the contact details provided below.

10. Data Retention

Admicom retains personal data only for as long as necessary for the purposes for which it was collected and as long as a lawful basis for processing exists or retention is required by law. When the personal data is no longer needed, it will be securely deleted or destroyed.

Personal data is retained for the duration of the relevant partner or supplier relationship. Contact details are updated or removed once we are informed of any changes in contact persons. Following termination of a contractual relationship, the need to retain personal data is assessed every two years, taking into account factors such as outstanding invoices and/or claims. Based on this assessment, unnecessary personal data will be deleted. As a general rule, personal data is not retained for more than ten (10) years after the end of the partner or supplier relationship.

Cookie-related data is retained in accordance with the website’s cookie notice.

11. Amendments to this Privacy Notice

Admicom continuously develops its business operations and therefore reserves the right to amend this Privacy Notice by providing notice thereof. Such amendments may also result from changes in applicable legislation.

Where changes are made, the updated Privacy Notice and the date of amendment will be published. We encourage you to review this Privacy Notice regularly.

Where we make material changes that significantly affect our privacy practices, we may also notify you by other means prior to such changes taking effect.

This Privacy Notice was last updated on 31 March 2026.

12. Contact

If you have any comments or questions regarding this Privacy Notice, or if you have concerns about the protection of your privacy or the use of your personal data, or if you suspect that your privacy has been compromised, please contact us at privacy@admicom.com. You may also send a letter to: Väinönkatu 26 A, 40100 Jyväskylä.

We will handle your request confidentially, and our representative will contact you where necessary. We aim to handle any complaints in a timely and appropriate manner.

Privacy Notice for the Investor Relations Register of Admicom Oyj

1. Scope and Acceptance

This Privacy Notice applies to Admicom Oyj’s (hereinafter “Admicom”, “we” or the “Controller”) investor relations activities and to Admicom’s investor website.

This Privacy Notice describes the processing of personal data carried out by Admicom when acting as controller in managing and maintaining its investor relations and assessing investor interest.

Personal data means any information relating to an identified or identifiable natural person, such as a name, address, email address or telephone number. We process personal data in order to maintain investor relations, carry out investor communications and assess investor interest.

2. Controller

Admicom Oyj
Business ID: 2800085-4

Väinönkatu 26 A, 40100 Jyväskylä
Support phone: +358 44 433 3888
Email: tietosuoja@admicom.fi

3. Register

Admicom Oyj’s investor relations register

4. Purpose of Processing and Legal Basis

Personal data is processed for the purposes of managing and maintaining investor relations, investor communications and assessing investor interest.

The legal basis for processing personal data is:

  • primarily, the maintenance of an investor relationship or the performance of a contract, where the data subject is the investor;

  • where personal data is processed for the purpose of assessing investor interest and no investor relationship is established, the legal basis for continued processing is the data subject’s consent;

  • where the investor is a company, the register contains personal data of the company’s contact persons and representatives, and the legal basis for processing is the Controller’s legitimate interests. Personal data may also be processed for assessing investor interest on the basis of legitimate interest. In such cases, the Controller carries out a balancing test prior to processing to ensure that a legitimate interest exists;

  • legitimate interest is also the legal basis for the use of cookies that are necessary for the functioning of our website (for the transmission of communications over a network and ensuring information security);

  • for non-essential cookies, marketing campaigns and newsletter subscriptions, the legal basis is the data subject’s consent.

The Controller does not carry out automated decision-making or profiling.

5. Categories of Personal Data

The investor relations register may include the following categories of personal data:

  • first and last name

  • contact details (telephone number, email address)

  • position within the company

  • company name and Business ID, where the investor is a company

  • data collected via cookies used on our website, such as IP address and other cookie-related data

Provision of personal data is not mandatory; however, certain data is required in order to establish an investor relationship.

6. Sources of Personal Data

Personal data relating to the data subject is primarily collected from the data subject themselves, for example when subscribing to mailing lists or through the investor relations services used by Admicom.

