1 Who we are and what we do?
1.1 Who we are
Name | Sellforte Solutions Oy |
Company ID | 2832424-2 |
Address | Otakaari 5, 02150 Espoo, Finland |
Contact details in data protection matters |
and our group companies: Sellforte Solutions GmbH and Sellforte Solutions UK Ltd (hereafter as “Sellforte“, “we“, “our”, “us“).
1.2 What we do
Sellforte develops and operates an analytics platform (“Platform“) that helps companies (“Customer”) to understand the effectiveness of their marketing and promotions and to make better commercial decisions. In addition to the Platform, we offer supporting services to our Customers, such as regular meetings, onboarding services, professional services, and technical support (together with the platform “Services”).
This Privacy Policy describes our practices regarding the processing of personal data relating to the following types of identified and identifiable individuals (”User”, “you”):
Visitors: Individuals that visit or interact with our website sellforte.com and it subpages, including support.sellforte.com and demo.sellforte.com but excluding careers.sellforte.com and customer specific user interfaces, or/and any other webpage, e-mail, phone call, voice mail, text-message, or ad under our control (collectively as “Sites”).
Prospects: Individuals whose data we process for the purposes of marketing or/and assessing customer eligibility for our Services.
Event visitors: Individuals whose data we process for the purposes of organising events.
Customer Representatives: Individuals who act as representatives for one or more of Customers, for example as an invoicing contact person or subscription admin.
Note that you may fall under one or more of these categories at the same time. Moreover, this Privacy Policy does not apply to our Customers’ employees, staff and/or any individuals using our Services on behalf of the Customer (”End Users”). If you are an End User, please visit the Privacy Policy for End Users on the Platform. This Privacy Policy also does not apply to people interacting with our Careers page (”Job Applicant”). If you are a Job Applicant, please refer to the Careers Page Privacy Policy.
2 What data do we process?
Sellforte processes personal data that is necessary for the purposes specified in this Privacy Policy. Within the limits of the applicable laws and regulation, we receive personal data from many sources, such as:
from you directly or from your use of our Sites and Services;
public sources, such as company registers, public authorities, or other similar sources; and
third parties, such as contact information services, advertising companies, our partners, or other similar sources.
The types of personal data processed, purposes, and legal bases are described below.
Categories of personal data processed | Purposes | Legal basis |
Website analytics and statistics data, such as statistics collected by online service analytics systems (see Cookie policy). | Manage, develop, test, protect, and improve our Sites and Services | Consent |
Basic information, such as name, IP address, identifier, etc. | Sales and marketing purposes | Legitimate interest |
Access data related to Sites, such as access logs with time and IP address to our sites. | Manage, develop, test, protect, and improve our Sites and Services | Consent |
Research and survey information | Manage, develop, test, protect, and improve our Sites and Services | Consent |
Call recordings | Recording some of our sales and other calls for employee training purposes and for improving our sales processes. | Consent. We will notify you and obtain your |
Voicemail | Recording voicemail left to our public voicemail(s). | Legitimate interest. You are informed of recording before you can leave a message. |
Customer communication and marketing information, such as newsletter subscriptions, opt-outs, marketing preferences and interactions. | Managing the customer | Consent |
Information you provide in connection with our events, such as registration data, food preferences, invoicing data | Organizing events | Legitimate interest |
Information related to the relationship and contract with your organisation, such as | Compliance with our contractual and other promises, obligations, and rights (e.g. invoicing, notices, payment facilitation) | Legitimate interest in |
Other information provided or collected with your consent. | Purpose depending on the context | Consent |
Your data is not used for automated decision-making.
3 Will the data be shared with any third parties?
In connection with one or more of the purposes outlined in this Privacy Policy, we may share your personal data with the following recipients:
Third-party companies and individuals to provide our Sites and Services. Such service providers include hosting services, communications and content delivery networks (CDNs), data and cyber security services, fraud detection and prevention services, phone systems, web analytics, e-mail distribution, lawyers and accountants, accounting systems, performance measurement, e-mail, support and customer relation management systems, and any other relevant services (collectively, “Subprocessors“).
