Inklusiiv ry privacy policy

This privacy policy (“Privacy Policy”) is applicable to the processing of personal data by Inklusiiv ry (“Inklusiiv” or “we”) in connection with its operations including also personal data collected from the visitors of Inklusiiv’s website https://inklusiiv.org/ & https://istartedthis.org/ (“Website”).

In this Privacy Policy, we provide you with information about the processing of your personal data in connection with our operations.

This Privacy Policy may be updated if required in order to reflect the changes in data processing practices or otherwise. The current version can be found on the Website.

Please note that this Privacy Policy only applies to processing of personal data where Inklusiiv acts as a data controller.

Contact details

Name: Inklusiiv ry

Business ID: 3084637-3

Address: Lapinlahdenkatu 16, 00180 Helsinki

Email: hello@inklusiiv.org

https://inklusiiv.org/

Contact person:

Julia Hämäläinen

julia@inklusiiv.org

PERSONAL DATA PROCESSED AND SOURCES OF DATA

We process the following types of information in connection with our operations:

Members

We collect and process the following types of information of our members and member societies’ representatives:

- member’s full name and address (according to Associations Act (503/1989) 11 §)
- member’s email
- member’s billing information
- name, title and email of the representative of the member society
- any direct communication between us and the member or us and the representative of the member society
- other information provided via forms by the representative of the member society
- direct marketing opt-ins and opt-outs

The abovementioned information is collected from the members or the representatives of the member society’s themselves.

We also collect information about the acceptance of our internal codes of conduct and practices, privacy policy and pricing.

Board members

We collect and process the following types of information of the members of Inklusiiv ry’s board including the chairman and possible persons authorized to sign the name of the association:

- full name of the member of the board
- address or domicile
- nationality
- personal identity code or date of birth
- phone number
- email
- position in the board

The abovementioned information is collected from the board members themselves.

Volunteers

We collect and process the following types of information of the persons singed as our volunteers:

- first name and last name
- email
- phone number
- allergy information and information on special diets
- direct communication between us and the volunteer
- direct marketing opt-ins and opt-outs

The abovementioned information is collected from the volunteers themselves.

Subscribers of our newsletter

We collect and process the following types of information of the subscribers of our newsletter:

- first name and last name
- email
- direct marketing opt-ins and opt-outs

The abovementioned information is collected from the newsletter’s subscribers themselves.

Participants of our events and other activities

We collect and process the following types of information of the persons participating in our events and other activities:

- first name and last name
- organization and work title (if necessary)
- email
- allergy information and information on special diets
- any direct communication between us and the participant of our event or other activity
- other necessary information, when the participant of the event or other activity has given his/hers consent
- direct marketing opt-outs and opt-ins

The abovementioned information is collected from the participants of the events or other activities themselves or from the organizations the participants represent.

Cooperation partners’ representatives

We may collect and process the following types of information of the representatives of our cooperation partners:

- first name and last name
- organization and work title
- email
- any direct communication between us and the associated partner’s representative

The abovementioned information is collected from the representatives of the cooperation partners themselves or from another representative of the organization the representative in questions represents.

Website’s visitors

The data logging system we use automatically collect certain analytical data (“Analytics Data”) when a Website visitor visits our Website. Although we do not normally use Analytics Data to identify you as an individual, Website’s visitor can sometimes be recognized from it. In such situations, Analytics Data can also be considered personal data under applicable laws and we will treat such data as personal data.

We may automatically collect the following Analytics Data from the visitors of the Website:

Device Information. We collect the following information relating to the technical device the Website’s visitor uses when visiting the Website:

device and device identification number, device IMEI
country
IP address
browser type and version
operating system
internet service providers
advertising identifier of your device

Usage Information. We collect information on the use of the Website, such as:

time spent on the Website
interaction with the Website
the time and date of the visits to the Website

In addition, we may collect information about the Website visitors that they provide to us by email or though the contact form on the Website.

We may use various technologies to collect and store Analytics Data, including for example cookies or pixels and web beacons.

Cookies are small text files sent and saved on your device that allow us to identify visitors of our Website and facilitate the use of the Website and to create aggregate information of the visitors of the Website. The cookies will not harm the Website visitor’s device or files.

The visitors of the Website may choose to set their web browser to refuse cookies, or to alert when cookies are being sent. For example, the following links provide information on how to adjust the cookie settings on some popular browsers:

Please note that some parts of the Website may not function properly if use of cookies is refused.

Web analytics services

The Website uses Google Analytics and other web analytics services to compile Analytics Data and reports on Website’s usage and to help us improve our actions. For an overview of Google Analytics, please visit Google Analytics. It is possible to opt-out of Google Analytics with the following browser add-on tool: Google Analytics opt-out add-on.

