SECTION 1 – NAME OF THE REGISTER

Customer Register of LeadDesk

SECTION 2 – DATA CONTROLLER

LeadDesk Plc, Business ID 22990228, (“we”, “us”, “our”, “LeadDesk”) is the data controller with regard to tcustomer and prospect register of LeadDesk (“Customer Register”). The Customer Register includes customer-related information of LeadDesk Plc and its subsidiaries (“Group”). Information in the Customer Register may be processed and disclosed within the Group. Our further contact information are in Section 10.

SECTION 3 – HOW DO WE COLLECT AND WHAT DO WE DO WITH YOUR PERSONAL DATA?

PURPOSES

We collect information on the Group’s customers and prospective customers and of their contact persons into our Customer Register. This information may include personal data that is processed for the following purposes within the Group:

  • maintaining the Customer Register;
  • invoicing, and provision, sale and delivery of our products and services;
  • to comply with applicable legislation;
  • maintaining, managing and developing our customer relationships;
  • customer service;
  • archiving;
  • customer communication, customer events;
  • direct marketing.

Personal data is also processed for the purposes of improving our products and services, providing statistics, developing our business model, and analysing, grouping and reporting of our customer relationships.

We collect personal data directly from our customers on basis of the customer relationship when customers enter into agreements with us or when they make purchases from us or use our products or services. Furthermore, we collect information from publicly available sources, from our commercial customer relationship management system, and from other commercially available databases. The Customer Register includes personal data that is collected by the subsidiaries of LeadDesk Plc, subject to applicable legislation.

LEGAL BASIS

We process personal data for above purposes for compliance with legal obligations (General Data Protection Regulation Article 6 paragraph 1 point c), and for our legitimate interests (General Data Protection Regulation Article 6 paragraph 1 point f).

Our legitimate interest is to develop the Group’s business and for that purpose to market services and products.

CATEGORIES

For the purposes described above, we process the following personal data:

  • Name
  • Contact details (including email, phone number)
  • Data on the employer (including address and contact details)
  • Position or duties of the data subject

SECTION 4 – TRANSFERS AND DISCLOSURES OF PERSONAL DATA

We use partners in business activities requiring the processing of personal data, and for the purposes of data processing defined in this Privacy Policy. We also occasionally hire other companies to provide certain limited services on our behalf, including e.g. marketing activities. We will only provide these partners and companies the information they need to deliver the services agreed, and they are prohibited from using that information for any other purpose.

With regard to transfers of personal data to countries outside the EU or the EEA where local data protection legislation does not provide adequate level of data protection, the transfers are based on appropriate safeguards, such as standard contractual clauses approved by the European Commission or a competent supervisory authority. To learn more about the appropriate safeguards we use, please contact our Privacy Compliance Officer mentioned in Section 10 of this Privacy Policy.

We will disclose your personal information, without notice, only if required to do so by law or if we in in good faith believe that such action is necessary to (a) conform to the provisions of the law or comply with legal process served on us; (b) protect and defend our rights or property; or, (c) act in urgent circumstances to protect personal safety of the public.

In case we sell our business or part of it or otherwise reorganize our business, personal data processed by us as a controller may be disclosed to bidders and their advisors in accordance with applicable legislation.

SECTION 5 – THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

SECTION 6 – SECURITY

We have taken appropriate technical and organizational measures to protect the security of your personal data and to ensure that your choices for its intended use are honoured. We protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction by appropriate technical measures such as firewalls. Personal data is stored in password-controlled servers with limited access granted only to such persons whose work requires the processing or personal data and thus are granted access to the personal data.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

SECTION 7 – HOW LONG WILL WE KEEP YOUR PERSONAL DATA

The retention time of the collected personal data is subject to the legal basis and processing purpose for which the data were collected. All collected personal data will be retained at least for the period for which the legal basis for processing of personal data applies.

Where the personal data is collected on the basis of an obligation based on applicable law, the retention time of personal data may also be subject to explicit statutory requirement.

We may also retain certain personal data after the termination of the initial processing purpose, should such retention of personal data be necessary to comply with other applicable laws or should LeadDesk need the personal data to establish, exercise or defend a legal claim, on a need to know basis only.

SECTION 8– WHAT RIGHTS DO YOU HAVE?

The customer has the right to withdraw at any time any consent given to us related to personal data or direct marketing by sending us a request in written or in electronic form that is addressed to the Privacy Compliance Officer mentioned in Section 10 of this Privacy Notice. Such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

The data subjects have the right to access the data processed by LeadDesk as a controller and to get incorrect personal data related to them rectified. If you wish to use your right of access or rectification, please proceed as follows.

The request on the use of the right of access or rectification must be in written or in electronic form and be signed, and addressed to the Privacy Compliance Officer mentioned in Section 10 of this Privacy Notice. The request shall contain the basic information needed for finding the requested data. After receiving and processing the request, we will send you a copy of the personal data to the data subject by mail or electronically. We reserve the right not to complete the request of the data subject if the request is manifestly unfounded or vexatious. Should the data subject request for multiple copies or should the data subject submit more than one request per year, we may charge the data subject a reasonable fee based on administrative costs for the execution of the request.

You as a data subject also have the right at any time to request us to erase personal data concerning you and processed by us, and we are obliged to erase the data if there is no longer a legitimate basis for processing the data. Please note that certain data processed may be subject to statutory retention requirements, and regardless of a request of erasure, we cannot erase such data until the end of the statutory retention period.

You as a data subject also have the right to object to or restrict the processing of your personal data if the data has been processed on the basis of legitimate interest, and we are obliged to stop processing such personal data unless we can demonstrate compelling legitimate grounds for further processing of such personal data.

In addition, you as a data subject have the right to file a complaint with the competent supervisory authority regarding our processing of personal data.

SECTION 9 – CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time. Changes and clarifications will take effect immediately upon their posting on the website. Unless otherwise provided in mandatory applicable legislation, we may not personally post changes to this Privacy Notice to the data subjects in person, and therefore we prompt you to check this Privacy Notice from time to time for possible changes.

SECTION 10 – QUESTIONS AND CONTACT INFORMATION

If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information on processing of your personal data, you may contact our Privacy Compliance Officer.

 

Privacy Compliance Officer
c/o LeadDesk Plc
Address: Hämeentie 19, Helsinki, ES, 00500, Finland
Email: privacy@leaddesk.com