Bionto Oy prioritizes your privacy and safeguarding your personal data. In the following sections, we will outline how we handle, utilize and otherwise process any personal data we collect from you. You will find the legal basis for processing your personal data included in specific sections below, including the relevant references to EU reg. no. 2016/679 on General Data Protection Regulation (“GDPR”).

We value your trust and are committed to being transparent about how we handle your personal information. We encourage you to review this Privacy Policy to understand our practices fully.

Controller and contact details of the controller

Controller: Bionto Oy

VAT-number: FI33825973

Contact person: Terhi Puranen

Address: Kytäjänkatu 23 A, 05830, Hyvinkää Finland

E-mail: dataprotection@bionto.fi

Purposes, legal bases and the categories of personal data

When interacting with us, we may collect different types of data about you. We ensure that we only use your personal information when it is legally permitted. Here are the primary scenarios in which we collect and utilize your personal data:

1) Managing our business relationship

To ensure we maintain a connection with you, we may collect certain information about you. This helps us effectively manage our relationship. The types of information we collect include:

Full name: We collect your full name to ensure accurate identification.

Job title: Your job title helps us understand your role within your organization.

Email address: We request your email address to response to you, send you newsletters and communicate important information.

Company name: Knowing your company’s name allows us to tailor our services to meet your specific needs.

Phone number: Your phone number enables us to reach you directly.

Legal base: We process your information to pursue our legitimate interest in managing our relationship with you. We carefully consider that our interests do not override your interests, fundamental rights and freedoms (as outlined in GDPR, art. 6 (1)(f)).

2) Non-sensitive conversation data

We may occasionally retain relevant, non-sensitive conversation data you’ve shared with us, as well as information from your profiles and accounts. This includes details you choose to share, which help us better understand your preferences and requirements.

Legal base: We process your information to pursue our legitimate interest in managing our relationship with you. We carefully consider that our interests do not override your interests, fundamental rights and freedoms (as outlined in GDPR, art. 6 (1)(f)).

3) Handling customer orders

When processing your orders, we collect specific information to ensure a smooth experience and fulfil our contractual obligations. This includes screening orders for potential risks or fraudulent activity. The information we gather includes:

Email address: We require your email address to communicate order updates and important information.

Company name: Knowing your company’s name helps us accurately process and address your order.

Billing and shipping addresses: Your billing address ensures proper invoicing, while the shipping address facilitates timely delivery.

Phone number: Having your phone number enables us to contact you regarding any order-related concerns.

Job title:  Your job title helps us better understand your role within your organization.

Payment information: We collect payment details to securely process transactions.

Legal base: We process this information to fulfil the contract we have or are about to enter into with you (as specified in GDPR, art. 6 (1)(b)). This enables us to effectively meet your order requirements. Additionally, we process your information to protect against potential risks or fraud, aligning with our legitimate interest in maintaining a secure and trustworthy environment for all customers. We carefully evaluate that our legitimate interest does not override your interests, fundamental rights and freedoms (cf. GDPR art. 6 (1)(f)).

4) Marketing products and services

We collect information about you to tailor our products and services to your interests, ensuring that you receive relevant updates and offers. This may include sending newsletters and other marketing communications. The types of information we collect include:

Preferences: We gather your preferences for receiving marketing materials and other communications from us. This allows us to personalize our offerings and improve our services.

Usage Data: We collect data on how you interact with our apps, websites, products, and services, enabling us to improve and refine our services.

Legal base: We process this information to pursue our legitimate interest in managing our relationship with you. We carefully assess that our legitimate interest does not override your interests, fundamental rights and freedoms (cf. GDPR, art. 6 (1)(f)).


In certain cases, we may seek your explicit consent, such as when you opt in to receive newsletters or other marketing communications (cf. GDPR, art. 6 (1)(a)). For further details, please refer to the additional information provided under the “Marketing” section.

5) Apps, websites and other digital solutions

We use the information collected from your interactions with our websites, apps, and digital solutions to enhance your experience and deliver personalized services. This enables us to tailor your visits and improve our services. The types of information we collect include:

Technical data: We collect technical data, including your IP address, login data, browser type and version, plug-ins, time zone setting, location, and operating system on the devices you use

Username and password: To ensure secure access to our digital solutions, we collect and store your username and password.

