Privacy policy

Privacy Notice for Tangible Growth Customer Register

  1. Controllers:
    Tangible Growth Oy c/o Maria01
    Lapinlahdenkatu 16, 00180 Helsinki, Finland
    (hereafter ”we” or ”Tangible Growth”)
    and its following group companies: none at the moment.

  2. Contact person for register matters:
    privacy@tangible-growth.com

  3. Name of register
    CUSTOMER REGISTER

  4. What is the legal basis for and purpose of the processing of personal data?

    The basis of processing personal data is the preparation or performance of a contract.
    The purposes of processing the personal data are:

    • The delivery and development of our products and services, fulfilling our contractual and other rights, promises and obligations

    • We use automated decision-making (inc. profiling) to identify the data subjects’ behavior in the service and create profiles based on the information

    • We use this information to develop our services, benchmark companies (based only on anonymized and aggregated data) and do research

    • We use automated decision-making (inc. profiling) to identify the data subjects’ behavior in the service and create profiles based on the information. We use this information to develop our services, benchmark companies (based only on anonymized and aggregated data) and do research.

  5. What data do we process?

    We process the following personal data of our customers, their employees or other data subjects (like individuals participating in our trainings and events, visitors to our website) in connection with the customer and marketing register:

    • Basic information of the data subject such as name, age, username and/or other identifying identifier, password, email, phone number, country of residence, nationality, language of use;

    • Information and trends related to the data subject’s perceived wellbeing and social behavior such as emotional states, perceived stress levels, habits, interpersonal skills, emotional awareness;

    • Information and trends related to the physical stress levels of the data subject such as heart rate, quality of sleep (such information is only collected and processed based on the explicit consent of the data subject);

    • Information from you calendar software such as number and subject of meetings;

    • Technical information about the data subject’s end devices such as IP address, GPS/geoIP information, browser version, MAC address and operating system;

    • Aggregate analysis of trends and contributing factors into a more holistic understanding of wellbeing

    • Other possible information supplied by the data subject him-/herself.

  6. From where do we receive data?

    We receive personal data concerning customers primarily from the following sources: from the data subject him-/herself and services the data subject has granted us access rights to.

    For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

  7. To whom do we disclose data and do we transfer data outside of EU or EEA?

    We process information ourselves and use subcontractors that process personal data on behalf of and for us. These subcontractors provide the hardware and network equipment and software that we need in order to provide you with the service. In addition, we use subcontractors to assist us with marketing and sales.

    In order to safeguard your privacy, we have entered into agreements concerning the processing of your personal data with these subcontractors.We disclose some of the personal data to the customer companies. Data is also disclosed to authorities under compelling provisions.We do not primarily transfer or disclose personal data related to customers outside EU/EEA. However, the marketing and IT management systems we use may allow the service provider to access data from outside the EU/EEA.

    When personal data is processed outside the EU or the EEA, we will ensure that the subcontractor has committed to the EU Commission's standard contractual clauses.

  8. How do we protect the data and how long do we store them?

    Only those of our employees, who on behalf of their working duties are required to process customer data, have access to the systems containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are stored in locked premises and can be accessed only by certain pre-designated persons.

    We store the personal data for as long as is necessary considering the purpose of the processing. Personal data about data subjects is processed and retained during the customer relationship and as long as we deliver services, and after the relationship or service provision has ended for one (1) year.

    We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

  9. How do we use cookies and for what purposes?

    We use essential cookies to manage sessions and basic functionality of the website and services.

    We use browser local storage and functional cookies to improve the services, by saving information such as preferences.

    We use browser local storage, web beacons and analytics and marketing cookies to gather better understanding of our potential customers and customers as well as to gauge the effectiveness of our marketing activities.

    List of cookies: Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

    Name
    Provider
    Purpose
    Expiry
    Type

    tg-opt-in-cookie

    www.tangible-growth.com

    Stores the user's cookie consent state for the current domain

    1 year

    HTTP


    Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

    We do not use cookies of this type.

    Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

    Name
    Provider
    Purpose
    Expiry
    Type

    _ga

    www.tangible-growth.com

    Registers a unique ID that is used to generate statistical data on how the visitor uses the website

    2 years

    HTTP

    _gid

    www.tangible-growth.com

    Registers a unique ID that is used to generate statistical data on how the visitor uses the website

    1 day

    HTTP

    Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

    Name
    Provider
    Purpose
    Expiry
    Type

    __hssc

    www.tangible-growth.com

    Collects statistical data related to the user's website visits, such as the number of visits, average time spent on the website and what pages have been loaded. The purpose is to segment the website's users according to factors such as demographics and geographical location, in order to enable media and marketing agencies to structure and understand their target groups to enable customised online advertising.

    1 day

    HTTP

    __hssrc

    www.tangible-growth.com

    Collects statistical data related to the user's website visits, such as the number of visits, average time spent on the website and what pages have been loaded. The purpose is to segment the website's users according to factors such as demographics and geographical location, in order to enable media and marketing agencies to structure and understand their target groups to enable customised online advertising.

    Session

    HTTP

    __hstc

    www.tangible-growth.com

    Collects statistical data related to the user's website visits, such as the number of visits, average time spent on the website and what pages have been loaded. The purpose is to segment the website's users according to factors such as demographics and geographical location, in order to enable media and marketing agencies to structure and understand their target groups to enable customised online advertising.

    1 year

    HTTP

    _lfa

    www.tangible-growth.com

    Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses.

    2 years

    HTTP

    _lfa

    www.tangible-growth.com

    Keeps track of a visitor's identity. This cookie is passed to the marketing platform HubSpot on form submission and used when de-duplicating contacts.

    1 year

    HTTP

  10. What are your rights as a data subject?

    As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent, in cases where the processing of the data is based on your consent.

    As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object to the processing or request restricting the processing of your personal data. Additionally, you have a right to request your data to be delivered to you in a standard format, in case where the processing of data is based on your consent or a contract between us.

    You also have a right to lodge a complaint with a data protection authority in your jurisdiction or with the power to investigate processing concerning your personal data.

    For specific personal reasons, you also have a right to object to profiling and other processing concerning you, when processing of the personal data is based on our legitimate interest. In connection to your claim, you should identify the specific grounds on which you object to the processing. We can refuse to act on such a request on the basis of the privacy legislation.

    As a data subject you have the right to object to profiling in so far as it relates to direct marketing.

  11. Who can you be in contact with?

    All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section two (2).

  12. Changes in the Privacy Policy

    Should we make amendments to this privacy notice, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review this privacy notice from time to time to ensure you are aware of any amendments made.