These Subprocessors may have access to your personal data, each depending on their specific roles and purposes, and may only use it for such limited purposes as determined in our agreements with them. See the list of our Subprocessors in this Privacy Policy.
Authorities only to the extent required by mandatory legislation.
Sellforte’s subsidiaries and affiliated companies for the purposes described in this privacy policy.
To another organisation in a case where we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, as permitted by law and/or contract.
4 Is data processed outside the EU or the EEA?
We and our Subprocessors process your personal data mainly within the EU/EEA. Some of our Subprocessors operate globally and process personal data outside the EU/EEA as well. In these cases, we take measures to ensure the data is adequately protected. These measures may include an agreement using the standard contractual clauses approved by the European Commission or another mechanism recognized by the applicable data protection legislation, as well as implementing additional safeguards, such as encrypting the data before the transfer.
5 List of Subprocessors
Group | Purpose of subprocessing | Processing location | Data being shared |
Cloud service providers, which are used to host our public demo | Manage, develop, test, | EU | Access data related to Sites |
Customer relationship management and | Managing the customer | Multiple locations | Access data related to Sites |
Website analytics and online advertising service providers | Manage, develop, test, | Multiple locations | Web analytics and |
Financial and contract management services, e.g. accounting and | Compliance with our Accounting and | Multiple locations | Basic information |
Voicemail providers | Voicemail | Multiple locations | Voicemail |
6 How long do we store your data?
We retain personal data for no longer than necessary to fulfil the purposes for which it was collected, in accordance with our data retention policies and applicable legal requirements. The more detailed retention periods vary depending on the data and the purpose of the processing: for example, the data of our Customers’ contact persons is stored for the duration of the customer relationship and data related to accounting and bookkeeping is stored according to the applicable legal requirements. Once the data is no longer required, we securely delete or anonymize it.
If you have any questions about our data retention practices, please contact us.
7 What do we do to protect your personal data?
We prioritize data protection and information security in the design, implementation, and maintenance of our Sites and Services in accordance with the General Data Protection Regulation (GDPR). We have implemented several methods to protect your personal data, including:
Comprehensive security measures: We employ a combination of physical, technical, and administrative security measures to protect your personal data from unauthorized access, use, or disclosure.
Designated data protection personnel: We have assigned personnel to be responsible for overseeing privacy protection and information security within our organization.
Restricted access: Access to systems and databases containing personal data is strictly limited to authorized personnel who have a legitimate, work-related need and the appropriate permissions to process the personal data.
Data minimization: In line with GDPR principles, we practice data minimization by collecting and processing only the personal data necessary to fulfil the specific purposes for which it is required. This approach helps us reduce the risk of data breaches and ensures that we respect your privacy by not retaining excessive or irrelevant information.
Purpose limitation: We collect and process personal data only for specified, explicit, and legitimate purposes. We do not use personal data for purposes incompatible with those initially stated, unless we have obtained the user's consent or have a legal basis to do so.
Accuracy: We take reasonable steps to ensure that personal data is accurate, up-to-date, and, where necessary, corrected or deleted. We encourage you to notify us of any changes in their personal data to maintain the accuracy of your personal data.
Integrity and confidentiality: We employ robust physical, technical, and administrative security measures to protect personal data from unauthorized access, use, or disclosure, maintaining the integrity and confidentiality of the data.
Subprocessor compliance: We require all our subprocessors to adhere to the same data protection principles and GDPR requirements as we do. We carefully select and engage with Subprocessors that demonstrate a commitment to data privacy and security, and we establish data processing agreements with them to ensure they maintain the same level of compliance, lawfulness, fairness, and transparency in their handling of personal data.
If you have any questions about our data protection practices, please contact us.
