Privacy policy.
Updated 6 March 2026
1. Controller
This Privacy Policy informs you how Taso AI as a data controller processes your personal data. This Privacy Policy concerns Taso AI websites, marketing and all our products and services, which collect personal data, or which are linked to this Privacy Policy.
2. Name of register
Customers, Marketing and Stakeholders Register
3. What data do we process and what is the purpose and the legal basis of processing the personal data?
Data subjects are the customers, prospect customers and other stakeholders of Taso AI.
Among the types of personal data Taso AI collects are:
- Basic information such as name, customer number, username and/or other identifier, preferred language.
- Contact information such as e-mail address, phone number, address information.
- Information related to the company's contact persons.
- Possible direct marketing opt-outs.
- Information of the customer relationship and the contract such as information of past and current contracts and orders, correspondence with you and other communication, payment information and other information which you have voluntarily provided to our systems.
- Data of the connection and terminal device you are using such as the IP address, device ID or other device identifier and cookies.
- Asset and portfolio data you upload or connect to our platform for analytics and AI-powered insights.
We process personal data for the following purposes and on the following legal bases:
- Delivering, maintaining and improving our products and services, including providing AI-powered asset management analytics and insights, based on the performance of a contract with the customer and our legitimate interest in developing and improving our services.
- Managing and maintaining the customer relationship, including communication with customers, based on the performance of a contract and our legitimate interest in managing our business relationships.
- Fulfilling our contractual commitments and other obligations, based on the performance of a contract.
- Invoicing, bookkeeping and compliance with statutory requirements, based on compliance with legal obligations applicable to Taso AI.
- Conducting customer surveys and developing our services, based on our legitimate interest in improving our services and customer experience.
- Marketing our services to relevant companies and organising campaigns and events, based on our legitimate interest in promoting our services and developing our business relationships.
- Managing direct marketing preferences, including respecting opt-outs from marketing communications, based on compliance with legal obligations and our legitimate interest in managing marketing communications appropriately.
- Targeting advertising in our online services and analysing user behaviour and usage patterns (which may involve profiling within the meaning of GDPR, but does not produce legal or similarly significant effects) for service development and marketing purposes, based on consent where required (such as for cookies) and otherwise on our legitimate interest in understanding how our services are used and improving them.
4. From where do we receive data?
We receive information primarily from following sources: yourself, population register, authorities, credit information companies, social media, contact information service providers and other similar reliable sources. We also collect information when our services or websites are used. More information on how we use cookies can be found in the Section 7 below.
For the purposes described in this Privacy Policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations.
5. To whom do we disclose data, and do we transfer data outside of EU or EEA?
We may use service providers to assist us in organising marketing campaigns and events. These service providers process personal data only on our behalf and in accordance with our instructions. We ensure appropriate data processing agreements are in place with such service providers. We may disclose data from this register to our co-operation partners who do marketing and arrange campaigns and events with and on behalf of us, and who consider themselves as controllers instead of processors working on our behalf. Otherwise we do not disclose data from the register to external parties unless required by the legislation or an order by the authorities.
We utilize subcontractors that process personal data on behalf of and for us. We have outsourced our IT management and the maintenance of our customer and marketing systems to outside service providers on whose administrated and protected servers the personal data is stored.
We transfer personal data outside the EU/EEA in connection with the purposes stated in this Privacy Policy. When personal data is processed outside the EU/EEA, we ensure that the personal data is transferred in accordance with the applicable law, for example, by using the EU Commission's standard contractual clauses or other appropriate safeguards as described in Article 46 of the GDPR.
6. How do we protect the data and how long do we store them?
Access to personal data processing systems is granted exclusively to employees on a need-to-know basis and role-based access control (RBAC) principles, limited to those whose job functions necessitate processing of specific personal data categories. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons.
We store personal data only for as long as necessary for the purposes for which it was collected and processed.
Personal data related to customer relationships is generally stored for the duration of the customer relationship and for up to five to seven years thereafter in order to comply with legal obligations, such as accounting requirements, and to manage potential contractual claims.
Personal data used for marketing purposes is stored until the data subject withdraws consent, objects to the processing, or the data is otherwise no longer needed for marketing purposes.
Personal data contained in data sets, assets or portfolio information uploaded or connected by the customer to our platform is processed for the duration of the customer relationship and is deleted or anonymised after the termination of the customer relationship unless retention is required by applicable law.
We regularly assess the necessity of retaining personal data and delete or anonymise data that is no longer needed for the purposes for which it was collected. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
7. How do we use cookies on our website?
Our websites and social media channels use cookies and other similar technologies for managing and developing the website, improving and analyzing user experience and targeting advertisement in our and our partners' services. Cookies allow us to collect information such as from which website users arrive to the pages, which pages are browsed and when, which browser is used and the IP address of the device.
For more information on how we use cookies, please see our Cookie Policy.
8. What are your rights as a data subject?
You have the right to access the personal data stored in this register concerning yourself, and the right to demand rectification or erasure of that data. You also have the right to withdraw your consent where we process your data based on your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent. Where our processing of your personal data is based on your consent or a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transmit your data directly to another organisation where technically feasible.
You have the right to object to processing or to request restriction of the processing of your personal data at any time and free of charge, and to lodge a complaint with the supervisory authority. Please see the contact information of the Finnish Data Protection Ombudsman below.
Finnish Data Protection Ombudsman:
Tietosuojavaltuutettu
P.O. Box 800
00521 Helsinki
+358 29 56 66700
For specific personal reasons, you also have the right to object profiling and other processing concerning yourself, when processing the data is based on our legitimate interest. In connection with your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request based only on grounds provided by law. No automated decision-making, including profiling, takes place that produces legal effects or similarly significantly affects the data subject.
All requests and requirements concerning this section should be submitted in writing to sales@tasoasset.com.
9. Changes to this Privacy Policy
We may update this privacy policy from time to time. Significant changes will be announced on our website and, for registered users, via email notification. We recommend checking this policy regularly.
