Privacy Policy
Customer Register
Database Privacy Statement
Security at Vainu

Data Privacy Statement

Your privacy is important to us, and we are committed to protecting your personal information that you may provide to us. This privacy statement explains what information we may collect about you, if you browse our website and use the freely accessible service, or if you would like to learn more about our services, future development or other similar matters, and in connection you provide us with your contact details.

This privacy statement is prepared by Vainu. io Software Oy with business ID 2557864-2 (“Vainu“) regarding collection of data related to websites www.vainu.com and vainu.io (and any of its sub-sites), blogs, events arranged by Vainu. io Software Oy or its subsidiaries, and to other marketing purposes. All subsidiaries of Vainu Corporation also apply the principles and policies described herein.

The purpose of this statement is to provide information to i) website visitors and ii) subscribers of newsletters, blogs and other materials, about what information may be collected and how the information is used. By using our website and/or if you submit your personal data to Vainu, your personal data may be processed as explained in this data privacy statement. This privacy statement also explains your rights concerning the personal data that we process in connection with the above mentioned activities.

By using our website, you may be asked to provide us with your e-mail address if you are interested about our service, so that we may be in contact with you. By contacting you, we may provide you with more information about our service, provide you with instructions about trying our service in a demo session, answer any questions that you may have or in general provide you with relevant updates concerning the development of our service and other interesting details about current updates.

If you would just like to receive relevant updates, you may subscribe for our newsletter and blog updates, and ask for a demo session later, if you and/or your organization think that Vainu’s service would be useful to your organization.

After you have provided us with your contact details, you may at any time change your mind and use the unsubscribe button at the bottom of each email that you receive from us. After this, you will not receive any more relevant updates from Vainu.

Vainu will only use your contact details in accordance with this Data Privacy Statement, which may be found in full below. We will not use your e-mail address for direct marketing purposes without your explicit consent, or sell your contact details to any third parties.

1. Name of the register

The name of the personal data register is Contact Register of Vainu (“hereinafter Register”). Data subjects of the Register are the users of Vainu’s website and the subscribers of newsletters and/or other materials through Vainu’s website or by other identifiable means.

2. Controller

Vainu. io Software Oy
Eteläesplanadi 12
FI-00130 Helsinki
Finland

3. Contact Information

Contact Us
https://www.vainu.com/about-us/
Eteläesplanadi 12
FI-00130 Helsinki
Finland

Data Privacy Officer:

Sami Kekäläinen

Eteläesplanadi 12, 00130 Helsinki, Finland

sami@vainu.io

4. Purpose and legal basis of processing personal data

When using the site, some personal data that can be connected to an individual person may be collected and processed. The legal basis for processing personal data is Vainu’s legitimate interest and/or consent provided by an individual, when providing his/her personal data in connection with a subscription of blog posts, newsletters or other materials at our website or by other identifiable means. Data subject has the right to withdraw his or her consent at any time in an easy way, for example by using the unsubscribe link at the bottom of each email that is sent to data subjects and following the simple instructions at the unsubscription page.

Processing of personal data will be limited to what is justifiable to provide our website users with improved experience when browsing at our website, and to what is deemed necessary for Vainu in carrying out its business and improving its services, provided that these interests are not outweighed by the data subjects rights and interests.

If a data subject has provided personal data with his/her consent, they are referred to in this statement as a “Participant”. Participant means a person, who fills in forms of Vainu or otherwise registers to any of the seminars or events. With Participant is also meant any other person, who submits his/hers information for contact purposes to Vainu for example through Vainu's website, online chat, by e-mail or any other way.

Personal data of the Contact register may be processed for following purposes:

  1. sending monthly newsletters and daily blog notifications,
  2. registration to the events of Vainu and provide information regarding the events,
  3. direct marketing, if the Participant has given consent;
  4. operational management, administration, analysis, categorization and development of the participant data,
  5. improve and develop Vainu’s services and products,
  6. statistical analyses,
  7. development and reporting related to the business operations, and
  8. fulfil the obligations based on law and orders of the authorities.

5. Regular sources of Personal Data

Vainu collects personal data primarily from the Participants, from Vainu’s customer database and through cookies.

6. Content of Personal Data in the Register

If the Participant decides to provide Vainu his/her personal information, Vainu collects the information the Participant provides by filling in forms or contacting us. This includes information needed to fulfil the necessary actions regarding newsletter subscriptions, content downloads, registration to events and webinars, informing participants and marketing objectives. To improve services Vainu may ask Participant to provide us with additional information about Participant such as professional interests, experiences with Vainu as well as more detailed contact preferences. When you provide Vainu with any personal information you consent to us collecting and using that information according to this policy.

