This Privacy Policy is drafted in accordance with the EU General Data Protection Regulation (EU 2016/679, “GDPR”) and applies to the processing of personal data carried out by Evenpay Oy (“Evenpay”, “we”, “our”). Evenpay is committed to protecting your privacy. We understand that trust is fundamental, and this principle guides how we handle your personal data across all our operations. The Policy describes how we collect and process personal data when you visit www.evenpay.io (including subdomains), download materials, subscribe to communications, register for webinars or demos, or otherwise interact with our marketing and sales activities. It also outlines your rights as a data subject. We are dedicated to safeguarding your data through robust privacy and security measures. Any data we collect serves to deliver optimal results, enhance your experience, and continuously improve our services.

Evenpay Oy
Business ID: 3542321-4
Lapinlahdenkatu 16,
00180 Helsinki, Finland

For all privacy matters, contact: [email protected]

(If you prefer postal mail, mark the envelope “Privacy”.)

We process personal data only for specified, explicit and legitimate purposes. The main purposes and legal grounds under GDPR are:

We collect personal data through different means. The type of data collected depends on the data subject and varies but is always guided by the principle of minimisation of data.

2.1 Marketing communications and subscriptions

Purpose: Sending newsletters, product updates, marketing materials, invitations and content downloads.

Legal basis: Consent (GDPR Art. 6(1)(a)).

Data categories: Name, email, role, marketing preferences, event participation, interaction metrics (e.g. email opens/clicks), call recordings, and other data which is based on your consent and defined in detail on a case by case basis.

2.2 Responding to inquiries and providing demos or webinars

Purpose: Managing demo requests, event registrations, and contacting you upon request.

Legal bases: Legitimate interest in promoting and developing services (Art. 6(1)(f)), or

Pre-contractual steps upon your request (Art. 6(1)(b)).
Data categories: Contact details, company information, communication history.

2.3 Direct marketing

Purpose: Targeted or personalised outreach relating to Evenpay’s services.

Legal basis: Legitimate interest (Art. 6(1)(f)) or consent, depending on channel and applicable requirements. Call recordings for sales purposes are processed based on legitimate interest. Personal data is not used for the training of AI models. Such use of personal data is based on our legitimate interest to understand our customers and to innovate and improve our services.

You may object or opt out at any time.

2.4 Website analytics and service improvement

Purpose: Ensuring site reliability, security, performance, and content relevance.

Legal basis: Legitimate interest (Art. 6(1)(f)).

Data categories: Cookie identifiers, IP addresses, browser/device data, usage logs.

(Analytics is non-identifiable unless combined with other data.)

2.5 Legal compliance

Purpose: Fulfilling statutory requirements (e.g. accounting, requests by authorities).

Legal basis: Legal obligation (Art. 6(1)(c)).
Data categories: Any information required by law.

We may collect and use for any purpose aggregated data, where individual persons are not identified from e.g., statistical data collected in connection with the provision of services. Such non-personal data is outside the scope of this Privacy Policy.

Whenever processing relies on legitimate interest, we conduct a balancing test to ensure your rights are not overridden. You may object to such processing at any time.

We obtain personal data from:

– You directly, via forms, demo bookings, emails, chats or event registrations.
– Your behaviour, through cookies and analytics on www.evenpay.io.
– Customer databases, if you interact with us as a customer or trial user (roles, contact details).

Depending on your interaction with us, we may process:

4.1 Basic and contact details
Name, job role/title, organisation, country, email, phone number.

4.2 Company information
Industry, size, HR/tech stack information (only when voluntarily provided).

4.3 Marketing and communication data
Email interactions, content downloads, event attendance, chat transcripts, campaign participation.

4.4 Technical and behavioural data
IP address, device identifiers, browser type, cookie IDs, session data, usage logs.

We do not perform automated decision-making or profiling that produces legal or similarly significant effects. We may use the personal data collected from you to enhance our services. This includes, but is not limited to, utilising this information to better understand customer behaviour, needs, and preferences, to improve existing functionalities, to develop new features, and to provide a more personalized and effective user experience.

