This Privacy Notice was last updated on 9 March 2023.
When you use our products, visit our website, apply for a job with us or otherwise are in contact with us we may collect, use, share, and process data relating to you (“Personal Data”). We want you to be well informed regarding how we process your Personal Data and this is why we have prepared this Privacy Notice. A reference to “LeadDesk” “we” or “us” is a reference to LeadDesk Oyj (Business ID 2299022-8) and its affiliates involved in the processing activity.
Depending on the circumstances, we might process Personal Data both as a controller or as a processor. This Privacy Notice applies to when we process your Personal Data as a controller. For the avoidance of doubt, this Privacy Notice does not apply to scenarios where we process your Personal Data in the role of a processor, a common example is as a service provider on behalf of our customers. We are processors for example in situations where our customers or their affiliates use our products and services or otherwise collect, use, share or process Personal Data via our products and services. In these situations the applicable LeadDesk customer is the data controller and that customer’s privacy notice applies. We are not responsible for the privacy or data security practices of our customers, and they may differ from those explained in this Privacy Notice.
There are many reasons for why we might process your Personal Data. These might include, but are not limited to the following scenarios:
- You visit our websites or social media pages;
- We display to you personalized advertisements and content;
- You register interest in, or attend our events, or visit our offices;
- You communicate with us, including but not limited to emails, phone calls, and texts;
- You are employed by a customer using our products and services and your information has been shared with us in our capacity as a controller (for example, to set up your account);
- You send us a contact or user support request;
- We provide and optimize the performance of our services;
- You download our applications;
- We invoice for our services and manage our accounts (including usage and licensing compliance);
- We maintain the security of LeadDesk and its services;
- You act as or work for a service provider or supplier to LeadDesk, to the extent where LeadDesk acts as a controller with respect to your Personal Data;
- We administer surveys and conduct research; and
- We comply with our legal obligations.
We only collect and process your Personal Data to the extent that is necessary for fulfilling the purpose for which it has been collected, and where we can rely on a legal basis for such processing. Where required, we will ask you for your prior consent to processing.
Below you can read in more detail how we process your Personal Data in different situations and your rights related to such processing.
SECTION ONE – WHEN AND WHY DO WE PROCESS YOUR DATA
Using LeadDesk services and products
We collect Personal Data directly from you when you register to use, and use our services or products. This data may include information such as your name, company, telephone number, IP address and email. Furthermore, we collect data regarding your use of LeadDesk’s software services. This data includes information on your usage of the service (e.g. how often you log in and how long you use the service), and can include information and statistics on your sales activities (e.g. amount of phone calls made and number of registered sales). This data is used to provide you with statistics.
When you use our services or products, we process your Personal Data primarily for purposes of providing you with the opportunity to use said products and services, and their functionalities. We process the Personal Data based on at least one of the following criteria:
- our legitimate interest;
- an agreement entered into with you or your employer;
- your consent;
- requirement for compliance with a legal obligation to which we are subject.
An example of our legitimate interest might be to improve the quality of our services, or prevent and resolve possible misconduct.
You may at any time request removal of your registration to, and use of, our services or products. Removal of the registration will not impact Personal Data processed by your employer, when your employer is the controller of the Personal Data.
You might also use our products and services through our mobile application(s). When you use our standard mobile application(s) the Personal Data processed by us doesn’t differ from that which would be processed if you use our services over your internet browser. Our standard mobile application(s) does not collect your location data. However, in some instances we might have provided our customer (your employer, client or similar entity) with a customized application. In these situations, our customer might have decided that the application will process location data of the users or other Personal Data specified by the customer. In these situations our customer is the controller of the Personal Data and the privacy terms and notices of our customer will apply.
Visiting our website
You may use our website without providing any directly identifiable Personal Data about you. In this case, we will collect metadata that results from your use of our website, including referral page, data and time of access, data volume transmitted, status of transmission, type of web browser, IP-address, operating system and interface, language, and version of browser software. Your IP-address is processed to enable your access to our website, and the other metadata mentioned above is processed for purposes of obtaining information that helps us learn about your browser and operating system, and to help us analyse how the site is used. We are not able to directly identify you on the basis of the collected metadata.
