VAINU DATABASE PRIVACY STATEMENT

Privacy is important to us, and we are committed to protecting personal information that is processed in our database product and service (hereinafter referred to as “Service”). This database privacy statement explains our purposes and legal basis for what information we may collect about data subjects, sources of information and how the information is processed.

What personal data is included in the Service?

Most of the data processed in the Service consists of information about legal entities, such as Companies key figures, the area of business and general contact details. However, a limited amount of data is collected and processed which may be linked to the name of natural persons based on their public role in in the Company’s business, which has been publicly disclosed in their role as the Company’s representative or is otherwise available and freely accessible in the public domain.

How is the data collected?

The Service is a software-based database, using intelligent data collection technology and machine learning algorithms. The software searches open and public data on a constant basis, extracts, and indexes the data and populates the fields companies with the help of named-entity recognition. The collected data consists of data in the public domain, such as public officials, Patent and Registration offices, company websites, press releases and other source material made available to the public by the Company or its representatives. The Service may also provide links to external websites, where Company related information is published.

How is personal data processed?

Vainu processes only publicly available personal data that is directly related to the person’s role in the Company. Our Service is designed not collect or process any personal data in the Service in excess of what is directly relative to the Company information.  Processing is limited to have a minimal privacy impact and the processing of personal data is not extended beyond what the data subjects could reasonably expect (names and contact details of Company representatives, as available in the original public source). Our intelligent data collection technology constantly re-searches and updates the information we collect and process, which provides that no inaccurate or obsolete personal data related to Companies is stored in the Service beyond a reasonable time. If the original source is updated or removed, the personal data in the Service will also be updated or removed after a short period of time.

How do we ensure the legitimacy of our personal data processing?

The processing of the limited Company related personal data in our Service is based on our legitimate interest to freely conduct business and maintain our Service in accordance with European Union law and national laws. We limit the processing to persons holding a role in public life such as business-people, members of regulated professions and personal data available in the public domain.

Who owns the information?

Vainu operates an intelligent database reflecting information available in public sources and the internet. While we index and store data, we control what data is gathered and how we process it. Our processing is uniquely filtering data that is already available, and we do not use it for any other purpose than making it further available to our customers.

When we make the data accessible to our customer, the customer may use our tool to browse through the data we have indexed, and they may choose to import the data into their systems. In doing so, our customers assume control over the data and process personal data in accordance with their privacy policies. We require our customers to commit to the lawful use of the data provided by us

 

Detailed information about the Vainu Database Record

 

  1. Name of the record

The name of the personal data record is Database Record of Vainu (“Record”). Data subjects of the Record are decision-makers of legal entities, business-people, members of regulated professions and other similar data subjects that are considered to fulfill a role in public life and/or may be in the public interest.

  1. Controller

Vainu. io Software Oy
Pohjoinen Makasiinikatu 3-5
FI-00130 Helsinki
Finland

  1. Contact Information

Contact Us
https://company.vainu.io/#contact-us
Arkadiankatu 6 D
FI-00100 Helsinki
Finland

Data Privacy Officer:

Saara Somersalmi

Arkadiankatu 6 D, 00100 Helsinki, Finland

saara@vainu.io

  1. Purpose and legal basis of processing personal data

Processing of a limited amount of personal data is based on our legitimate interest to freely conduct business and maintain our Service in accordance with Union law and national laws. Processing is limited to persons holding a role in public life such as business-people, members of regulated professions and personal data available in the public domain or which is in the public interest.

In accordance with the statement by the Article 29 Working Party (an independent advisory body established under the EU’s Data Protection Directive (95/46/EC)), business-people and members of the (regulated) professions can usually be considered to fulfill a role in public life.

Our use, processing and maintaining such public data in the database record is limited to have a minimal privacy impact, and processing of personal data is not extended to beyond what the data subjects could reasonably expect during the period that the data subject is in the position at the legal entity, and the same information is available and freely accessible by the public in the public domain.

Personal data in the Vainu database record may be processed for following purposes:

  1. Presenting the personal data in connection with the legal entity, which is connected to the data subject,
  2. Statistical analyses on Companies based on pseudonymized or anonymized data, and
  3. Fulfill the obligations based on law and orders of the authorities.
  1. Regular sources of Personal Data

Vainu collects personal data primarily from open and public data of legal entities, which is available in the public domain or has been made available to the public by the legal entities. Regular sources include national Patent and Registration offices (or their equivalents), public officials, company websites, press releases and other source material made available to the public by the Company or its representatives. All personal data in our database is linked to the source where it was acquired, and our technology is designed to update the personal data based on that source.

  1. Content of Personal Data in the Record

The Record contains a limited amount of personal data which is directly linked to the data subjects’ role in the legal entity. Other personal data is not included in the Record.

The Register may contain the following personal data in connection with the legal entity:

  • Basic information (name, title, position, country),
  • Contact information (phone, email address),
  1. Recipients of Personal Data

Service users and Vainu’s customers have access to the personal data in relation to the Companies they search for, where such data is available in the Service. A limited amount of Company information and relative personal data is also available through the search engine on our website, which may be used without a customer relationship with Vainu.

All personal data that is available to the users and customers of our Service is freely accessible in the public domain, or otherwise available to the public in the same manner and similar format as is provided in our Service.

We may use third parties in providing the Service.

  1. Transfers and handling over of Information

The data that Vainu collects from data subjects is not transferred to, or stored at, a destination outside the European Economic Area (“EEA”).

