Pihla’s privacy policy

These principles apply to the processing of personal data of Pihla’s customers.

The purpose of this policy is to provide our current, former and potential customers (collectively “customers”) with a general understanding of the following:

  • the situations in which we collect and process your personal data
  • the types of personal data we collect
  • the purposes for which we collect personal data; and
  • the ways we process data

We collect and process your personal information to provide you with products and services. We treat all your personal information confidentially and your privacy is central to all the services we provide.

We adhere to the following five principles to protect your personal data and provide you with a better customer experience.

Freedom to choose

Your personal data belongs to you. We strive to make no assumptions about your privacy wishes and to design our services so that you can choose whether or not to provide us with your personal information.

Balance of interests

Where the processing of your personal data is necessary for the purposes of fulfilling a legitimate interest, and where that interest overrides the need to protect your privacy, we may process certain of your personal data without obtaining your explicit consent. For those personal data whose processing is based on your consent, please see the section on consent below.


Pihla aims to process only personal data of customers that is necessary for the purpose for which it was collected.

We aim to process your personal data anonymously whenever a function or service can be performed with anonymous data. If we combine anonymous data or other information with your personal data, it will be treated as personal data for as long as it remains in the combined form.


Pihla will provide customers with additional information on the processing of personal data upon request.

Compliance with regulations

It is Pihla’s policy to comply with applicable privacy and data protection laws and regulations in all countries where we operate. Where necessary, we will modify the processing of personal data described in this policy so that we comply with applicable laws and regulations.

Useful definitions

The following terms used in these Principles have the meaning given to them by EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Accordingly:

” Controller ” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

‘Processor’ means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

“Processing” means any operation or set of operations which is performed upon personal data, whether by automatic or manual means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

“Sensitive personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sex life.

Collecting data

You may provide us with information about yourself when you use Pihla’s services and in other communications with Pihla, such as through our websites or customer service centres. We may also receive such information from our authorised resellers and other third parties. Such information (“Personal Data provided by the Customer”) may include:

  • your contact information (name, address, telephone number, email address, etc.)
  • information relating to the purchase and use of our products and services (customer preferences and settings, purchase history, etc.)

We take special precautions and use special security measures and requirements set out in applicable legislation when collecting and processing sensitive personal data.

Other types of information may also be required by law to be treated as sensitive personal data.


Where reasonably practicable or required by law, we will provide you with the following information when we collect or register your personal data: (i) details of the reasons why your personal data is being processed, (ii) information about the controller, (iii) information about any third parties to whom the data may be disclosed and (iv) any other information that may be necessary to ensure that you can protect your rights.

For example, the above information may be provided in connection with the purchase of products or services, participation in competitions.


Where reasonably practicable or required by law, we will ask for your consent before we collect or process your personal data. Your request for consent will be clearly expressed and will provide you with information that is sufficiently detailed to enable us to make a decision. You can always withdraw your consent by notifying us at the email address indicated in the Privacy Notice or by visiting us in person at our Jyväskylä office at Ahjokatu 3-5, 40320 Jyväskylä on weekdays from 9 a.m. to 3 p.m., with your ID.

Processing of third parties

We may disclose data to third parties for processing purposes. For example, carriers for the transport of goods, invoicing information, financial contract information, etc. We will endeavour to keep the information disclosed only for the purposes of the need in question.

We have concluded a data processing agreement with all third parties and require them to exercise absolute diligence and to comply with the Data Protection Regulation.

Use of data

The personal data collected about you by Pihla is used for the following purposes:

  • providing you with products and services, including verifying your eligibility for certain purchases and services, and providing you with better offers and customer experiences.
  • informing you of updates and changes to our products and services, including changes to our terms and conditions and policies
  • informing you about new products, services and events
  • providing product support and services.
  • product development, such as improving the performance, quality and safety of windows and doors
  • evaluating and developing our offerings and liaising with customers
  • complying with legal requirements.

If the use of your personal data is based on consent, you can withdraw your consent by contacting us at the address set out in Pihla’s Privacy Policy, or by any other means we indicate. However, unless otherwise required by law, you generally cannot prevent the processing of your personal data in the following situations:

  • commercial transactions, billing, warranty processing.
  • processing of your personal data to send you important notifications regarding, for example, changes to contractual terms and conditions.
  • processing of your personal data as required by law.