If you visit our website, personal data may also be collected through the cookies in use.

7. Disclosure and Transfers of Personal Data

Personal data may be disclosed to competent authorities or other parties where required by applicable legislation or official regulations.

Personal data may be disclosed to prospective purchasers in connection with corporate transactions, such as where Admicom sells or otherwise reorganises its business.

Personal data may be transferred to service providers selected by the Controller who process data on behalf of the Controller under a service agreement between the parties. In such cases, the processor is not permitted to process the transferred data for its own purposes or within its own registers. Such parties include, for example, providers of investor relations services.

8. Transfers Outside the EU/EEA

As a general rule, personal data is not transferred outside the European Union or the European Economic Area, unless such transfer is necessary for the purposes of processing personal data or for the technical implementation of such processing. In such cases, any transfer shall be carried out in accordance with applicable data protection legislation.

9. Data Subject Rights

The data subject has the right to access the personal data stored about them in the register. You may request information from the Controller regarding the personal data collected about you and obtain access to such data. You may also request confirmation as to whether personal data concerning you is being processed.

Upon request by the data subject, we will rectify and supplement personal data as necessary, or delete any data that is inaccurate, unnecessary, incomplete or outdated in relation to the purposes of processing.

You may request the restriction of the processing of your personal data in certain circumstances, for example where you contest the accuracy of your data and the Controller is verifying its accuracy. Restriction of processing means that your data may only be processed on limited grounds, such as the establishment, exercise or defence of legal claims.

You have the right to object to the processing of your personal data where such processing is based on the Controller’s legitimate interests. In such cases, the Controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds which override your rights as a data subject.

The data subject also has the right, under certain conditions, to request the transfer of their personal data from one system to another. You may request the Controller to provide you with personal data concerning you that you have provided to the Controller and to transmit those data to another controller.

The data subject also has the right to withdraw their consent where processing is based on consent.

The data subject has the right to lodge a complaint with a supervisory authority. You may lodge a complaint with the national supervisory authority, the Office of the Data Protection Ombudsman, if you consider that your personal data has not been processed appropriately or that your rights have not been adequately fulfilled. Complaints can be submitted at:
https://tietosuoja.fi/ilmoitus-tietosuojavaltuutetulle

Requests relating to personal data may be submitted by contacting Admicom using the contact details provided below.

10. Data Retention

Admicom retains personal data only for as long as necessary for the purposes for which it was collected and as long as a lawful basis for processing exists or retention is required by law. When the personal data is no longer needed, it will be securely deleted or destroyed.

Personal data is retained for the duration of the investor relationship and for as long as the individual acts as an analyst, investor or contact person of an investor company. Contact details are removed once we are informed of any change in contact persons.

Data relating to investor meetings, such as meeting notes, is retained in its original form for five (5) years from the meeting. After this period, the data is anonymised so that it can no longer be linked to an individual.

Cookie-related data is retained in accordance with the website’s cookie notice.

11. Amendments to this Privacy Notice

Admicom continuously develops its business operations and therefore reserves the right to amend this Privacy Notice by providing notice thereof. Such amendments may also result from changes in applicable legislation.

Where changes are made, the updated Privacy Notice and the date of amendment will be published. We encourage you to review this Privacy Notice regularly.

Where we make material changes that significantly affect our privacy practices, we may also notify you by other means prior to such changes taking effect.

This Privacy Notice was last updated on 31 March 2026.

12. Contact

If you have any comments or questions regarding this Privacy Notice, or if you have concerns about the protection of your privacy or the use of your personal data, or if you suspect that your privacy has been compromised, please contact us at privacy@admicom.com. You may also send a letter to: Väinönkatu 26 A, 40100 Jyväskylä.

We will handle your request confidentially, and our representative will contact you where necessary. We aim to handle any complaints in a timely and appropriate manner.