Purchases or orders: If applicable, we may collect information about purchases or orders made by the company you work for.

Interests, preferences, and feedback: We gather information related to your interests, preferences, and feedback to personalize our offerings and improve our services.

Usage data: We collect data on how you use our apps, websites, products, and services to gain insights and enhance user experience.

Legal base: We process this information to pursue our legitimate interest in managing our relationship with you. We carefully assess that our legitimate interest does not override your interests, fundamental rights and freedoms (cf. GDPR, art. 6 (1)(f)).

6) Physical site visits

When you visit our sites, we collect certain information to maintain physical security and improve your experience. The types of information we collect include:

Full name: We request your full name to accurately identify you during your visit.

Company name and address: Knowing your company’s name and address helps us understand your affiliation and purpose of visiting.

Allergies and dietary preferences: If you have any allergies or specific dietary requirements, we take note of them to cater to your needs if applicable. You may provide this information with your explicit consent. Information regarding allergies and special dietary needs is deleted immediately after the visit.

Job title: Your job title provides us with insights into your professional background, aiding us in providing relevant assistance.

Relationship with us: We inquire about your relationship with us to understand the nature of your visit.

CCTV/Video surveillance: To protect assets, operations, employees, customers and other visitors, we have security cameras installed to prevent, detect or investigate security incidents. Monitoring complies with applicable laws on data privacy and signage.

Legal base: We process this information to pursue our legitimate interest in identifying who is present at our facilities, understanding the purpose of their visit and protecting our assets and those of our guests. We carefully assess that our legitimate interest does not override your interests, fundamental rights and freedoms (as outlined in art. 6 (1)(f) of the GDPR).

7) Legal and regulatory obligations

To fulfil our legal or regulatory obligations, we may need to collect certain information about you. The types of information we collect include:

Full name: We require your full name to accurately identify you in relation to the specific legal or regulatory requirement

Job title: Your job title provides context regarding your role and responsibilities, which may be relevant to the legal or regulatory obligations

We may collect other necessary information as required by law.

Legal base: This may be to ensure compliance with trade sanctions and laws regarding export control. This ensures our compliance with applicable legal or regulatory obligations applicable within EU/EEA (cf. art. 6 (1)(c) or outside EU/EEA (cf. GDPR, art. 6 (1) (f)).

9) Webinars

When you participate in our webinars, we collect specific information to ensure the session runs smoothly and to enhance your experience. The types of information we collect include:

Email address: We request your email address to communicate webinar-related updates and important information.

Company name: Knowing your company’s name helps us understand the audience and tailor our webinar content accordingly.

Job title: Your job title provides us with insights into your professional background, enabling us to deliver relevant content.

Legal base: We process this information to pursue our legitimate interest in understanding the participants of our webinars. We carefully assess that our legitimate interest does not override your interests, fundamental rights and freedoms (cf. GDPR, art. 6 (1)(f)). Furthermore, the additional information, we collect is processed to fulfil our contractual obligation of providing the webinar to you (cf. GDPR, art. 6 (1)(b)).

10) Information related to your participation and interest in the specific webinar and the corresponding business area.

Information related to your participation and interest in the specific webinar and the corresponding business area helps us analyse and improve our webinar offerings.

Legal base: We process this information to pursue our legitimate interest in understanding the participants of our webinars. We carefully assess that our legitimate interest does not override your interests, fundamental rights and freedoms (cf. GDPR, art. 6 (1)(f)). Furthermore, the additional information, we collect is processed to fulfil our contractual obligation of providing the webinar to you (cf. GDPR, art. 6 (1)(b)).

11) Other types of data

In addition to the aforementioned information, we may also collect, use, and share Aggregated Data for various purposes. Aggregated Data refers to statistical or demographic information that is derived from your personal data. However, it does not directly or indirectly reveal your identity and is therefore not considered personal data under the law. For instance, we may aggregate Usage Data from multiple users to calculate the percentage of people accessing a specific feature on our website. This allows us to analyse trends and improve our services. It is important to note that when Aggregated Data is combined or connected with your personal data in a way that it can directly or indirectly identify you, we treat it as personal data and handle it in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you, other than allergies and dietary preferences, which you may provide with your explicit consent. This includes sensitive information related to your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic or biometric data. Additionally, we do not gather any details about criminal convictions and offenses.

