Skip to content

Consultancy Register Information Notice

11.7.2024

Orion Corporation is committed to protecting your privacy in compliance with all applicable 
regulations and ensuring the security of your personal data. This privacy notice explains how we 
collect, use, and protect your personal information.

Contact Details

Data Controller: Orion Corporation
Data Protection Officer (DPO): Jyri Wesanko, privacy@orion.fi
Representative (if applicable): Hanna Seppänen 


1. What data do we collect about you?

We collect and process the following types of personal data:

  • Contact details such as: Name, title, residential address, work address, phone number and 
    e-mail address.
  • personal identity information such as: birth date, personal identity code and bank 
    information (bank name, address, account number, BIC).


2. How do we use your data?

We process your personal data for the following purposes:

  • For fulfilling Orion’s contractual obligations with consultants and partners
  • For storing consultants’ contact information for the possible future need.

3. Legal Basis

We process your data based on the following legal grounds:

Consent of the data subject (EU General Data 
Protection Regulation Article 6.1.a) / 9.2.a) 
(special categories of data)

N/A

Performance of a contract to which the data 
subject is party or in order to take steps at the 
request of the data subject prior to entering into 
a contract / (EU General Data Protection 
Regulation Article 6.1.b) 
• Contact details for fulfilling Orion’s 
contractual obligations with consultants 
and partners
• Personal identity information for 
fulfilling Orion’s contractual 
obligations with consultants and 
partners
Compliance with the controller’s legal 
obligations based on binding law / (EU 
General Data Protection Regulation Article 
6.1.c) 
N/A
Legitimate interests of the controller or a third 
party (the legitimate interest to be identified, 
such as direct marketing) (EU General Data 
Protection Regulation Article 6.1.f). 
• Contact details for the possible future 
need.
• personal identity information for the 
possible future need. 
We only process personal data based on our 
legitimate interests, in case we have deemed, 
based on the balancing of interest test, that the 
rights and interests of the data subject will not 
override our legitimate interest

4. How do we share your data?

We may share your information with third parties, such as those who assist us by performing technical operations such as data storage and hosting or media and marketing companies for planning of meetings and symposiums.

If ownership or control of Orion Corporation or all or any part of our products, services or assets changes, we may disclose your personal data to any new owner, successor or assignee.

5. How long do we store your data?

We will retain your personal data for no longer than is necessary for the purposes defined in this 
Statement

Type of data Retention period
Contact details and personal information  For the duration of the agreement between the 
parties and for no longer than 2 years after the 
agreement has ended.

6. What are your rights and options?

You have the right to:

• Access your data: You can request information and a copy of your personal data that we 
have collected and stored in connection with our services / this information notice.
• Rectify inaccurate data: In order to keep your data up-to-date and accurate, you can request 
us to modify your data by contacting us as descripted in chapter 12. 
• Erase your data: You can contact us if you think the processing of your personal data is 
unlawful and your data should be erased. We shall erase or anonymize your personal data 
without undue delay in accordance with the retention periods detailed in chapter 7 if the data 
in question is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the 
processing. 
• Restrict processing: If you want to restrict our processing of your personal data, please 
contact us.
• Object to processing: If you want to object to the processing of your data for future 
contacting purposes, please contact us. When making the request, please specify the scope 
of your request.

7. Cookies and Tracking Technologies

We use cookies and similar technologies. For more information on how use cookies, please read our Cookie Policy.

8. Security Measures

We hold your personal data secure computer storage facilities. 

We have implemented appropriate measures to ensure the level of security around your personal 
data, including protection against unauthorised or unlawful processing and against accidental 
loss, destruction or damage to it. 
We have put in place appropriate technical and organisational measures to ensure a level of security appropriate to the risk of harm that might result from unauthorised or unlawful processing, 
accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or 
damage to your personal data including: 


• locks and security systems; 
• encryption 
• usernames and passwords;
• virus checking; 
• auditing procedures and regular data integrity checks; and 
• recording of file movements. 


We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They must only process your personal data on our instructions and subject to the access controls listed above. They are also subject to a duty of confidentiality. 


We have agreed on security-related measures with the third parties we share your personal data with to ensure that it is treated by those third parties in a way that is consistent with how we safeguard your personal data. 


We have also put in place procedures to deal with any suspected personal data breach and will 
notify you and any applicable supervisory authority where we are legally required to do so.

9. Changes to this Notice

We reserve the right to change this notice from time to time. We will review this notice periodically 
and update it accordingly if we change our processes materially. We may make changes to this 
notice when we believe it is reasonable to do so e.g. to comply with legal or regulatory 
requirements.

10. Contact Us

If you wish to use your rights as a data subject described in chapter 8, or if you have any questions 
or concerns, please contact us at privacy@orion.fi. 

Please note that we will contact you to verify your identity in order to proceed with your request if 
you wish to use your data subject rights.