However, our Service may be used by our customers and other users at a location outside the EEA. As part of the use of the Service, our customers access the database through searches and filters and choose to import data from our database into their systems. We require our customers to commit to the lawful use of the data provided by us, including the lawfulness of any data transfer. By using the Service our customers and users independently evaluate whether they choose to collect and process the personal data which is available in the Service for its purposes.

Personal Data may be disclosed to authorities in cases required by the mandatory local legislation or court order. Data may also be disclosed if the disclosure is permitted by applicable law or regulation.

  1. Retention of Personal Data

Personal data will be stored in the database only as long as and only to the extent that is necessary to provide timely and accurate information on Company decision-makers as part of providing information on Companies included in the Vainu database, as designed in the Service.  When such requirements no longer exist, personal data will be deleted. The requirement is deemed to exist during the period that the data subject is in the position of the legal entity, which has been recorded in the original source. The retention periods for personal data in Vainu have been designed to reflect the retention period of the original data source. The database is automatically updated on a regular basis, and personal data will not be stored beyond a reasonable time after it has been removed from the original source.

  1. Data Protection Principles

The information security of personal data and processing and confidentiality, integrity and usability are ensured with appropriate technical and administrative measures in accordance with Vainu's information security principles. The employees of Vainu have bound themselves to comply with professional secrecy and concealment regarding the information they receive during the processing of personal information. Privacy and security guidelines have been communicated to employees and strictly enforce privacy safeguards within the company.

All databases and information systems are accessible only with individual and personal login information (username and password) granted by Vainu. The rights to access the master database are restricted, so that the information can only be viewed and processed by persons who are legally admitted and required to do so. The customers and users of our Service may only have access to the personal data which is made available in the Service by Vainu.

  1. Rights of the Data Subject

You as a Data Subject whose personal data is governed by the EU General Data Protection Regulation, have the certain rights and this section of the database privacy notice is intended to provide to you information on your rights.

The EU General Data Protection Regulation grants you the below-detailed rights concerning your personal data in the extent that it has been recorded into the Database Record. In the use of your rights, we emphasize that the nature of our service is to collect, index and filter public data, and all personal data in our Record is obtained from other public sources. If the data is modified or removed from the original source, it will also be modified or erased from our Service shortly.

For any of the below detailed rights, please submit all requests and inquiries on data protection primarily to the following address privacy@vainu.io.

Information and access to personal data

The data subject has right to receive information; what data is being collected, the purposes of the processing for which the personal data are intended as well as the legal basis for the processing and the recipients or categories of recipients of the personal dataif any.

If your data is included in the Vainu database, its processing shall be governed by this Vainu Database Record.

Right of access by the data subject

The data subject has the right to obtain from Vainu confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data..

Vainu will confirm to you if your data is included in our Services, what is the data identifiable to you that we have gathered, and provide you with information about the original source of your personal data.

Right to rectification

The data subject shall have the right to obtain from Vainu, without undue delay, the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

We will automatically update the personal data we gather about you when you change the information in the source of the data.

Right to erasure

The data subject has the right to request erasure of personal data in the Register, if the legal basis for processing of personal data has ceased. Despite the request for erasure, the data may not be erased if there is a legal basis for maintaining the data, or if Vainu is obliged to process personal data for the establishment, exercise or defense of legal claims.

We will automatically delete the personal data we gather about you, when you delete the information in the source of the data. Some of the data may be of such nature that it can be preserved based on an exemption of the General Data Protection Regulation or related jurisprudence, such as personal data whose availability is in the public interest.

Right to lodge a complaint

You may also lodge a complaint to the supervisory authority, if you consider that the processing of personal data violates the relevant data protection legislation in force. The national supervisory authority in Finland is Data Protection Ombubsman (tietosuoja@om.fi).

  1. Changes to Database Privacy Statement

Vainu has the right to change or update this Database Privacy Statement at any time, and we recommend that you will read it from time to time.

  1. Google Integration scope definitions

Currently, a user can be asked for these scopes when connecting Google Account to Vainu:

https://www.googleapis.com/auth/gmail.readonly

https://www.googleapis.com/auth/spreadsheets

 

Explanations of each scope and their usages:

https://www.googleapis.com/auth/gmail.readonly

Gmail integration enables to user to create a target group based on email contacts. Gmail integration is optional and the process is started when the user requests it from the user interface.

Only email sender domains are scanned from the email and no exact email data is saved to Vainu databases. This domain is matched to a company and if a company is found this company is saved to users Gmail target group in Vainu. A user can follow triggers/events by companies in this target group. This target group data can only be accessed by the user when he/she is logged in to Vainu. New email domains are scanned periodically from users email. A user can remove and delete the target group at any time from the user interface.

 

https://www.googleapis.com/auth/spreadsheets

Google Spreadsheet scope is used to read and write back company related data to a user-defined spreadsheet.

The authorization is prompted each time user initiates the process from Vainu and OAuth 2.0 code flow is then used to get access/refresh tokens for a single run. Only spreadsheet scope is requested for these tokens.

Spreadsheet data is accessed via API calls using the official Python API client. A sheet is assumed to contain arbitrary company information (such as company names, business ids, addresses, domains, etc.) and this data is matched against Vainu's database of companies. Matched data is then parsed and written back to the sheet using the API client.

Company data read from the sheet is only used at runtime and then discarded - no business information on the sheet is saved to our database. Sheet metadata is however stored for handling the process and allowing easier feedback for the user. This metadata includes sheet ID, name, ranges and column names. No information about the process, or spreadsheet contents is shared between users.