Privacy Notice
Last updated 10.4.2026
Ramirent Finland Oy (“Ramirent”, “we”, “us” or “our”) respects your privacy. This notice explains what personal data we collect, why we use it, who we share it with, where we transfer it, how long we keep it, and what rights you have.
This notice applies to customers, suppliers and other business partners, and to their representatives and contact persons.
1. Who is the controller and how to contact us?
Controller: Ramirent Finland Oy
Business ID: 2077956-8
Visiting address: Tapulikaupungintie 37, 00750 Helsinki, Finland
Postal address: P.O.B. 31, FI‑00751 Helsinki, Finland
Email: tietosuoja@ramirent.fi
If you interact with us on social media (e.g., Facebook, Instagram), please also check the privacy information provided on those platforms. In some cases, we act as joint controllers with the platform provider (see Section 6).
2. What data we collect and from where
We may collect and process the following categories of personal data:
- Identity data – name, customer/supplier ID, details of your organisation, guardian details if a customer is a minor.
- Contact data – email address, telephone number, postal address.
- Customer/Supplier data – orders and services used (including rentals), contracts and negotiations, customer service interactions (e.g., calls, emails, chats), preferences, feedback and surveys, participation in promotions, website and social media activity, and relevant demographic data.
- Purchase & payment data – products/services purchased or supplied, agreement details, payments made or received, subscription details, bank and invoicing details; if you apply for instalments or subscription, creditworthiness information from reputable sources as allowed by law.
- Technical & usage data – IP address, login data, browser and device details, time zone, operating system, plug-ins, app version, and how you use our websites, apps and online services (via cookies and similar technologies—see our Cookie Policy).
- Marketing preferences – consents and opt‑outs for marketing and communications.
- Camera recordings – CCTV from certain areas at our premises.
- Inferred/derived data – segments or indicators we derive from the above (e.g., product interests, service usage groups), created through analytics.
- Telematics/IoT data (where applicable) – where equipment includes connectivity, we may process limited telemetry (e.g., running hours, usage events) linked to a contract or asset; we do not collect continuous location data unless clearly stated for a specific service.
Where we get your data from: primarily from you (when you rent, buy, supply, create an account, contact us, or respond to surveys); from your employer if you act as a representative; from our systems (website, apps, CCTV); and, where permitted, from public sources or credit reference agencies for finance‑related checks.
3. Why we use your data and on what legal bases
We only use personal data where allowed by law. Below we explain our typical purposes and legal bases.
| Purpose | Examples of what we do | Categories of data | Legal basis |
| Contract management (customers & suppliers) | Register you/your company; process orders; deliver/receive goods and services; manage subscriptions and rentals; perform credit checks where needed; handle payments, returns, complaints and warranties. | Identity; Contact; Customer/Supplier; Purchase & payment; Marketing preferences (for service messages) | Contract (GDPR Art. 6(1)(b)); Legal obligation for accounting/tax (Art. 6(1)(c)) |
| Customer service & communications | Respond to queries via phone, email, web forms, chat or social media; surveys and feedback you choose to provide. | Identity; Contact; Customer/Supplier; Marketing preferences | Legitimate interests to run our business and assist users (Art. 6(1)(f)) |
| Website/app operation | Provide access, security and performance; prevent abuse/fraud; troubleshooting and maintenance. | Technical & usage; Identity/Contact (as needed) | Legitimate interests (IT operations, security) |
| Analytics & service improvement | Analyse usage to improve products, services, customer experience and support. | Technical & usage; Customer/Supplier; Purchase & payment; Inferred/derived | Legitimate interests (service improvement). Cookies requiring consent are only used with your consent. |
| Marketing (own services) | Send newsletters and offers; personalise content; measure campaign effectiveness. | Identity; Contact; Customer/Supplier; Technical & usage; Inferred/derived; Marketing preferences | Legitimate interests (direct marketing). For email/SMS/push, we use consent where required by law; you can opt out anytime. |
| Targeted advertising | Display ads on our or third‑party sites/social media based on your interests. | Technical & usage; Inferred/derived; Marketing preferences | Consent via cookies/trackers (where required). |
| Profiling & segmentation | Create customer segments (e.g., product categories, fleet size) to tailor communications and service. | Identity; Customer/Supplier; Purchase & payment; Technical & usage; Inferred/derived | Legitimate interests (relevance, growth). Consent where cookies/trackers are involved. |
| Automated tools & AI‑assisted processes | Use automated tools (e.g., fraud‑prevention, risk indicators, routing simple requests). We ensure human involvement for decisions that could have legal or similarly significant effects. If we ever rely on solely automated decisions of that kind, we will inform you separately and explain your rights. | Varies per tool; typically Identity; Contact; Technical & usage; Customer/Supplier; Inferred/derived | Legitimate interests (efficiency, risk management); Contract or Legal obligation where applicable. |
| CCTV & site security | Keep people and property safe; prevent, detect and investigate incidents. | Camera recordings | Legitimate interests (safety, crime prevention); Legal obligation where applicable. |
Balancing tests: When we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You can request a summary of the assessment at tietosuoja@ramirent.fi.
