Y4 Works logo

Privacy Statement

Our GDPR (679/2016) compliant statement on how we process your data

At Y4 Works, your data matters. This privacy statement tells you who processes your personal data, why we do it, and when we do it. Below, you will find a detailed description on how your data is collected and processed.


Y4 Works Oy (later “Y4 Works”, “Y4,” or “us”)
Business ID: 2978296-6
Address: Kanavaranta 9, 00160 Helsinki
Phone: +358 44 741 8648
Email: tiimi@y4works.fi

If you have questions on data protection at Y4 Works, you can contact

Otso Kratz
p.:  +358 44 241 0689
e.: tietosuoja@y4works.fi

Grounds and purposes for processing your data

We collect personal data from our customers, potential customers and visitors to maintain client relationships, to market our services, to measure our service results, to develop our digital services, to fulfill our employer obligations, and to recruit responsibly.

We collect data both on business customers (advisory, consultancy and training services) and on individual customers (employment support, career coaching and training).

We only collect and process your data when at least one of these conditions are met:

  • we have your permission to process your data
  • we have a contractual obligation to process your data
  • to fulfill legal obligations
  • we have a legitimate interest to process your data
  • you have publicly undisclosed the processed data.

Regular sources for personal data

We regularly gather personal data from the following sources:

  • Directly from our data subjects
  • From the Finnish Trade Register
  • From the Digital and Population Data Services Agency
  • From Vainu, Bisnode, Asiakastieto and other private service providers offering business entity data
  • From public digital sources of our customers and potential business customers, and from analytic tools drawing data from these sources
  • From the TE office, the ELY centers and other public sector partners as a part of service providing agreements and contracts

What data do we process?

We only collect and process personal data which is necessary for the purposes stated in this Privacy Statement. We may process personal data under the following topics.

Basic information and data we need to maintain customer relations

Name, phone number, email address, company name, business ID, industry, KPI’s, business data from public records, contents of customer transactions, and other data necessary to maintain customer relations.

From individual customers, we may also collect data regarding employment status and history. Collecting and processing personal ID’s is sometimes necessary to fulfill contractual obligations to provide services.

In recruiting and recruiting assignments we may collect the applicants contact information, professional skills, work applications, CV’s, and other information provided by the applicant. We also collect and process necessary data to fulfill legal employer obligations.

Data used in marketing and sales

Data concerning status and position in business or public office, professional interests, other data you share, dat of marketing directed at you, participation in public events, direct marketing permissions, and expressions of consent including bans and limitations you have set.

User data in digital services

We develop our website and our other digital services using Google Analytics and Google Tag Manager. With these tools, we can analyze how our services are being used and develop them accordingly. To allow this, we use cookies. Your data in our digital services is never collected or processed in a way that allows your data to be associated to you personally. You can modify your cookie settings on our website or in your browser or device settings. If you deny all cookies, it is possible we are not able to provide you with the services you need.

In our digital service, we use tertiary community plugins that help us manage marketing campaigns in social media, and follow how our digital services are used. Digital services offering these plugins can set cookies of their own and according to their own privacy statements. More information on the community plugins we use: Facebook, LinkedIn, Youtube, Twitter.

Examples of user information in our digital services:

  • Registering information required for service: user name or an alias, password, and other personal information
  • Service use and browsing information, shown adds and clicking data
  • Browsing information on the website from which you were directed to our website, device and browser model, cookie ID and mode of data accumulation
  • Browser version, IP address (anonymisized in Google Analytics), session ID, session time and length, screen resolution, operating system and location data

Disclosing personal data

By default, we do not disclose your personal data. 

As a part of providing a service, we might disclose specific and limited information to a specific recipient, e.g. the TE office as a part of a legal obligation or a contractual obligation. As we work under Finnish legislation, it is also possible we are obliged to disclose specific your personal information to Finnish or European legal authorities.

In some cases, we are required to share your personal data with third parties, e.g. a subcontractor. This is always done in compliance with a written agreement on data protection with the third party, including at least the protocols and level of security set in this Privacy Statement. If we share your data with a third party, it is always limited to use for the same purposes the data was originally collected for, e.g. providing a service you have requested.

