InleanCreative_Logo

Privacy Policy

1. Name of the Register

Inlean Creative’s Customer and Marketing Register.

This register processes data concerning the Data Controller’s customers, prospects, and their representatives as described below.

2. Data Content of the Register

The register may contain the following categories of data concerning the data subject:

  • Name
  • Email
  • Phone Number
  • Title
  • Company and its address details
  • Publicly available classification data
  • Classification data provided by the data subject
  • Order, billing, and delivery information
  • Information about ordered services and their changes
  • Data collected via cookies
  • Data collected from social media channels
  • Information about the device used by the data subject, such as device type, browser,
  • IP address, and other device data
  • Any other data collected with the data subject’s consent

3. Purpose and Legal Basis for Processing Personal Data

The Data Controller processes personal data for the following purposes:

  • For managing and administering customer relationships
  • For customer communication
  • For fulfilling the rights and obligations of the data subject and the Data Controller
  • For purposes related to online services
  • For research activities
  • For marketing services offered by the Data Controller and its partners
  • For fulfilling the Data Controller’s legal obligations

The Data Controller’s legal bases for processing personal data under the EU General Data Protection Regulation are:

  • Data subject’s consent
  • Contracts related to customer relationships
  • Data Controller’s legitimate interest
  • Legal requirements

4. Regular Data Sources of the Register

Personal data is collected from the following sources:

  • From the data subject themselves (e.g., via website contact forms or social media services)
  • Via the Data Controller’s website (newsletter subscriptions, material downloads, event registrations)
  • Via tracking pixels in the Data Controller’s newsletters
  • Data collected from the data subject during contract formation
  • Information obtained from customer meetings
  • From the data subject’s use of the service
  • From the Data Controller’s customer information system
  • Based on data updates from Apollo.io
  • Other possible situations where the data subject provides their data to the Data Controller
  • From public data sources, such as company websites, the trade register, or social media channels (e.g., LinkedIn)
  • Through cookies and similar technologies
  • In addition, the Data Controller collects website visitor data using Bing, Calendly, Facebook, Google Ads, Google Analytics, Matomo Analytics, LinkedIn, Pipedrive, Youtube, and Mautic, enabling the Data Controller to analyze and develop the website for improved performance and to target relevant marketing to website visitors.

5. Regular Data Disclosures

As a general rule, the Data Controller does not disclose personal data of data subjects to third parties. Data may be disclosed if required by a competent authority, for the fulfillment of contractual obligations, or to the extent agreed upon with the data subject. In some situations, data subjects’ information may be disclosed to the Data Controller’s subcontractors or partners. Such parties process personal data confidentially and based on a separate written agreement, in accordance with the Data Controller’s written instructions.

The Data Controller may disclose statistical or anonymized data that cannot be linked to a data subject.

6. Transfer of Data outside the EU or EEA

Data may be transferred to and stored on a server outside the EU or European Economic Area for processing by the Data Controller or by a Data Controller’s partner on behalf of the Data Controller, in accordance with the EU General Data Protection Regulation and Finnish data protection law.

If personal data is transferred outside the EU/EEA, it will always be done on a lawful basis:The European Commission has determined that the recipient country ensures an adequate level of data protection;The Data Controller has implemented appropriate safeguards for the transfer of personal data by using standard contractual clauses approved by the European Commission (a copy of which will be provided upon request);The data subject has given explicit consent to the transfer of personal data; orThere is another lawful basis for the transfer of personal data outside the EU/EEA.

The European Commission has decided that an adequate level of data protection is ensured in the recipient country concerned;
The data controller has implemented appropriate safeguards for the transfer of personal data by using standard data protection clauses approved by the European Commission (a copy of which will be provided upon request);
The data subject has given explicit consent to the transfer of personal data; or
There is another lawful basis for the transfer of personal data outside the EU/EEA area.

