Privacy policy

Cursor Client Privacy Statement


Cursor is committed to protect the rights of individuals and to keep your data safe. In this statement we will tell you how we collect, use, store and protect your data. Data Controller is Cursor Oy and all of its affiliates. You can find more information on Cursor and about our affiliates at

In Cursor we process your data for various reasons. In this statement we refer our clients, potential clients, our clients contact persons and all other related parties as You and Cursor Oy and all of its affiliates as Cursor.

Please note that this statement is translation from Finnish. In the case that translation differs, the Finnish version prevails over this one.

Roles of personal data

We process your personal data on different premises, depending on which of our services you use. You might be in one or in multiple different personal data roles.

Personal data roles are:



In the following paragraphs we will tell you what personal data we process, why and for which purposes.

Users of our websites

We use variety of services within our website. Our aim is to provide you with better services and to analyze functionality, ease of use and technical performance.

Which data we collect from you:

We collect information about the features of your computer and location such as IP-address, identification cookies, sites visited, sites where you came from, time, operating system, device types and browser. Additionally, we collect all the data you input to our site.

For which purposes we use your data:

Your data is used to further improve our sites technical, functional and logical features, providing information security and to prevent malicious activity. 

Additionally, the separately input information will be used to produce customer services, such as the chat service and the register of business premises (in this case the information is processed for the role of established entrepreneurs or for named users of the information services, depending on the premises).

Your information will also be used for the implementation of the so-called remarketing, thus based on your visits on our sites you will see our marketing messages on the platforms you use, such as the advertisements on Facebook or Google.

We also create various statistics and analyses about our information services.

Principle of legitimacy

By using our web site, you accept our cookie policy, on which the collection of most data is based. More information about our usage of cookies can be found on On the web site you can also find plenty of information of how to restrict the use of the data regarding you. You have also got the right to cancel the permission you have given, and to end the use of our web site. 

Lifecycle of data:

The data collected about the web site users is not used to recognize individuals, unless you are also a newsletter subscriber. Most of the information collected will be automatically processed and then transferred into a form from which we can only recognize bigger entities. In case of mischief and possible crimes we do use the collected information to recognize users.

The event register on the servers will automatically be modified into a form, from which you cannot be recognized anymore within 7 days of your visit on our web site.


Starting entrepreneurs

One of the services we provide is consultation for entrepreneurs prior they set up a business. If you come for a consultation for a starting entrepreneur, you belong to this category.

Which personal data we collect from you:

We collect your name and your contact information (phone number, email, address etc.), gender, municipality of residence, date of birth, language of communication and data related to the service we are producing. This information includes e.g. the level of education, description of education, profession, type of employment status, description of the employment status, email, cost accounting, business plans, and all other documentation that will be needed for producing the service.

Which other personal data we collect from other sources:

We receive personal data from the following source:

  • The marketing regime of the Finnish Enterprise Agencies (SUK ry.), from which we receive your name, email address, postal code, and the status of employment. This information allows us to get in touch with you to implement our service. You have given your permission to admit this information for us when filling the form.

For which purposes we use your data:

We use the information to implement customer service, to create statistics/analyses and with your additional approval also for digital marketing. We also use this information, in case you want us to make a statement for the investor, such as Finnvera or the TE-services.

The information will be admitted upon a request of the client i.e. for the members of our specialist network. In that case the contact information of the client and the summary of the business idea will be presented.

The statistics produced from this personal data will be admitted for the broad use of the stakeholders of Cursor, and for media. These statistics do not, however, allow the recognition of any individuals.

Principle of legitimacy:

A contract regarding the services offered by a starting entrepreneur is made, meaning that it is necessary to process your data to be able to execute this contract or to implement all the procedures needing to be done prior this.

Lifecycle of data:

We will retain the information you have given until one of the following occurs:

  1. You set up a business, in which case you will be transferred into the category of established entrepreneurs, and we will use your data to implement services for your new role.
  2. We have not heard from you for 2 years. In this case we will delete your data. We do however send a remainder to you approximately 30 days before deleting this information, to the email address most recently received from you.


Established entrepreneurs, businesses and their contact persons

This is the widest category in which we process your information. We collect information regarding the businesses, entrepreneurs and the contact persons they have that operate in our region, or that are our business partners or potential adherence customers. 

Which personal data we collect from you:

We collect your name and contact information (phone number, email, address etc.) date of birth (from the entrepreneurs operating in the region), gender, municipality of residence, language of communication and some information regarding the service we are producing. This information includes e.g. email, notes taken during phone calls, notes taken during conferences and all other documentation, that will be needed to implement the service. If you have been a “starting entrepreneur” our clients will also use all the information collected in that role. Additionally, if you are part of our specialist network, we also process the information about your knowledge and the services you are offering.

