Tangible Growth
PlatformExecutive AdvisorPricingPartnersBlogLoginBook a working session

Privacy Policy

Privacy Notice for Tangible Growth Customer Register

For information about this website’s analytics and cookies, see the Website Privacy Notice.

  1. Controllers

    Tangible Growth Oy, c/o Maria01, Lapinlahdenkatu 16, 00180 Helsinki, Finland (hereafter “we” or “Tangible Growth”) and its following group companies: none at the moment.

  2. Contact person for register matters

    privacy@tangible-growth.com

  3. Name of register

    CUSTOMER REGISTER

  4. Legal basis and purpose of processing

    The basis of processing personal data is the preparation or performance of a contract.

    The purposes of processing the personal data are:

    • The delivery and development of our products and services, fulfilling our contractual and other rights, promises and obligations.
    • We use automated decision-making (including profiling) to identify the data subjects’ behavior in the service and create profiles based on the information.
    • We use this information to develop our services, benchmark companies (based only on anonymized and aggregated data) and do research.

  5. What data do we process?

    We process the following personal data of our customers, their employees or other data subjects (like individuals participating in our trainings and events, visitors to our website) in connection with the customer and marketing register:

    • Basic information of the data subject such as name, age, username and/or other identifying identifier, password, email, phone number, country of residence, nationality, language of use.
    • Information and trends related to the data subject’s perceived wellbeing and social behavior such as emotional states, perceived stress levels, habits, interpersonal skills, emotional awareness.
    • Information and trends related to the physical stress levels of the data subject such as heart rate, quality of sleep (such information is only collected and processed based on the explicit consent of the data subject).
    • Information from your calendar software such as number and subject of meetings.
    • Technical information about the data subject’s end devices such as IP address, GPS/geoIP information, browser version, MAC address and operating system.
    • Aggregate analysis of trends and contributing factors into a more holistic understanding of wellbeing.
    • Other possible information supplied by the data subject him-/herself.

  6. From where do we receive data?

    We receive personal data concerning customers primarily from the following sources: from the data subject him-/herself and services the data subject has granted us access rights to.

    For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

  7. To whom do we disclose data and do we transfer data outside of the EU or EEA?

    We process information ourselves and use subcontractors that process personal data on behalf of and for us. These subcontractors provide the hardware and network equipment and software that we need in order to provide you with the service. In addition, we use subcontractors to assist us with marketing and sales.

    In order to safeguard your privacy, we have entered into agreements concerning the processing of your personal data with these subcontractors. We disclose some of the personal data to the customer companies. Data is also disclosed to authorities under compelling provisions. We do not primarily transfer or disclose personal data related to customers outside EU/EEA. However, the marketing and IT management systems we use may allow the service provider to access data from outside the EU/EEA.

    When personal data is processed outside the EU or the EEA, we will ensure that the subcontractor has committed to the EU Commission’s standard contractual clauses.

  8. How do we protect the data and how long do we store them?

    Only those of our employees, who on behalf of their working duties are required to process customer data, have access to the systems containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are stored in locked premises and can be accessed only by certain pre-designated persons.

    We store the personal data for as long as is necessary considering the purpose of the processing. Personal data about data subjects is processed and retained during the customer relationship and as long as we deliver services, and after the relationship or service provision has ended for one (1) year.

    We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

  9. What are your rights as a data subject?

    As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent, in cases where the processing of the data is based on your consent.

    As a data subject, you have a right, according to the EU’s General Data Protection Regulation, to object to the processing or request restricting the processing of your personal data. Additionally, you have a right to request your data to be delivered to you in a standard format, in case where the processing of data is based on your consent or a contract between us.

    You also have a right to lodge a complaint with a data protection authority in your jurisdiction or with the power to investigate processing concerning your personal data.

    For specific personal reasons, you also have a right to object to profiling and other processing concerning you, when processing of the personal data is based on our legitimate interest. In connection to your claim, you should identify the specific grounds on which you object to the processing. We can refuse to act on such a request on the basis of the privacy legislation.

    As a data subject you have the right to object to profiling in so far as it relates to direct marketing.

  10. Who can you be in contact with?

    All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section two (2).

  11. Changes in the Privacy Policy

    Should we make amendments to this privacy notice, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review this privacy notice from time to time to ensure you are aware of any amendments made.