8 What are your data protection rights?
In accordance with the General Data Protection Regulation, you have several rights, including the right to:
request copies of your personal data;
request that any information you believe is inaccurate will be corrected;
request that any information you believe is incomplete will be completed;
request that your personal data will be erased;
request that the processing of your personal data is restricted;
object that your personal data is processed;
request that your personal data is transferred to another organisation, or directly to you; and
to lodge a complaint to the Finnish Data Protection Ombudsman
(https://tietosuoja.fi/en/home).
Please note that the use of these rights may in some cases be limited or subject to additional requirements under the applicable legislation.
9 Cookie policy
Cookies are text files placed on your computer to collect for example standard Internet log and usage information and visitor behaviour information. To learn more about cookies, visit allaboutcookies.org.
When you use our Sites, we may with your consent collect information from you automatically through cookies. We also use cookies that are required for the website to operate properly without your consent. All other cookies need to be accepted by clicking on appropriate option on the consent request banners on our Sites.
The categories of cookies that we use are:
Strictly necessary cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.
Analytics cookies: These cookies help us to understand how visitors engage with the website. We may use a set of cookies to collect information and report site usage statistics. In addition to reporting site usage statistics, data collected may also be used, together with some of the advertising cookies described, to help show more relevant ads across the web and to measure interactions with the ads we show.
Advertising cookies: We use cookies to make our ads more engaging and valuable to site visitors. Some common applications of cookies are to select advertising based on what’s relevant to a user; to improve reporting on ad campaign performance; and to avoid showing ads the user has already seen.
Functionality cookies: We use a set of cookies that are optional for the website to function. They are usually only set in response to information provided to the website to personalize and optimize your experience as well as remember your chat history.
You can change your consent by clicking on the "Cookie Settings" button in the footer of our main site or on a similar button on our other sites.
Below is a list of cookies that we use on our Sites.
Strictly necessary
Cookies
Cookie Name | Provider / Domain Title | Expiration | Purpose |
| Cloudflare, Inc. — | 30 minutes | Used to distinguish between humans and bots; protects forms/assets with rate-limiting. |
| Cloudflare, Inc. — | Session | Per-request rate limiting and security; validates legitimate traffic. |
| HubSpot, Inc. — | 6 months | Stores the visitor’s cookie consent preferences so the choice persists. |
| Sellforte — | Session | Maintains user authentication and session continuity within the Sellforte demo environment. Required for secure API access and demo functionality. |
Analytics
Cookies
Cookie Name | Provider / Domain Title | Expiration | Purpose |
| HubSpot, Inc. — | 30 minutes | Tracks sessions to determine if HubSpot should increment session count and timestamps. |
| HubSpot, Inc. — | Session | Detects if the visitor restarted the browser during a session. |
| HubSpot, Inc. — | 6 months | Main HubSpot analytics cookie; sets a unique visitor ID and timestamps. |
| HubSpot, Inc. — | 6 months | Visitor ID used for analytics and to deduplicate form submissions. |
| Google LLC — | 1 year 1 month | Used by Google Analytics to distinguish users. |
| Google LLC — | 1 year 1 month | Used by Google Analytics to persist session state. |
| Microsoft Corporation (UET/Clarity) — | Session | Persists a Clarity/UET user ID and preferences after analytics consent. |
| Microsoft Corporation (UET/Clarity) — | Session | Connects multiple page views into a single analytics session after consent. |
| Microsoft Corporation (UET) — | 1 day | Session ID for Microsoft’s UET used for measurement in your setup. |
Storage declaration
Storage Name | Provider | Storage type | Purpose |
