Copyright © Inderes 2011 - present. All rights reserved.

Privacy Statement

PRIVACY STATEMENT - CONSUMER CUSTOMERS

 

This Privacy Statement (“Privacy Statement”) explains how Inderes Oyj (“Inderes” or “Us”) processes the personal data of Users using Inderes' services (“Service”) via Inderes’ websites. 

In this Privacy Statement:
User refers to any natural person using the Service.

Inderes reserves the right to update this Privacy Statement to reflect changes in Inderes’ data processing practices, legal requirements, or operational needs. The most recent version of this Privacy Statement will always be available at Inderes’ websites.

DATA CONTROLLER AND CONTACT INFORMATION

Inderes Oyj, Business ID 2277600-2
Porkkalankatu  5, 00180 Helsinki

Victor Mustala
+358 50 358 1234
privacy@inderes.com

 

PROCESSED PERSONAL DATA AND THEIR SOURCES

Inderes processes the User’s email address, name, and username, which are collected when the User creates a Service account. If the User holds a Premium account, their address is also processed.

Inderes processes profile data collected voluntarily on Inderes’ websites and analyses User behaviour data to enhance the Service’s user experience.

 

PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

Inderes processes personal data in accordance with this Privacy Statement for the purposes listed below, along with their corresponding legal bases:

  • Provision of the Service. Legal basis: performance of a contract or, in some cases, legitimate interest.
  • Fulfilling legal obligations, for example, providing information to competent authorities.Legal basis: statutory requirements.
  • Managing claims and legal proceedings. Legal basis: legitimate interest.
  • Ensuring security and preventing misuse, including fraud prevention and maintaining the cybersecurity of Inderes’ systems and networks. Legal basis: legitimate interest.
  • Customer communication and marketing, including contacting Users about the Service and marketing other relevant offerings. Legal basis: consent or legitimate interest.
  • Improving the Service, for example by analyzing logs and usage patterns, conducting trend analysis, or carrying out customer satisfaction surveys to ensure Inderes’ services meet User needs. Legal basis: consent or legitimate interest.

 

INTERNATIONAL DATA TRANSFERS

Inderes primarily stores personal data within the EU/ EEA. However, Inderes and/or Inderes’ service providers may transfer personal data to, or access it from, countries outside the EU/EEA.

Inderes ensures that personal data is appropriately protected in all countries where it is processed. When personal data is transferred outside the EU/EEA, Inderes takes steps required by applicable data protection laws to ensure an adequate level of protection, including by using appropriate safeguards for such transfers.

 

DISCLOSURE OF PERSONAL DATA

Inderes shares personal data within the organisation (and, where applicable, with group companies) only to the extent reasonably necessary to fulfil the purposes described in this Privacy Statement or to comply with legal or contractual obligations.

Inderes discloses personal data to external third parties only in accordance with this Privacy Statement and applicable law, and only where one of the following applies:

  • Authorized service providers: Personal data may be shared with trusted third-party service providers to help us deliver the Service or perform related functions (e.g., data storage, accounting, event management). For example, when Inderes organises stakeholder events, participant data may be shared with event service providers such as Flik Helsinki Oy. These providers process data strictly on Inderes’ behalf and only for the specified purposes.
  • Contractual and security safeguards: Whenever third parties process personal data on Inderes behalf, Inderes ensures appropriate contractual and organisational measures are in place. These include processing limitations, confidentiality obligations, compliance with applicable laws and regulations, and necessary security controls.
  • Legal requirements and proceedings: Inderes may disclose personal data if Inderes believes it is reasonably necessary to: i) comply with laws, regulations, or court orders; ii) detect, prevent, or address misuse, criminal activity, technical issues, or security risks; or iii) protect the safety, property, and rights of Inderes, Users, or the public. Where permitted by law and where it is practically and technically feasible, Inderes will inform affected Users of such disclosures.
  • Business transactions: In the event of a merger, acquisition, or other business transaction, personal data may be transferred to relevant third parties. Inderes will require such recipients to handle personal data in accordance with applicable data protection laws and to implement appropriate contractual, organisational, and technical safeguards to protect the personal data they receive.
  • With your consent: Inderes may share personal data with third parties outside Inderes when explicit consent has been given. Users may withdraw consent at any time by contacting Us.
  • Other legitimate reasons: Inderes may also disclose personal data when Inderes has another lawful basis to do so under applicable data protection laws, provided that such interests are not overridden by the rights and freedoms of the Users and that appropriate safeguards are in place.

 

STORAGE PERIOD

Inderes does not store personal data longer than permitted by law or longer than necessary to fulfill the purposes described in this Privacy Statement. The storage period depends on the type of personal data and the specific purpose for which it is processed. Therefore, the storage period may vary based on how the data is used.
 

YOUR RIGHTS

Right to access your data

You have the right to access or request a copy of the personal data Inderes processes about you. Inderes may refuse to provide a copy if doing so would compromise the rights or freedoms of others.

Right to withdraw consent

If Inderes processes your personal data based on your consent, you may withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before the withdrawal.

Right to correct data

You have the right to correct or complete any incorrect or incomplete personal data Inderes holds about you.

Right to delete data

You can request that Inderes permanently deletes your personal data from Inderes’ systems. Inderes will carry out the request unless Inderes has a lawful reason not to delete the data.

Right to object to processing

You have the right to object to Inderes’ processing of your personal data where Inderes relies on legitimate interest as the legal basis. Inderes will stop processing your personal data unless Inderes has a legal basis to process your personal data. Please note that exercising this right may limit your ability to fully use the Service.

Right to restrict processing

You have the right to request that Inderes restricts the processing of your personal data, for example, while Inderes reviews a deletion or correction request or when there is no valid legal basis for continued processing. Please note that exercising this right may limit your ability to fully use the Service.

Right to transfer data

You have the right to receive your personal data in a commonly used format and to transfer it to a third party of your choice.

How to exercise your rights

You can exercise these rights by sending an email to the address provided above, including your full name, address, email address, and telephone number. Inderes may ask for additional information to confirm your identity. Requests that are too frequent, excessive, or clearly unfounded may be refused.

 

REFERRAL TO AN AUTHORITY

If you believe that Inderes’ processing of personal data violates applicable data protection laws, you have the right to file a complaint with your local supervisory authority. In Finland, the competent authority is the Finnish Data Protection Ombudsman.

 

CYBER SECURITY

Inderes implements administrative, organisational, technical, and physical measures to protect the personal data Inderes collects and processes. These measures include, where applicable, encryption, pseudonymization, firewalls, secure storage facilities, and systems with restricted access rights. Inderes’ security framework is designed to maintain the confidentiality, integrity, availability, and resilience of Inderes’ processing systems, as well as to enable secure data recovery when necessary.

If, despite these measures, a security breach occurs that is likely to negatively impact your privacy, Inderes will notify the affected individuals and, where required by law, the appropriate authorities as soon as possible.

 

Inderes’ Disclaimer can be found here. Detailed information about each share actively monitored by Inderes is available on the company-specific pages on Inderes’ website. © Inderes Oyj. All rights reserved.