Idea Group Companies (“Controller”)
Business ID: 3203808-9
Vuoksenniskankatu 6, 20200 Turku, Finland

2. Privacy Policy contact person

CEO Sanni Rostedt
sanni.rostedt@ideagroup.fi
+358 50 3382819

3. Name of the register

Customer and marketing register of Idea Group Companies.

4. Intended purpose of the collected personal data

Personal data of data subjects are processed on the following grounds:

• Based on a contract between the Controller and the data subject
• Based on a legitimate interest of the Controller
• Based on the data subject’s consent

The purpose of processing the personal data of the data subjects is:

• The management, maintenance, development, analysis, and statistics of the customer relationship between the Controller and the customer (including potential customers)
• Customer communication and the collection of customer feedback from data subjects
• Carrying out customer experience measurements for the data subject
• Direct marketing and targeting of online advertising
• Planning and developing the Controller’s business and services for data subjects

5. Contents of the register and categories of data subjects

The customer and marketing register may contain the following personal data about data subjects (for example, decision-makers and contact persons, including subscribers to newsletters and those who have requested to be contacted):

• Basic information about the data subject (e.g. first and last names)
• Contact details of the data subject (address, telephone number, e-mail address)
• Company/organisation to which the data subject belongs and the data subject’s position in the company (title)
• Language of the data subject
• Customer history
• Marketing and promotional information (e.g. marketing activities targeted at the data subject, participation in events)
• Data concerning the use of electronic services (e.g. browsing and search data, IP addresses and cookies)
• Consents and prohibitions on direct marketing
• Any other information provided by the data subject

6. Regular sources of personal data

The data concerning the data subject is regularly obtained and collected from the customers (including potential customers) themselves by telephone, e-mail, online, during meetings, at the time of the conclusion of the contract and during the contractual relationship.

Personal data may also be collected and updated from public and private registers, such as civil registers, other public authorities, credit reference agencies, contact information providers and other similar trusted parties.

7. User tracking

Idea Group uses cookies on its website. Cookies are small text files that are placed and retained on the visitor’s computer or mobile device. The main purpose of cookies is to improve and adjust the user experience, as well as to analyse and improve the functionalities and content of the website. Data collected with cookies can also be used to target our communication and marketing efforts. The collected data can also be linked to other information obtained from the visitor, e.g., when the visitor fills in a form on our website.

The website also uses Leadoo’s tracking service to track users’ behaviour on the site and combine this behavioural data with other data we can gather, e.g., from chat interactions. Leadoo uses eTag-tracking to aggregate the same user’s behaviour over several sessions – in practice, this works similarly to cookie-based tracking. After the visit, you can stop the tracking by emptying your browser’s cache.

Please visit Leadoo Marketing Technologies Ltd’s Privacy Policy at https://leadoo.com/privacy-policy/  for more information on what is tracked and your rights.

8. Disclosure of data

As a rule, data is not disclosed to parties outside the register.

The Controller may use external service providers for certain tasks related to the processing of data subjects’ personal data, such as the provision of certain digital services and the processing of data for marketing purposes.

9. Transferring data outside the EU or the EEA

Customer and marketing register data may be transferred outside the EU or EEA where this is necessary for the provision of the service. The Controller will always ensure an adequate level of data protection as required by the applicable data protection legislation when transferring personal data outside the EU and EEA. An adequate level of security of the data subject’s personal data is ensured by applying the safeguards required by EU and national data protection legislation.

10. Data retention periods

Personal data will be kept for as long as necessary for the purposes for which the personal data are used. However, the Controller is always entitled to retain or otherwise process personal data in the situations permitted by the legislation in force at the time (such as the retention periods applicable under the Accounting and Prepayment of Taxes Act).

In principle, customer relationship data will be kept for the duration of the customer relationship or for the duration of the employment of the customer’s staff representative (whichever ends first). The data will be deleted within a reasonable period after the end of the contractual relationship, subject to the Controller’s legal obligations (such as accounting) or contractual obligations.

The Controller will regularly assess the necessity of the retention of personal data and will take reasonable steps to ensure that no personal data relating to data subjects which are incompatible with the purposes of the processing, outdated or inaccurate are kept in the register.

11. Principles of protecting the register

The personal data are protected by the Controller against unauthorised access and against accidental or unlawful processing by means of adequate technical and organisational measures. Electronic data are protected by firewalls, usernames and passwords. Access to the data is restricted to those persons employed by the Data Controller who need the data in the register for their tasks.

12. Rights of the data subject

The data subject has the following rights under data protection legislation.

Right of access to personal data
The data subject has the right to access the personal data stored about him or her and to know what data is stored about him or her, for what purpose, where it may be disclosed and for how long it will be stored.

Right to rectification
The data subject has the right to submit a request to the Controller to correct any inaccuracies in his or her personal data recorded in the register.

Right to request the erasure of personal data
The data subject has the right to request the erasure of his or her personal data from the register if the Controller has no legitimate grounds for processing the personal data concerned.

Right to restrict the processing of personal data
The data subject may request that the processing of his or her personal data be restricted on the grounds laid down by law.

Right to object to the processing of personal data
The data subject has the right to object to the Controller processing his or her personal data for direct marketing and certain other situations provided for in the GDPR.

Right to transfer personal data from one system to another
Where the data subject has provided the Controller with personal data which are processed on the basis of the data subject’s consent, the data subject has the right to receive those data in machine-readable form and the right to transfer those data to another Controller.

Right to withdraw consent
Where the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw his or her consent at any time.

The processing of personal data processed before the withdrawal of the data subject’s consent shall not become unlawful if the data subject subsequently withdraws his or her consent.

Right to appeal to the Appellate Authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the latter considers that the Controller has not complied with the applicable data protection legislation. The national appeal body is the Office of the Data Protection Ombudsman.
(www.tietosuoja.fi)

13. Changes

The Controller may update this Privacy Policy by notifying us on the Controller’s website or otherwise electronically.

This Privacy Policy was last updated and is valid as of 15 May 2025.