Skip to content

Privacy Policy

Last updated: April 17, 2026

1. Introduction

Welcome to the Vevex Oy ("Vevex", "we" or "our") website. We are committed to protecting your personal data and privacy. This privacy policy describes how we collect, use, disclose, and protect your data when you visit our website, use our online store, or use our services.

Please read this privacy policy carefully. By using our services, you agree to the practices described in this privacy policy.

2. Data We Collect

We collect data that you provide to us directly, including:

  • Contact information: Name, address, phone number, and email address when placing an order, requesting a quote, or contacting us.
  • Payment information: Payment details are processed securely through our payment service providers. We do not store complete card numbers in our systems.
  • Service information: Details of ordered services, service addresses, quotes, work orders, and service history.
  • Business customer data: For business customers, we process the names and contact details of company representatives.
  • Communications: All messages you send us, including support requests, complaints, and customer feedback.

We collect data primarily directly from you. For business customers, we may also collect contact details of company representatives from public sources and our partners.

Providing personal data is generally a prerequisite for entering into a service agreement. Without the necessary contact information, we cannot process your order or deliver services.

3. Automatically Collected Data

When you visit our website, we automatically collect certain data, including:

  • Device information: Browser type, operating system, device type, and screen resolution.
  • Usage data: Pages visited, time spent on pages, click behavior, and referring URLs.
  • IP address: Your Internet Protocol address, which may indicate your general geographic location.
  • Cookies and tracking technologies: We use cookies and similar technologies for trend analysis, website administration, and collecting demographic information. See section 7 for a more detailed description.

4. Legal Basis for Processing Personal Data

We process your personal data under the following legal bases in accordance with the GDPR and applicable legislation:

  • Performance of a contract (Art. 6(1)(b)): Processing and fulfilling service orders, preparing quotes, managing service agreements, and sending service-related communications.
  • Consent (Art. 6(1)(a)): Setting advertising cookies, displaying targeted advertising, and sending direct marketing to consumer customers. You can withdraw your consent at any time.
  • Legitimate interest (Art. 6(1)(f)): Analyzing website usage to improve our services, preventing fraud, ensuring information security, providing customer support, and targeting marketing to business customers.
  • Legal obligation (Art. 6(1)(c)): Retaining accounting records in accordance with Finnish accounting law, ensuring warranty and cancellation rights, and responding to authorities' data requests.

5. Purposes of Data Use

We use the data we collect for the following purposes:

  • Processing, delivering, and installing service orders
  • Preparing quotes and managing service agreements
  • Providing and managing customer and user accounts
  • Customer service, complaint handling, and after-sales support
  • Invoicing and payment processing
  • Sending transactional messages (order confirmations, service time reminders)
  • Analyzing website usage to improve our services
  • Marketing and targeted communications
  • Preventing fraud and improving the security of our services
  • Complying with legal obligations

6. Advertising and Analytics

We use third-party advertising and analytics services, including Google Tag Manager (GTM), Google Analytics, Google Ads, Meta (Facebook), TikTok, Reddit, and Microsoft Clarity, to understand how visitors use our website and to provide targeted advertisements. Google Tag Manager is used to manage analytics and advertising scripts on our website. These services may collect data about your online activity over time and across different websites.

Meta (Facebook) Pixel and Conversions API: We use the Meta pixel to measure the effectiveness of our advertising, understand actions taken on our website, and display targeted advertisements. We also use Meta's server-side Conversions API to send event data (such as purchases and quote requests) directly to Meta's servers. This complements the browser-based pixel and may include hashed personal data such as email address, phone number, and name for ad targeting and conversion measurement. Cookies are set and data is sent only with your consent.

TikTok Pixel and Events API: We use the TikTok pixel to measure the effectiveness of our advertising on TikTok, understand actions taken on our website, and display targeted advertisements. We also use TikTok's server-side Events API to send event data (such as page views, lead form submissions, and conversions) directly to TikTok's servers. This complements the browser-based pixel and may include hashed personal data such as email address and phone number for ad targeting and conversion measurement. Cookies are set and data is sent only with your consent.

