Evitec Solutions Privacy Notice
We at Evitec Solutions understand how important privacy is to our business partners. This means that we process data about identified or identifiable individuals, which is called personal data, with due care and in accordance with applicable data protection laws.
This Privacy Notice outlines how Evitec Solutions processes personal data collected from individuals in connection with their use of our websites, engagement in business activities with us, communication on behalf of an organization, or participation in our events (collectively referred to as our “Services”). In legal terms, we are the data controller, as we determine the means and/or purposes of the processing.
This Privacy Notice does not apply to personal data that we process on behalf of our customers, i.e. situations where we are the data processor of such personal data and our customers are the data controllers.
Personal data
The personal data we collect from individuals using our Services (“Users”) mostly consists of user data, such as name, business function, business address, telephone number, email address and other personal data Users provide to us. This is mostly information in relation to an individual’s role at his/her company. These companies that individuals are working for, are typically Evitec Solutions’ prospects, customers, suppliers or partners. The specific kind of user data collected will depend on the Services used.
We may also collect technical data in relation to Users, such as IP address, browser type and version, preferred language, geographic location, operating system and computer platform, the full URL clickstream to, through, and from our Services, including date and time, websites accessed immediately before and after visiting our websites, services Users viewed or searched for while using our Services, and parts of our Services that Users have visited. Although we do not normally use technical data to identify individuals, sometimes individuals can be recognized from it, either alone or when combined or linked with user data. In such situations, technical data can also be considered to be personal data under applicable law, and we will treat the combined data as personal data.
Cookies
Evitec Solutions uses cookies on its website. These are small data files that are transferred to your computer when you contact a website. We use cookies to process and analyze information related to the use of the website. The information collected by cookies is used to monitor the use of the website, improve usability, and develop the website to better meet the needs of the Users.
We have divided the cookies used on our website into essential cookies and third-party cookies according to their purpose.
Necessary cookies are needed to ensure the functionality of the Services. Thanks to these, the site remembers the choices you make, and you don’t have to do them again with every page upload.
Third-party cookies are used on the website for user analytics. Among the third-party cookies, Evitec Solutions uses Linkedin Insight and Dealfront cookies.
The key data collected by analytics cookies are:
- Used browser
- IP address
- The geographical location of the user
- Date of visit
- The site from which the page was accessed
- Pages visited
However, when visiting the website, the User may prevent or restrict the use of cookies on our website. You can also withdraw your consent to cookies at any time by visiting our website and blocking the use of cookies from the cookie banner. However, cookie settings are browser-specific, so selections must be made separately for each browser you use.
Purpose
We process personal data for the following purposes:
- to allow us to run, maintain and develop our business,
- to allow us to offer and provide our Services,
- to enable us to conduct informational and promotional campaigns (including direct marketing) related to our Services (via phone, mail, and email), thereby keeping Users informed about our Services that may be of interest to them,
- to allow us to perform the contract we have signed with our customers, suppliers or partners,
- to allow customer service management, e.g. when Users contact our support services,
- to allow contract management, e.g. to address our invoices to our customers,
- to enhance our Services and the use thereof,
- to perform research and analysis relating to our Services,
- to perform tracking of the use of our Services,
- to conduct market surveys and/or
- to detect fraud, e.g. breaches of intellectual property rights.
If we receive a User’s personal data from a prospect, customer, supplier, or partner, we assume they have informed the User of this Privacy Notice.
Storage period
We do not store the personal data for longer than is legally permitted and necessary for processing purposes. The storage period depends on the type of personal data, the purposes and the applicable law and therefore varies per use.
Typically, we store User’s personal data for as long as the User is using our Services or for as long as we have another purpose to do so and, thereafter, for no longer than is required or permitted by law or necessary for internal reporting and reconciliation purposes.
We delete personal data after the storage period or upon the User’s request.
Legitimate grounds for processing
We process personal data to run and develop our business, and to meet legal requirements.
In some parts of our Services, we might request Users’ consent for the processing of their personal data for specific purposes. In that event, Users may withdraw their consent at any time.
Rights of Users:
Right to access. Users can contact us to confirm if their personal data is being processed. If we do, we will inform them about the categories of data processed, the purposes for processing, the recipients of the data, and the storage period or criteria used to determine it.
Right to withdraw consent. If our processing relies on the User’s consent, it can be withdrawn at any time by contacting us or using our Services. Withdrawing consent may limit the use of our Services.
Right to rectification. Users are entitled to have any inaccurate or incomplete personal data stored about them rectified or completed.
