Skip to main content

Privacy policy about the processing of personal data collected by elfGROUP in its business activities


Name: elfGROUP Cyber Security Services Ltd, Business ID FI31094425

Address: Hiltusentie 23 A 1, 90620 OULU, Finland


Phone: +358 29 0020 130

Contact person on issues regarding the register

Name: Tuomas Tonteri

Address: elfGROUP Cyber Security Services Ltd, Hiltusentie 23 A 1, 90620 OULU, Finland


Phone: +358 29 0020 133

Registry name

This privacy policy covers the following elfGROUP's registers that contain personal data:

  • Customer, contract and assignment registers
  • B2B marketing register
  • elfCLOUD virtual server service's user register
  • elfGROUP website's usage data register

The privacy policy describes the congruent personal data processing and protection practices for the registers and, if needed, the register-specific differences.

Purpose of the processing of personal data

elfGROUP collects and processes personal data contained in the mentioned registers for the provision and production of services related to its business and for the management of customer relationships.

Customer, contract and assignment registers as well as user registers of the relevant service are necessary for the conclusion of contracts and the provision of services. If the entry of personal data in these registers is prohibited, the provision of services may become impossible. The provision of personal and contact information is not statutory requirement, but is a prerequisite for elfGROUP to enter into a contractual relationship and provide services.

Data from personal registers are not used for automatic decision-making or personal profiling.

Information content of the register

Personal data entered in customer, contract, assignment and user registers are basic contact information (name, company, address, phone number, e-mail address, website address).

Cookies and data collected by the website

In the implementation of elfGROUP's website we use so-called HTTP Cookies to help with the usability and user statistics of the website. The website is connected to Google Analytics, where the websites browsing statistics are collected and analyzed. Users' public IP address is saved to elfGROUP's web servers and also passed on to Google Analytics while browsing the website. Users' name or other identification data is not collected or passed on in this context. Google Analytics is further connected to Leadfeeder for marketing purposes. Learn more about Google's privacy practicies here.

Regular sources of information

Personal data to be recorded in the customer, contract, assignment and user registers are personal data provided by persons themself or, in the case of B2B customer relationship, by an organization's representative on the basis of one's professional status. elfGROUP retains the data for the necessary period of time for the professional execution of clientele and assignments and for the fulfillment of its legal obligations. The personal data entered in the B2B marketing register has been collected from public information sources, requests for additional information and contacts submitted on the elfGROUP's website or other feedback channels, and contact lists obtained as target group searches based on professional status.

Regular disclosures

Information in the registers is in principle not disclosed to third parties. The reference right obtained with the customer's written permission makes an exception regarding the customer register to publish the customer's name information or the case presentation for marketing purposes. Information in the registers can be disclosed to elfGROUP's partners for the implementation of customer satisfaction surveys or case interviews (with the permission of the customer in question). Regarding the B2B marketing register, the data can be disclosed to advertising or promotion agency for marketing campaing purposes.

Data transfer to outside of EU or EEA

Website's usage data register is connected to Google Analytics and Leadfeeder. It is possible that by using these external services the IP address information of users visiting the website will also be transmitted outside the EU/EEA.

Information related to elfGROUP's customer assignments or customer's IT environment or information security is never transmitted outside the EU/EEA. However, from time to time, elfGROUP uses Internet services located outside the EU/EEA (the service provider or the server infrastructures used by its subcontractors) to process the contact details (name, e-mail) contained in the personal data register. In these cases, elfGROUP is responsible for ensuring that the service provider is adequately committed to protecting the transmitted data.

elfGROUP uses the MailChimp newsletter service (MailChimp's GDPR) for informing and marketing purposes by utilizing the personal data registers in a way which is defined in this privacy policy. You can read more of the use of data received by MailChimp from the EU here. elfGROUP's export of personal data to the service is based on a contractual relationship or obtained marketing consent.

If elfCLOUD servers located in the EU/EEA are used from non-EU/EEA countries, the customer account information of the authenticated user will be displayed under one's secure connection in the Internet browser. Any non-EU/EEA elfCLOUD service instances will use their separate local registers.

Register security principles

Manual data

Information saved in the customer, contract and assignment registers is also stored in the archives of the original contract documents. The original signed paper versions are stored in locked premises and locked filing systems, which can only be accessed by the necessary elfGROUP personnel representatives based on the job description. The paper copies are disposed of when the need to store data or the grounds for processing have expired.

Information processed by computer

Physical entry to elfGROUP's server environments has been restricted from outsiders. Administrative and technical information security is actively taken care of. The security of information systems is regularly tested by security experts.

Information stored by users on elfCLOUD virtual servers is not passed on to third parties, and public browsing of the data is not possible. Only the service provider's personnel and subcontractors who have signed a non-disclosure agreement and need the information for performing their work duties can be granted the access to the data.

Right of inspection

The registered has the right to check the data related to them stored in the register. Use of the right of inspection requires reliable identification of the requestor. Inspection requests must be addressed written by mail to elfGROUP Cyber Security Services Ltd's postal address. Sufficient amount of identification data must be attached to the inspection request, so the requestor, context and the registers to be inspected can be identified from the request. Incomplete requests cannot be processed.

Right to demand correction of information

The registered has the right to request their incorrect data in the register to be corrected. The request for rectification must be addressed written with the sufficient amount of identification data by mail to elfGROUP Cyber Security Services Ltd's postal address. Incomplete requests cannot be processed.

The registered has the right to prohibit the registrar from processing their data for direct mail advertising, telemarketing and other direct marketing, as well as market and opinion research. The registered also has the right to request the deletion of their data, i.e. to withdraw their consent of processing of personal data if the registered has entered their data and consent to the register and the registrar has no statutory or contractual obligation to retain the data. For example, a contact person change request to the customer register should be made when the workplace or job duties change. Requests related to these data subjects' rights can be notified to elfGROUP Cyber Security Services Ltd in writing or directly to one's own responsible contact person.

You can contact us by using the contact information provided in the privacy policy if you have any comments or questions about the way we store and process your personal information. We strive to process and respond to the feedback and resolve any complaints as quickly and comprehensively as possible. If necessary, you can further complain to your local data protection authority (

Customer data stored on elfCLOUD virtual servers

The data stored by customers on elfGROUP's elfCLOUD virtual servers is for that customer's own use only. elfGROUP will not process this data in any other way than to make backups under the service agreement. Backups are taken at the agreed frequency and stored according to the agreed backup cycle. Upon termination of the service agreement, elfCLOUD virtual server set for the customer in question will be permanently deleted with all its backups.


The privacy policy has been updated on September 3rd 2021.