The Register may contain the following personal data:

  • Basic information (name, title, position, profession, country),
  • Contact information (phone, e-mail address),
  • The Company/Organisation represented and its technology stack,
  • Chat discussions, and
  • Participant’s activity (submission of reviews, information on received/opened e-mails from Vainu)

7. Use of cookies and related technology

With the cookies Vainu can collect information about Participant’s usage of internet and online service in general. With this information we can improve our website and the services to meet the needs of Participant such as offer services targeted more accurately to Participant’s liking, e.g. by saving your favorites and by identifying you every time you return to our site. Cookies may be disabled from Participant’s browser. Please note that by disabling cookies can prevent you from using some content/services in our website.

Vainu may use other technologies or third party analytical software to collect and use certain non-personal data that does not enable Vainu to identify the person. Vainu may use such non-personal data for purposes of analysing usage of the websites and services, and managing, providing and further developing the websites and services.

Non-personal data may include general, aggregated or demographic information. It will not be linked to any personal information, through cookies or other means, without person’s consent. This type of anonymous, aggregated profiling and session data may include information that the person has provided to Vainu through the use of the websites, services or products, or taking a part in surveys, polls, etc. However, it will not be tied to any personal information, without the person’s consent.

8. Transfers and handling over of Information

The data that Vainu collects from Participant may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers (e.g. if our service provider or supplier is located outside EEA). The information may also be disclosed to a third party during a negotiation of any merger or acquisition and the receiving party has undertaken to follow non-disclosure liabilities with respect to the disclosed information. Only necessary personal data is shared with these third parties.

Vainu will only disclose personal data based on a contract to third parties operating outside EU/EAA, which have taken steps to ensure that adequate data protection arrangements are in place in accordance with the data protection regulation. These may include, but are not limited to, standard contractual clauses provided by the European Commission, Privacy Shield compliance and certificate or Data Protection Agreements.

Personal Data may be disclosed to authorities in cases required by the mandatory local legislation or court order. Data may also be disclosed if the disclosure is permitted by applicable law, regulation or agreement or consented by the Participant.

9. Retention of Personal Data

Personal data will be stored only as long as and only to the extent that is necessary in relation to the initial and compatible purposes of processing. When such requirements no longer exist, personal data will be deleted. The requirements is deemed to exist during the period that the Participant receives emails or other materials from Vainu based on consent. If the data subject has unsubscribed from receiving any communication from Vainu and there is no other legal basis for processing, personal data will be stored for a limited amount of time, should the Participant wish to re-subscribe to receive information from Vainu. Vainu will keep up to date internal policies regarding the erasure of such personal data from the Register.

In any event the personal data is stored in accordance with possible applicable lawful storing period.

Vainu evaluates the need to store personal data regularly. In addition, Vainu performs all possible reasonable measures to ensure that any inaccurate, incorrect or outdated personal data will be deleted or corrected without delay.

10. Data Protection Principles

The information security of personal data and processing and confidentiality, integrity and usability are ensured with appropriate technical and administrative measures in accordance with Vainu's information security principles.

Vast majority of Vainu’s personal data is in electronic form. In case there are physical documents containing personal data, such documentation is destroyed immediately. The servers used by Vainu are protected by appropriate firewalls and technical security.

All databases and information systems are accessible only with individual and personal login information (username and password) granted by Vainu. The rights to access the database are restricted, so that the information can only be viewed and processed by persons who are legally admitted and required to do so.

The employees of Vainu have bound themselves to comply with professional secrecy and concealment regarding the information they receive during the processing of personal information. Privacy and security guidelines have been communicated to employees and Vainu shall strictly enforce privacy safeguards within the company.

11. Rights of the Data Subject

Data Subjects have the following rights concerning the information what has been recorded into the Register.

Information and access to personal data

Data subject has right to receive information; what data is being collected, the purposes of the processing for which the personal data are intended as well as the legal basis for the processing and the recipients or categories of recipients of the personal data, if any.

Right of access by the data subject

Data subject has the right to obtain from Vainu confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. If a request is made by the data subject, Vainu will provide a copy of the personal data undergoing processing. Obtaining the copy of personal data shall not adversely affect the rights and freedoms of others.

Right to rectification

Data subject shall have the right to obtain from Vainu, without undue delay, the rectification of inaccurate personal data concerning him or her.

Taking into account the purposes of the processing, data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. In case there are changes in personal data recorded in the Register, the data subject must notify such changes to Vainu. In addition, Vainu is responsible for ratifying data it recognizes erroneous itself without delay.

Data used for direct marketing

Data subject has the right to object processing, to the extent that it is related to direct marketing, whether with regard to initial or further processing, at any time and free of charge.

Vainu shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Vainu will inform data subject about those recipients if data subject requests it.

Right to erasure

Data subject has the right to request erasure of personal data in the Register, if the legal basis for processing of personal data has ceased. Despite the request for erasure, the data may not be erased if Vainu is obliged to process personal data for the establishment, exercise or defense of legal claims.

Right to data portability

Data subjects have the right to receive personal data concerning him or her, which he or she has provided to Vainu, in a structured, commonly used and machine-readable format and it is deemed technically appropriate and not disproportionate for Vainu, the right to transmit the data to another controller.

