Privacy Policy

Krios Business Consulting Oy | Business ID: 2779875-3

Effective date: March 4, 2026

1. Data Controller

Krios Business Consulting Oy

Kappelikuja 6, 02200 Espoo, Finland

Email: antti.saaksvuori@krios.fi

Phone: +358 50 353 9260

Websites: https://www.krios.fi | https://www.norma.krios.fi

Managing Partner: Antti Saaksvuori

2. What Personal Data We Collect and Why

2.1 Contact Form (norma.krios.fi)

When you submit the contact form on norma.krios.fi, we collect your name, email address, and the content of your message. This data is used to respond to your enquiry and to manage our potential business relationship. Where relevant, your contact details may be added to our CRM system (Pipedrive) for the purposes of customer relationship management, sales process tracking, and maintaining contact history. The legal basis for processing is our legitimate interest (GDPR Article 6(1)(f)).

2.2 Appointment Booking (Microsoft Bookings)

When you book an appointment through our Microsoft Bookings page, we collect your full name, email address, and optionally your phone number and a message. This data is used to manage and confirm your booking. Where relevant, your contact details may be added to our CRM system (Pipedrive) for the purposes of customer relationship management, sales process tracking, and maintaining contact history. The legal basis for processing is the performance of a contract or pre-contractual steps (GDPR Article 6(1)(b)).

2.3 Downloadable Content (norma.krios.fi — planned)

We plan to introduce a form on norma.krios.fi through which visitors may download materials (such as PDF documents) by providing their contact details. When introduced, this form will collect your name and email address. The data will be used to provide the requested material and, where relevant, to follow up on your interest in our services. Your contact details may be added to our CRM system (Pipedrive). The legal basis for processing will be your consent (GDPR Article 6(1)(a)) or our legitimate interest (GDPR Article 6(1)(f)). This policy will be updated when the feature is launched.

2.4 Email Correspondence

When you correspond with us by email — whether in response to a contact form submission, an appointment booking, or any other communication — your email address and message content are retained as part of the email thread. Official company email is handled through Microsoft 365. For certain outreach activities, we also use Google Workspace accounts, through which both outgoing and incoming messages are retained. The legal basis for processing is our legitimate interest (GDPR Article 6(1)(f)).

2.5 Website Analytics

We use the following analytics tools to understand how visitors use our websites:

Google Analytics 4 on krios.fi, and on norma.krios.fi (planned for introduction in the near future). This involves the collection of anonymised usage data and IP addresses. The legal basis is your consent (GDPR Article 6(1)(a)), provided via the cookie consent banner.

Squarespace Analytics on norma.krios.fi. This is a native analytics tool provided by Squarespace that collects aggregated, anonymised visitor data such as page views and traffic sources. The legal basis is our legitimate interest (GDPR Article 6(1)(f)).

2.6 Technical Data

When you visit either of our websites, your browser automatically transmits technical information including your IP address and browser type. This data is processed for security and to ensure the proper functioning of the website. The legal basis is our legitimate interest (GDPR Article 6(1)(f)).

3. Sources of Personal Data

We collect personal data directly from you through our websites and booking pages. In addition, for the purposes of business development and outreach, we may collect publicly available contact information from sources such as LinkedIn and company websites. In such cases, we collect only information that is professionally relevant and publicly accessible, and we use it solely for legitimate business communication purposes.

4. Direct Marketing

We may use contact details obtained through our websites or other legitimate sources to send you information about our services that may be relevant to you or your organisation. This activity is carried out on the basis of our legitimate interest (GDPR Article 6(1)(f)) and is directed at business contacts acting in a professional capacity.

You have the right to object to the use of your contact details for direct marketing purposes at any time. Every marketing communication we send will include a clear and easy way to opt out. You may also contact us directly at antti.saaksvuori@krios.fi to request that we stop sending marketing communications. We will action all such requests promptly.

5. Data Processors and Third Parties

We use the following third-party services that act as data processors on our behalf:

Squarespace Inc. — website hosting, contact form storage, and native analytics for norma.krios.fi. Data may be processed in the United States under appropriate safeguards (Standard Contractual Clauses).

Microsoft Corporation — business email (Microsoft 365), appointment booking (Microsoft Bookings), and file storage (OneDrive). Data is processed primarily within the European Union.

Pipedrive OÜ — CRM system used for customer relationship management, sales process tracking, and contact history. Contact data obtained through our websites may be stored in Pipedrive. Data may be processed in the United States or other countries outside the European Union under appropriate safeguards (Standard Contractual Clauses).

Google LLC — website analytics (Google Analytics 4) on krios.fi and norma.krios.fi, and Google Workspace accounts used for certain business email correspondence. Data may be processed in the United States under appropriate safeguards (Standard Contractual Clauses).

We do not sell your personal data to third parties. All third-party processors are contractually bound to process personal data only on our instructions and in accordance with applicable data protection law.

6. Automated Decision-Making

We do not currently use automated decision-making or profiling that produces legal or similarly significant effects on individuals. Should we introduce such processing in the future, this policy will be updated accordingly.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described above.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — you may request a copy of the personal data we hold about you.

• Right to rectification — you may request correction of inaccurate or incomplete data.

• Right to erasure — you may request deletion of your personal data.

• Right to restriction — you may request that we restrict the processing of your data.

• Right to data portability — you may request your data in a structured, machine-readable format.

• Right to object — you may object to processing based on our legitimate interests, including direct marketing.

• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at antti.saaksvuori@krios.fi.

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu): www.tietosuoja.fi.

9. Cookies

For detailed information about the cookies used on our websites, please refer to our Cookie Policy, which is available on both websites.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available on our websites. Material changes will be communicated by updating the effective date at the top of this document.