Nixu Privacy Notices

We respect the privacy of individuals and are committed to process your personal data confidentially and in accordance with the applicable data protection laws and best practices.  

On this page you can find general information about how we process your personal data, your rights in relation to the information we hold about you, and who you can contact in case you have any questions regarding our privacy and data protection practices at Nixu Corporation.

On this page, you can also find specific privacy notices for the following:

  • Nixu websites and cookies
  • Whistleblowing channel
  • CCTV on our office premises


Nixu Oyj is the data controller for your personal data unless otherwise indicated. You can find our company details on the Contact page of this website.  

For the overall group of companies, Nixu has an appointed Data Protection Officer, who can be contacted at


As a data controller, we process personal data of our current and prospective customers, clients and contacts, service providers, website visitors, event attendees, and other persons we have a relationship with, to provide and promote our services, enable sales and marketing, administer contracts and projects, and to run our overall business operations.

The personal data we typically process include contact details (such as name, email address, phone number) and business information (such as business role, job title, company name, and availability information).

We also process personal data on behalf of our customers and clients to provide them our cybersecurity services and solutions, whenever those activities require processing of personal data. We are committed to uphold high standards of data protection when we are processing personal data as a data processor.


Most of the personal data we process comes directly from you, for example when you fill in a contact request form, register to our events, or submit your details through our recruitment platform. We also process personal data that originates indirectly from public sources and third parties. We also automatically collect certain technical data when you interact with our website.


We only process personal data when we have a legitimate reason and lawful basis to do so, such as:

  • Consent – when you have given us a specific permission to process your personal data for a certain purpose. For example, consent to receive direct marketing.
  • Legitimate interest – when there is a business interest or requirement to process your personal data, in a way that is reasonably expected and justified. For example, as part of providing certain cybersecurity services and to enable promoting our services.
  • Contractual necessity – when there is a contract that requires processing your personal data to meet our contractual obligations. For example, invoicing purposes.
  • Legal obligation – when there is a requirement to process your personal data to comply with applicable laws. For example, retention of certain customer information for financial reporting.

We retain personal data for business and compliance reasons and keep it in accordance with appropriate retention periods.


We always implement appropriate technical and organisational security measures to protect your personal data and to prevent any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored, or otherwise processed.

We comply with applicable legislation and use appropriate safeguards when transferring your information outside of EU/EEA, including EU standard contractual clauses and supplementary measures to safeguard personal data.


We may share your data with our service providers, who process data on our behalf to help facilitate our business operations, or if required to comply with applicable laws. We do not share your data with third parties unless there is a legitimate reason to do so.


The following rights may be applicable to you in relation to the personal data we process about you:

  • The right to transparency and access: This means that you have the right to know what information we process about you and can request a copy of all the personal data.
  • The right to rectify inaccurate information: This means that you have the right to request rectification of any inaccurate personal data.
  • The right to request deletion of your information: This means that you have the right to request deletion of your information that we hold about you. You have this right if the personal data is no longer necessary for the original purpose, the processing is based on consent, there is no overriding legitimate reason or legal obligation to retain the data, or the data was processed for direct marketing purposes.
  • The right to object and right to withdraw your consent: This means that you have the right to object to the processing of your personal information and withdraw your consent. You have the right to prohibit the use of your information for direct marketing.
  • The right to have your personal information transmitted: This means that you have the right to have the information you have provided to Nixu in a structured and machine-readable format and, if it is technically possible, also right to have the information transmitted to another system.
  • The right to demand the restriction of processing: This means that you have the right to demand that Nixu only stores your information but does not use it in another way. You have this right if you contest the accuracy of your personal information, and any processing then will be restricted until the accuracy of the personal information is verified. You have this right also if you need the information after Nixu’s retention periods ends, or for the establishment, exercise or defence of legal claims.
  • The right to lodge a complaint with the supervisory authority: We always wish that you would contact us if you have any questions or concerns regarding the processing of your personal data. However, if you are concerned about the processing of your personal data, you have the right complain to the national data protection authority. In Finland, it is the Data Protection Ombudsman (

If you wish to exercise your privacy rights, please get in contact with


We review and update the information included in our privacy notices from time to time and when necessary. Any changes we make will be updated to this page, so you can always find the latest version. This page was last updated on 22/12/2021.


This website privacy notice complements the general information on the privacy statement and describes how we use and process information that we collect about you when you visit or submit information on our websites.

What information do we collect on our websites?

When you fill in a contact request form, download a publication, or register for events we collect the following information:

  • your name*
  • email address*
  • company*
  • telephone number
  • the content of your contact request
  • preferences, such as dietary request

* Obligatory information.

If you have allowed the use of cookies and similar technologies, the following information can be collected, and it can be linked with the information you have submitted on our website. 

  • IP address
  • browser you’re using
  • information about your computer’s operating system
  • webpages that have been shown to you

How do we use your information?

