Additional content

Privacy policy

This privacy policy describes 3 Step IT Group Oy’s and its affiliated companies’ (called “3 Step IT” or “we” from now on) approach to customers’ and others’ personal data.
The policy covers:
•    The data we collect
•    Why and how we collect the data
•    How we use the data
•    How we handle the data and how we keep it secure
•    For how long we keep the data
•    Your rights as a data subject

This policy and our approach to personal data can be condensed to the following general principles:
•    We hold only personal data that is relevant to the services we provide.
•    We will use personal data in a clear and transparent way.
•    We follow appropriate data security measures and policies to keep your data secure.
•    While we might need to share data with third parties in order to provide our services we will never sell any personal data we collect to a third party.

We are not responsible for any third-party websites that you enter through our website. Our personal data policy does not cover data collected by any third-party websites (for that, you need to refer to the privacy statements of those websites). 3 Step IT does not control cookies from third-party websites. The third parties are responsible for how these cookies work and how they process personal data.

1.    We collect personal data from our customers and prospects as well as other users of the 3 Step IT website in the following ways:
•    data you give us, for example your contact details and other data you give us through our web site, email correspondence, and occasionally in other ways;
•    data we get from your use of our website, for example from cookies sent to your device;
•    data from public sources, e.g. commercial databases or LinkedIn;
•    data we get from your use of the services and software we provide.

2.    We collect the following data:
•    people we may contact in your company; e.g. for general contacts, decision makers, prime administration contacts, their names, positions in your organization and business contact details;
•    data related to your use of 3 Step IT services and other data you enter as you use those services.
•    cookie data related to your use of The 3 Step IT website server may send cookies to the user’s access device or equipment to improve the way the website works. Cookies can be disabled in most Internet browsers, but doing so may prevent some 3 Step IT website functions or web pages from operating correctly. Cookies allow us to identify returning customers, and what they are interested in. We will use this data to personalise your visit to our web site, and reduce duplicate data requests.

We may combine above data with each other and with demographic company data, such as the name, address and a general description of the business.

3.    The way we use the personal data we collect
We use personal data to provide and deliver our services and products to you, and to fulfil any other obligation we may have towards you. We may also use this data to develop our customer relationship with you and, to the extent permitted by applicable laws, for communication, advertising, marketing and statistical purposes.
Our communications will give you the opportunity to select the type of marketing messages we send you, or to opt out completely.
We use data analytics in order to support our business, for example in the form of business intelligence and product and service development.  We may also use third parties, such as HubSpot in order to develop and analyse use of our services or website. For more information about HubSpot and its services please see and

4.    How do we process the data

Transferring personal data
We may share personal data from our database for the purposes described above with other companies which are part of the 3 Step IT Group, some of which are located outside your country or the EU and the EEA area. Data may also be shared with suppliers, e.g. held on our website hosting service, when necessary. This is only done with appropriate non-disclosure & confidentiality agreements, to protect your interests and ours.
We may also share personal data we have as permitted and required by applicable laws; e.g. data may be shared as required by the public authorities.
While we may share aggregate data about customers, for example for market research purposes (e.g. 50% of our prime customer contacts are CFOs), we will never do this in a way that allows individuals to be identified.
We will never sell personal data to any third party.
As some of our affiliates, subcontractors, distributors, and partners are located outside the European Economic Area to ensure the global reach and availability of our services, we may need to transfer personal data outside the European Economic Area. In these cases we secure such transfers of personal data according to the requirements of the law, imposing appropriate technical and contractual safeguards. We only do global or cross-border data transfers for a good reason and after assessing the resulting privacy risk.

We retain your personal data in our databases in line with our data retention practices.
Personal data is deleted or returned once it is no longer needed for its original purpose (and no new lawful purpose exists).
Please note that some data may be further retained if necessary. Typical reasons include:
•    enforcing and upholding agreements between our customers and us;
•    compliance with technical and legal requirements;
•    ongoing dispute or investigation.

5.    Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, as the data subject, have the following rights:
•    Right of access – you have the right to request a copy of the information that we hold about you. This release of data is subject to applicable laws. E.g. if money laundering is suspected, we may not, by law, release the data we hold, nor reveal our suspicions, apart from to the relevant authorities.
•    Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
•    Right to be forgotten – you can ask for the data we hold about you to be erased from our records.
•    Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
•    Right of portability – you have the right to have the data we hold about you transferred to another organisation.
•    Right to object – you have the right to object to certain types of processing such as direct marketing.
•    Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
•    Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. In these cases you have the right to complain as outlined below.

If you wish to use any of the rights mentioned above, please send your request to our Data Protection Office, the contact information of which is provided at the end of this policy.

All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
In the event that you wish to make a complaint about how your personal data is being processed by us, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and our Data Protection Officer, contact information of whom can be found from the end of this privacy policy.

6.    We keep personal data secure
Personal data is kept in 3 Step IT’s secure network, protected with firewalls and other appropriate data security measures and subject to internal access controls.
Personal user rights and passwords are assigned to designated employees of 3 Step IT, its partners and subcontractors to process the personal data. All logins to the network and the changes made to the personal data in our database can be monitored and verified.
All 3 Step IT’s employees, partners and subcontractors are under a non-disclosure obligation regarding the personal data in our database.

7.    Changes to this privacy policy
Our Privacy Policy may change from time to time. When this happens, we’ll revise this policy text and refresh it on our website.

8.    Consent
By browsing on our website or using our services or otherwise giving information to us as described above you are consenting to this privacy policy and you are giving us permission to process your personal data specifically for the purposes identified.
You may withdraw consent at any time by giving notice to our Data Protection Office using the email address provided below.

9.    Contact information
Company responsible for this privacy policy:
3Step IT Group Oy Limited Liability Company registered in Finland
Registration number: 2087590-4
Office address is: Mechelininkatu 1A Helsinki 00180, Finland
The general phone number is +358 10 525 3200
Data Protection Office: dpo(at)

For further information, or if any of this is unclear, please use the contact form provided on our website: tell us a bit about your enquiry and we will pass it to the right expert.

10.    Cookie Declaration