Which other personal data we collect from other sources:

We collect personal data about the businesses operating in our region, the entrepreneurs working for them and the key contacts also from public sources, such as the business information providers like Fonecta, Trade Register and the web sites of companies.

We collect personal data about other enterprises and key contacts also from public sources, such as the web sites of the companies and the lists collected by possible consultants.

For which purposes we use your data:

This data is used to produce service for clients, to examine customer satisfaction, to target and improve marketing and to create various statistical analyses. The dialogues with enterprises and the actions taken will be processed as secret and confidential. Note, however, that if you are simultaneously a project client some data might belong partly or completely in the district of publicity law.

Principle of legitimacy:

Cursor works to increase the vitality of the businesses in the Kotka-Hamina region and to attract new enterprises to the area.  Thus, the processing of your data is our justified interest.

Lifecycle of data:

We collect the data from the businesses of the region during their whole lifecycle. We also record data about entrepreneurs during the whole lifecycle of their enterprise. We also process information about the key persons of enterprises when producing our services, and this information will be stored for 2 years after last time contacted.

The information related to billing, contracts and accounting will be retained according to the effectual national legislation.


Project clients

If you attend to a procedure of a project financed by the EU, to a training or to an event, you are a project client.

Which personal data we collect from you:

We collect the same data as we collect for the role of the established entrepreneurs, businesses and their contact persons and for the role of the starting entrepreneurs. 

For which purposes we use your data:

The data is used to execute the communication, marketing and customer service implemented in the project. Additionally, to implement the EU project report, we deliver some personal data to the investor, to the main executor and to the supervisor of the project. In the ESR project we collect various statistics for the Treasury, but in this case, we do the data processing for them.

Principle of legitimacy:

The data about the projects will be processed for legal obligations. The legal obligations are consisted of the national and EU legislations regarding the constitution funds, that are for example:

Law regarding the development of regions and administration of the functioning of composition funds (7/2014), Law regarding the development of the regions and the financing of the composition fund projects (8/2014), General regulation (EU no. 1303/2013), EAKR regulation (EU no. 1301/2014), ESR regulation (EU no. 1304/2013).

Lifecycle of data:

Retention periods for the data about projects are significantly long. The personal data collected will be retained for 10 years after the end of the project.


Rental clients

As a part of the services we offer we rent conference rooms, business premises etc. If your business or you are renting our premises you are a rental client.

Which personal data we collect from you:

We collect data needed for billing, for accounts receivable, and for possible debt collection, and combine you with our rentable premises. In addition, for the rental activity, we collect your contact information from the maintenance requests you have made and from the other material you have delivered for us.

Moreover, we collect information from the use and the identifiers of the access control and the crime alarm systems. 

For which purposes we use your data:

Your personal data is used to implement customer service and, in the communication related to that, for billing and to examine customer satisfaction. Contact information is also used for the implementation of the possible maintenance requests.

We use the information collected from the access controls and the crime alarm systems identifiers only for the control of ingress and to prevent crimes, and when necessary, to recognize the individuals that have been present in the premises in the possible mischief and crime situations.

The identifier information from the access controls and the crime alarm systems, the name information related to them and the access information we do admit to the tenant of the premises, so that they will be able to verify the validity of the ingress list. The information accumulated from the use of the identifiers will not be admitted to the tenant.

Principle of legitimacy:

If you rent our premises as a private person, we process your data based on the contract. If the business you represent is renting business premises from us we process your information based on the justified interest, as otherwise we are unable to deliver good customer service for you.

Lifecycle of data:

The data regarding the key persons of businesses that we process when producing services will be retained for two years after lastly contacted or for two years after the rental contract has ended. Information for billing, contracts and for accounting will be stored according to the effective national legislation.

The information being recorded in the maintenance requests will be retained indefinitely. This information is mostly consisted of the name of the person, of the office location or other contact information.

The information accumulating from the access controls and crime alarm systems identifiers will be retained for 30 days. 


Newsletter subscribers

We offer you a possibility to receive interesting additional information about our services and about our region. In case you subscribe our newsletter, you belong to this category.

Which personal data we collect from you:

We collect your contact information such as email address and name. This will be combined with the other information collected in other roles. In addition, we collect information about whether you read our newsletters and which ones of the links that we provide you use, and as you use the links we can see which ones of our web sites you are looking at.

For which purposes we use your data:

We use this information to implement and observe communication and to analyze it. Additionally, we use the information collected for the implementation of automated marketing.

Principle of legitimacy:

When subscribing our newsletter, you give an additional permission to process your personal data and for email marketing.

Lifecycle of data:

When you have only taken the role of a newsletter subscriber, we will delete your personal data, as you cancel your approval to receive the email. In case you belong to other roles as well and you cancel your approval to receive the email, we will still retain your data, based on the other roles.


Political decision makers and influencers in regions municipalities

We process your data in this category, as a part of the regional cooperation arranged by the municipality owners.