Consequences of not providing your personal data When it comes to using your personal data, there are different scenarios to consider. Here are the potential outcomes based on your choices:

•Legal Obligation or Legitimate Interests: If we are required by law or have a legitimate interest in using your personal data, providing it becomes mandatory. Failure to provide the necessary information may prevent us from fulfilling our contractual obligations or providing certain services. For example, you may not be able to receive newsletters, or fully benefit from our offerings.

•Voluntary Data: In cases where providing personal data is voluntary, such as before entering a contract or consenting to marketing activities, it is your choice whether to share that information. However, declining to provide voluntary data may result in our inability to fulfil the contract or restrict certain services.

•Data Collection from Children: We do not target or engage with children on our platforms, and we do not collect personal data from children.

It is essential to understand that if we have a legal obligation or contractual agreement that necessitates personal data and you fail to provide it upon request, we may not be able to proceed with the contract or provide the requested product or service. We will inform you promptly if such a situation arises.

Marketing. We appreciate your interest in our products and services. If you’ve consented to receive marketing communications, you can opt out at any time. We are committed to providing you with choices regarding the use of your personal data, especially for marketing and advertising. You have the right to request that we stop contacting you for marketing purposes at any time. To unsubscribe from marketing messages, click the unsubscribe link in the mail you have received or send an email to dataprotection@bionto.fi. We will promptly update our records to respect your preferences.

Please note that opting out of marketing messages does not apply to messages relating to other purposes, such as those related to product/service purchases or experiences. We will continue to handle that data as necessary. We respect your preferences and prioritize the protection of your personal information.

12) Cookies

Cookies are small text files placed on your computer that collect standard internet log information and visitor behaviour data. This information helps us track how visitors use our website and compile statistical reports on website activity.

You have the option to customize your browser settings regarding cookies. You can choose to refuse all or some browser cookies or set alerts when websites attempt to set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Please be aware that some of the cookies on our website are set by third parties. In these cases, we generally act as joint data controllers with the respective third parties. However, this joint data controllership only applies to the collection and sharing of personal data from visitors to our website.

We store cookies if they are strictly necessary for the operation of our site. For all other types of cookies, we need your permission. You can at any time change or withdraw your consent on our website

Sources and updating of personal data

We use different methods to collect your personal data, including:

Direct interactions. You may provide us with your personal data by filling in forms or corresponding with us via post, phone, email, or other means. This includes when you subscribe to our services or publications, request marketing materials, apply for our products or services, participate in competitions, promotions, or surveys, or provide feedback.

Automated technologies or interactions. When you interact with our website, we automatically collect technical data about your device, browsing activities, and patterns. This information is gathered using cookies, server logs, and similar technologies. We store cookies if they are strictly necessary for the operation of our site. For all other types of cookies, we need your permission. You can at any time change or withdraw your consent on our website.

Third parties or publicly available sources. We may also receive personal data about you from third parties, including:

•Technical Data from various parties (such as Google Tag Manager, Siteimprove Analytics, LinkedIn Analytics, Twitter Analytics and Google Analytics Audiences)

•Technical Data from advertising networks (such as Google DoubleClick, LinkedIn Marketing Solutions and Ads, Twitter Advertising, Facebook Custom Audience and Twitter Conversation Tracking).

•Personal data from social media platforms (such as Facebook Connect).

Disclosures of your personal data to third parties

•Occasionally we may have to share your personal data with internal and/or external third parties. This may include IT service providers, distribution partners, third-party business partners, insurance companies, tax and legal advisors, auditors and accountants, public authorities, regulatory or fiscal agencies or law enforcement. Such sharing may be done to comply with applicable laws and regulations (cf. GDPR, art. 6 (1) (c)), to fulfill a contract with you, or to respond to your request in that context (cf. GDPR, art. 6 (1) (b), to pursue our legitimate commercial interests or yours (cf. GDPR, art. 6 (1) (f)).

•We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes. They are only authorized to process your personal data for specific purposes and in accordance with our instructions. A list of third-party service providers and their locations are available upon request.

Data security and international transfers

We take data security seriously and have implemented appropriate measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We limit access to your personal data to authorized individuals who have a legitimate business need to know. These individuals will only process your data according to our instructions and are bound by confidentiality obligations.

