Privacy Notice for Tangible Growth Customer Register
Controllers Tangible Growth Oy c/o Maria01
Lapinlahdenkatu 16, 00180 Helsinki, Finland
(hereafter ”we” or ”Tangible Growth”)
and its following group companies: none at the moment.
Contact person for register matters
Name of register
What is the legal basis for and purpose of the processing of personal data?
The basis of processing personal data is the preparation or performance of a contract.
The purposes of processing the personal data are:
- the delivery and development of our products and services,
- fulfilling our contractual and other rights, promises, and obligations,
- We use automated decision-making (inc. profiling) to identify the data subjects’ behavior in the service and create profiles based on the information. We use this information to develop our services, benchmark companies (based only on anonymized and aggregated data) and do research.
We use automated decision-making (inc. profiling) to identify the data subjects’ behavior in the service and create profiles based on the information. We use this information to develop our services, benchmark companies (based only on anonymized and aggregated data) and do research.
What data do we process?
We process the following personal data of our customers, their employees, or other data subjects (like individuals participating in our training and events, visitors to our website) in connection with the customer and marketing register:
Basic information of the data subject such as name, age, username and/or another identifying identifier, password, email, phone number, country of residence, nationality, language of use;
Information and trends related to the data subject’s perceived wellbeing and social behavior such as emotional states, perceived stress levels, habits, interpersonal skills, emotional awareness;
Information and trends related to the physical stress levels of the data subject such as heart rate, quality of sleep (such information is only collected and processed based on the explicit consent of the data subject);
Information from you calendar software such as number and subject of meetings;
Technical information about the data subject’s end devices such as IP address, GPS/geoIP information, browser version, MAC address and operating system;
Aggregate analysis of trends and contributing factors into a more holistic understanding of wellbeing
Other possible information supplied by the data subject him-/herself.
From where do we receive data?
We receive personal data concerning customers primarily from the following sources: from the data subject him-/herself and services the data subject has granted us access rights to.
To whom do we disclose data and do we transfer data outside of EU or EEA?
We process information ourselves and use subcontractors that process personal data on behalf of and for us. These subcontractors provide the hardware and network equipment and software that we need in order to provide you with the service. In order to safeguard your privacy, we have entered into agreements concerning the processing of your personal data with these subcontractors.
We disclose some of the personal data to the customer companies. Data is also disclosed to authorities under compelling provisions.
We do not transfer and disclose personal data related to customers outside EU/EEA, except for Usage Analytics purposes with Google Analytics.
How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their working duties are required to process customer data, have access to the systems containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords, and other technical measures. The databases and the backup copies of them are stored in locked premises and can be accessed only by certain pre-designated persons.
We store the personal data for as long as is necessary considering the purpose of the processing. Personal data about data subjects is processed and retained during the customer relationship and as long as we deliver services, and after the relationship or service provision has ended for one (1) year.
We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.