If you’re applying for a job vacancy through us, we might share your information with your potential future employer. The employer is responsible for the methods they process this data, although it is always done according to a written agreement on data protection. You can always contact us for more detailed information on how we process your personal data with third parties.

Data transfers outside EU/ETA area

By default, we do not transfer your data to countries not in the EU/ETA area. If for some specific reason we should do this, it is always done in compliance with the standard contractual clauses issued by the European Commission.

Protecting your personal data

We process your data ensuring the safety of your personal data including protection from illegal processing, accidental deletion, loss, and corruption.

To ensure this goal is met, we use technical and organizational protection methods including fire walling, encryption, upholding the safety of our physical infrastructure, limitation and control of access to our premises, careful maintenance of login information and constant training of our people processing your data.

We as a company and every employee at Y4 Works who processes your data are, under threat of penalty, legally obliged and to process your data in compliance the Employment Contracts Act (55/2001). Every employee has also signed a separate Non-Disclosure Agreement that maintains an even higher standard of data protection than the said Act.

Timeframe of storing data

We process your data according to the following time limits:

  • Job applicant records: maximum of three years. If the applicant so wishes, we can delete the records earlier or store them for longer.
  • Business customer records: maximum of ten years.
  • Employment coaching records: maximum of two years.

After this time has expired, your data will be deleted or anonymized according to our deletion protocol stated in our Directive on Data Protecion.

Y4 Works retains the right to process personal data longer than these timeframes to comply with Finnish and European legislation, as well as with other requirements from public authorities.

Your rights as a data subject

Right of access to your personal data

As a data subject, you have the right to receive confirmation if your data is being processed by us. If so, you have the right to a copy of all your personal data.

Right to cancel your consent to data processing and direct marketing

As a data subject, you can cancel your consent to data processing and direct marketing at any time. You can also, at any time, deny the use of your data to direct marketing including profiling.

Right to rectify

As a data subject, you have the right to demand rectification of inaccurate or misleading personal data. You also have the right to receive a copy of your corrected personal data.

Right of deletion

As a data subject, you have the right to demand deletion of your personal data if:

  • your data is no longer needed for the purposes it was originally collected; or
  • you cancel your consent we have based our right to process your data on, and there is no other legal justification for processing your data; or
  • your personal data has been processed illegally.

Right to limit data processing

As a data subject, you have the right to limit the processing of your personal data if:

  • you dispute the accuracy of your personal data; or
  • we process your data illegally, you oppose the deletion of your data and demand instead we limit the processing of your data; or
  • we no longer need your data for the purposes the data was originally collected but you need the data in order to pursue a legal demand, or to defend yourself from one.

Right to object

As a data subject, you have the right to object partially or completely the processing of your personal data based on a particular personal reason. In this case, we are not allowed to process your data unless we can establish a particularly important and justifiable reason superseding your benefits, rights or liberties. Even in this case, we are still allowed to keep processing your data to pursue a legal demand, or to defend ourselves from one.

Right to transfer data between processing tools

As a data subject, you have the right to receive your personal data in a structured, commonly used and digitally readable form. You also have the right to transfer your data to another registrar.

Right to notify the supervising official

The public official supervising the data processing protocols stated in this Privacy Statement is the Data Protection Ombudsman working under the Ministry of Justice. As a  data subject, you have the right to notify the Data Protection Ombudsman if you think your data is collected or processed wrongfully or illegally. You can read more on this subject on the Data Protection Ombudsman website.

Changing the data processing protocols 

We develop our methods of data processing constantly. In order to get better, we may have to update and alter our data processing protocols stated in this Privacy Statement. We may also have to update our data processing protocols to oblige with new legislation.

If the alterations or updates contain new purposes for data processing or if the data processing protocols change otherwise significantly, we will notify all data subjects beforehand and, if necessary, ask for permission to keep processing the data under the new protocol.

Our privacy statement in Finnish here.

Y4 Insights

Subscribe to our insights (in Finnish).

By submitting the form, you agree to the use of your data in accordance with Y4 Works’ privacy policy.