7. Data Retention Period

Personal data is retained only for as long as necessary to fulfill the purposes and legal bases for processing personal data defined in this privacy policy, or for as long as required by law, such as accounting legislation. The Data Controller regularly assesses the necessity of data retention in accordance with its internal codes of conduct.

8. Data Subject’s Rights

The data subject has the following rights, requests for the exercise of which must be made to the address mentioned in section 2. The Data Controller may, if necessary, ask the requester to prove their identity. The Data Controller will respond to the data subject within the timeframe stipulated by the EU General Data Protection Regulation.

Right of Access

The data subject has the right to access their personal data stored at any time.

Rectification and Erasure of Data (Right to be Forgotten)

Upon the data subject’s request, the Data Controller will rectify, erase, or supplement personal data that is inaccurate, unnecessary, incomplete, or outdated for the purpose of processing. The Data Controller may also rectify, erase, or supplement data on its own initiative.

Right to Withdraw Consent

Regarding personal data collected based on consent, the data subject has the right to withdraw their consent for the processing of their personal data.

Right to Data Portability

The data subject has the right to receive the personal data they have provided based on their consent or the fulfillment of a contract, and to have it transferred to another data controller, if technically feasible. In such cases, the Data Controller will transfer the data in a commonly used and machine-readable format. The Data Controller is not responsible for the compatibility of the data disclosure format with the recipient’s system.

Right to Restriction of Processing and Right to Object

If the Data Controller processes personal data based on public interest or legitimate interest, the data subject has the right to object to the processing of personal data concerning them, unless there is a compelling legitimate ground for the processing that overrides the data subject’s rights, or the processing is necessary for the establishment, exercise, or defense of legal claims.

The data subject has the right to prohibit direct marketing, including profiling analyses carried out for direct marketing purposes. Every direct email sent by the Data Controller contains a link through which the data subject can, if they wish, block direct mailings to their email.

The data subject has the right to request the restriction of processing of their data if the personal data is inaccurate, the processing is unlawful, or if the data is no longer needed.

Right to Lodge a Complaint

The data subject always has the right to lodge a complaint with the competent supervisory authority or the supervisory authority of the EU Member State of their habitual residence or place of work, if the data subject considers that the Data Controller has not processed personal data in accordance with applicable data protection legislation.

9. Principles of Register Protection

Personal data is kept confidential. The Data Controller’s data network and equipment where the register is located are protected by a firewall and other necessary technical measures. The Data Controller ensures that stored data, server access rights, and other information critical to personal data security are handled confidentially and only by employees whose job description requires it.

10. Cookies

The Data Controller uses cookies on its websites to improve user experience and target advertising. Cookies are small text files sent to the user’s computer at the browser’s request and stored there.

The cookies used by the Data Controller are related to, among other things, the marketing automation system (Mautic), marketing targeting, and the social media channels used by the Data Controller (Google Ads, LinkedIn, Facebook, Twitter, Instagram, Youtube), as well as website visitor data analysis and tracking (Google Analytics and Matomo). The software records, for example, information about which pages a person visits, how long they stay on the site, how they arrived at the site, and which links they click.

The cookie-collecting programs used on the site are Bing, Calendly, Facebook, Google Ads, Google Analytics, Matomo Analytics, LinkedIn, Pipedrive, and Youtube.

You can read details about the use of cookies and disable cookies in the site’s cookie management.

11. Changes to the Privacy Policy

This Privacy Policy was updated on March 1, 2024.

The Data Controller reserves the right to amend this Privacy Policy by notifying on this page.

12. Contact Information

Data Controller:
Inlean Creative Oy (“Data Controller”)
Vapaudenkatu 8
15110 Lahti

If you have any questions about Inlean Creative Oy’s Privacy Policy, the processing of your personal data, or wish to exercise your rights based on data protection legislation, you can contact us by email at hello@inlean.fi

Inlean Creative Oy | Vapaudenkatu 8, 15110 Lahti | Hello@Inlean.Fi

Scroll to Top