Menu
Menu

Privacy Policy

Updated: 06.11.2025

This Privacy Policy describes how Katrium OÜ (11397348) collects, uses and discloses your personal data in the course of our business. When processing your personal data, we strictly comply with the General Data Protection Regulation (GDPR) and other data protection legislation.

1. Controller and contact information

Katrium OÜ 

Reg. nr: 11397348 

Address: J. Vilmsi 5 / Raua 36 – 6, 10152 Tallinn, Estonia

Contact person for data protection matters

Viktoria Vasina

info@katrium.eu

+372 5648 7414

2. Registers and personal data collected

We primarily process and store personal data in the following registers:

    3. Legal basis and purpose of processing personal data

    We process personal data for the purpose of performing the agreement and complying with the controller’s legal obligation. The legal basis is also the consent of the data subject and the legitimate interest of the controller.

    The purpose of the register is to maintain the controller’s customer register, manage customer orders, archive and process them, and manage customer relationships. The data may be used to develop the controller’s operations, for statistical purposes, and to produce more personalized content on our online services. Personal data is processed within the limits permitted and required by the General Data Protection Regulation. The data in the register may be used in the controller’s own registers, for example, for targeting advertising without disclosing personal data to third parties. The company may use partners to maintain customer and service relationships, in which case parts of the register data may be transferred to the partner’s servers due to technical requirements. The data is processed solely for the purpose of maintaining the controller’s customer relationship through technical interfaces.

    The purpose of the register is also the controller’s business operations, opening new customer accounts, and related communications. The information obtained is used to establish and maintain customer relationships and for other business needs of the controller.

    More detailed information on the legal basis and purpose of processing can be found in the privacy policy of each register (above). 

    4. Collection of personal data

    We collect personal data in various ways. We collect and process data obtained:

        • from the data subject themselves;

        • from purchases made by the data subject on the online service;

        • social media channels, business cards, telephone calls, or physical encounters; and

        • notifications related to the customer system during the use of the service.

      Information about other customer activities in the digital environment may be obtained from:

          • partner websites;

          • from information systems;

          • from other digital sources that are accessed via an electronic invitation (link); or

          • through cookies or by using IDs given to customers.

        Updates to names and contact details are also obtained from authorities and companies that provide update services. Information may also be obtained from subcontractors involved in the use or production of the service. Information may also be obtained from other stakeholders, e.g. through mass communications, marketing, website contact forms, or similar means.

        We collect and process the following categories of personal data, for example:

            • Name, such as the person’s first and last name

            • Organization represented

            • Contact details, such as email address, postal address, telephone number, and website address, 

            • Order information, such as discussion information from customer negotiations or call recordings

            • Billing information

          For more information about the collection of personal data, please refer to the privacy policy for each register (above).

          5. Retention of personal data

          We retain personal data only for as long as necessary to fulfill the purposes specified in this Policy. At the end of the retention period, the personal data of the registered person will be destroyed at the user’s request, unless legislation, open invoices, or collection measures prevent the deletion of the data.

          More detailed information on retention can be found in the privacy policy of each register (above).

          6. Transfer and disclosure of personal data

          The data in the customer register is only available to the controller and its staff, except when using an external service provider to provide value-added services or to support credit decisions.

          The data will not be disclosed outside the controller or to its partners, except in matters related to credit applications, debt collection, or invoicing, and when required by law.

          The personal data of registered persons will be destroyed at the user’s request, unless legislation, customer relationship management, outstanding invoices, or collection activities prevent the deletion of the data.

          7. Transfer of data outside the EU or EEA

          Personal data will not be transferred outside the European Union or the European Economic Area.

          8. Cookies

          We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not damage users’ computers or files. 

          You can read more about cookies here: Cookie Policy

          9. Rights of the data subject

          The data subject has the right to check what information about them is stored in the register. The request for inspection must be made in writing by contacting the controller’s customer service or the contact person for the register in Finnish or English. The request for access must be signed.

          The data subject has the right to prohibit the processing and disclosure of their data for direct advertising, distance selling, and direct marketing, as well as for market and opinion surveys, by contacting the controller’s customer service.

          The data subject has the right to transfer their data from one system to another. The transfer request can be addressed to the contact person for the register.

          Personal data in the register that is incorrect, unnecessary, incomplete, or outdated for the purpose of processing must be corrected, deleted, or supplemented. The request for correction must be made in writing, signed by the data subject, and submitted to the controller’s customer service or the personal data file administrator. The request must specify what data is to be corrected and on what grounds. The correction shall be made without delay.

          The person from whom the incorrect information was obtained or to whom the information was disclosed will be notified of the correction. If the request for correction is denied, the person responsible for the register will issue a written certificate stating the reasons for the denial. The person concerned may refer the refusal to the Data Protection Ombudsman for resolution.

          You have the right to request personal data concerning you, and you have the right to request the correction or deletion of personal data or the restriction of processing. Requests can be addressed to the contact person.

          The data subject has the right to prohibit the disclosure and processing of their data for direct marketing and other marketing purposes, to request the anonymization of the data where applicable, and to be completely forgotten.

          If you consider that the processing of your personal data has violated the Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority. You can also lodge a complaint in the Member State where you have your permanent residence or place of work.

          The contact details of the Finnish national supervisory authority are:

          Office of the Data Protection Ombudsman

          Visiting address: Lintulahdenkuja 4, 00530 Helsinki

          Postal address: PL 800, 00531 Helsinki

          Email: tietosuoja(at)om.fi

          Switchboard: 029 566 6700

          Registry: 029 566 6768

          10. Changes to this policy

          We reserve the right to change this policy. We will announce any changes on our website www.katrium.eu, where you can also find the latest version of this policy. 

          11. Further information and requests for information 

          If you have any questions regarding the processing of personal data or requests concerning the rights of data subjects, please contact us by email at info@katrium.eu.