Pricing

Careers

Case studies

Login

Book a Meeting

Database Privacy Policy

Database Privacy Policy

Database Privacy Policy

28 August 2025

Data protection safeguards data subjects’ rights and freedoms when personal data is processed. The purpose of data protection is to define when and on what conditions personal data can be processed. This database privacy policy (“Privacy Policy”) explains how Clevenio (“we”; “us”; our) collect, use and disclose personal data in our database (“Database”) and the related service (“Service”). This document provides information on our purposes of and sources for collecting information about data subjects, the legal basis for collecting such information and how we process the information.

1. General Information

This Privacy Policy governs the processing of personal data in the Database by us. The Privacy Policy does not cover any third-party websites, applications, software, products, or services that integrate with our services or are linked to us or to our services.

When we collect publicly available personal data that is directly related to a person’s role in a company, we act as data controller of the database, and as data controller we determine the purposes and means of the processing of personal data. We comply with data controller’s obligations set forth in the applicable laws.

Our customers may use our Service to browse through the data we have indexed in the Database. The customer may import such data into their systems, in which case our customer assumes control over the data, becomes the data controller and processes personal data in accordance with their privacy policies. We require our customers to commit to the lawful use of the data provided by us.

This Privacy Policy may be updated from time to time. We encourage regularly reviewing this Privacy Policy to stay informed.

2. What personal data do we collect, how is it collected and for what purposes and which legal bases do we use it?

As a part of our Service, we shall collect and use personal data only for the purposes stated in this Privacy Policy. 

Collected data.  We collect a limited amount personal data regarding the data subject’s role in a legal entity from sources made available to the public. Such personal data is limited basic information such as name, title, position, country, and contact information as made available to the public by the respective legal entities. The personal data in the Database is referenced to the source from where it was collected. 

Method of collection. The Database is software-based and uses intelligent data collection technology and machine learning algorithms as well as manual collection and data research. Open and public data is continuously searched, extracted and indexed by the software and populated in the Database with the help of named-entity recognition. 

We collect personal data related to the data subjects’ public role in a company from sources made available to the public in the Database. Public sources include for example the Finnish Patent and Registration office, company websites, press releases and other source material made available by a company or its representatives.

Legal Basis. We use, process and maintain personal data in the Database based on our legitimate interests to freely conduct business and maintain the Service In accordance with applicable EU and national laws. Our use, processing, and maintaining publicly available personal data in the Database record is limited to have a minimal privacy impact, and the processing of personal data is not extended beyond what the data subjects could reasonably expect during the period that the data subject is in the position at the legal entity, and the same information is available and freely accessible by the public in the public domain. We use personal data for the following purposes based on legitimate interests pursued by us:

  • Presenting personal data in connection with the legal entity to which the data subject is connected.

  • Ensuring compliance with the obligations laid down in the applicable law, regulations and decisions issued by authorities. 

Sensitive data. We do not collect or have access to any special categories of personal data as defined by Art. 9 of the GDPR (“sensitive data”) as part of the Database Service.

3. Retention of personal data

We store personal data only for as long as such personal data is required for the purposes described in this Privacy Policy. The requirement is deemed to exist during the period that the data subject is recorded in our original source to have a position in the legal entity. The retention periods for personal data in our Database have been designed to reflect the retention period of our original data sources. The Database is automatically and manually updated regularly and at least once every twelve (12) months, and personal data will be  be deleted a reasonable time after it has been removed from the original source.

4. Sharing and disclosing of data

We store personal data in the databases located in the EU/EEA. However, some of our third-party vendors may locate outside EU, including United States.

The users of the Service and our customers have access to the personal data available in the Service with respect to the companies they search for. 

If our customer exports or otherwise receives data from the Service, the customer becomes the data controller with respect to such personal data. In this case, the customer’s privacy notice applies to the data processing carried out by the customer. We contractually require our customers to commit to appropriate data processing practices.

When transferring and disclosing personal data outside the EU/EEA in above mentioned situations, where the local law may not provide the same level of protection, we comply with applicable legal requirements for providing adequate safeguards to such transfer by e.g. using the European Commission’s Standard Contractual Clauses (SCC).

The Service may be used by customers and other users located outside the EEA, who may access the database through searches and filters and may choose to import data from our database into their systems. We require the customers’ commitment to the lawful use of the data provided by us, including the lawfulness of any data transfer. By using the Service, our customers and users independently evaluate whether they choose to collect and process the personal data which is available in the Service for its purposes.

Personal data may be disclosed to authorities where required by mandatory local legislation or court order. Data may also be disclosed if the disclosure is permitted by applicable law or regulation.

5. Data subjects’ rights

We note that all personal data included in our Database is obtained from other public sources, and when such data is modified or removed from the original source, it will shortly be modified or erased from the Database and the Service as well. You as a data subject have the right to control how your personal data is processed by us by exercising the rights listed below: 

  • Right of access: you can get a copy of your personal data that we store in our systems;

  • Right to rectification: you can rectify inaccurate personal data that we process about you;

  • Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data;

  • Right to restriction: you can ask us to restrict the processing of your personal data if; 

    • Your data is unlawfully processed, but you do not want to erase it.

    • You have a legal claim that you need to establish, exercise, or defend, and you requested us to keep your data when we would not keep it otherwise.

    • You have contested the accuracy of your personal data and the accuracy of your data is pending our verification.

    • Your request for objection is pending our verification process

  • Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format

  • Right to object: you can ask us to stop processing your personal data;

  • Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or

  • Right to complaint: you can submit your complaint regarding our processing of your personal data to local data protection authority. For more information, please see https://tietosuoja.fi/en/home.

If you would like to exercise any of your rights, please contact us by email at aleksi@clevenio.com or by post (you can find our postal address at the end of this Privacy Policy) and explain your request in detail. The scope of your right depends on the nature of processing and legal basis. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information that allows us to identify you in our system. We will answer your request within a reasonable time frame but no later than 2 weeks.

6. Information Security

We use various technical or organization methods and security measures to seek so ensure a sufficient level of data security and to prevent personal data from accidental loss and from unauthorized access, use, alteration, and disclosure.

7. Contact Details

If you have any questions about this Privacy Policy or our data protection practices, please contact us by:

  • Email: aleksi@clevenio.com

  • Postal address: Kympinkatu 3c, 40320 Jyväskylä

Get more and better customers

©2024 Clevenio. All rights reserved.

Company

Home

Blog

Book a demo

Pricing

Careers

Case Studies

Legal information

Terms and conditions

Privacy policy

Cookie policy

Resources

B2B Sales Blog

Wall of Love

Get more and better customers

Company

Home

Blog

Book a demo

Pricing

Careers

Case Studies

Legal information

Terms and conditions

Privacy policy

Cookie policy

Resources

B2B Sales Blog

Wall of Love

©2024 Clevenio. All rights reserved.

Get more and better customers

©2024 Clevenio. All rights reserved.

Company

Home

Blog

Book a demo

Pricing

Careers

Case Studies

Legal information

Terms and conditions

Privacy policy

Cookie policy

Resources

B2B Sales Blog

Wall of Love