Contact details for requests

All requests concerning the exercise of data subjects’ rights may be submitted primarily to the following address privacy@vainu.io.

Request for access to personal data (Article 15), request for rectification (Article 16), and request for restriction of processing (Article 18) may, in addition, be delivered to Data Privacy Officer.

You may also lodge a complaint to the supervisory authority, if you consider that the processing of personal data violates the relevant data protection legislation in force. The national supervisory authority in Finland is Data Protection Ombubsman (tietosuoja@om.fi).

12. Changes to privacy statement

Vainu has the right to change or update this privacy statement at any time. We recommend that you will read the privacy statement from time to time.

Vainu Customer Register

1. Controller

Name: Vainu. io Software Oy (Business-ID 2557864-2) (hereinafter “Vainu”). All subsidiaries of Vainu Corporation also apply the principles and policies described herein.

Address: PL 220, 00101 Helsinki

Contact Details : info@vainu.io

2. Data Privacy Officer

Name: Sami Kekäläinen

Address: Eteläesplanadi 12, 00130 Helsinki, Finland

Contact Details (i.e. phone number, email address): sami@vainu.io

3. Name of Register

The name of the personal data register is Customer Register of Vainu (“hereinafter Register”). Data subjects of the Register are Customers of Vainu and parties who have subscribed the demo version of Vainu’s service (“hereinafter Customers”).

4. Purposes and legal basis of processing personal data

The main purpose of the register is management of customer relationships.

The personal data of the Customers is processed for the following purposes:

  • Carrying out and administering the customer relationships
  • To create, develop, operate, deliver, and improve products, services, content and advertising
  • Customer communications such as sending notices, communications about purchases and changes to our terms, conditions, and policies
  • Carrying out customer satisfaction surveys and monitoring the results
  • Creating statistics and analytics about customers and
  • Direct marketing based on customer relationship
  • Creation of personal user identification and password mandatory for using the service and administering such prospective client and user

The legal basis for the processing of personal data is performance of a contract and legitimate interest of the controller.

In addition, Vainu’s Service provides to the endusers of our Customers the possibility to link their email or other accounts to the Service. Explicit consent is required from the endusers for this processing. In doing so, we may receive the limited data as explicitly granted by you that we will process in accordance with this policy.

In general, our services are designed in a manner that we do not collect or store all of data to which you may provide us access, but minimize our processing through technology. The purpose is to provide the endusers with automated information concerning the legal entities from the Service they are in contact with through their email or other accounts.

The endusers may at any time disconnect the link between the Service and their email or other accounts at their own will, after which the processing will cease. Vainu does not store the contact details or contents of any emails during the processing.

5. Legitimate interest of the controller

The processing of personal data for marketing purposes based on prior business and/or contractual relationship with Customers is regarded as legitimate interest of the controller.

6. Personal Data Groups

The Register contains the following personal data:

  • Basic information on the user such as name, title, role, email address, phone number
  • User credentials such as personal user identification and password, authentication data for integrations, saved searches, permissions, saved reports
  • ICT and security data such as IP-address, cookies
  • Historical data such as signup date, last login, other usage data, analytics
  • Client feedback and marketing data such as chat and other communication with prospects and customers, feedback from customers
  • Customer specific information such as information received from meetings or phone calls, which is deemed necessary for the administration of customer relationships

7. Regular sources of personal data

Personal data is primarily collected from the signed agreements by Customers and from the data subject or colleague/manager of the data subject. In the registration process, the nature content of collected data depends on information which the Customer/user has submitted. Personal data is also collected directly from the Customers in connection with information received during phone calls, meetings or other collaboration in connection with the administration of the business relationship, which may be added to the register by Vainu employees.

8. Automated Decision-making and Profiling

Data concerning the use of the service by Customers is assessed by Vainu. The purpose is to provide targeted customer content in both when using the software and customer communication (emails, website, software, chat, 1 on 1 communication, recommendations on available features) based on the used features, adaptation of content and customer satisfaction feedback. These procedures include automated profiling.

9. The Recipients of Personal Data

Primary recipient of personal data are employees of Vainu. The controller may disclose the personal data to its group companies, subsidiaries and other third parties based on contractual obligations or authority demands.

Personal information may be shared with companies who provide services such as information processing, maintenance, fulfilling customer orders, delivering services, managing and enhancing customer data, providing customer service, assessing interest in products and services, and conducting customer research or satisfaction surveys.

For the above mentioned purposes, personal data of the Customers can, based on performance of a contract, be disclosed to the following parties:

  • System vendors and administrators of the servers
  • Cooperation partners and service providers
  • Communication platforms such as Slack.
  • Contact register. Customer data is partly transferred to the internal contact register of Vainu.

In case necessary by law, legal process, litigation, and/or requests from public and governmental authorities, Vainu may disclose your personal information.