| Microsoft Corporation | Local storage | Session ID for Microsoft UET, used to link on-site actions for analytics. |
| Microsoft Corporation | Local storage | Expiration timestamp for |
| Microsoft Corporation (Clarity) | Session storage | Clarity session token used to group multiple user actions into one analytics session. |
Advertisement
Cookies
Cookie Name | Provider / Domain Title | Expiration | Purpose |
| Google LLC — | 3 months | Stores ad click information to measure campaign effectiveness (Google Ads). |
| Microsoft Corporation — | 1 year 1 month | Persistent ID for Microsoft Advertising attribution and frequency capping. |
| RB2B — | 1 year | Firmographic visitor ID used for B2B audience analytics. |
| RB2B — | 30 minutes | Session identifier for B2B visitor analytics. |
| RB2B — | 1 year | Stores coarse location/ISP metadata for B2B segmentation. |
| RB2B — | 1 year | Saves referrer for campaign and audience attribution. |
| RB2B — | 1 year | Token supporting authenticated loading of B2B advertising features. |
| ZoomInfo Technologies LLC | 12 months | Stores a persistent visitor token to identify organisations visiting the site and support B2B targeting or enrichment. |
| Google LLC (DoubleClick) — | 1 year 1 month | Used for ad delivery and reporting (Google Marketing Platform). |
| Microsoft Corporation — | 1 year | Unique user ID used by Microsoft sites/ads for measurement. |
| LinkedIn Corporation — | 2 years | Browser identifier used by LinkedIn for ads measurement and abuse prevention. |
| LinkedIn Corporation — | 6 months | Stores LinkedIn consent state used by LinkedIn insight/ads features. |
| LinkedIn Corporation — | 1 day | Routing/diagnostics for LinkedIn share/insight features tied to advertising. |
| Google LLC — | 1 year 1 month | Supports Google services and ads security/preferences when ad tech is enabled. |
| Google LLC — | 6 months | Helps enforce security and fraud prevention for Google services used with ads. |
| Google LLC — | 1 year 1 month | Stores Google consent settings supporting ads-related services. |
Storage declaration
Storage Name | Provider | Storage type | Purpose |
| Google LLC | Local storage | Google Ads click identifier used to measure conversions. |
| Microsoft Corporation | Local storage | Persistent visitor ID for Microsoft UET to measure conversions and returning visitors. |
| Microsoft Corporation | Local storage | Expiration timestamp for |
| RB2B | Local storage | B2B identifier used for audience analytics and lead generation. |
| Clay (Clay.com) | Session storage | Device identifier used by Clay to recognise returning visits and enrich behavioural data. |
| Clay (Clay.com) | Session storage | Session data collected by Clay to analyse engagement and activity. |
| ZoomInfo Technologies LLC | Session storage | Holds telemetry events queued for ZoomInfo tracking until they are transmitted. |
| ZoomInfo Technologies LLC | Session storage | Contains event-level analytics data for the active ZoomInfo session. |
| ZoomInfo Technologies LLC | Session storage | Unique session ID for ZoomInfo analytics. |
| ZoomInfo Technologies LLC | Session storage | Verifies that the unified tracking script has successfully loaded. |
Functionality
Cookies
Cookie Name | Provider / Domain Title | Expiration | Purpose |
| Intercom, Inc. — | ~9 months | Stores a device identifier so the chat widget can recognise the same browser. |
| Intercom, Inc. — | ~9 months | Anonymous visitor/user identifier for the Intercom chat widget. |
| Intercom, Inc. — | ~7 days | Maintains an active chat/help session across pages. |
| Google LLC (YouTube) — | Session | Maintains a YouTube video session (e.g., keeping the player state across pages). |
| Google LLC (YouTube) — | ~6 months | Estimates bandwidth and improves player experience on pages with YouTube videos. |
| Google LLC (YouTube) — | ~6–12 months | Stores privacy preferences for YouTube embeds (e.g., consent mode state). |
| Google LLC (YouTube) — | ~2–6 months | Feature rollout/configuration token for the YouTube player. |
Storage declaration
Storage Name | Provider | Storage type | Purpose |
| Intercom Inc. | Local storage | Stores the chat widget’s configuration, user interface state, and visitor preferences between visits. |
10 Changes to our privacy policy
Sellforte keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 2025-10-08.