Privacy at Fondia

It is important for us at Fondia to respect your privacy and protect your personal data carefully. Our aim is that all processing of personal data is transparent and that is why we have collected all information related to the processing of your personal data to this section.


Fondia operates in four countries, each of which is a controller on their behalf.
All inquiries and requests shall be emailed to privacy(at)


Fondia Finland
Aleksanterinkatu 11 (Entrance at Kluuvikatu 6 A) FI-00100 Helsinki Finland
Fondia Estonia
Rotermanni 14 EE-10111 Tallinn Estonia
Fondia Lithuania
Gedimino pr. 20 LT-01103 Vilnius Lithuania
Fondia Sweden
Kungsgatan 56 SE-11122 Stockholm Sweden

How do we process personal data?

We have divided the processing of personal data to sections depending on the role in which you want information on the processing of your data. We do not carry out profiling or automatic decision-making.


To whom do we disclose data? Do we transfer data outside the EU/EEA?

Otherwise, than to our processors and to the independent controllers that we are sharing data with as stated in the content of each headline above, we do not disclose data to outsiders unless the legislation or authorities require us to do so.

We use international cloud services in the processing of personal data and data may be transferred outside the EU/EEA in connection with those services. We ensure that appropriate safeguards in accordance with the GDPR are used in data transfers.

Risks and security measures

Fondia uses technical and organisational measures to protect your personal data against loss and unauthorized access. This includes for example secure and private connections (such as VPN), encryption and the fact that access to your personal data is always limited to the employees that need access to be able to perform their tasks and duties. We regularly evaluate our systems, routines, and policies to make sure that they are safe and protected.

For more information, please contact us by using the contact details above in this privacy notice.

What rights do you have?

You have several rights according to the GDPR. If you would like to exercise your rights or if you have any questions, please contact us using the contact details above in this privacy notice.

Right to information

You have the right to be given information on how we process your personal data, which we provide to you through this privacy notice.

Right to access

You can request information about whether we process personal data about you and receive a copy of the personal data we process. The right to access also includes more information about how we process your personal data.

Right to rectification

We have a responsibility to make sure that the personal data that we process are correct. However, you have the right to request that inaccurate information be rectified if you believe that certain information is inaccurate or incomplete.

Right to object

When we process personal data based on our legitimate interest, you have the right to, at any moment, object to the processing. If we cannot demonstrate compelling legitimate reasons for the data needing to be processed, we have to cease the processing.

Right to withdraw consent

If our processing of your personal data is based on your consent, you can at any time withdraw your consent by contacting us by the contact details above in this privacy notice. If you withdraw your consent, it does not affect the legality of the processing of your personal data before your withdrawal.

Right to limitation of processing

You have the right in certain cases to demand that the processing of personal data be limited. This is applicable for example if you have objected to the processing of your personal data. By demanding that the processing be limited, you have the possibility, during a certain time, to stop us from using your personal data for other purposes than for example defence of legal claims. You can also prevent us from deleting the personal data, for example if needed for claiming damages.

Right to erasure

You can in certain cases request that your personal data be erased. We cannot erase your personal data if your personal data is needed to fulfil the purposes for which they were collected, is required to fulfil a legal obligation or when we need to exercise or defend legal claims.

Right to transfer your personal data (data portability)

If we process your personal data to fulfill a contract, you have, in certain cases, the possibility to be given and use your personal data elsewhere, for example to transfer the personal data to another controller.


More information regarding your data protections rights are to be found at your national data protection authority’s website:

In Finland at the Data Protection Ombudsman’s website

In Sweden at IMY’s website.

In Estonia

In Lithuania at State Data Protection Inspectorate’s website.

Any input on how we process personal data?

You are welcome to contact us if you have thoughts or input on how we process your personal data or would like more information about the weighing of interests. Please use the contact details above in this privacy notice.

You also have the possible to lodge a complaint to your national data protection authority.

For Finland that is the Data Protection Ombudsman. Instructions for lodging a complaint can be found on the Data Protection Ombudsman’s website.

For Sweden that is IMY. More information about how this process works can be found on IMY:s webpage file a compliant.

For Estonia that is Data Protection Inspectorate of the Republic of Estonia (Andmekaitse Inspektsioon). More information about how this process works can be found on here

For Lithuania that is State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija). More information about how this process works can be found on the website

Last updated: March 2024.