10. Transfer of Data outside EU/EAA

In connection with the purposes for processing personal data in the Register, Vainu may transfer certain information to trusted third parties, which transfer and store the data outside EU/EAA area. Transfer of personal data is secured in accordance with the requirements of the law. Only limited amount of personal data is transferred to Vainu’s service providers, which is necessary for the performance of the tasks in accordance with the service contract in place.

Vainu will only disclose personal data based on a contract to third parties operating outside EU/EAA, which have taken steps to ensure that adequate data protection arrangements are in place in accordance with the data protection regulation. These may include, but are not limited to, standard contractual clauses provided by the European Commision, Privacy shield compliance and certificate or Data Protection Agreements.

11. Storage Period of Personal Data

Personal data will be stored only as long as and only to the extent that is necessary in relation to the initial and compatible purposes of processing. In any event the personal data is stored in accordance with possible applicable lawful storing period.: Personal data will be stored with the following time period or criteria used to determine that time period: The personal data received based on customer relationship is stored for a period of two (2) years, from the termination of the contract

The controller evaluates the need to store personal data regularly. In addition, the controller performs all possible reasonable measures to ensure that any inaccurate, incorrect or outdated personal data will be deleted or corrected without delay.

12. Data Security principles of Personal Data

Vast majority of the controllers personal data is in electronic form. In case there are physical documents containing personal data, such documentation is destroyed immediately. The servers used by controller are protected by appropriate firewalls and technical security.

All databases and information systems are accessible only with individual and personal login information (username and password) granted by the controller. The rights to access the database are restricted, so that the information can only be viewed and processed by persons who are legally admitted and required to do so.

The employees of the controller have bound themselves to comply with professional secrecy and concealment regarding the information they receive during the processing of personal information. privacy and security guidelines have been communicated to employees and strictly enforce privacy safeguards within the company.

13. Right of access and right to rectification by Data Subject

Information and access to personal data

Data subject has right to receive information; what data is being collected, : the purposes of the processing for which the personal data are intended as well as the legal basis for the processing and the recipients or categories of recipients of the personal data, if any.

Right of access by the data subject

Data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. The controller shall provide a copy of the personal data undergoing processing. Obtaining the copy of personal data shall not adversely affect the rights and freedoms of others.

Right to rectification

Data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Taking into account the purposes of the processing, data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. In case there are changes in personal data recorded in the Register, the data subject must notify such changes the controller. The controller is responsible for ratifying data it recognises erroneous itself without delay.

Data used for direct marketing

Data subject has the right to object processing, to the extent that it is related to direct marketing, whether with regard to initial or further processing, at any time and free of charge.

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform data subject about those recipients if data subject requests it.

The request may be submitted to the following address info@vainu.io.

Request for access to personal data (Article 15), request for rectification (Article 16), and request for restriction of processing (Article 18) may, in addition, be delivered to Data Privacy Officer.

14. Right to erasure

The controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • personal data that is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
  • personal data have been unlawfully processed;
  • personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

Despite the request for erasure, the data does need to be erased in case the controller is obliged to process personal data for the establishment, exercise or defense of legal claims.

The controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that data subject has requested the erasure by such controllers of any links to those personal data.

15. Right to restriction of processing

Data subject has the right to obtain from the controller restriction of processing where one of the following applies:

  • the processing is unlawful and data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by data subject for the establishment, exercise or defence of legal claims;

In case data subject has demanded for restriction of processing, the personal data may be processed only based on consent of data subject (excluding storage of data) OR for the establishment, exercise or defense of legal claims OR protect the vital interests of data subject or of another natural person OR to protect vital interest pursuant to Union or Member State law.

Data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted, besides if the provision of such information proves impossible or would involve a disproportionate effort.

16. Right to withdraw the consent and right to object

Data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The right to object shall not apply when processing of personal data is necessary for the performance of a contract or when processing is necessary for compliance with a legal obligation.

Data subject is obliged to object processing of personal data when the lawfulness of the processing is based on the controller’s legitimate interest

17. Right to Data Portability

When the processing is based on consent or on a contract:

  • Data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have
  • In case technically appropriate and not disproportionate for the controller, data subject has right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. Transmission of data shall not adversely affect the rights and freedoms of others.

18. Right to lodge a complaint to supervisory authority

Data subject has a right to lodge a complaint with a supervisory authority, in case data subject considers that the processing of personal data violates the relevant data protection legislation in force. The national supervisory authority is Data Protection Ombudsman.

Data Protection Ombudsman: Visiting address: Ratapihantie 9, 6th floor: 00520 Helsinki: FINLAND

Postal address: : P.O. Box 800: 00521 Helsinki: FINLAND

Telephone exchange: +358 29 56 66700: E-mail: tietosuoja@om.fi

Vainu Database Privacy Statement

Privacy is important to us, and we are committed to protecting personal information that is processed in our database product and service (hereinafter referred to as “Service”). This database privacy statement explains our purposes and legal basis for what information we may collect about data subjects, sources of information and how the information is processed.

What personal data is included in the Service?

