Privacy policy

Jun 30 2023

Data protection safeguards your (“you”; “Data Subject”) rights and freedoms when personal data is processed. The purpose of data protection is to define when and on what conditions personal data can be processed. This privacy policy (“Privacy Policy”) explains in detail how Clevenio (“we”; “us”; our) collect, use and disclose your personal data. Please read this document carefully before submitting any personal data to us.

1. General Information

This Privacy Policy governs the processing of personal data by us. The Privacy Policy does not cover any third-party websites, applications, software, products, or services that integrate with our services or are linked to Us or to our services.

We may act either as a data controller and a data processor. Our role depends on the specific situation in which personal data is handled by us, as explained in detail below:

  1. Data controller. When we are data controller, we determine the purposes and means of the processing of personal data. Hence, we are controller when you send us an inquiry or conclude a service or employment contract with us or when we collect publicly available personal data that is directly related to a person’s role in a company. Situations when we are controller of personal data are further explained on this document. We comply with data controller’s obligations set forth in the applicable laws.
  2. Data processor. We area data processor when we process personal data on behalf of controller. As a processor we process your data only in accordance with the instructions issued by a respective data controller in the agreed data processing agreement made between Us and the controller.

Our service is not intended for use by children (i.e., persons who are minors in their country of residence). Therefore, we do not knowingly process minors’ personal data. If you, as a parent or a legal guardian of a child, become aware that the child has submitted his/her personal data to us, please contact us immediately. We will delete your child’s personal data from our systems without undue delay.

The Privacy Policy may be updated from time to time. We encourage you to review our Privacy Policy to stay informed.

2. What personal data do we collect and for what purposes and which legal bases do we use it?

As a part of our business, we shall collect and use your personal data only for the purposes stated in this Privacy Policy.

We shall process personal data provided by you as follows: 

  1. Account information. When you register your user account, we collect personal data necessary to register you to our services, such as email address, name, company name, website URL, and your role in the company.
  2. Agreement related information. We shall process agreement, such as service agreement or employment agreement, related information in connection with our business. 
  3. Inquiries. When you contact us, we process information related to your inquiry such as your name, email address, and any information that you decide to include in your message.
  4. We collect a limited amount personal data regarding the data subject’s role in a legal entity from sources made available to the public. Such personal data is limited basic information such as name, title, position, country, and contract information as made available to the public by the respective legal entities. Public sources include for example the Finnish Patent and Registration office, company websites, press releases and other source material made available by a company or its representatives. The personal data in our database is referenced to the source from where it was collected. Our use, processing, and maintaining such public data in the database record is limited to have a minimal privacy impact, and the processing of personal data is not extended beyond what the data subjects could reasonably expect during the period that the data subject is in the position at the legal entity, and the same information is available and freely accessible by the public in the public domain.

We shall observe the following information from the usage of our services: 

  1. Usage data. When you use services provided us, we may collect usage information such as registration log, login/logout, time stamps of usage activities, including how you open and close communication sent by us.
  2. Cookies. When you browse our websites, we collect your cookie-related data including advertising identifier. For more information about the purposes for which we use cookies, please refer to our Cookie Policy.

Legal basis. We use your personal data to provide you with the service and/or fulfil the contractual obligations. This requires us to process your data for the customer/employment/partner relationship management, support, and communication, conducting customer surveys, customer complaint handling, maintenance, software and system updates, user identification as well as for problem diagnosis and fixing. Hence, the above-mentioned processing of your personal data is based on your agreement with us.


In addition, we use your personal data for the following purposes based on legitimate interests pursued by us or you have given us a consent for the processing:

  • Analytics and development purposes, including creating aggregated groups based on your usage activities and a database for persons holding a role in public life such as business people. This also enables us to understand our users’ needs as customers and to improve the quality and user experience of our current and future services and offerings.
  • Marketing purposes, including communicating with you about our offerings, conducting sales promotions, and other marketing campaigns, as well as creating aggregated target groups for marketing. Knowing customers’ preferences enables us to target our offerings and provide products and services that better meet the needs and expectations of our customers.
  • Information and account security purposes, including detecting or preventing various types of misuse of services and fraud to provide you with secure and reliable services.

