Qaitel

Log in
Sign up

Qaitel

Privacy policy

Last updated: 13 March 2026

This is the GDPR-compliant privacy notice and register description of SFG Yhtiöt Oy, prepared in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

SFG Yhtiöt Oy (“SFG”)

Postal address: Keilaranta 1, 02150 Espoo, Finland

2. Name of the Register

Qaitel Talk service customer and user register

3. Legal Basis and Purpose of Processing Personal Data

Under the EU General Data Protection Regulation, the legal basis for processing personal data is the performance of a customer contract and SFG’s legitimate interest in managing the customer relationship.

The purpose of processing personal data is to fulfil the obligations of the customer agreement or order relating to the Qaitel Talk service (SFG Yhtiöt Oy) and to manage and maintain customer relationships. Customer data contained in the register is used for providing and delivering the services, communicating with customers, invoicing the services, collecting payments, and, where necessary, debt collection.

The data is not used for automated decision-making or profiling.

4. Contents of the Register

The following data may be stored in the register:

  • Name
  • Phone number
  • Email address
  • Call data
  • Website addresses (URLs)
  • Company number (Y-tunnus)
  • Country
  • Language

 

Category of data subjects: Users of the Qaitel Talk service.

We retain personal data for the duration of the customer relationship and, after it ends, only for as long as necessary to fulfil the purposes defined above in accordance with applicable legislation. As a rule, personal data is deleted within three (3) months of the end of the customer relationship or within one (1) month of the data subject’s request, unless deletion is prevented by legislation, outstanding invoices, or legal proceedings.

IP addresses of website visitors and cookies necessary for the functioning of the service are processed on the basis of legitimate interest, including for maintaining information security and collecting statistical data on website visits where such data can be considered personal data. Where required, consent is requested separately for third-party cookies.

5. Regular Sources of Data

Data stored in the register is obtained from the customer, for example via messages sent through web forms, email, telephone, social media services, contracts, customer meetings, and other situations where the customer provides their information.

Contact details of representatives of companies and other organisations may also be collected from public sources such as websites, directory services, and other companies.

6. Regular Disclosures of Data and Transfers

SFG may disclose data to partners and subcontractors for the purpose of fulfilling obligations under the customer contract. Personal data is not transferred outside the EU or the EEA.

7. Principles of Register Security

Due care is exercised in the processing of the register, and data processed using information systems is appropriately protected. Where register data is stored on internet servers, the physical and digital security of the hardware is appropriately ensured. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data is handled confidentially and only by employees whose duties require such access.

8. Data Subject Rights

A person whose data is included in the register has the right to request the erasure of their personal data from the register (“the right to be forgotten”). Data subjects also have the other rights provided under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations.

Data subjects have the following rights:

  • The right to be informed about the processing of personal data

  • The right of access to their data

  • The right to rectification

  • The right to restriction of processing

  • The right to data portability

  • The right to object to processing

  • The right not to be subject to automated decision-making

  • The right to have their personal data erased when the controller’s statutory obligation, contractual obligation, or SFG’s legitimate interest does not require processing or retention of the data

  • The right to lodge a complaint with a supervisory authority

All requests relating to data subject rights must be sent by email to SFG’s person responsible for data protection at: tietosuojavastaava@sfgyhtiot.fi.

The controller may, where necessary, request the person submitting the request to verify their identity. The controller will respond within the timeframe set out in the GDPR (generally within one month).