PRIVACY POLICY
|
Name of the document |
3stepIT Privacy Policy |
|
Scope |
This privacy policy applies to personal data that you give us when visiting our website, using our Asset Management services, using our other services and/or portals, reporting suspected misconduct, interacting with us in meetings, social media, emails and other means of communication. |
|
Purpose |
The purpose of this privacy policy is to inform you about:
|
|
Classification |
Public |
|
Version |
4.0 |
|
Last updated |
11.9.2025 |
|
Review schedule |
When required by the Data Protection Legislation. Furthermore, due to changes in our operations or the technology used, we may need to update our privacy policy from time to time. When this happens, we will revise this privacy policy and refresh it on our website. |
The protection of your personal data is important to 3Step IT Group Oy and its affiliated companies, hereinafter referred to as "3stepIT" or "we". 3Step IT Group Oy (business ID 2087590-4), Limited Liability Company registered in Finland acts as a contact point for all 3Step IT Group companies in privacy related requests:
- Office address: Mechelininkatu 1A Helsinki 00180, Finland
- The general phone number: +358 10 525 3200
- Data Protection Officer: dpo(at)3stepit.com
If you have any questions relating to our use of your personal data under this privacy policy, please contact our Data Protection Officer at the contact details provided above, or use the contact form provided on our website: tell us a bit about your enquiry and we will pass it to the right expert and controller, if need be.
Contact Details of Affiliated Companies
| 3Step IT Oy Business ID 2161942-7 Mechelininkatu 1A, 00180 Helsinki Registered in Finland |
3 Step IT A/S Business ID 26106427 Vandtårnsvej 62, 2860 Søborg Registered in Denmark |
3 Step IT AS Business ID 878703812 Wergelandsveien 7, 0167 Oslo Registered in Norway |
| 3 Step IT Sweden AB Business ID 556488-0218 Drottninggatan 19, 582 25 Linköping Registered in Sweden |
3Step IT OÜ Business ID 10731756 Telliskivi 60/2, Tallinn 10412 Registered in Estonia |
3 Step IT Services Limited Business ID 13762523 100 Liverpool Street, EC2M 2AT London Registered in UK |
| LeaseCloud AB Business ID 559089-4308 Erik Dahlbergsgatan 12, 115 32 Stockholm Registered in Sweden |
3 Step IT Inc. Business ID 10047902 2521 Golden Bear Drive Suite 120, Carrollton Registered in Texas, USA |
3 Step IT Corp. Business ID 727869224 181 University Ave, Suite 2100, Toronto Registered in Ontario, Canada |
The data controller for your personal data may be either 3Step IT Group Oy or any of its affiliated companies, depending which company has a contractual or other relationship with you. We may also act as a data processor and in that role process personal data on behalf of our contractual parties. Please note that this privacy policy does not cover personal data subject to processing activities we conduct as a processor, such as customer data processed when using our Asset Management systems.
1 WHAT PERSONAL DATA DO WE COLLECT?
We collect and use your personal data to the extent necessary to carry out our operations and provide our services as well as to comply with any regulatory obligations in our activities.
CUSTOMERS, SUPPLIERS AND MARKETING
| Purpose of processing | Legal basis | Personal data |
|---|---|---|
| Fulfill AML, KYC, sanctions, export control, and accounting requirements. | Legal obligation; Legitimate interest for financial sanctions. | Name, date of birth, nationality, ID copy, address, PEP-status. |
| Market products, send newsletters, and develop customer relationships. | Legitimate interest. | Name, title, and contact information of customer representatives. |
| Provide and deliver products and services. | Performance of a contract. | Contact details and identification (passport/ID, photo, nationality). |
Sources: Data is collected directly from you or indirectly from customers, business partners, public sources (LinkedIn), and data brokers. Retention: Personal data related to customers/suppliers is generally retained for five years after the end of the contractual relationship. KYC data and marketing data are also retained for five years.
WEBSITE VISITORS
3stepIT processes data from website visitors and social media users obtained through cookies, newsletter sign-ups, and contact forms.
| Purpose | Legal basis | Personal data |
|---|---|---|
| Improve website performance and analyze traffic. | Consent (non-essential); Legitimate interest for retrieval. | IP address, device info, pages visited, duration of visit. |
| Targeted advertising. | Consent; Legitimate interest. | Cookie tracking data, IP address, and interaction history. |
2 WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We share personal data within 3stepIT and with external service providers (IT, logistics, advisory), commercial partners, and authorities when required by law. If we assign lease agreements, data may be transferred to refinancing partners who act as independent controllers.
3 INTERNATIONAL TRANSFERS
Transfers outside the EEA follow legal safeguards, such as adequacy decisions or standard contractual clauses approved by the European Commission.
5 HOW DO WE SECURE YOUR DATA?
We use physical, administrative, and technical security measures. Access is restricted to personnel who require it for their work. External processors must comply with this policy and applicable laws.
6 YOUR RIGHTS AS A DATA SUBJECT
| Right of access | Request information and a copy of your personal data. |
| Right to rectify | Request modification of inaccurate or incomplete data. |
| Right to erase | Request deletion of data, unless a legal obligation requires storage. |
| Right to object | Object to processing for direct marketing or based on your situation. |
| Right to withdraw consent | Withdraw consent at any time (e.g., via unsubscribe links). |
| Right to lodge a complaint | Lodge a complaint with a supervisory authority. |
To exercise these rights, contact our Data Protection Officer at the details provided above.