GROWTHAPP PRIVACY POLICY
At Tulevaisuuden Kasvupolut, we take data protection seriously. Privacy and security are at the heart of the GrowthApp service. This Privacy Policy describes the key principles and practices we follow to ensure that your privacy is respected when you use our services. We exercise due diligence in processing personal data and comply with applicable legislation, including the EU General Data Protection Regulation (“GDPR”) and the Finnish Data Protection Act.
The personal data of users of the GrowthApp application (“GrowthApp application”) and visitors to the GrowthApp website (“Website”) is processed by Tulevaisuuden Kasvupolut Oy, the local companies of the Tulevaisuuden Kasvupolut group belonging to the same group and the GrowthApp service (“Tulevaisuuden Kasvupolut”, “GrowthApp”, “we”) provided by them together.
In this Privacy Policy, the term “GrowthApp Service” refers collectively to the Website and the GrowthApp App and other services provided to their users. In this Privacy Policy, the word “User” or “you” refers collectively to our and our group companies’ customers (“Client Company”), authorized users of our Customer Organizations, potential customers and users of the KasvuApp Services. Our Privacy Policy explains, for example, the types of personal data we process, how we process personal data and how you can exercise your rights as a registered user. In some cases, the controller is the Client Company and in such cases, we are the processor of the personal data and our right to process the personal data is based on a contract between us and the Client Company. In other cases, we are the controller. We will try to distinguish these situations below.
Some of our services may also be accompanied by a separate privacy policy. If a separate privacy notice applies to a particular service, we will post it in connection with that service.
This privacy notice may be updated from time to time to reflect changes in our data processing practices or other changes. You can find the current version on the Website. We will not make material changes to this Privacy Policy or diminish users’ rights under this Privacy Policy without notice.
1. Contact information
Tulevaisuuden Kasvupolut Oy
Business ID: 0655067-9
Mailing address: Vihikari 10, 90440 Kempele
Email: antti.karjula@kasvupolut.fi
2. Personal data processed, data sources, purposes of processing and legal grounds for processing
In connection with the GrowthApp service, we collect and process the following personal data. Although we do not normally use Technical Data (such as IP address) to identify the data subject as an individual, in some cases the data subject may be identified on the basis of such data. In such situations, the Technical Data may be considered as personal data and may be processed, for example, through the cookies used on the KasvuApp website.
The use of our electronic services may require strong electronic identification.
In particular, we process the following categories of personal data for the processing purposes and on the following legal grounds, as described below:
| Tulevaisuuden Kasvupolut role | Personal data groups | Data source
|
Purpose of processing | Legal basis for processing | Retention period |
| Controller | Name and contact details (such as address, e-mail address, telephone number, and in the case of a Client Company also the name of the company and the position/role of the person) of the personal customer or representative of the Client Company. | The registrant itself or a contract with a Client Company | Providing GrowthApp services, business development, customer relationship management | Agreement in accordance
with GDPR Art. 6 (b). |
For the duration of the customer relationship. Deleted no later than 12 months after the end of the customer relationship, unless a longer retention period is required by mandatory law or to protect the rights of the company. |
| Controller | The name and contact details (such as address, email address, telephone number, and in the case of the Client Company also the name of the company and the position/role of the person) of the individual customer or representative of the Client Company for marketing purposes. | The registrant itself or a contract with a Client Company | Sales and marketing of GrowthApp services | Consent, which can be withdrawn by contacting the controller, in accordance with Art. 6 (a) GDPR. | Until the data subject withdraws consent. However, if the customer relationship ends, the data will be deleted after 12 months at the latest. |
| Controller | Technical information, such as IP address
|
Data collected through the use of the website and app by the data subject | Providing GrowthApp services, business development, monitoring website usage and improving user experience, sales and marketing development
|
Consent (cookie consent on the website), which can be withdrawn by contacting the controller, in accordance with GDPR Art. 6 (b). | Retention times as set out in the cookie notice and the cookie policy set out in section 8 of this notice. |
| Processor of personal data | User contact information (such as address, email address, phone number, company name and position/role) | The registrant itself or a contract with a Client Company | Providing and maintaining GrowthApp services, business development, customer relationship management | Agreement in accordance with GDPR Art. 6 (b). | As long as the user is a user of the Client Company. Deleted no later than 12 months after the end of the customer relationship, unless a longer retention period is required by mandatory law or to protect the rights of the company. |
| Processor of personal data | Data generated through the use of the service (e.g. free text and communication) | The registrant itself or a contract with a Client Company | Providing and maintaining GrowthApp services | Agreement in accordance with GDPR Art. 6 (b). | As long as the user is a user of the Client Company. Deleted no later than 12 months after the end of the customer relationship, unless a longer retention period is required by mandatory law or to protect the rights of the company. |
3. Transfer of personal data to countries outside the EU/EEA area
Personal data may be processed on behalf of the Controller by its partners who may be established outside the European Union or the European Economic Area or may be processed from outside the EU or the EEA. Where we transfer personal data outside the EU/EEA, we will ensure by contract (for example, by using the EU Commission’s Standard Contractual Clauses) or otherwise, that the transfers are carried out in accordance with the law. We also ensure and require our processors to ensure, as required by law, that your personal data continues to be protected regardless of whether it is transferred outside the EU or EEA.
