Last updated: 29.05.2026

Privacy Policy

This Privacy Policy explains how Klarrium Oy (“Klarrium”, “we”, “us” or “our”) collects, uses, stores and protects personal data when you visit our website, contact us, request information, subscribe to communications, or use our services.

Klarrium is based in Finland and provides business consulting services related to cross-border collaboration, operational understanding, business expectations, financial insight and ESG-related advisory between Romania, Finland and the Nordic market.

We process personal data in accordance with the EU General Data Protection Regulation (GDPR), applicable Finnish data protection legislation, and other applicable European privacy and electronic communications rules.

1. Data controller

The data controller responsible for the processing of personal data described in this Privacy Policy is:

Klarrium Oy
Registered in Finland
Business ID: 3627321-1
Address: Kempele, Finland
Email: andreea.karsikas@klarrium.com
Website: www.klarrium.com

2. What personal data we collect

We may collect the following categories of personal data, depending on how you interact with us:

2.1 Contact and communication data

When you contact us through the website, by email, through LinkedIn, or through another communication channel, we may collect:

  • Name

  • Email address

  • Phone number, if provided

  • Company name

  • Job title or role

  • Country or market of interest

  • Message content

  • Any other information you choose to provide

2.2 Business relationship data

If you are a client, potential client, partner, supplier, or business contact, we may process:

  • Contact details

  • Company information

  • Communication history

  • Meeting notes

  • Service interests

  • Proposal, contract and invoicing-related information

  • Information necessary to deliver consulting services

2.3 Website usage and technical data

When you visit our website, we may collect limited technical information, such as:

  • IP address

  • Browser type and version

  • Device type

  • Operating system

  • Pages visited

  • Time and date of visit

  • Referring website

  • Cookie and consent preferences

This information may be collected through cookies or similar technologies, depending on your consent settings and the tools used on the website.

2.4 Newsletter or marketing communication data

If you subscribe to updates, newsletters, resources or similar communications, we may collect:

  • Name

  • Email address

  • Subscription preferences

  • Communication engagement data, such as whether an email was opened or a link was clicked, if such tracking is enabled

You can unsubscribe from marketing communications at any time.

3. How we collect personal data

We collect personal data mainly when:

  • You fill in a contact form

  • You send us an email

  • You book a call or meeting

  • You subscribe to communications

  • You interact with us on LinkedIn or another professional platform

  • You become a client, supplier or partner

  • You visit our website and accept cookies or similar technologies

We do not intentionally collect sensitive personal data through our website. Please do not submit sensitive personal data through contact forms or general email unless specifically necessary and agreed in advance.

4. Purposes and legal bases for processing

We process personal data only where we have a lawful basis under the GDPR.

4.1 Responding to enquiries

We process contact information and message content to respond to enquiries and communicate with potential clients, partners and business contacts.

Legal basis: Legitimate interest or steps prior to entering into a contract.

4.2 Providing services

We process personal data necessary to provide consulting, advisory or related services.

Legal basis: Performance of a contract or steps prior to entering into a contract.

4.3 Managing client and business relationships

We process business contact data to manage relationships, proposals, meetings, communications, project delivery and follow-up.

Legal basis: Legitimate interest or performance of a contract.

4.4 Invoicing, accounting and legal obligations

We process necessary financial and administrative data to comply with accounting, taxation, record-keeping and other legal obligations.

Legal basis: Legal obligation.

4.5 Website functionality and security

We may process technical data to maintain website functionality, prevent misuse, improve security and ensure reliable operation.

Legal basis: Legitimate interest.

4.6 Analytics and website improvement

Where analytics tools are used, we may process website usage data to understand how visitors use the site and improve content, structure and performance.

Legal basis: Consent, where required by applicable cookie and electronic communications rules.

4.7 Marketing communications

We may send newsletters, updates or business-related communications to people who have subscribed or where otherwise permitted by law.

Legal basis: Consent or legitimate interest, depending on the context and applicable law.

You may opt out of marketing communications at any time.

5. Cookies and similar technologies

Our website may use cookies or similar technologies.

Cookies are small files placed on your device when you visit a website. Some cookies are necessary for the website to function. Others, such as analytics or marketing cookies, are used only where legally permitted and, where required, based on your consent.