  • To process and reply to contact requests
  • To present the content of our website in a manner ideal for your device
  • To monitor the use of our website and to improve the site functionality and the user experience
  • To monitor the efficiency of our sales promotion and marketing campaigns
  • To advertise and offer our services to you
  • To improve customer communications and to recognize potential customers

More about cookies

A cookie is a small text file stored on your computer. The cookies collect information related to your device and we use them mainly to improve the site functionality and user experience.

We use third-party site analytics and advertisement services, such as Google Analytics, Google Tag Manager and Google Ads, that place cookies to enable their services, if you have agreed to the use of cookies. The collected information is used for site improvement and measuring purposes and includes for example how you reached our website and interacted with the pages. Service providers transfer and store the information on their servers.

  • More information about Google Analytics privacy available here.
  • More information about Google Analytics cookie usage available here.
  • Google offers a browser add-on which allows to block (’opt-out’) Google Analytics cookies on all websites.
  • More information about Google Ads and privacy available here. You can also opt-out of seeing Google Ads here.

Pardot is a marketing automation system that helps us automate our marketing measures and target them on potential customers. Pardot uses first-party cookies: it allows us to gain more insight into our users’ activities on our website. We do not use cookies to monitor users’ actions elsewhere than on our own website.

  • More information about Pardot’s cookie usage and the ways of blocking (‘opt-out’) Pardot available here.

The LinkedIn Insight Tag is a lightweight JavaScript tag that is added to our website to enable in-depth campaign reporting and to help us to optimize our LinkedIn campaigns. The LinkedIn Insight Tag creates a unique LinkedIn browser cookie on a visitor's browser and enables the collection of the following metadata with the cookie:

  • IP address
  • timestamp 
  • page events e.g. page views.

LinkedIn does not share personal data with Nixu Corporation. It only provides reports about our website audience and ad performance. These reports do not identify individual users at any point. LinkedIn users can control the use of their data for advertising purposes through their account settings.

  • More information about LinkedIn’s privacy available here.

GoToWebinar is a web-hosted service from LogMeIn, Inc., that helps us to organise webinars and live events to our customers. 

  • More information about GoToWebinar’s privacy available here.

YouTube is used to embed videos and media content on our website.

  • More information about Google privacy and YouTube available here.


Nixu processes personal data in the whistleblowing channel, including whistleblowing reports and as part of potential investigations when required. This means that we process personal data of persons who submit whistleblowing reports but also personal data that can be included in the reports. The whistleblowing report can also be submitted anonymously. The lawful basis for processing personal data in connection to whistleblowing is a legal obligation (EU Whistleblowing Directive). The whistleblowing channel is accessible here for anyone report potential breaches or concerns both internally and externally. 

What information do we collect as part of our whistleblowing process?

We process as limited personal data as possible in our whistleblowing channel:

  • We process personal data of persons who submit whistleblowing reports. This includes name of the whistleblower, which is kept strictly confidential. There is also an option to make an anonymous report. 
  • We also process personal data of anyone that is potentially mentioned in whistleblowing reports. This means that we may also receive personal data indirectly. In these cases, we will inform the data subjects as soon as practically possible, including the facts of which the person is involved with the whistleblowing report and how to exercise data protection rights. The notification can only be delayed if there is a substantial risk for the investigation. 

Who processes your information and do we share your personal data?

The identity of the whistleblower will be processed in a confidential manner and only limited authorised staff members will be able to access the reports. 

We use a third-party service provider for the whistleblowing channel. The whistleblowing platform is stored within EU. The service provider does not access whistleblowing data and the data is encrypted both in communication and storage.

How long is the personal data in whistleblowing kept?

We will store the whistleblowing reports and associated information only as long as necessary and proportionate. If the report will not be investigated as it does not fall within the scope of the EU Whistleblowing Directive, the report will be deleted within a month. If the case does not lead into any investigation or follow-up proceedings, all personal data will be redacted, including indirect identifiers, within two months and the report will be archived. If the case leads to investigation, such as disciplinary measures, we will keep the personal data as long as required until conclusion of the proceedings, including applicable time allowed to appeal of a decision. 


This privacy notice for CCTV complements the general information on the privacy statement and describes how we process personal data in relation to camera surveillance. 

We use camera surveillance in our office locations for the purposes of ensuring adequate investigation capability to prevent and investigate situations that endanger the safety or the property. This enables us to investigate security incidents such as stolen equipment, mischief, and unauthorised persons in the office. The CCTV systems are not used for any other purpose, and the recordings will only be accessed if Nixu suspects that a security incident has occurred. The legal basis for processing personal data for these purposes is legitimate interest.

What information do we process about you?

We only process the camera recordings if you visit our business premises. The cameras are carefully positioned to only cover required locations, and the data is kept for a limited time, in accordance with the principles of data minimisation and storage limitation.

Who processes your information and do we share your personal data?

The images can only be accessed by limited staff members and contracted security company, if required and only with prior authorisation. The security company is processing personal data as a data processor under the instructions from Nixu. We implement appropriate technical and organisational measures to ensure the security of the CCTV systems. In exceptional circumstances, we may disclose the data to competent authorities if required for a criminal investigation or similar, in accordance with applicable legislation.