Most of the data processed in the Service consists of information about legal entities, such as Companies key figures, the area of business and general contact details. However, a limited amount of data is collected and processed which may be linked to the name of natural persons based on their public role in in the Company’s business, which has been publicly disclosed in their role as the Company’s representative or is otherwise available and freely accessible in the public domain.

How is the data collected?

The Service is a software-based database, using intelligent data collection technology and machine learning algorithms. The software searches open and public data on a constant basis, extracts, and indexes the data and populates the fields companies with the help of named-entity recognition. The collected data consists of data in the public domain, such as public officials, Patent and Registration offices, company websites, press releases and other source material made available to the public by the Company or its representatives. The Service may also provide links to external websites, where Company related information is published.

How is personal data processed?

Vainu processes only publicly available personal data that is directly related to the person’s role in the Company. Our Service is designed not collect or process any personal data in the Service in excess of what is directly relative to the Company information. Processing is limited to have a minimal privacy impact and the processing of personal data is not extended beyond what the data subjects could reasonably expect (names and contact details of Company representatives, as available in the original public source). Our intelligent data collection technology constantly re-searches and updates the information we collect and process, which provides that no inaccurate or obsolete personal data related to Companies is stored in the Service beyond a reasonable time. If the original source is updated or removed, the personal data in the Service will also be updated or removed after a short period of time.

How do we ensure the legitimacy of our personal data processing?

The processing of the limited Company related personal data in our Service is based on our legitimate interest to freely conduct business and maintain our Service in accordance with European Union law and national laws. We limit the processing to persons holding a role in public life such as business-people, members of regulated professions and personal data available in the public domain.

Who owns the information?

Vainu operates an intelligent database reflecting information available in public sources and the internet. While we index and store data, we control what data is gathered and how we process it. Our processing is uniquely filtering data that is already available, and we do not use it for any other purpose than making it further available to our customers.

When we make the data accessible to our customer, the customer may use our tool to browse through the data we have indexed, and they may choose to import the data into their systems. In doing so, our customers assume control over the data and process personal data in accordance with their privacy policies. We require our customers to commit to the lawful use of the data provided by us

Detailed information about the Vainu Database Record

1. Name of the record

The name of the personal data record is Database Record of Vainu (“Record”). Data subjects of the Record are decision-makers of legal entities, business-people, members of regulated professions and other similar data subjects that are considered to fulfill a role in public life and/or may be in the public interest.

2. Controller

Vainu. Io Software Oy
Eteläesplanadi 12
FI-00130 Helsinki
Finland

3. Contact Information

Contact Us
https://www.vainu.com/about-us/
Eteläesplanadi 12
FI-00130 Helsinki
Finland

Data Privacy Officer:

Sami Kekäläinen

Eteläesplanadi 12, 00130 Helsinki, Finland

sami@vainu.io

4. Purpose and legal basis of processing personal data

Processing of a limited amount of personal data is based on our legitimate interest to freely conduct business and maintain our Service in accordance with Union law and national laws. Processing is limited to persons holding a role in public life such as business-people, members of regulated professions and personal data available in the public domain or which is in the public interest.

In accordance with the statement by the Article 29 Working Party (an independent advisory body established under the EU’s Data Protection Directive (95/46/EC)), business-people and members of the (regulated) professions can usually be considered to fulfill a role in public life.

Our use, processing and maintaining such public data in the database record is limited to have a minimal privacy impact, and processing of personal data is not extended to beyond what the data subjects could reasonably expect during the period that the data subject is in the position at the legal entity, and the same information is available and freely accessible by the public in the public domain.

Personal data in the Vainu database record may be processed for following purposes:

  1. Presenting the personal data in connection with the legal entity, which is connected to the data subject,
  2. Statistical analyses on Companies based on pseudonymized or anonymized data, and
  3. Fulfill the obligations based on law and orders of the authorities.

5. Regular sources of Personal Data

Vainu collects personal data primarily from open and public data of legal entities, which is available in the public domain or has been made available to the public by the legal entities. Regular sources include national Patent and Registration offices (or their equivalents), public officials, company websites, press releases and other source material made available to the public by the Company or its representatives. All personal data in our database is linked to the source where it was acquired, and our technology is designed to update the personal data based on that source.

6. Content of Personal Data in the Record

The Record contains a limited amount of personal data which is directly linked to the data subjects’ role in the legal entity. Other personal data is not included in the Record.

The Register may contain the following personal data in connection with the legal entity:

  • Basic information (name, title, position, country),
  • Contact information (phone, email address),

7. Recipients of Personal Data

Service users and Vainu’s customers have access to the personal data in relation to the Companies they search for, where such data is available in the Service. A limited amount of Company information and relative personal data is also available through the search engine on our website, which may be used without a customer relationship with Vainu.

All personal data that is available to the users and customers of our Service is freely accessible in the public domain, or otherwise available to the public in the same manner and similar format as is provided in our Service.

We may use third parties in providing the Service.