4. Recipients and processors of personal data
Tulevaisuuden Kasvupolut may disclose personal data to its partners to the extent required for the provision and technical implementation of its services and other business activities. Tulevaisuuden Kasvupolut has personal data processing agreements with its partners to ensure that the partners process personal data in accordance with data protection legislation.
Personal data is processed by the following parties, among others, in accordance with the personal data processing agreement and, where applicable, standard contractual clauses:
- Primanet Oy as the technical provider and administrator of the GrowthApp service
- Microsoft Corporation as the technical platform provider (sub-processor in relation to Primanet).
5. Rights of the data subject
Right of access to information
As a data subject, you always have the right to be informed of the personal data concerning you that are processed by the controller or its partners. A request for information can always be addressed to the controller at the above address.
Right to correct and delete data
As a data subject, you have the right to request the deletion, integration or correction of personal data concerning you which is incorrect, incomplete, inaccurate or unnecessary. However, this may be limited by law and our obligations and need to preserve your transaction history, which we will provide further information. Please be prepared to prove your identity in connection with your request.
Right to object to and restrict the processing of personal data
You as a data subject have the right to object to certain types of processing of personal data, if the processing is not necessary for the purpose of providing the Tulevaisuuden Kasvupolut services or for the fulfilment of a legal obligation. You may object to any further processing of your personal data even after you have given your consent and withdraw your consent. You may also request the restriction of the processing of personal data where the processing is based on the legitimate interests of the Controller. Objecting to or limiting further processing of personal data may lead to reduced access to the Tulevaisuuden Kasvupolut services. Any objection can always be addressed to the Controller at the above address. Please be prepared to prove your identity in connection with the request.
Right to data transfer
You have the right to obtain a copy of your personal data in a structured, commonly used format for the purpose of transferring the data to another controller, where the processing is based on the legitimate interests of the controller. Please be prepared to prove your identity in connection with the request.
Exercise of rights
The Controller may, if necessary, request you to provide additional information to verify your identity. The Controller may refuse requests that are unreasonably repetitive, excessive or manifestly unfounded. A request made once a year will not be considered as repetitive.
Filing a complaint to the data protection authority
If you consider that the Controller’s processing of your personal data is in breach of the applicable data protection legislation, you always have the right to complain to a data protection authority. For more information, please visit www.tietosuoja.fi.
6. Data security
Tulevaisuuden Kasvupolut shall implement all reasonable, appropriate, technical, security and organizational means and measures that are adequate, taking into account the nature and purpose of the processing and the nature of the personal data processed. These measures include, where appropriate, encryption, firewalls, secure facilities and access authorization systems. In the event of a personal data breach that is likely to significantly undermine the User’s right to privacy, the Controller shall notify the User of the breach without undue delay.
7. Cookies
A cookie(s) is a text file(s) sent to and stored on a user’s computer. Cookies do not harm users’ computers or files. Cookies are used to collect information such as: pages visited, browser type, operating system, time. According to the law, we may store cookies on your device if it is strictly necessary for the functioning of the site. We need your consent to use any kind of cookies.
You can disable cookies in your browser settings if you wish. If this function is switched off, this may result in some services being slowed down or access to some websites being blocked altogether. For example, when you shop online, cookies must be enabled.
We use cookies on the website to provide services, target marketing and improve the user experience. You can find out more about the applications on our website that use cookies below.
You can choose to reject or delete cookies from our or third-party websites by changing the settings on your web browser – see the “Help” section of your browser for more information. Most web browsers automatically accept cookies, so if you do not wish to allow cookies, you may need to actively delete or reject cookies.
For more information on how to use cookies in mobile browsers and how to reject or delete these cookies, please refer to your mobile phone’s manual. If you do not allow the use of cookies, you can still use our website, but not all functions may work correctly.
We use cookies to tailor the content and advertising we provide, to support our social media features and to analyze our visitor numbers. This website uses different types of cookies. Some cookies are set by third party services that appear on our website.