Privacy Notice – Customer Register
This Privacy Notice was last updated on 02 June 2026
1. Controller and the Customer Register
LeadDesk Plc (Business ID 2299022-8) (“we”, “us”, “our” or “LeadDesk”) is the data controller of the customer and prospect register of LeadDesk (the “Customer Register”). The Customer Register includes customer-related information of LeadDesk Plc and its subsidiaries (the “Group”), and information in the Customer Register may be processed and disclosed within the Group. Our contact details are set out in Section 12.
LeadDesk provides software and telecommunications services to business customers. The individuals whose Personal Data we process in connection with the Customer Register are typically the contact persons and representatives of our customers and prospective customers.
2. Purposes of processing
We process personal data (“Personal Data”) in the Customer Register for the following purposes within the Group:
- maintaining the Customer Register;
- invoicing, and the provision, sale and delivery of our products and services;
- maintaining, managing and developing our customer relationships, and customer service;
- customer communication and customer events;
- direct marketing;
- archiving; and
- complying with applicable legislation.
We also process Personal Data to improve our products and services, to produce statistics, to develop our business, and to analyze, group and report on our customer relationships.
3. Categories of Personal Data
For the purposes described above, we process the following categories of Personal Data:
- name;
- contact details (including email address and telephone number);
- information on the data subject’s employer (including address and contact details); and
- the data subject’s position or duties.
4. Sources of Personal Data
We collect Personal Data primarily directly from our customers in connection with the customer relationship – for example, when they enter into agreements with us, purchase from us, or use our products or services. We also collect Personal Data from publicly available sources, from our customer relationship management system, and from other commercially available databases. The Customer Register includes Personal Data collected by the subsidiaries of LeadDesk Plc, subject to applicable legislation.
5. Legal basis for processing
We process Personal Data for the purposes described above on the basis of compliance with a legal obligation (Article 6(1)(c) GDPR) and our legitimate interests (Article 6(1)(f) GDPR). Our legitimate interest is to develop the Group’s business and, for that purpose, to market our services and products. Where we rely on your consent – for example, for certain direct marketing – the legal basis is your consent (Article 6(1)(a) GDPR).
6. Sharing your Personal Data
We use partners in business activities that require the processing of Personal Data, and we occasionally engage other companies to provide certain limited services on our behalf, including e.g. marketing activities. We provide these partners and companies only the information they need to deliver the agreed services, and they are prohibited from using it for any other purpose.
We will disclose your Personal Data, without notice, only if required to do so by law or if we in good faith believe that such action is necessary to (a) conform to the provisions of the law or comply with legal process served on us; (b) protect and defend our rights or property; or (c) act in urgent circumstances to protect the personal safety of the public.
In case we sell our business or part of it, or otherwise reorganize our business, Personal Data processed by us as a controller may be disclosed to buyers and their advisers in accordance with applicable legislation.
In general, the third-party providers we use will only collect, use and disclose your Personal Data to the extent necessary to perform the services they provide to us. Some of these providers have their own privacy notices governing the information we share with them, and we encourage you to review those notices.
7. International transfers of Personal Data
We process Personal Data primarily within the European Union and the European Economic Area (EU/EEA). In some cases, our service providers or other recipients may be located, or process Personal Data, outside the EU/EEA.
Where we transfer Personal Data to a country outside the EU/EEA, we ensure that the transfer is carried out using a valid transfer mechanism under the GDPR. Depending on the recipient and country, this may be: (i) a transfer to a country, sector or framework covered by a European Commission adequacy decision – including, in respect of recipients in the United States that are certified under the EU–U.S. Data Privacy Framework; or (ii) appropriate safeguards, such as the standard contractual clauses approved by the European Commission, together with any supplementary measures required following a transfer impact assessment. To learn more about the appropriate safeguards we use, or to obtain a copy of the relevant clauses, please contact our Data Protection Officer (see Section 12).
8. Security of your Personal Data
We have taken appropriate technical and organizational measures to protect your Personal Data against loss, misuse, unauthorized access or disclosure, alteration, and destruction. Personal Data is stored on access-controlled systems, and access is granted only to persons whose work requires the processing of Personal Data. No method of transmission over the Internet or electronic storage is 100% secure, but we follow generally accepted industry standards to protect your Personal Data.
9. Retention of your Personal Data
The retention period for the collected Personal Data depends on the legal basis and the purpose for which the data was collected. Personal Data will be retained at least for the period during which the legal basis for processing applies.
Where the Personal Data is collected on the basis of an obligation under applicable law, the retention period may also be subject to an explicit statutory requirement.
We may also retain certain Personal Data after the termination of the initial processing purpose, where such retention is necessary to comply with other applicable laws or where LeadDesk needs the Personal Data to establish, exercise or defend a legal claim, on a need-to-know basis only.
10. Your rights as a data subject
This section describes the rights you have as a data subject regarding the processing of your Personal Data. Some of these rights may be subject to conditions or restrictions under applicable data protection law.
Right to object to direct marketing
You have the right to object, at any time, to the processing of your Personal Data for direct marketing purposes. If you object to direct marketing, we will no longer process your Personal Data for that purpose.
Right to withdraw consent
Where our processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Right to access your Personal Data
You have the right to access the Personal Data that LeadDesk processes about you as a controller.
Right to rectification
You have the right to have inaccurate Personal Data concerning you corrected or completed.
Right to erasure
You have the right to request that we erase Personal Data concerning you, and we are obliged to do so if there is no longer a legitimate basis for processing it. Certain data may be subject to statutory retention requirements, and we cannot erase such data until the end of the applicable retention period.
Right to restrict processing or to object to it
Where we process your Personal Data on the basis of legitimate interest, you have the right to object to or request restriction of that processing, and we are obliged to stop processing unless we can demonstrate compelling legitimate grounds for continuing.
How to exercise your rights
If you wish to exercise the rights above, please contact our Data Protection Officer (see Section 12). The request should contain the basic information needed to identify you and locate the requested data, and we may ask for additional information where necessary to confirm your identity. After receiving and processing the request, we will respond within the timeframes required by applicable data protection law.
We will act on your request free of charge. However, where a request is manifestly unfounded or excessive, in particular because of its repetitive character, we may either charge a reasonable fee taking into account the administrative costs of acting on the request, or refuse to act on the request, in each case in accordance with Article 12(5) GDPR.
In addition, you have the right to lodge a complaint with the competent supervisory authority regarding our processing of your Personal Data. In Finland, the lead supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). You may also lodge a complaint with the supervisory authority in the EU/EEA Member State of your habitual residence or place of work.
11. Changes to this Privacy Notice
We reserve the right to modify this Privacy Notice at any time. Changes and clarifications will take effect upon their posting on the website. Unless otherwise required by mandatory applicable legislation, we will not separately notify data subjects of changes, and we therefore encourage you to review this Privacy Notice from time to time. The date of the most recent update is shown at the top of this Privacy Notice.
12. How to contact us
If you would like to access, correct, amend or delete any Personal Data we hold about you, lodge a complaint, or simply obtain more information about the processing of your Personal Data, you may contact our Data Protection Officer:
Data Protection Officer (DPO)
c/o LeadDesk Plc
Hämeentie 15, 00500 Helsinki, Finland
Email: privacy@leaddesk.com