8. Transfers and handling over of Information

The data that Vainu collects from data subjects is not transferred to, or stored at, a destination outside the European Economic Area (“EEA”).

However, our Service may be used by our customers and other users at a location outside the EEA. As part of the use of the Service, our customers access the database through searches and filters and choose to import data from our database into their systems. We require our customers to commit to the lawful use of the data provided by us, including the lawfulness of any data transfer. By using the Service our customers and users independently evaluate whether they choose to collect and process the personal data which is available in the Service for its purposes.

Personal Data may be disclosed to authorities in cases required by the mandatory local legislation or court order. Data may also be disclosed if the disclosure is permitted by applicable law or regulation.

9. Retention of Personal Data

Personal data will be stored in the database only as long as and only to the extent that is necessary to provide timely and accurate information on Company decision-makers as part of providing information on Companies included in the Vainu database, as designed in the Service. When such requirements no longer exist, personal data will be deleted. The requirement is deemed to exist during the period that the data subject is in the position of the legal entity, which has been recorded in the original source. The retention periods for personal data in Vainu have been designed to reflect the retention period of the original data source. The database is automatically updated on a regular basis, and personal data will not be stored beyond a reasonable time after it has been removed from the original source.

10. Data Protection Principles

The information security of personal data and processing and confidentiality, integrity and usability are ensured with appropriate technical and administrative measures in accordance with Vainu's information security principles. The employees of Vainu have bound themselves to comply with professional secrecy and concealment regarding the information they receive during the processing of personal information. Privacy and security guidelines have been communicated to employees and strictly enforce privacy safeguards within the company.

All databases and information systems are accessible only with individual and personal login information (username and password) granted by Vainu. The rights to access the master database are restricted, so that the information can only be viewed and processed by persons who are legally admitted and required to do so. The customers and users of our Service may only have access to the personal data which is made available in the Service by Vainu.

11. Rights of the Data Subject

You as a Data Subject whose personal data is governed by the EU General Data Protection Regulation, have the certain rights and this section of the database privacy notice is intended to provide to you information on your rights.

The EU General Data Protection Regulation grants you the below-detailed rights concerning your personal data in the extent that it has been recorded into the Database Record. In the use of your rights, we emphasize that the nature of our service is to collect, index and filter public data, and all personal data in our Record is obtained from other public sources. If the data is modified or removed from the original source, it will also be modified or erased from our Service shortly.

For any of the below detailed rights, please submit all requests and inquiries on data protection primarily to the following address privacy@vainu.io.

Information and access to personal data

The data subject has right to receive information; what data is being collected, the purposes of the processing for which the personal data are intended as well as the legal basis for the processing and the recipients or categories of recipients of the personal dataif any.

If your data is included in the Vainu database, its processing shall be governed by this Vainu Database Record.

Right of access by the data subject

The data subject has the right to obtain from Vainu confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data..

Vainu will confirm to you if your data is included in our Services, what is the data identifiable to you that we have gathered, and provide you with information about the original source of your personal data.

Right to rectification

The data subject shall have the right to obtain from Vainu, without undue delay, the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

We will automatically update the personal data we gather about you when you change the information in the source of the data.

Right to erasure

The data subject has the right to request erasure of personal data in the Register, if the legal basis for processing of personal data has ceased. Despite the request for erasure, the data may not be erased if there is a legal basis for maintaining the data, or if Vainu is obliged to process personal data for the establishment, exercise or defense of legal claims.

We will automatically delete the personal data we gather about you, when you delete the information in the source of the data. Some of the data may be of such nature that it can be preserved based on an exemption of the General Data Protection Regulation or related jurisprudence, such as personal data whose availability is in the public interest.

Right to lodge a complaint

You may also lodge a complaint to the supervisory authority, if you consider that the processing of personal data violates the relevant data protection legislation in force. The national supervisory authority in Finland is Data Protection Ombubsman (tietosuoja@om.fi).

12. Changes to Database Privacy Statement

Vainu has the right to change or update this Database Privacy Statement at any time, and we recommend that you will read it from time to time.

13. Google Integration scope definitions

Currently, a user can be asked for these scopes when connecting Google Account to Vainu:

https://www.googleapis.com/auth/gmail.metadata

https://www.googleapis.com/auth/spreadsheets

 

Explanations of each scope and their usages:

https://www.googleapis.com/auth/gmail.metadata

Gmail integration enables to user to create a target group based on email contacts. Gmail integration is optional and the process is started when the user requests it from the user interface.

Only email sender domains are scanned from the email and no exact email data is saved to Vainu databases. This domain is matched to a company and if a company is found this company is saved to users Gmail target group in Vainu. A user can follow triggers/events by companies in this target group. This target group data can only be accessed by the user when he/she is logged in to Vainu. New email domains are scanned periodically from users email. A user can remove and delete the target group at any time from the user interface.

 

https://www.googleapis.com/auth/spreadsheets

Google Spreadsheet scope is used to read and write back company related data to a user-defined spreadsheet.

