Privacy Policy

Updated on 17.06.2026

This Privacy Policy describes how Ilmiömäinen Agentuuri Oy and Ilmiö Consulting Oy (collectively referred to as "Ilmiö", "we", "us" or "our") process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Finnish data protection legislation.

Data Controllers

Ilmiömäinen Agentuuri Oy
Business ID: 3257627-4

Ilmiö Consulting Oy
Business ID: 3521881-9

Mikonkatu 22 D 42
00100 Helsinki
Finland

Contact person regarding privacy matters:

Mikael Korpi
mikael@ilmiotalent.fi

The companies operate under the Ilmiö brand and maintain shared customer relationship management, sales, marketing and service delivery processes. Personal data may therefore be processed by either company where necessary for the provision, sale, delivery and development of recruitment, consulting and related professional services.

Customer and Business Contact Register

The register consists of personal data relating to representatives, contact persons, decision-makers, consultants, subcontractors, prospective customers, customers and other stakeholders interacting with Ilmiö.

The following categories of personal data may be processed:

  • Name
  • Company name
  • Job title
  • Email address
  • Phone number
  • Postal address
  • Information relating to customer relationships and communications
  • Information relating to marketing permissions and restrictions
  • Customer feedback
  • Billing and invoicing information
  • Publicly available professional information
  • Information relating to meetings, calls and business discussions
  • Website usage information, including IP address and cookie-related data
  • Information voluntarily provided through forms, meetings, emails or other interactions
Purpose and Legal Basis for Processing

Personal data is processed for the following purposes:

  • Managing and maintaining customer relationships
  • Managing consultant and subcontractor relationships
  • Delivering recruitment, consulting and related professional services
  • Communication and customer support
  • Sales, prospecting and marketing activities
  • Business development and service improvement
  • Contract management and invoicing
  • Compliance with legal obligations

The legal basis for processing personal data depends on the purpose of the processing and the relationship between Ilmiö and the data subject. Depending on the circumstances, processing may be based on one or more of the following legal grounds:

Performance of a Contract:

Processing necessary for entering into or fulfilling agreements with customers, consultants, subcontractors and partners.

Legitimate Interest:

Processing necessary for:

  • Managing customer and stakeholder relationships
  • Business-to-business sales and marketing
  • Developing services and operations
  • Maintaining professional networks
  • Communicating about services relevant to the recipient's role or organisation

Legal Obligation:

Processing required by accounting, taxation, employment or other applicable legislation.

Consent:

Where required by law, such as certain marketing activities or cookie categories.

Data Sources

Personal data may be collected:

  • Directly from the data subject
  • Through meetings, events, calls and emails
  • Through contact forms and website interactions
  • Through the use of Ilmiö's services
  • From publicly available professional sources, such as company websites, professional networking platforms and business databases used for business-to-business sales and marketing activities
  • From customers, partners and business contacts
Disclosure of Personal Data

Personal data is primarily processed by Ilmiömäinen Agentuuri Oy and Ilmiö Consulting Oy.

Personal data may be shared between the companies where necessary for the provision, sale, delivery and development of services under the Ilmiö brand.

We may also disclose personal data to trusted service providers acting on our behalf. Such parties process personal data only under our instructions and in accordance with applicable data protection legislation.

All service providers are subject to contractual confidentiality and data protection obligations.

We do not sell personal data to third parties.

Third-Party Services

To support our operations, we use selected third-party service providers, which may process personal data on our behalf.

These may include:

  • Google Workspace
  • Teamtailor
  • Clevenio
  • Google Analytics 4
  • Cookiebot
  • Other business systems necessary for delivering our services

Third-party service providers act as data processors and are contractually required to comply with applicable data protection legislation.

Recruitment Activities

Recruitment-related personal data processed through the Ilmiö Talent Agency Career Site and Applicant Tracking System is governed by a separate recruitment privacy policy available at:

https://careers.ilmiotalent.fi/privacy-policy

Applicants, sourced candidates, referrals, references and recruitment-related processing activities are primarily described in that separate privacy policy.

Cookies and Analytics

Our websites use cookies and similar technologies to improve user experience, analyse website traffic and support marketing activities.

Where required by law, cookies are used only with the user's consent.

Users may manage their cookie preferences through Cookiebot or their browser settings.

Further information regarding cookies is available through our cookie management platform.

International Data Transfers

Personal data may be transferred outside the European Economic Area (EEA) when necessary for providing services or operating our systems.

Where personal data is transferred outside the EEA, appropriate safeguards are implemented in accordance with GDPR. These safeguards may include:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Transfers to recipients certified under the EU-U.S. Data Privacy Framework, where applicable
Data Retention

Personal data is retained only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

Customer relationship data is generally retained for the duration of the customer relationship and for a reasonable period thereafter to fulfil legal, accounting and contractual obligations.

Prospective customer and marketing-related information is retained only for as long as it remains relevant for legitimate business purposes or until the individual objects to such processing.

Data that is no longer required is securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss and destruction.

Access to personal data is limited to authorised personnel whose duties require such access.

Access rights are managed through personal user accounts, passwords and role-based permissions.

All personnel handling personal data are subject to confidentiality obligations.

Rights of the Data Subject

Under applicable data protection legislation, data subjects have the right to:

  • Access their personal data
  • Request correction of inaccurate or incomplete data
  • Request deletion of personal data where applicable
  • Request restriction of processing
  • Object to processing based on legitimate interests
  • Withdraw consent where processing is based on consent
  • Receive their personal data in a portable format where applicable
  • Object to direct marketing at any time
  • Not be subject to a decision based solely on automated processing, including profiling, where such decision produces legal effects or similarly significant effects
  • Lodge a complaint with the Office of the Data Protection Ombudsman in Finland

Requests concerning personal data may be submitted to:

mikael@ilmiotalent.fi

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legislation, business operations or our services.

The latest version will always be available on our website.