Reddit Pixel and Conversions API: We use the Reddit pixel to measure the effectiveness of our advertising on Reddit, understand actions taken on our website, and display targeted advertisements. We also use Reddit's server-side Conversions API to send event data (such as page views, lead form submissions, and conversions) directly to Reddit's servers. This complements the browser-based pixel and may include hashed personal data such as email address and phone number for ad targeting and conversion measurement. Cookies are set and data is sent only with your consent.

Google Analytics and Google Ads: We use Google Analytics 4 to analyze website usage and Google Ads conversion tracking to measure the effectiveness of our advertising. For purchase conversions, we use Google Ads Enhanced Conversions, where hashed customer data (email, phone number, name, address) is sent to Google for more accurate conversion measurement. Analytics and advertising cookies are only set with your consent.

Microsoft Clarity: We use Microsoft Clarity to understand how visitors interact with our website through session recordings and heatmaps. Clarity captures how you use our site (clicks, scrolls, mouse movements) and generates heatmaps of visitor behavior. Clarity does not collect personally identifiable information and masks sensitive content by default. Clarity cookies are only set with your consent.

7. Cookies and Tracking Technologies

We use cookies and similar technologies on our website to improve your experience and analyze site usage. Visitors from the EU/EEA are shown a cookie notice to manage their settings.

Essential Cookies

These cookies are technically necessary for the site to function. They cannot be disabled.

  • cookie_consent — Stores your cookie preferences (accepted categories, timestamp, and version). Duration: 12 months.

Analytics Cookies

Google Analytics and Microsoft Clarity set the following cookies with your consent:

  • _ga — Google cookie used to distinguish users. Duration: 2 years.
  • _ga_'<'ID'>' — Google Analytics 4 session cookie used to maintain session state. Duration: 2 years.
  • _gid — Google Analytics session identifier used to distinguish users over a short time period. Duration: 24 hours.
  • _clck — Microsoft Clarity cookie used to store a unique user identifier and preferences. Duration: 12 months.
  • _clsk — Microsoft Clarity cookie used to group page views into a single session. Duration: 1 day.

Advertising Cookies

These cookies are only set with your consent and are used for targeted advertising and measuring ad effectiveness.

  • _fbp — Meta (Facebook) pixel browser identifier used for displaying targeted ads and measuring ad effectiveness. Duration: 90 days.
  • _fbc — Meta (Facebook) click identifier used for linking website visits to ad clicks. Duration: 90 days.
  • _ttp — TikTok pixel browser identifier used for displaying targeted ads and measuring ad effectiveness. Duration: 13 months.
  • _rdt_uuid — Reddit pixel browser identifier used for displaying targeted ads and measuring ad effectiveness. Duration: 90 days.
  • _gcl_au — Google Ads identifier used for conversion tracking and measuring ad effectiveness. Duration: 90 days.
  • _gcl_aw — Google Ads click identifier set when a user arrives via a Google ad. Duration: 90 days.
  • _gac_'<'ID'>' — Google Ads campaign identifier used for linking conversions to ad campaigns. Duration: 90 days.
  • _vx_vid — Vevex first-party visitor identifier used as a stable cross-platform external_id for ad matching (Meta, TikTok, Reddit). Contains a random UUID and no personal data. Duration: 2 years.
  • _vx_ttclid — Vevex first-party persistence of the TikTok click identifier (ttclid) so paid-traffic attribution survives across navigations. Duration: 30 days.
  • _vx_rdt_cid — Vevex first-party persistence of the Reddit click identifier (rdt_cid) so paid-traffic attribution survives across navigations. Duration: 30 days.

We use Google Consent Mode v2, which adapts Google services' behavior based on your cookie preferences. When you have not given consent, Google services operate in restricted mode and do not set identifying cookies. Ad click identifiers in URLs (such as gclid) may still be passed between pages in restricted mode to support advertising measurement.

You can change your cookie settings at any time via the "Cookie Settings" link in the site footer or by contacting us.

