fi en
ABOUT US

Privacy Policy

Privacy Policy

We process personal data according to the Data Protection Legislation

The implementation of LADEC’s services requires personal data to be processed. We ensure the security of personal data according to the data protection legislation. Our systems are secure, and we do not disclose your data to any third parties for the purpose of marketing communications without separate consent. We process your personal data only to the extent that is necessary for processing. Your personal data are handled only by persons whose work duties include personal data processing.

On this page, we will tell you more about our data protection practices, including the following:

  • The purpose for which we use your personal data.
  • Which personal data we collect.
  • What rights the data subjects in our register have.

We seek to continuously develop our services, which is why we retain the right to change this privacy policy by announcing any changes on this page.
 

privacy STATEMENT | Effective from 1 july 2026 until further notice

The operations of Lahti Region Development LADEC Ltd and the tourism company Lahden Seutu – Lahti Region Oy were merged on 1 July 2026 into a new growth company. The arrangement was implemented through a business transfer completed on 30 June 2026, whereby the business operations of Lahti Region Development LADEC Ltd were transferred to Lahden Seutu – Lahti Region Oy. At the same time, the new company’s name was confirmed as Lahti Region Oy. The new company commenced operations on 1 July 2026.

PLEASE NOTE: This Privacy Statement was updated on 1 July 2026 with regard to the data controller's name and contact details.
In all other respects, this Privacy Statement continues, for the time being, to reflect the data protection principles and practices that were in force at Lahti Region Development LADEC Ltd prior to 1 July 2026, as these continue to be applied to LADEC’s operations and services within the new growth company. They will remain in effect until the shared customer relationship management system and other information systems used by Lahti Region Oy have been fully implemented and the company's data protection principles and practices have been formalised and approved.


Controller and contact information from 1 July 2026

Lahti Region Oy | Business ID 1074350-2 (until 30 June 2026: Lahti Region Development LADEC Ltd, Business ID 0855115-7)
Salpausselänkatu 7 FI-15110 LAHTI

Data protection officer and contact information:

Raija Forsman
Salpausselänkatu 7, FI-15110 LAHTI FINLAND
+358 40 516 2803 |  raija.forsman(at)lahtiregion.fi

Any requests concerning the rights of data subjects must be sent in writing or by e-mail to the following addresses:

Lahti Region Oy
Inspection / other request concerning personal data  / Riina Kivekäs
Salpausselänkatu 7
FI-15110 LAHTI FINLAND
raija.forsman(at)lahtiregion.fi


Purpose and legal basis of the processing of personal data

  • We collect personal data in order to maintain relations with customers and interest groups, develop services, conduct analyses and survey customer experiences.
  • The data is also used to communicate about services and events as well as to market the Lahti region as an attractive business environment.
  • Our legal basis is either a legitimate right or personal consent.
  • Personal data is processed only to the extent necessary to implement the purposes referred, and in a manner that can reasonably be expected for the purposes mentioned above.


Sources of data

  • The collection of personal data is based on a customer relationship or other context related to the operations of our company and marketing of the Lahti region as an business environment.
  • We collect information, for example, when starting a customer relationship, registering, using our services or in connection with events we organize.
  • We primarily collect personal data directly from the data subjects. Personal data may also be collected from other registers and public data sources to the extent permitted by law.
  • In order to develop our services, we utilise cookies and other similar technologies in statistical monitoring and analysis of our services’ user numbers, for example.

Information of cookies


Personal data collected in the register

Personal data related to the provision of services:

  • General contact details, such as name, organisation, address, e-mail and phone number
  • For customers of start-up advice, also date of birth
  • Additional information provided by the customer (e.g. gender, citizenship, work and study history)
  • Service transaction details
  • Details about customer feedback and surveys
  • Details related to the implementation of direct marketing and customer communications
  • Details about service use via different channels

Personal data related to customer and marketing communications:

  • General contact details, such as name, organisation, e-mail and phone number
  • Details related to the implementation of direct marketing and customer communications
  • Details about service use via different channels 
  • Consents and prohibitions related to electronic direct marketing
     

Processors of personal data

  • Your personal data are processed only by persons whose work duties include personal data processing. 
  • Our personal data processing is supported by trustworthy service providers in the maintenance and development of IT systems, service provision as well as various research and development activities, for example. These experts process personal data under a mandate from us.
  • We comply with current legislation in all data processing. 
  • We also require our subcontractors to protect the personal data they process with appropriate means.
     

Transfer, disclosure and retention period of data

  • As a rule, the data will not be disclosed to third parties.
  • However, contact details may be disclosed to the extent necessary to co-organisers of events, financiers of publicly funded projects or other similar representatives of public administration.
  • Regardless, the data will not be disclosed to third parties for marketing purposes. 
  • The data will not be disclosed outside the EU, the European Economic Area or countries which have been found to provide an adequate level of data protection by the European Commission, unless an adequate level of data protection has been ascertained with agreements or by other means as required by law.

Retention period of data

  • We will retain your personal data as long as it is necessary to fulfil the purposes of use according to the legislation in force. After this, the personal data will be deleted.
  • We comply with the statutory obligations concerning personal data processing, taking into account legislation on accounting, for example. At the end of the contractual relationship, the retention period of the data is determined by their purpose of use and existing legislation.


Rights concerning personal data

  • Each data subject included in the register has the right to access the data saved about them in the register and request any incorrect personal data to be rectified or incomplete information to be completed.
  • Data subjects also have the right to request their personal data to be erased from the register to the extent permitted by law.
  • If the data subject wishes to access the data saved about them or request their personal data to be rectified or erased, the request must be submitted to the controller in writing. 
  • The controller requires the requester to prove their identity.
  • The controller will reply to the customer’s request within the time period specified in the General Data Protection Regulation (generally within one month). 
  • We implement these rights as described here, with consideration to applicable laws and any restrictions imposed by them.


Rights related to data protection

According to applicable data protection legislation, a data subject has, at any time, the right to:

  • upon request, be informed about whether their personal data have been collected, and which data are saved in the register;
  • upon request, have their personal data be rectified;
  • upon request, have any marketing and customer register data concerning them be erased to the extent allowed by law;
  • withdraw their consent and object to the processing of their personal data in so far as the processing is based on consent given by the data subject;
  • receive their personal data in machine-readable format and transfer the data in question to another controller, provided that the personal data in question were provided to us by the data subject personally;
  • be informed of any personal data breach concerning their personal data.

We primarily seek to resolve any disputes together with the data subject.

If the data subject is of the view that we have not processed personal data lawfully, they can submit a report to the supervisory authority.


Data protection principles

  • We ensure the security of personal data processing and the confidentiality, integrity and availability of personal data with appropriate technical and administrative means, in accordance with our data protection principles.
  • Personal data is protected against unauthorised access as well as unlawful and accidental processing.
  • Personal data is processed only by persons who have been separately authorised to process them by our company.
  • We train and instruct our employees who handle customer data in data protection matters.