The provision of your Personal Data as described in this Privacy Notice may partly be a contractual requirement and partly a statutory requirement. When you use our website, you may be required to provide us with certain Personal Data for purposes specified in this Privacy Notice. Not providing your Personal Data may result in disadvantages for you, e.g. you may not be able to use our website or certain functionalities of it.
In addition to metadata collected automatically, we also collect certain Personal Data directly from you when you provide information on our website voluntarily, for instance, by requesting a LeadDesk demo, submitting support requests, or by subscribing to a free trial. In such cases, you are asked to provide basic information about yourself, such as name, phone number and email address.
Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Notice or our website’s terms of service. Our website may also contain links that may direct you away from our site. We are not responsible for the privacy practices of any other websites and encourage you to read their privacy statements.
Applying for a job
You might also provide us with information when applying for a job through the People section of our website or through other channels. The information related to processing the Personal Data submitted in connection with applying for a job is specified in LeadDesk’s Privacy Notice for Job Applicants.
We may send you emails about new products and other updates only with your permission. If we ask for your Personal Data for a secondary reason, such as marketing, we will ask you directly for your expressed consent. Where you have given your consent and change your mind later, you may withdraw your consent at any time, by contacting our Data Protection Officer (DPO) mentioned in Section 10 of this Privacy Notice.
SECTION 2 – DISCLOSING PERSONAL DATA TO THIRD PARTIES
We use partners in business activities requiring the processing of Personal Data, and for the purposes of data processing defined in this Privacy Notice. We also occasionally hire other companies to provide certain limited services on our behalf, including e.g. marketing activities. We will provide these partners and companies only the data they need to deliver the agreed services, and they are prohibited from using that data for any other purpose.
We may share Personal Data with the following parties:
- Affiliates within our current or future corporate group that process Personal Data;
- Our subcontractors that process Personal Data on our behalf;
- If you are using our services as a user, with the LeadDesk customer responsible for your access to the service;
- Third-party networks and websites so that we can advertise on their platforms;
- Sponsors of events, webinars or contests for which you register with us;
- Specifically in relation to our LeadApp store, with our partners who may contact you regarding their products or services; or
- External advisors for example in the fields of consultancy, banking, legal, insurance, and accounting services.
In general, the third-party providers used by us will only collect, use and disclose your Personal Data to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy notices in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
Except for as mentioned in this Privacy Notice, we will disclose your Personal Data, without notice, only if required to do so by law or if we in good faith believe that such action is necessary to (a) conform to the provisions of the law or comply with legal process served on us; (b) to protect and defend our rights or property; or, (c) to act in urgent circumstances to protect personal safety of the public.
In case we sell our business or part of it or otherwise reorganize our business, Personal Data processed by us as a controller may be disclosed to buyers and their advisors in accordance with applicable legislation.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in the European Union (EU) and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation.
SECTION 3 – TRANSFERS AND DISCLOSURES OF PERSONAL DATA
Regarding transfers of Personal Data to countries outside the EU/EEA where local data protection legislation does not provide adequate level of data protection, the transfers are based on appropriate safeguards, such as standard contractual clauses approved by the European Commission or a competent supervisory authority. To learn more about the appropriate safeguards we use, please contact our DPO mentioned in Section 10 of this Privacy Notice.
SECTION 4 – SECURITY
We have taken appropriate technical and organizational measures to protect the security of your Personal Data and to ensure that your choices for its intended use are honoured. We protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction by appropriate technical measures such as firewalls. Personal Data is stored on password-controlled servers with limited access granted only to such persons whose work requires the processing of Personal Data and thus are granted access to the Personal Data.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 5 – HOW LONG WILL WE KEEP YOUR PERSONAL DATA
Our policy is to store and process your Personal Data only for as long as is necessary for providing our services or as is required by applicable law.
With respect to data pertaining to users who have registered to, and use our services or products, we may delete Personal Data after you, as a user, have cancelled your registration, or in the case where you have not logged into the LeadDesk online platform during the previous 24 months. In case you are working for our customer the time might depend on a separate agreement between the customer and us.