We may use cookies for:

  • Essential website functionality

  • Security

  • Analytics

  • Performance improvement

  • Remembering cookie preferences

  • Embedded content or third-party services, if used

Non-essential cookies will only be used where you have given valid consent through the cookie banner or consent tool.

You can change or withdraw your cookie consent at any time through the cookie settings available on the website, if such functionality is enabled.

You can also manage or block cookies through your browser settings. Blocking some cookies may affect website functionality.

6. Third-party service providers

We may use trusted third-party service providers to operate our business and website. These may include, depending on the tools actually used:

  • Website hosting providers

  • Domain and DNS providers

  • Email and productivity tools, such as Google Workspace or Microsoft 365

  • Analytics tools, such as Google Analytics or similar

  • Newsletter or email marketing tools

  • Booking or calendar tools

  • Accounting, invoicing or payment-related providers

  • CRM or project management tools

These providers may process personal data on our behalf as processors or, in some cases, as independent controllers.

We only use service providers where we have a valid business reason and appropriate safeguards are in place.

7. International transfers of personal data

Personal data is primarily processed within the European Economic Area (EEA).

If we use service providers located outside the EEA, or if personal data is otherwise transferred outside the EEA, we will ensure that appropriate safeguards are used, such as:

  • An adequacy decision by the European Commission

  • Standard Contractual Clauses approved by the European Commission

  • Additional technical, contractual or organizational safeguards where required

8. How long we keep personal data

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

Typical retention periods are:

  • Contact form enquiries: up to 12 months after the last communication, unless a business relationship develops

  • Business contact data: for as long as the business relationship or legitimate business need continues

  • Client and contract data: for the duration of the client relationship and afterwards as required for legal, accounting or tax purposes

  • Accounting and invoicing records: as required by applicable Finnish accounting and tax law

  • Newsletter data: until you unsubscribe or withdraw consent

  • Cookie consent records: for as long as necessary to demonstrate consent and manage preferences

  • Analytics data: according to the retention settings of the analytics tool used

When personal data is no longer needed, we will delete it or anonymous it securely.

9. Your rights

Under the GDPR, you may have the following rights regarding your personal data:

  • Right to access your personal data

  • Right to correct inaccurate or incomplete data

  • Right to request deletion of your data

  • Right to restrict processing

  • Right to object to processing based on legitimate interests

  • Right to withdraw consent at any time, where processing is based on consent

  • Right to data portability, where applicable

  • Right not to be subject to automated decision-making, where applicable

To exercise your rights, contact us at:

andreea.karsikas@klarrium.com

We may need to verify your identity before responding to a request.

10. Complaints

If you believe that we process your personal data unlawfully or violate your data protection rights, you have the right to lodge a complaint with a supervisory authority.

As Klarrium is based in Finland, the main supervisory authority is:

Office of the Data Protection Ombudsman, Finland
Website: tietosuoja.fi

If you are located in Romania, you may also contact:

National Supervisory Authority for Personal Data Processing, Romania (ANSPDCP)
Website: dataprotection.ro

You may also contact the supervisory authority in your own EU or EEA country.

11. Data security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include:

  • Access controls

  • Secure email and account authentication

  • Password protection

  • Limited access to personal data

  • Use of reputable service providers

  • Regular review of tools and data access

  • Secure deletion where appropriate

No online system is completely risk-free, but we take reasonable steps to protect personal data.

12. Personal data breaches

If a personal data breach occurs and it is likely to result in a risk to individuals’ rights and freedoms, we will notify the competent supervisory authority as required by law.

Where required, we will also inform affected individuals without undue delay.

13. Links to other websites

Our website may contain links to third-party websites, platforms or services, such as LinkedIn or external resources.

We are not responsible for the privacy practices, content or security of third-party websites. We recommend reading their privacy policies before providing personal data.

14. Children’s data

Our website and services are intended for business users and adults. We do not knowingly collect personal data from children.

15. Automated decision-making

We do not use personal data for automated decision-making that produces legal or similarly significant effects.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, website, tools, legal obligations or data protection practices.

The latest version will always be published on our website with the updated date.

17. Contact

For questions about this Privacy Policy or the processing of personal data, contact:

Klarrium Oy


Email: andreea.karsikas@klarrium.com
Website: www.klarrium.com

Download