Data Privacy Statement LeanICT Oy

Introduction

LeanICT respects your privacy and is committed to protecting your personal data. This Data Privacy Statement describes how we process your personal data and how you can exercise your rights. The Data Privacy Statement is available on our website at leanict.fi.

Company Information

LeanICT provides software and services to both public and private clients in Europe. Our headquarters are in Espoo, and our operations are governed by EU data protection regulations. Our Data Protection Officer oversees compliance with data protection practices.

Applicability of Data Privacy Statement

This privacy statement applies to all LeanICT’s processes, domain names, mobile applications, and cloud services. Applicable service descriptions, privacy policies, and separate data processing agreements specify and, if necessary, limit the details and procedures of data protection for each service and customer.

Data Privacy and Data Retention

Privacy is of utmost importance to us. We adhere to at least the requirements of EU data protection laws in all our activities. Our employees receive regular data protection training. Applicable service descriptions with attachments define the details and implementation methods of our data protection practices. Our goal is to operate in accordance with CSA CCM, ISO/IEC 27001, KATAKRI, OWASP, and VAHTI standards.

We retain your personal data only for as long as necessary for the stated purposes and to fulfill legal obligations. We regularly delete outdated and unnecessary personal data from our records.

Personal Data

Personal data refers to information that can likely be used to identify and recognize an individual. Typical examples of personal data include names, addresses, phone numbers, and email addresses.

LeanICT as Data Controller

We act as a data controller when we determine the purpose and methods of processing your personal data. We are also a data controller when we collect personal data about you as a customer, potential customer, job applicant, or end user of our service. We process personal data, among other things, to fulfill contracts or based on legitimate interests.

Processing of Personal Data on Behalf of Customers

Our services involve the processing of personal data of our customers’ employees and other individuals. In this case, the customer determines the purpose of processing personal data and acts as the data controller, while LeanICT acts as the data processor. The customer determines and is responsible for the legal bases for processing personal data. The customer must also comply with the data controller’s obligation to provide information to data subjects.

Sub-processors and Data Transfers

We may use sub-processors for the processing of personal data. In this case, we may transfer personal data outside the EU. When using sub-processors, LeanICT enters into data processing agreements with them. We ensure the legal basis for international transfers, for example, through EU standard contractual clauses. More specific and often more restrictive terms and conditions for LeanICT’s services are available in the applicable service descriptions.

Marketing communication

In terms of marketing communication, we follow the principles and practices defined by Saarni Cloud our parent company. A register is maintained of customers, potential customers, and their contact persons of our group’s various businesses. The content of the register is limited to only those organisations and persons who are estimated to be interested in the services offered by our group or ecosystem partners. Targeted marketing communication can be sent to entities in the register by the group, the group’s various business functions or our ecosystem partners. At the end of each marketing message or newsletter, there are instructions for withdrawing consent to marketing communication.

Your Rights

You have all the rights under EU privacy laws. For example, you can request a summary of your personal data, request corrections to incorrect personal data, and object to the processing of personal data.

Acceptance of the Data Privacy Statement

Do not use LeanICT’s pages or services if you do not accept LeanICT’s Data Privacy Statement and the processing of personal data within its scope.

Withdrawal of Consent

You have the right to withdraw your consent and opt out of receiving marketing communications. Instructions for withdrawing consent are provided at the end of newsletters. Nevertheless, you may still receive administrative communications from LeanICT, such as notifications related to account management and services for customers.

Changes to the Data Privacy Statement

Changes to the Data Privacy Statement will be published on this page along with a new date. If necessary, we may also inform you of changes through newsletters or social media channels.

Contact

If you have any questions or comments regarding the privacy statement, please contact us via email at dpo@saarnicloud.com. You can also write to us at Saarni Cloud Oy, Data Protection Officer, Hatsinanpuisto 8, 02600 Espoo. Your requests and complaints will be handled confidentially and as quickly as possible.

This Data Privacy Statement was last updated on February 27th, 2024.