The authorization is prompted each time user initiates the process from Vainu and OAuth 2.0 code flow is then used to get access/refresh tokens for a single run. Only spreadsheet scope is requested for these tokens.

Spreadsheet data is accessed via API calls using the official Python API client. A sheet is assumed to contain arbitrary company information (such as company names, business ids, addresses, domains, etc.) and this data is matched against Vainu's database of companies. Matched data is then parsed and written back to the sheet using the API client.

Company data read from the sheet is only used at runtime and then discarded - no business information on the sheet is saved to our database. Sheet metadata is however stored for handling the process and allowing easier feedback for the user. This metadata includes sheet ID, name, ranges and column names. No information about the process, or spreadsheet contents is shared between users.

Security at Vainu

We understand the utmost importance of keeping your data safe and protected. That is why security is a top priority and evaluated in everything we do at Vainu. We continuously seek for the best practices in both technical solutions and processes to ensure that your data is safe with us.

Why does Vainu need your data?

The data is collected to provide you with the most functioning, valuable service, e.g. to authenticate, to send you sales signals that relate to companies of your interest, to enable searching companies based on your CRM data and to revert changes.

Your data is never disclosed to other Vainu users nor used in generating sales signals or contacts databases. Vainu pursues to deeply understand its users to deliver the most useful features, products, and in the end: the most valuable service. During this learning process, various kinds of information are analyzed to detect relevant usage patterns and trends. Should Vainu process customer-related data in this, it will always be done in an aggregated, anonymized way.

What kind of data is collected?

Vainu displays or stores only such customer information that is required to provide you with the best possible service. These data points are collected as little as possible, only for a genuine need of a useful feature. The data mostly concerns structured data about companies and sales opportunities. Descriptions about specific collected data points and their use cases are available upon request from support@vainu.io.

Recovery

Backups

Providing data is at the core of Vainu so data availability is taken very seriously. Vendors of business-critical systems are selected carefully to allow maximum availability. An uptime SLA of 99.99% is required. To avoid any data loss, backups are taken automatically either in real-time (customer-related data) where data is mirrored to multiple database servers or by specific, appropriate intervals (non-customer-related data).

The process of restoring data from backups is tested regularly.

Disaster Recovery Plan

To prevent service interruptions, our business-critical hosting providers (AWS, MongoDB Atlas) are required to have the capability to deal with foreseeable risks, such as power outages, theft and fire. Providers’ services are available in multiple regions around the globe, which give high resilience against local interruptions. Vainu is also prepared for the unlikely events with a comprehensive recovery plan. Its main purpose is to minimize service interruptions and ensure continuous development of the service.

Application Security

Authentication

To access your data, every user must have a unique, valid username/password combination. Your account superuser has visibility and control over these users.

Vainu’s application server does not return customer data to any API call without authenticated and authorized user permissions.

Network Security

Whenever data is being transferred over the network, it is always done by using secure HTTPS connections, where information is encrypted by Secure Socket Layer (SSL). Vainu only supports TLS 1.2 (and above) protocols when making requests to its API.

All the application servers and database servers are protected with firewalls and strict IP restrictions. Servers are hosted within the EU area.

Data Security

All the customer-related data is stored in as anonymized way as possible without losing the ability to provide the service. Thus, it is impossible to form an understandable nor useful dataset without having a wide understanding of the system or by having access only to a specific database.

Servers are hosted by the industry-standard providers (AWS and MongoDB Atlas hosted by AWS) that must comply with industry-standard assurance programs on information security (e.g. SOC 2 and ISO 27001). This means that the servers run in a physically secured environment and are maintained by security-aware people. All the database servers that handle your data are security hardened and encrypted.

Vulnerability checks – as well as anti-virus and malware checks – are performed automatically to avoid intrusions. These detectors are updated automatically by AWS. Furthermore, regular vulnerability audits are performed by third parties to ensure the high level of security.

The network is continuously monitored for suspicious traffic and attacks, and preventive action is automatically taken in case a denial-of-service attack is detected.

People & Processes

Access

Since all the software development regarding the applications and data processing are being done by Vainu – not by external contractors – the only parties that have something to do with your data are Vainu and its hosting providers. The hosting partners (AWS and MongoDB Atlas hosted by AWS) are carefully selected industry-standard providers that must comply with strict information security standards (ISO 27001, ISO 27017, ISO 27018, SOC).

Access to your data is limited strictly to people who have a clear reason to process it: to resolve your issues or to provide you with a better service. The principle of least privilege is applied across the team and access rights are reviewed on a regular basis.

Everyday Security

Fundamentals of strong information security are communicated and documented internally but also required by contracts.

Every piece of software is reviewed partially automatically and partially by peers against our policies and best practices.

Data Retention

The data related to connections between Vainu and your other systems (like CRM) gets deleted from Vainu’s servers and data center facilities 12 months after your customer relationship (as a company) ended. The data can also be removed without undue delay by your written request to privacy@vainu.io.