Evenpay uses cookies, local storage, pixels and web beacons to:
– remember preferences
– analyse website performance
– personalise and optimise content and marketing

You may manage or disable cookies through your browser settings. Restricting cookies may affect site functionality.

Third-party analytics tools (e.g., Google Analytics) may process pseudonymised data on our behalf. All processing follows GDPR requirements.

6.1 Service providers (Processors)

We use trusted third parties for CRM, email delivery, analytics, hosting, infrastructure and call recording services. These providers may include, for example, hosting providers, analytics services, customer support tools and call recording services. They process personal data strictly according to our instructions under appropriate Data Processing Agreements.

Our processing and security practices align with the contractual terms and DPA contained in Evenpay’s general terms. We may also share your personal data with trusted marketing partners for purposes such as sending relevant communications, conducting customer analysis, or improving our marketing efforts, provided that such sharing is compliant with applicable data protection laws and, where required, based on your consent.

6.2 International data transfers

As a principle, data we collect is processed by us within the European Union (EU)/European Economic Area (EEA) and in third party data processing facilities within the EU/EEA. Some of our service providers may have access or are located outside the EU/EEA and their processing of your personal data may involve a transfer of data outside of EU/EEA. If a transfer outside the EU/EEA becomes necessary:

– we use EU Standard Contractual Clauses (SCCs), or
– another lawful transfer mechanism under GDPR, and
– ensure adequate safeguards. 

We will take necessary steps to provide appropriate safeguards for international data transfers and to the extent necessary implement supplementary measures for protection of personal data as required by applicable laws.

6.3 Authorities

We may disclose data when required by law, regulation, or a competent authority.

6.4 Corporate transactions

In mergers, acquisitions or similar arrangements, personal data may be transferred to the acquiring entity subject to confidentiality obligations.

Evenpay never sells personal data.

We retain personal data only as long as necessary for each purpose:

Marketing contacts: Until consent is withdrawn; thereafter retained for up to 24 months to manage re-subscription logic.

Event/webinar registrations: 24 months after the event.

Website analytics logs: Up to 26 months (default analytics retention).

Pre-contract and sales communication data: Typically 24–36 months depending on relevance.

Contractual customer data: Stored for up to 6 years after the relationship ends, aligned with limitation periods.

Accounting and statutory records: Up to 10 years under Finnish law.

Data is regularly reviewed and securely deleted or anonymised when no longer needed. We will retain the personal data only for as long as necessary to provide our services, fulfil contractual obligations, and comply with applicable legal requirements. After that, we will securely dispose of your personal data.

In accordance with Evenpay’s technical and organisational controls, we apply:

– Technical safeguards
– Encryption in transit (TLS) and at rest
– Firewalls, WAF and DDoS protection
– Security-hardened cloud infrastructure (Google Cloud EU regions)
– Access control, monitoring, logging
– Regular backups stored within the EU
– Organisational safeguards
– Role-based access, least-privilege principles
– Confidentiality obligations for Evenpay staff
– Mandatory security and privacy training
– Documented procedures for incident handling
– Physical safeguards
– Secured data center access (Google Cloud)
– Controlled handling and destruction of any temporary paper material

Under GDPR, you have the following rights:

– Right of access – to obtain confirmation and a copy of your personal data
– Right to rectification – to correct inaccurate information
– Right to erasure (“right to be forgotten”)
– Right to restrict processing
– Right to object, including to direct marketing
– Right to data portability
– Right to withdraw consent at any time
– Right not to be subject to automated decision-making

To exercise your rights, contact [email protected] with the subject line “Privacy Request”.

We may need to verify your identity before fulfilling your request.

You may also lodge a complaint with the Office of the Data Protection Ombudsman ([email protected]).

Our services are not directed or intended for the use of, and we do not knowingly collect information from, children under the age of 18. If you are under the age of 18 and we have inadvertently collected your personal data, we will delete the information as soon as possible after learning about such collection. Please contact us at [email protected] if you are aware that we may have inadvertently collected personal data from a child under the age of 18.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. We will notify you of any significant changes by posting a notice on our website. The latest version is always available at www.evenpay.io/privacy-policy.

Material changes will be communicated through our website or email when appropriate.

For any questions about our privacy practices or this Policy, contact: [email protected]