Right to object. In case our processing is based on our legitimate interest to run, maintain and develop our business, any User has the right to object at any time to our processing. We shall then no longer process User’s personal data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override User’s interests, rights and freedoms or for legal claims. Notwithstanding any consent granted beforehand for direct marketing purposes, any User has the right to prohibit us from using his/her personal data for direct marketing purposes, by contacting us or by using the functionalities of the Services or unsubscribe possibilities in connection with our direct marketing messages.
Right to restriction of processing. Any User has the right to obtain from us restriction of processing of User’s personal data, as foreseen by applicable data protection law, e.g. to allow our verification of accuracy of personal data after User’s contesting of accuracy or to prevent us from erasing personal data when personal data are no longer necessary for the purposes but still required for User’s legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use our Services.
Right to data portability. Users are entitled to obtain their personal data from us in a structured, commonly used, and machine-readable format. Additionally, they have the right to transmit this data independently to a third party, provided that our processing is based on their consent and carried out by automated means.
Right to erasure. Any User has the right to have personal data we process about the User erased from our systems if the personal data are no longer necessary for the related purposes, if we have unlawfully processed the personal data or if the User objects to processing for direct marketing. Any User furthermore has the right to erasure if the User withdraws consent or objects to our processing as meant above, unless we have a legitimate ground to not erase the data. We may not immediately be able to erase all residual copies from our servers and backup systems after the active data have been erased. Such copies shall be erased as soon as reasonably possible.
How to use these rights.
To exercise any of the above mentioned rights, User should primarily use the functions offered by our Services. If such functions are however not sufficient for exercising such rights, Customer shall send us a letter or email to the address set out below, including the following information: name, address, phone number, email address and a copy of a valid proof of identity. We may request additional information necessary to confirm User’s identity. We may decline requests that are repetitive, excessive, or unfounded.
Security
We implement and maintain reasonable and appropriate technical and organizational security measures to protect the personal data we process, from unauthorized access, alteration, disclosure, loss or destruction. Our security measures are summarized on our Trust center webpage.
We audit our security measures regularly and have third-party experts review them against international standards. These audits help us improve our security.
If a security breach occurs that risks Users’ data privacy, we will inform the relevant Users, affected parties, and authorities as soon as possible, in accordance with data protection laws.
Recipients
We only share personal data within our organization if and as far as necessary for the purposes specified in this Privacy Notice. We do not share personal data with any third party outside of our organization unless one of the following circumstances applies.
Necessary for the purposes. We may share personal data with third parties to the extent our Services foresee such disclosure and Users submit their personal data for that purpose. We may also disclose personal data to our affiliated companies and other service providers who assist us in fulfilling the objectives outlined in this Privacy Notice, including services such as data hosting, direct marketing, and customer support. Our agreements with these service providers foresee privacy and security commitments from these service providers that are no less protective than our own commitments described in this Privacy Notice. If our Users provide personal data directly to a third party, such as through a link on our website, the processing is typically based on such third party’s notice.
For legal reasons. We may share personal data with third parties if we have good-faith belief that their access to and use of the personal data is necessary (i) to meet any applicable law and/or court order, (ii) to detect, prevent or otherwise address fraud, security or technical issues, and/or (iii) to protect the interests, properties or safety of us, our Users or the public, in accordance with the law. We will notify Users about such disclosure, as far as reasonably possible.
In relation to corporate restructuring. If we are in a process of merger, acquisition or asset sale, we may transfer personal data to the third party involved. We continue to ensure the confidentiality of all personal data.
Upon User’s consent. We may share personal data with third parties if we have the User’s explicit consent, which can be withdrawn at any time.
Location and transfer
We and our service providers have operations in several locations in the world. Consequently, we and our service providers may transfer personal data to, or access it from, countries outside User’s country of domicile.
We implement measures to guarantee that Users’ personal data is afforded a sufficient level of protection in the countries where it is processed.
Some of our service providers to whom we transfer personal data are located or may store personal data outside the EU or the European Economic Area (EEA), and therefore to the extent necessary, personal data may be transferred to countries outside the EU or the EEA. In such cases, we provide for appropriate safeguards by EU Commission’s standard contractual clauses or by any other appropriate safeguard as foreseen under the applicable data protection law.
Further information regarding the international transfer of personal data may be obtained by contacting us.
Lodging a complaint
In case any User considers our processing of his/her personal data to be inconsistent with applicable data protection law, a complaint may be lodged with the local supervisory authority for data protection.
Changes
This Privacy Notice is updated June 30, 2025. We may update this Privacy Notice at any time if required in order to reflect changes in our data processing practices, in personal data protection laws or otherwise.
Contact
Any User having any question or request on this Privacy Notice or our privacy practices, can contact us by email at privacy@evitec.com or by mail at:
Evitec Solutions
Privacy
Bertel Jungin Aukio 9 A
02600 Espoo
Finland