What personal data we collect from other sources:

In the beginning of your council period your approval for your data handover to us will be asked by your municipality. This information consists of your name, your email address, and of other contact information.

What personal data we collect from you:

We collect data about your attendance of the conferences and events arranged in the region (i.e. region forums, seminars) and information for the disbursement for the possible mileages.

For which purposes we use your data:

This information is used in the communication in news and in regional cooperation events. 

Your attendance to events and the data collected for the disbursement of the conference fee and the mileage will be admitted to Taitoa Oy and to the City of Kotka.

Principle of legitimacy:

Municipalities of our region buy regional cooperation as a service; thus, the processing of your information is our justified interest. Without data processing, we are unable to implement the service.

Lifecycle of data:

The data is retained two years after your most recent period in the council.


Named users of information services

In some of our information services you will be given a username, or you will be using the information service with a username given by a third party. This makes you a named user of information services.

Which personal data we collect from you:

To create a username for you we collect the information needed, what this includes depends on the service. Mainly this data consists of the following information: name, contact information and the information about the organization you are representing.

Additionally, we collect information about how you use the service, and all the information you input into the service.

For which purposes we use your data:

The information is used to ensure the technical functioning of the service, to arrange the management of admission and for the purpose the information service we offer is intended.

In addition, we record various indices about the use and modification of the files.

Principle of legitimacy:

The principle of legitimacy of data protection varies on occasion. Information services can be used to take care of a legal obligation or the processing can be based on so-called justified interest when we are cooperating by means of information services.

Lifecycle of data

User information will be recorded for 30 days. Editing of documents and commenting information will be used during the lifecycle of the document. In some of the services the personal data processing will be ended when your username is deleted.


Transferring information to third countries

Cursor transfers personal data also to the organizations operating outside the economic region of Europe. These data transfers will be implemented only when one of the terms is fulfilled:

  1. Commission of the EU has decided that the data protection of the country is sufficient.
  2. Other necessary protection actions have been introduced for example by following the template agreement statement accepted by the commission of the EU, based on the EU-US Privacy Shield agreement or making sure that the business processing the data has effectual rules obligating the enterprise (Binding Corporate Rules, BCR)
  3. In a special occasion an exception rule can be applied, if for example the enforcement of the contract so requires, or you have given a specific permission to transfer the information in question. 


Your rights related to your privacy protection

You have got the following rights related to the personal data we are processing:

  1. The right to ask for an access to your personal data and to get a copy of it.
  2. The right to ask for a correction for incorrect and inadequate information.
  3. The right to ask for a deletion of your data. This however requires one of the following to be fulfilled:
    • You cancel the permission you have given, and there is no other legal reason for the data processing.
    • You are against data processing, and there is no acceptable reason to continue the processing.
    • Data processing is against the law.
  4. The right to restrict the processing of your data.
  5. The right to oppose data processing based on our justified interest.
  6. The right for the portability of the data.
  7. The right concerning the personal data, that has been processed only automatically and based on the permission or the execution of the contract. The information can upon your request be directly transferred to another register holder. 

If you want to use the rights listed above, the requests are evaluated on occasion. Generally, you will receive an answer for your request in 30 days. To utilize your rights, we will separately recognize you to implement the request and to make sure that the rights of the others registered are secured.


How do we protect your personal data

Information security and data protection are central to the operation of Cursor. We use the adequate technical, organizational and administrative safety procedures, that are used to protect the information in our possession from disappearance, misuse, unauthorized use, delivering, transition and destruction.

Third parties

We also give personal data to authorities insofar as the law obligates us. These authorities include for example police, tax-, execution-, and monitoring authorities.

In addition, your data will be processed by third parties, such as information system editors, service delivers, and other subcontractors. We have confirmed the confidentiality of these third parties and made a contract with them regarding the processing of personal data. Moreover, we instruct these third parties about how to process your data.

How do we adjust this data protection statement

When adding or improving our services we may make changes to this statement. In case these changes lead to significant changes to the processing of your personal data or when it comes to its spread or its use, we will make sure to inform you. Provided we expand our service and will need more personal data from you, we will inform you about the new purposes at the latest when collecting the data. Additionally, we can also otherwise update this document, hence we recommend that you will every now and then come and check if the write-up has changed.


Contacting Cursor or a data protection authority

If you want to ask more information about this data protection statement or you want to utilize your rights get in touch with us in the following ways: by email or by letter Cursor Oy / Tietosuoja, PL 14, 48601 KOTKA.

In our data protection organization, the personal data processing of Cursor is coordinated by IT Manager Toni Jaakkola, +358 40 190 2526.

Cursor belongs to Kotka concern, of which data protection officer is Juha Reihe, +358 40 668 1630.

You can also make a complaint or get in touch with a data protection authority. The contact information for data protection authorities of Finland can be found from