Data retention

We will retain your personal data only for as long as necessary to fulfil the purposes of this Policy or for any other purpose we have notified to you.
This means that once you have given your consent to the processing of your personal data, we will retain your data in accordance with your consent and/or until you withdraw your consent. If you have withdrawn your consent, we may nevertheless retain certain personal data for a period of time sufficient to enable us to comply with legal requirements imposed on us and to provide for our defence in the event of legal disputes. If we have not obtained your consent to process your data, the data will be kept only to the extent permitted by law.

Accuracy of data

When we process your personal data, we always aim to ensure that it is accurate and up to date. We will endeavour to delete or correct any inaccurate or incomplete information.For more information about your right to verify the accuracy of your personal data held by us, please see the section below entitled “Data and verification”.

Information and verification

As noted in the “Notice” section above, we may provide you with certain information regarding our processing of your personal information when we collect or record such information.

You have the right to request, free of charge, information about (i) what personal information we process about you, (ii) where the personal information is collected, (iii) the purposes for which the information is processed, and (iv) with which recipients or categories of recipients the personal information is shared. The Privacy Notice contains further information on the rights of the data subject and contact details for submitting a request. The request should include your name and address and preferably also your e-mail address. You also have the right to request that we correct, delete or block access to inaccurate information about you. You must also provide proof of your identity when requested.

Your request will be handled promptly and appropriately. Requests for erasure of personal data will be subject to applicable law. Pihla may charge an administrative fee for processing such a request, if permitted by law.

Information security

Pihla will take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, and against unauthorised access, loss or alteration.

unauthorised disclosure or use and other unlawful processing. We aim to ensure that the level of security and the measures taken to protect your personal data are appropriate to the risks associated with the nature and use of your personal data.

Disclosure of data to third parties

Pihla may disclose your personal data to:

  • Between Pihla Group entities
  • to other partners to send you offers and other communications about products and services and for research and development purposes
  • where required by law, for example in response to a request for information from a public authority or in connection with litigation or other legal proceedings; and
  • in a good faith effort to protect our rights by disclosing information, for example, in connection with an investigation of potential breaches of contract or to detect, prevent or disclose fraud or other security risks.

Where Pihla acts as data controller, your personal data will in principle only be disclosed to a third party if you have given your consent. However, we may disclose your personal data without your consent in the following situations, unless we consider your consent necessary in an individual case or if required by law:

  • Disclosure is necessary for the purposes of Pihla’s legitimate interests (for example, to protect our legal interests, as described above).

Where we transfer your personal data to third parties or between Pihla and Pihla Group entities, we will seek to assess whether the transfer requires additional security measures (for example, in situations where personal data could be transferred from one country to another).

Data processing in our organization

We only allow access to your personal data to those Pihla Group employees and suppliers who need to process the data for our purposes and who are contractually obliged to process your personal data securely and confidentially. We will endeavour to choose the option for data processing services that best protects your personal data in relation to third parties.


We will not sell or exchange your personal data with third parties unless you have given your consent.

We will not disclose your personal information to third parties for marketing purposes unless we have your consent to do so. If you have given such consent but no longer wish to receive marketing material from a third party, please contact that third party directly.

We may provide you with information about new products, services, events or similar marketing activities. If you wish to unsubscribe from a newsletter or similar communication sent by email, please follow the instructions in that communication.

Websites and cookies

All websites available to our customers have a privacy notice and information about the cookies we use. In certain countries, websites also have a web-based procedure for accepting or blocking cookies.

We recommend that you read the applicable notices and information carefully when visiting our websites.

Our website uses a variety of cookies to enable the normal operation of the site, to analyse the use of the site, to improve usability and to target marketing.

Cookies are small text files that are stored on the computer or mobile device of the user visiting the website. Cookies do not contain any personal data, do not allow us to identify you and do not harm your device or files.

Google Analytics cookies allow us to obtain information about, among other things, the number of visitors to our website and the most popular content. Google and Facebook cookies also allow us to show you advertisements that may be of interest to you.

The controller cannot prevent the possible transfer of cookie data from third parties outside the European Union or the European Economic Area.

You can block all or only third-party cookies in your web browser settings. Blocking the use of cookies may prevent you from using certain functions of the website.

For more information about cookies, you can visit, for example:


Pihla reserves the right to make changes to this policy from time to time. If we make changes to this policy and the way we process your personal information, we will provide an updated version of this policy.