8. Data Disclosure

We may disclose your data to the following parties:

  • Service providers: Third parties performing services on our behalf, such as payment service providers, email services, shipping companies, and hosting services.
  • Advertising partners: As described in the Advertising and Analytics section. Data is shared via both browser-based methods (pixels, cookies) and server-side APIs (Meta Conversions API, TikTok Events API, Reddit Conversions API, Google Ads Enhanced Conversions). Advertising data is shared only with your consent.
  • Legal requirements: As required by law, court order, or government authority.
  • Business transfers: In connection with a merger, acquisition, or sale of business.

We do not sell your personal data to third parties nor disclose it for third-party marketing purposes.

9. International Data Transfers

We primarily use service providers within the EU/EEA. However, some of our service providers are located in the United States:

  • Google (Tag Manager, Analytics and Ads): Analytics, advertising tracking, and conversion measurement, including hashed customer data sent via Enhanced Conversions. Data is transferred only with your consent, and transfers are based on Standard Contractual Clauses (SCC) and the EU-U.S. Data Privacy Framework.
  • Meta (Facebook): Advertising pixel and Conversions API. Data is transferred only with your consent, and transfers are based on Standard Contractual Clauses (SCC) and the EU-U.S. Data Privacy Framework.
  • TikTok: Advertising pixel and Events API. Data is transferred only with your consent. TikTok processes EU user data primarily in European data centres (Project Clover, Ireland and Norway), with limited transfers to TikTok entities outside the EU/EEA based on Standard Contractual Clauses (SCC).
  • Reddit: Advertising pixel and Conversions API. Data is transferred only with your consent, and transfers are based on Standard Contractual Clauses (SCC) and the EU-U.S. Data Privacy Framework.
  • Microsoft (Clarity): Session recordings, heatmaps, and user behavior analytics. Data is transferred only with your consent, and transfers are based on Standard Contractual Clauses (SCC) and the EU-U.S. Data Privacy Framework.

We ensure that all international data transfers comply with applicable data protection legislation and that appropriate safeguards are in place.

10. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including meeting legal, accounting, or reporting requirements.

Your personal data is retained for as long as your customer or user account is active. After account closure, we need to process your data for handling potential claims and complying with legal retention periods.

Accounting records are retained for at least 7 years to comply with Finnish accounting law and statutory tax requirements.

11. Data Subject Rights

Under the GDPR and applicable data protection legislation, you have the following rights regarding your personal data:

  • Right of access: You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.
  • Right to rectification: You have the right to request the correction of inaccurate or incomplete personal data.
  • Right to erasure: You have the right to request the deletion of your personal data under certain conditions. Legal obligations (such as accounting requirements) may limit this right.
  • Right to restriction of processing: You have the right to request the restriction of processing of your personal data in certain situations.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object: You have the right to object to the processing of your personal data based on legitimate interest. You have an absolute right to object to processing for direct marketing purposes at any time.
  • Right to withdraw consent: When processing is based on consent (such as advertising cookies), you have the right to withdraw your consent at any time via cookie settings.

You can exercise these rights by contacting us at [email protected]. We may need to verify your identity before processing your request.

12. Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that would have legal effects concerning you or similarly significant consequences.

13. Right to Lodge a Complaint

If you believe that the processing of your personal data violates data protection legislation, you have the right to lodge a complaint with a supervisory authority.

In Finland, the supervisory authority is:

Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki
P.O. Box 800, 00531 Helsinki
Email: tietosuoja(at)om.fi
Phone: +358 29 56 66700

EU/EEA residents may also lodge a complaint with the supervisory authority in their country of residence.

14. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. Our staff are instructed to process personal data only for limited purposes, and access to data is restricted at the system level. All data in transit is encrypted using SSL/TLS technology. However, no method of transmission over the Internet or electronic storage method is completely secure.

15. Children's Privacy

Our services are not directed at persons under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

16. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of changes by posting the updated privacy policy on this page and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

17. Data Controller

The data controller responsible for processing your personal data is:

Vevex Oy
Business ID: 2700259-1
Ruosilankuja 3 A, 00390 Helsinki, Finland
Email: [email protected]
Phone: 010 340 3831

If you have questions about this privacy policy or our data protection practices, please contact us at the email address above.