We may also process personal data to be in compliance with the obligations laid down in the applicable law, regulations and decisions issued by authorities. Such examples of statutory obligations that require the processing of personal data can be the following:

  • prevention, detection and investigation of fraud;
  • accounting and tax regulations;
  • regulatory reporting;
  • obligations related to risk management;
  • other obligations related to service- or product-specific legislation; and
  • obligations under employment legislation.

Electronic Direct Marketing and communication via email. We may send you electronic direct marketing, such as newsletters, promotions about new products as well as information about user surveys and trials, by email. You can opt-out such electronic direct marketing or communication at any time free of charge by clicking on the “unsubscribe” link included in our newsletters, adjusting the settings of your user account, or by contacting us directly.

Sensitive data. We do not collect or have access to any special categories of personal data as defined by Art. 9 of the GDPR (“sensitive data”) from you unless you decide to provide such data to us or mandatory legislation, such employment legislation, requires us to do it. Sensitive data is information that relates to your health, genetics, biometrics, religious and political beliefs, racial origins, membership of a professional or trade association, sex life, or sexual orientation. If Your Data contains the said sensitive data, we will process such data for the purpose of fulfilling our contractual or legal obligations, such as regarding employment relationship.

3. Retention of personal data

We store your personal data only for as long as such personal data is required for the purposes described in this Privacy Policy or until you request us to delete your personal data, whichever comes first.

4. Sharing and disclosing of data

We store your data in the databases located in the EU/EEA. However, some of our third-party vendors may locate outside EU, including United States.

4.1 Sharing of your personal data

We share your data in the following ways:

  • Our third-party vendors, who provide us with cloud-based IT and business support as well as customer care services, may need to process your information. All such third parties are operating under contract and acting on behalf of us.
  • Competent authorities. When required in response to a legal process or request from a competent authority according to applicable laws or in connection with a legal proceeding or process.
  • Mergers, acquisitions or sale of assets. When required as part of a merger, acquisition, sale of assets (such as service agreements) or transition of service to a group entity or another company.
  • Third Party Advertising Platforms. When our digital marketing activities utilize different third-party advertising platforms’ features, we may target you by uploading your account information (e.g. a hashed email address or phone number) or advertising ID to such platform. We may also use third-party tracking platforms, which collect data about how users interact with our ads for ads attribution analysis and effect evaluation purposes. Such third parties are operating under contract and acting on behalf of us and include data transfers to partners located in the US.

When transferring and disclosing your data outside the EU/EEA in above mentioned situations, where the local law may not provide the same level of protection, we comply with applicable legal requirements for providing adequate safeguards to such transfer by e.g. using the European Commission’s Standard Contractual Clauses (SCC).

5. Your rights

You have the right to control how your personal data is processed by us by exercising the rights listed below:

  • Right of access: you can get a copy of your personal data that we store in our systems;
  • Right to rectification: you can rectify inaccurate personal data that we process about you;
  • Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data;
  • Right to restriction: you can ask us to restrict the processing of your personal data if; 
  • Your data is unlawfully processed, but you do not want to erase it.
  • You have a legal claim that you need to establish, exercise, or defend, and you requested us to keep your data when we would not keep it otherwise.
  • You have contested the accuracy of your personal data and the accuracy of your data is pending our verification.
  • Your request for objection is pending our verification process
  • Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format
  • Right to object: you can ask us to stop processing your personal data;
  • Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
  • Right to complaint: you can submit your complaint regarding our processing of your personal data to local data protection authority. For more information, please see https://tietosuoja.fi/en/home.

If you would like to exercise any of your rights, please contact us by email at aleksi@clevenio.com or by post (you can find our postal address at the end of this Privacy Policy) and explain your request in detail. The scope of your right depends on the nature of processing and legal basis. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information that allows us to identify you in our system. We will answer your request within a reasonable time frame but no later than 2 weeks.

6. information security

We use various technical or organization methods and security measures to seek so ensure a sufficient level of data security and to prevent your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure.

Only the personnel with work related needs have access to your personal data.

7. contact details

If you have any questions about this Privacy Policy or our data protection practices, please contact us by:

Email: aleksi@clevenio.com

Postal address: Kympinkatu 3c, 40320 Jyväskylä