4. Cookies and similar technologies
We use cookies and similar technologies on our websites/apps. Non‑essential cookies (e.g., analytics, advertising) are used only with your consent. See our Cookie Policy and adjust preferences via Cookie Settings.
5. Who we share your data with
We share personal data only as needed for the purposes above:
- Within the Ramirent group for internal administration and to use shared IT systems (legitimate interests).
- Service providers (processors) – e.g., hosting and cloud services, IT support, CRM and marketing automation, analytics, logistics, customer service tools, printing and mailing, payment processing, and delivery/collection services. These providers act under our instructions and appropriate contracts.
- Independent controllers – e.g., payment service providers; financing partners; social media platforms when you interact on our pages or see our ads; insurers and grant administrators where applicable.
- Public authorities and regulators where required by law.
- Mergers, acquisitions and corporate transactions – in connection with a business sale, merger or reorganisation, under appropriate safeguards.
- Social media joint controllership – see Section 6.
We do not allow our processors to use your data for their own purposes.
6. Social media and joint controllership
When you visit our pages or interact with our content on social media (e.g., Facebook and Instagram), Ramirent and the platform provider may act as joint controllers for certain insights and targeting features. The platform’s privacy information and joint controller arrangements apply in addition to this notice.
- Meta Platforms Ireland Ltd: Facebook Page Controller Addendum / Instagram Addendum
- You can manage your ad preferences directly in the relevant platform settings.
7. International data transfers
Some of our service providers and group companies are located outside the European Economic Area (EEA). When we transfer personal data internationally, we ensure appropriate safeguards, such as:
- European Commission adequacy decisions (countries deemed to provide an adequate level of protection); and/or
- Standard Contractual Clauses (SCCs), together with transfer impact assessments and supplementary measures where needed.
Third countries we transfer data to
We currently transfer personal data to the following non‑EEA countries (updated from time to time):
- United States – e.g., cloud hosting/analytics
- India – e.g., IT support
- United Kingdom – e.g., group administration/service providers
A regularly updated list of destination countries and relevant recipients is available here: www.ramirent.com/transfers.
You can read more about adequacy decisions and SCCs on the European Commission’s website. Copies of SCCs can be requested at tietosuoja@ramirent.fi (we may redact confidential details).
8. How long we keep your data
We keep personal data only as long as needed for the purposes in this notice, unless a longer period is required by law or needed to establish, exercise or defend legal claims. When no longer needed, we delete or de‑identify the data.
Illustrative retention periods:
- Customer and supplier records – for the duration of the relationship and a reasonable period thereafter (e.g., claims limitation).
- Accounting and tax records – typically 6–10 years, as required by law.
- Marketing consents/preferences – for as long as you subscribe or interact with our communications; we keep proof of consent for up to 2 years after the last use of that consent.
- CCTV recordings – deleted when no longer necessary, and no later than 3 months, unless needed to investigate a specific incident or as required by law.
Where possible, we use pseudonymisation or aggregation to reduce risks.
9. Your rights
Subject to conditions and legal limitations, you have the right to:
- Access your personal data and receive a copy.
- Rectify inaccurate or incomplete data.
- Erase your data in certain cases (“right to be forgotten”).
- Restrict processing in certain circumstances.
- Object to processing based on legitimate interests, including direct marketing (you can opt out at any time).
- Data portability for data you provided to us, where processing is based on consent or contract and carried out by automated means.
- Withdraw consent at any time (this does not affect processing carried out before withdrawal).
- Information about automated decision‑making, including profiling: if we ever make solely automated decisions that produce legal or similarly significant effects for you, we will inform you and explain your rights to human review, to express your point of view and to contest the decision.
To exercise your rights, contact tietosuoja@ramirent.fi. If you are not satisfied with our response, you can contact your local data protection authority. A list of EU/EEA supervisory authorities is available via the European Data Protection Board: https://www.edpb.europa.eu/about-edpb/about-edpb/members.
10. How we protect your data
We apply appropriate technical and organisational measures to protect personal data, including access controls, encryption where appropriate, training, and vendor management. We regularly review our security controls and contracts with service providers.
11. Updates to this notice
We may update this notice from time to time to reflect changes in our processing or in applicable law. We will post the latest version at www.ramirent.fi/en/privacy-policy, include the effective date at the top, and in case of material changes, we will provide an appropriate notice.
12. Contact
If you have any questions about this notice, please contact tietosuoja@ramirent.fi.
- Joint Controller Arrangements: Facebook Page Controller Addendum / Instagram Addendum
- Cookie Policy: www.ramirent.fi/en/cookie-policy
- International Transfers & Safeguards (live list of third countries/recipients): www.ramirent.com/transfers