Where the Personal Data is collected on the basis of an obligation based on applicable law, the retention time of Personal Data may also be subject to explicit statutory requirement.
We may also retain certain Personal Data after the termination of the initial processing purpose, should such retention of Personal Data be necessary to comply with other applicable laws or should LeadDesk need the Personal Data to establish, exercise or defend a legal claim, on a need-to-know basis only.
SECTION 6 – WHAT RIGHTS DO YOU HAVE?
This section describes the rights that you as a data subject have regarding the processing of your personal data. Please note that some of the rights may contain restrictions – for instance, we have a legal obligation to store some of our users’ Personal Data for certain periods, so even if you request for it to be deleted, we will store it until we no longer have a legal obligation to do so.
Right to access your Personal Data
You have the right to make an inquiry, at any time, asking if LeadDesk is processing your personal data. If LeadDesk is processing your data, you have the right to access the data processed by LeadDesk as a controller.
Right to rectification
If the information LeadDesk stores about you is incorrect, you have the right to have such inaccurate data corrected or completed.
Right to be forgotten
You as a data subject also have the right at any time to request us to erase Personal Data concerning you and processed by us, and we are obliged to erase the data if there is no longer a legitimate basis for processing the data. Please note that certain data processed may be subject to statutory retention requirements, and regardless of a request of erasure, we cannot erase such data until the end of the statutory retention period.
Right to restrict processing or object to it
You as a data subject also have the right to object to or restrict the processing of your Personal Data if the data has been processed on the basis of legitimate interest, and we are obliged to stop processing such Personal Data unless we can demonstrate compelling legitimate grounds for further processing of such personal data.
Right to data portability
In case the processing of your Personal Data is based on consent or on a contractual relationship, you have the right to get your Personal Data in a commonly used, machine-readable format so you can transfer such data to another company.
If you wish to use your rights mentioned above, please proceed as follows.
The request must be in written or in electronic form and be signed, and addressed to our DPO (or, in the event of requests related to the Personal Data provided through the website’s careers section, the contact person mentioned in LeadDesk’s Privacy Notice for Job Applicants.). The request shall contain the basic information needed for finding the requested data. After receiving and processing the request, we will send you a copy of the Personal Data by mail or electronically. We reserve the right not to complete your request if the request is manifestly unfounded. Should you request multiple copies or submit more than one request per year, we may charge you a reasonable fee based on administrative costs for the execution of the request.
In addition, you have the right to file a complaint with the relevant supervisory authority regarding our processing of personal data.
SECTION 7 – COOKIES
You can prevent the setting of non-mandatory cookies by adjusting the settings when first entering our site and later on through the “Privacy and Cookies Policy” tab or on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of our website. Therefore, it is recommended that you do not disable cookies.
The Cookies We Set
This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.
When you submit data to through a form such as those found on contact pages, cookies may be set to remember your user details for future correspondence.
Third-party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit, which helps us to understand how we can improve the site for you.
From time to time, we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
As we sell products, it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites, including Facebook, Twitter and LinkedIn, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
Hopefully the above description has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. However, if you are still looking for more information, you can contact our DPO.
SECTION 8 – MINORS
Our website and services are not directed at minors. We do not knowingly collect Personal Data from children under the applicable age limit in the relevant jurisdiction. If you are a guardian and believe your child has provided us with Personal Data without your consent, please contact our DPO.
SECTION 9 – CHANGES TO THIS PRIVACY NOTICE
We reserve the right to modify this Privacy Notice at any time. Changes and clarifications will take effect immediately upon their posting on the website. Unless otherwise provided in mandatory applicable legislation, we will not personally inform you about changes to this Privacy Notice, and therefore we prompt you to check this Privacy Notice from time to time for possible changes.
SECTION 10 – QUESTIONS AND CONTACT INFORMATION
If you would like to access, correct, amend or delete any Personal Data we have about you, register a complaint, or simply want more information on processing of your personal data, you may contact our DPO.
Data Protection Officer
c/o LeadDesk Plc
Address: Hämeentie 15, 00500 Helsinki, Finland