Social media plug-ins

Our website may contain so called social media plugins (such as Facebook and Twitter). When the visitor visits our Website, a link is formed between their browser and the server of the provider of the social media plugin. Due to the link, Website visitor’s browser may automatically transfer technical data and personal data relating to the Website visitor to the social media plugin provider in question. This data may include e.g. IP address and the information that the IP address in question has visited the Website.

If the visitor opens the social media plugin while they are logged into their user account in the social media platform in question, the content of our Website may be linked with visitor’s user account in that platform. In that case, the service provider in question may be able to connect the visitor’s visit to our Website with their personal user account in the social media platform in question.

If the Website visitor is not willing to allow the social media service provider to connect their visit to our Website with their user account in the social media platform in question, the Website visitor shall log out of the social media platform.

The services of the social media plugin service providers are subject to their own terms of use, other terms and conditions and privacy policies. Below you can find links to the privacy policies of the social media platforms to which the social media plugins found on our Website relate to.

Facebook
Twitter

PURPOSES AND LEGITIMATE GROUNDS OF PROCESSING

Purposes of processing

We process personal data for the following purposes:

To carry out our operations and to carry out our contractual obligations (legal ground: legitimate interest)

Inklusiiv processes its members’, member societies’ representatives’, board members’, volunteers’, newsletter subscribers’, persons’ participating to its events and other activities, Website visitors’ and cooperation partners’ representatives’ personal data to enable them to carry out their operations such as the organization of events and administering of activities in public interest and to establish and maintain cooperation relationships. Inklusiiv also processes personal data in order to carry out its contractual obligations with its cooperation partners.

For our legal obligations (legal ground: compliance with a legal obligation)

Inklusiiv processes personal data to administer and fulfil its obligations under law. This includes e.g. data processed for complying with the obligations under the Associations Act, bookkeeping obligations and providing information to relevant authorities such as tax authorities.

For claims handling and legal processes (legal ground: legitimate interest)

Inklusiiv may process personal data in relation to claims handling, debt collection and legal processes. We may also process data for the prevention of fraud and misuse relating to our operations and for data, system and network security.

For communication and marketing (legal ground: legitimate interest)

Inklusiiv may process personal data for the purpose of contacting the relevant data subjects regarding Inklusiiv’s operations and for informing of changes in its operations. We may also process personal data in marketing purposes.

For quality improvement and trend analysis (legal ground: legitimate interest)

Inklusiiv may also process information about visitors of the Website to improve the quality of the Website and its operations e.g. by analyzing any trends in the use of the Website. When possible, we will do this using only aggregated, non-personally identifiable data.

Legal grounds for processing

We primarily process personal data based on our legitimate interest and to comply with our legal obligations.

When choosing to use data subject’s data on the basis of our legitimate interests, we carefully weigh our own interests against data subject’s right to privacy and provide data subject for example with easy way to use opt-out from our marketing communications. We also use pseudonymized or aggregated information from which data subject cannot be recognized, when possible.

If we ask for data subject’s consent for the processing of personal data, data subject can withdraw this consent at any time.

INTERNATIONAL TRANSFERS

We process personal data primarily within the European Economic Area. However, we and/or our service providers may transfer personal data to, or access it in, jurisdictions outside the European Economic Area or outside of data your domicile.

We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which it is processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards, such as the Privacy Shield Framework.

For more information of the transfer of personal data, you can contact us by using the contact details indicated above.

PERSONAL DATA RECIPIENTS

We share personal data inside our organization only to the extend its reasonably necessary for the purposes of this Privacy Policy.

We do not share personal data with third parties outside our organization unless one of the following circumstances applies:

It is necessary for the purposes set out in this Privacy Policy and to authorized service providers

To the extent that third parties (such as our cooperation partners) need access to personal data in connection with our operations we may provide such third parties with some of your data. Furthermore, we may provide your personal data to authorized service providers who perform services for us (including our subcontractors providing data storage, accounting, sales and marketing services).

When data is processed by third parties on behalf of Inklusiiv, we have taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations and subject to our instructions and appropriate obligations of confidentiality and security measures.

Please bear in mind that if you provide personal data directly to a third party, such as through a link on our Website, the processing is typically based on their policies and standards.

For legal reasons and legal process

We may share your personal data with third parties outside our organisation if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, crime, security or technical issues; and/or (iii) protect the interests, properties or safety of Inklusiiv, data subjects or the public as far as in accordance with the law. When possible, we will inform data subject about such processing.

With your explicit consent

We may share data subject’s personal data with third parties outside Inklusiiv when we have data subject’s explicit consent to do so. Data subject has the right to withdraw this consent at any time.