Please note that when you upload or send your personal data to us over an open network, we have no control over the security until we receive it. During this transmission, your data may circulate on the open network without security measures, posing a risk of being seen and used by unauthorized parties. Therefore, we recommend communicating and transferring data on secure networks whenever possible.

We share your personal data with third-party service providers within the European Economic Area (EEA). The purpose of sharing is to fulfil the purposes for which we use your personal data. A list of third-party service providers and their locations are available upon request. 

Data retention period

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected. This includes satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider factors such as the amount, nature, and sensitivity of the personal data, the potential risks involved in unauthorized use or disclosure, the purposes for processing the data, alternative means to achieve those purposes, and relevant legal requirements. We will only keep your personal data for as long as it is reasonably necessary, taking into consideration our need to address inquiries, resolve issues, provide improved products and services, and comply with applicable legal and regulatory obligations.

Your rights

We respect your rights regarding your personal data. If you wish to exercise any of the rights listed below, please contact us at dataprotection@bionto.fi. 

Right of access to your data: You have the right to request a copy of the personal data and to inspect the personal data concerning you.

Right to rectify your data: If any of your personal data is inaccurate or incomplete, you can request us to correct or remove it.

Right to have your data erased: In certain cases, you can ask us to delete your personal data. However, we may not always be able to comply with your erasure request and if that is the case, we will notify you of the specific legal reasons for our inability to comply at the time of your request.

Right to restrict the processing of your data: You have the right to request that we limit the processing of your personal data. However, there may be specific legal reasons why we cannot comply, and we will notify you accordingly.

Right to object to the processing of your data: If we are relying on legitimate interests as the basis for processing your personal data, or if we are processing it for direct marketing purposes, you have the right to object. We will consider your objection based on the specific circumstances. In some cases, we may have compelling legitimate grounds to continue processing your information.

Right to withdraw consent at any time: where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. You can withdraw your consent by clicking the unsubscribe link in the mail you receive or by contacting us.

Right to transfer data from one system to another: In certain cases, you may have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Right to lodge a complaint: You have the right to lodge a complaint with the relevant data protection authority in your country.

Right to control digital legacy: You can provide instructions regarding the storage, communication, or erasure of your personal data after your death by contacting us. However, legal obligations or compelling legitimate interests may prevent us from fully complying with your instructions.

Changes to our Privacy Policy.

We regularly review our Privacy Policy to ensure its effectiveness and make necessary updates. Any changes we make will be posted on this webpage. The last update to our Privacy Policy was made on November 19, 2024.

Contacting us

If you have any questions about our Privacy Policy or the information we hold about you, please do not hesitate to contact us. You can reach us via email at dataprotection@bionto.fi.

Dr. Marika Alapuranen

Chief Scientist, Founder

I have built my scientific and technological expertise in the development of microbial strains, platforms, and industrial enzymes. My focus has been and continues to be on enabling the efficient, industrially feasible cell-based production of high-quality biological products.

Working as an expert in a highly competent R&D team is rewarding. I believe that success lies in a consistent and structured way of working that supports innovation and growth.

“I’m a team player and enjoy brainstorming together with colleagues. I value trust, authenticity, and openness – supporting individual and organisational growth.“

Dr. Terhi Puranen

CEO, Founder

I have had the privilege of leading highly successful teams in the industrial enzyme business that have developed competitive products for the mass market for 15 years. I have ensured business competitiveness by building an IP portfolio, and most importantly, by providing day-to-day stakeholder/customer support.

It should come as no surprise that technological development also inspires me. I have designed and led strategies, roadmaps and projects in terms of cell-based production platforms, Bio-IT and R&D digitalization.

“I want to be a value-adding leader that foster a culture of trust, collaboration and learning. I believe it enables our customers to reach their full potential and succeed beyond expectations.“

Katja Palmunen

CTO, Founder

My technological foundation is built on the design of industrial crystallization processes for concentrated and purified products ranging from therapeutic proteins to enzymes. I am delighted to have been able to provide R&D services that are trusted by many, including some of the world’s largest pharmaceutical companies.

That decade was just an appetizer. It was followed by a deeper dive into industrial upscaling, particularly enzyme processing and formulation technologies, leading up to hundreds of commercial bulk enzyme products.

”Set a goal. My passion is to design the most high-quality, streamlined and cost-effective process to achieve the given goal.”