Backups will remain available according to backup procedures.

Do you have some questions left?

All our sales prospecting in Finland, Sweden and Norway is done through Vainu and our employees are nuts about it! Everyone uses Vainu and it is a part of the onboarding process of every new salesperson.

Jukka Pulkkinen
Head of Sales
Academic Work

Our time spent on prospecting has decreased by 67% from what it was before Vainu. It is now extremely easy to identify the companies with many open positions who are already using other SaaS technologies.

Miikka Tuomola
Sales Director
RecRight

Our first call resolution has gone up from 75% to around 90%. Also, our contact volume has gone down about 20%, and our net benefit can be counted in millions by the end of the year. And we’re just getting started.

Sakari Pehkonen
Financial Director
LocalTapiola

Previously our salespeople could spend a whole day on prospecting. Now all that's needed to get the same job done is one search in Vainu. We find better prospects while spending a staggering 90 percent less time on prospecting.

Rasmus Kallemby
Head of Sales and Co-Founder
Consultify

Before Vainu, our lead response time was up to one month. Now, it’s [during office hours] roughly 3 minutes, and every lead we send to sales is relevant.

Heikki Sivonen
Head of Marketing Operations
Solita

What's really good about Vainu, is that you can find companies that aren't that visible everywhere - hidden gems! Those are also easier to close because they haven't been contacted that heavily. For 95% of prospects that we're looking for it's much much faster with Vainu.

Jan Valle
Managing Director
Framtidsmedia

Having a well built list of prospects makes it possible for us to scale sales easily. Vainu continuously finds us first-rate prospects and it paid off itself in only few weeks.

Mika Koljonen
Sales Manager
Järvileasing

Soon after starting to use Vainu, we won a public tender which translated into a large deal. The fact that we were even involved in a deal like this gave us enough reason to count the yearly investment of Vainu as profitable. We would never have been part of this deal without Vainu.

Filip Lindwall
Sales Director
Columbus

Our investment in Vainu has been profitable, no doubt about it. All our salespeople appreciate the tool, it helps them save valuable time and makes it easier for them to come well-read to every sales and customer meeting.

Salar Roshandel
Head of Sales
Borg & Owilli

At the beginning of the year we recruited three new sales reps to solely search for new business and they have closed new deals worth 5 million euros with the help of Vainu.

Mikko Tervakangas
Sales Director
Cramo

Earlier I could have spent a whole afternoon finding a list of 100 prospects. With Vainu, I'm able to get the list instantaneously with a few clicks.

Valtteri Syväniemi
Co-Founder
Content House

Vainu is a genuinely useful tool. I've recommended it to many colleagues in other companies, and many of them have chosen Vainu.

Heikki Kinnunen
Vice President
Berggren

Our customer data has been enriched, and newly implemented Pipedrive CRM brings genuine value to our sales process. We have time to identify opportunities in our current client base as well as potential clients. We've been able to close sales with the help of more structured customer data. This transformation couldn't have been done without our partner, Vainu.

Jyri Saraste
Sales Director
Grape People

Vainu is clearly the best comparable software I've ever used. In less than one month our investment reached positive ROI, and in less than 9 months we gained 350 new customers – all of them practically from Vainu.

Taavi Laukkanen
Sales Director
Kokemuksia.fi

It is thanks to Vainu that we can recruit so many new Account Managers and they all have enough good prospects. In addition, Vainu's Pipedrive integration is a real time-saver to us.

Jesse Kinnunen
Recruiting Consultant
aTalent

Vainu has proven to be everything we were promised when we purchased the tool. Today, we do all our prospecting in Vainu. We save time and have got 80 times ROI since starting to use the tool.

Martin Heden Lindgren
Project Manager
Cresnia

Our consultant called a prospect and told them that they have outdated technology on their website and they could use a better option, which left the prospect impressed. The consultant sounded like he did many hours of research, but it was only 5 minutes he spent on Vainu.

Hector Rivas
Co-Founder
Mediabooster

We were impressed by the Vainu playbook and the atmosphere at the Academy. We listened carefully, and think it was an excellent idea to take part in this.

Jussi Granberg
Field Sales Manager
Toyota Finland

I think it's fantastic that Vainu develops continuously and I think there are many ways of using Vainu that neither party has yet realized.

Tuomo Laukkonen
Commercial Director
Gigantti

I've acquired several new accounts by simply following the reports of new companies from Vainu. In this business, being the first is being the winner!"

Oskari Lammi
Key Account Manager
Heinon Tukku

When we get a scent of a customer, we are fast to react and use the data from Vainu to tailor an offer to fit the particular customer and their current situation.

Henri Rantalainen
Area Director
Technopolis

Vainu is becoming an even bigger part of our growth, because we’re expanding to new markets. Denmark, Norway, Finland, Netherlands are all countries where we don’t have existing relationships or knowledge about the company landscape.

Anders Holmberg
Chief Sales Officer
GetAccept