STORAGE PERIOD

Inklusiiv does not store your personal data longer than is legally permitted and necessary for the purposes of this Privacy Policy. The storage period depends on the nature of the information and on the purposes of processing. The maximum period may therefore vary per use.

We delete certain personal data, such as allergy information and information on special diets, after the end of our event in question or the data subject’s membership, volunteering relationship or other cooperation relationship. However, we can store some relevant personal data of all data subjects, such as contact and payment details and communication data, as long as such processing is required by law or is reasonably necessary for our legitimate interest such as claims handling, bookkeeping, internal reporting, reconciliation or other purposes relating to legal actions. All of the data subjects’ personal data is, however, deleted within 10 years from the termination of the membership or data subject’s last contact with us, unless processing is by way of exception necessary for example for legal actions.

The information regarding newsletter subscriptions is stored until further notice. If the data subject later opts out of the newsletter, we delete other information regarding the newsletter subscription, but will retain the information that the data subject has opted out of the newsletter to ensure compliance with the opt-out request.

We also store data subjects’ email addresses for direct marketing purposes until further notice. If the data subject later opts out of direct marketing, we delete other information regarding the direct marketing, but will retain the information that the data subject has opted out of the direct marketing to ensure compliance with the opt-out request.

We store Analytics Data for 14 months.

DATA SUBJECT’S RIGHTS

Right to access

Data subject has the right to access and be informed about data subject’s personal data processed by us. You can request us a copy of your personal data processed by us.

Right to withdraw consent

In case the processing is based on a consent granted by the data subject, the data subject may withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to rectify

Data subject has the right to have incorrect or incomplete personal data we have stored about the data subject corrected or completed by contacting us.

Right to erasure

Data subject may also ask us to delete the data subject’s personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.

Right to object

Data subject may have the right to object to certain use of his/her personal data if such data are processed for other purposes than necessary for our operations or for compliance with a legal obligation. If data subject objects to the further processing of data subject’s personal data, this may lead to fewer possibilities to participate in our operations.

Right to restriction of processing

Data subject may request us to restrict processing of personal data for example when data subject’s data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process data subject’s data. This may however lead to fewer possibilities to participate in our operations.

Right to data portability

Data subject has the right to receive the personal data subject has provided to us herself in a structured and commonly used format and to independently transmit those data to a third party.

How to use your rights

The above mentioned rights may be used by sending a letter or an e-mail to us on the addresses set out above, including the following information: the full name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the data subject. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

DIRECT MARKETING

Data subject has the right to prohibit us from using his/her personal data for direct marketing purposes, market research and profiling made for direct marketing purposes by contacting us on the addresses indicated above or by using the unsubscribe possibility offered in connection with any direct marketing messages.

LODGING A COMPLAINT

In case data subject considers our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection. In Finland, the local supervisory authority is the Data Protection Ombudsman (www.tietosuoja.fi/en).

INFORMATION SECURITY

We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include for example, where appropriate, encryption, pseudonymization, firewalls, secure facilities and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data. We regularly test our systems, and other assets for security vulnerabilities.

Should despite of the security measures, a security breach occur that is likely to have negative effects to the privacy of data subjects, we will inform the relevant data subjects and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.

inklusiiv ltd privacy policy

This privacy policy (“Privacy Policy”) is applicable to the processing of personal data collected by Inklusiiv Ltd (“Inklusiiv” or “we”) in connection with the provision of the Services (as defined below) and other business operations.

In this Privacy Policy, the word “Service(s)” refers jointly to the consultant and training services, which Inklusiiv provides either individually or jointly with its business partners (such as external consultants).

In this Privacy Policy, the word “User” or “you” refers jointly to our private customers as well as representatives of our customer organizations and business partners.

In this Privacy Policy, we provide you with information about the processing of your personal data in connection with the provision of our Services and other business operations.

This Privacy Policy may be updated if required in order to reflect the changes in data processing practices or otherwise. The current version can be found on http://inklusiiv.org.

Please note that this Privacy Policy only applies to processing of personal data where Inklusiiv acts as a data controller.

Contact details

Name: Inklusiiv Ltd

Business ID: 3115403-7

Address: Lapinlahdenkatu 16, 00180 Helsinki

Email: hello@inklusiiv.org

https://inklusiiv.org/

Contact person:

Julia Hämäläinen

julia@inklusiiv.org

PERSONAL DATA PROCESSED AND SOURCES OF DATA

We process the following types of information in connection with the provision of the Services:

- First and last name
- Email
- Payment information
- The organisation represented by User and User’s work title and any other information relevant to the User regarding the customer or business relationship
- Any direct commnunication between us and the User
- Direct marketing opt-out and opt-ins

PURPOSES AND LEGITIMATE GROUNDS OF PROCESSING

Purposes of processing

We process personal data for the following purposes:

To provide our Services and carry out our contractual obligations (legal ground: legitimate interest and performance of a contract)

Inklusiiv processes User’s personal data in relation to providing Services and to establish and maintain the partnership and customer relations. Inklusiiv also processes personal data in order to carry out its contractual obligations with its private customers as well as business partners and customer organisations.

