This Privacy Policy describes how we at Tulka process personal data for the purpose of providing, marketing and improving our services. This privacy policy concerns the users of Tulka’s services as well as the representatives of our existing and potential customers.

Some of our services might be subject to a separate privacy policy. If a separate privacy policy applies to a particular service, we will post it in connection with the service in question.

This privacy policy may be updated if required in order to reflect changes in our data processing practices or applicable legislation. The current version can be found on our website Data subjects will be notified of any substantial changes to this privacy policy.

Please note that this privacy policy applies to processing of personal data carried out by Tulka as a data controller. As regards data processed in Tulka’s services, Tulka acts as a data processor and the relevant customer organization acts as the data controller with regard to this personal data. If you wish to obtain information on how your personal data is processed in interpretation, please contact the relevant organization directly.


Name: Tulka Oy
Company ID: FI27579091
Mail address: Mikonkatu 13 A, 00100 Helsinki
E-mail address:


Personal data is collected mainly directly from customers at the point of registration or in connection with the customer’s use of Tulka’s services. In addition, personal data may be collected from service providers and public registers.

Purpose of processingTypes of personal dataApplicable legal basisRetention period
Customer communication
  • Name
  • Phone number
  • Email address
  • Organisation and title
  • Correspondence

Legitimate interest2 years after the last contact
Providing of services
  • Name
  • Phone number
  • Email address
  • Organisation and title
  • Data on the use of services

ContractThe duration of the contract
Customer service
  • Name
  • Phone number
  • Email address
  • Support request

Legitimate interest3 years after the support ticket has been resolved
  • Name
  • Phone number
  • Email address
  • Organisation and title

Legitimate interest2 years after the contact
  • Name
  • Phone number
  • Email address
  • Organisation and title
  • Billing information
  • Data on the use of services

Contract6 years after the end of the financial year
  • IP address
  • Browser type and version
  • Device type and identification number
  • Operating system
  • Language settings
  • Time of visit
Legitimate interest2 years after web page visit


Tulka processes customers’ personal data primarily within the European Economic Area. However, we use service providers in several geographical locations. Hence, personal data may be transferred outside the European Economic Area.

We take steps to ensure that the personal data processed by us receives an adequate level of protection in all of the jurisdictions in which it is processed. Personal data transfers outside the EU/EEA are based on Standard Contractual Clauses or other applicable transfer mechanisms as required by data protection legislation. Additionally, we have determined supplementary measures to ensure the level of data protection.

More information regarding the transfers of personal data may be obtained by contacting us on any of the addresses indicated in the beginning of this policy.


Personal data may be shared with third parties outside of Tulka’s organization if any of the following circumstances apply:

  • It is necessary for the purposes set out in this privacy policy,
  • For legal reasons, such as fraud prevention, or
  • For the purpose of a merger, acquisition or asset sale.

If personal data is shared with third parties, Tulka takes appropriate contractual and organisational measures to ensure that personal data is processed only to the extent necessary and confidentiality of all personal data is ensured.


Right to access

Customers have the right to access your personal data processed by us. Customers may contact us and we will inform what personal data we have collected and processed regarding the said customer.

Right to withdraw consent

In case the processing is based on consent granted by the customer, they may withdraw the consent at any time. Withdrawing consent may lead to fewer possibilities to use our services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Customers have the right to prohibit us from using their personal data for direct marketing purposes, market research and profiling made for direct marketing purposes by contacting us at the addresses indicated in the beginning of this policy. Marketing consent can also be withdrawn through your user account or by using the unsubscribe option available in email marketing messages.

Right to rectify

Customers have the right to have incorrect or incomplete personal data we have stored about the customer corrected or completed. You can correct or update some of your personal data through your user account.

Right to erasure

Customers may also ask us to erase the customer’s personal data from our systems. We will comply with such a request unless we have legitimate grounds to continue processing the data.

Right to object

Customers may object to the processing of personal data if such data is processed for other purposes than purposes necessary for the performance of our services or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.

Right to restriction of processing

Customers may request us to restrict processing of personal data, for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our services.

Right to data portability

Customers have the right to receive their personal data from us in a structured and commonly used format and to independently transmit those data to a third party.

How to use the rights

The above-mentioned rights may be used by contacting us via email. We may request the provision of additional information necessary to confirm the identity of the customer. We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.

Lodging a complaint

In case a customer considers our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.

Information security

We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include, for example, encryption, firewalls, secure facilities, and access right management. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience, and ability to restore the data. We regularly test our services, systems, and other assets for security vulnerabilities.

If a security breach occurs that is likely to have negative effects on the privacy of customers, we will inform any affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.