For our legal obligations (legal ground: compliance with a legal obligation)

Inklusiiv processes personal data to administer and fulfil its obligations under law. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities such as tax auhorities.

For claims handling and legal processes (legal ground: legitimate interest)

Inklusiiv may process personal data in relation to claims handling, debt collection and legal processes. We may also process data for the prevention of fraud, misuse of our Services and for data, system and network security.

For communication and marketing (legal ground: legitimate interest)

Inklusiiv may process User’s personal data for the purpose of contacting Users regarding the Services and for informing Users of changes in the Services. We may also process personal data to market our Services.

Legal grounds for processing

We process personal data of our private customers on a contractual basis. Regarding individuals acting as representatives of our customer or partner organizations, personal data is primarily processed based on our legitimate interest whilst fulfilling our contractual obligations towards the organisations they represent. We may also process personal data based on our other legitimate interests.

When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy and provide you for example with easy ways to opt-out from our marketing communications. We also use pseudonymized or aggregated, non-personally identifiable data, when possible.

In certain cases, we may process your personal data to fulfill our legal obligations.

If we ask for your consent for the processing of personal data, you can withdraw this consent at any time.

INTERNATIONAL TRANSFERS

For more information of the transfers of personal data, you can contact us by using the contact details indicated above.

PERSONAL DATA recipients

We share personal data inside our organization only to the extend it is reasonably necessary for the purposes of this Privacy Policy.

We do not share personal data with third parties outside our organisation unless one of the following circumstances applies:

It is necessary for the purposes set out in this Privacy Policy and to authorized service providers

To the extent that third parties need access to personal data to ensure the performance of the Services we provide such third parties with your data. Furthermore, we may provide your personal data to authorized service providers who perform services for us (including our subcontractors providing data storage, accounting, sales and marketing services).

For legal reasons and legal process

We may share your personal data with third parties outside our organisation if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, crime, security or technical issues; and/or (iii) protect the interests, properties or safety of Inklusiiv, the Users or the public as far as in accordance with the law. When possible, we will inform you about such processing.

For other legitimate reasons

If Inklusiiv is involved in a merger, acquisition or asset sale, we may transfer your personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all the Users concerned when the personal data are transferred or become subject to a different privacy policy.

With your excplicit consent

We may share your personal data with third parties outside Inklusiiv when we have your explicit consent to do so. You have the right to withdraw this consent at any time.

STOrage period

We process User’s personal data primarily for the time we have a contractual relationship with the User or the organisation represented by the User. However, we delete certain information, which is not necessary for the provision of the contractual relationship, during the validity of the contractual relationship.

The information regarding direct marketing is stored until further notice. If the User later opt-outs from direct marketing, we delete other information regarding direct marketing, but retain the information that the User has opted out of direct marketing to ensure compliance with the opt-out.

However, we may store some of the personal data as long as such processing is required by law or is reasonably necessary for our legitimate interest relating for example to claims handling, bookkeeping, internal reporting or reconciliation purposes.

your rights

Right to access

You have the right to access and be informed about your personal data processed by us. You may request us a copy of your personal data processed by us.

Right to withdraw consent

In case the processing is based on a consent granted by the User, the User may withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to rectify

You have the right to have incorrect or incomplete personal data we have stored about you corrected or completed by contacting us.

Right to erasure

You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.

Right to object

You may have the right to object to certain use of your personal data if such data are processed for other purposes than necessary for the purposes of this Privacy Policy. If you object to the further processing of your personal data, this may lead to fewer possibilities to use the Services.

Right to restriction of processing

You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use the Services.

Right to data portability

You have the right to receive the personal data you have provided to us yourself in a structured and commonly used format and to independently transmit those data to a third party.

How to use your rights

The abovementioned rights may be used by sending a letter or an e-mail to us on the addresses set out above, including the following information: the full name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the User. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

direct marketing

The User has the right to prohibit us from using the User’s personal data for direct marketing purposes, market research and profiling made for direct marketing purposes by contacting us on the addresses indicated above or by using the unsubscribe possibility offered in connection with any direct marketing messages.

lodging a complaint

In case the User considers our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection. In Finland, the local supervisory authority is the Data Protection Ombudsman (www.tietosuoja.fi/en).

information security

Should despite of the security measures, a security breach occur that is likely to have negative effects to the privacy of the Users, we will inform the relevant Users and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.