Privacy Statement

Stakeholder Privacy Statement 17.11.2021


1. Data Controller

Leadership as a Service Company Ltd (Business ID: 3089216-9)
Street address: Visiokatu 1, Tampere, Finland
Tel.: +358 (0)50 441 2126


2. Person in charge of the register

Johanna Pystynen
Leadership as a Service Company Ltd
E-mail: johanna.pystynen@laas.fi


3. Name of the register

LaaS Company Stakeholder Register


4. Purpose of processing personal data

Personal data is processed for the following purposes:
– Customer relationship and customer service management
– Invoicing
– Purposes related to the products and services of the controller, such as the development,
provision, implementation and marketing of products and services
– Implementation of the rights and obligations of the customer and the controller
– Remarketing based on website behavior online and on social media
– User surveys organized by the controller
– Prize draws for participants of user surveys

Depending on the purpose of the processing, the legal grounds for the processing of personal data
are the legal obligations of the controller, contract, consent and the legitimate interest of the
controller.

The legitimate interest of the controller is the grounds for the processing when there is relevant
connection between the data subject and the controller. Such a relevant connection may be
formed, for example, when the data subject has on his/her own initiative contacted the controller,
or when the controller processes the data subject’s personal data in connection with business or
cooperation between the data subject’s employer and the controller, for example.

On basis of its legitimate interest, the controller may also save to its customer filing system
personal data of contact persons and representatives of potentials clients which can be, on
reasonable grounds, expected to be interested to acquire products and services provided by the
controller.

The controller may send invitations to the data subject to participate in a user survey. Based on
their choice, the data subject may decide to participate or not to participate in a user survey. The
data subject also has the option to participate in a user survey without submitting their personal
data to the controller in connection with the user survey. However, if the data subject wishes to
participate in a prize draw for participants of the user survey, the controller asks the data subject to
submit their name, email address and address for the purpose of the draw and delivery of the

prizes. After the prize draw, the controller will delete contact information of the participants.

Personal data is processed based on the consent of the data subject (for example, subscribing to
Leadership as a Service Ltd’s newsletter, downloading manual content or entering data, submitting
personal data in connection with prize draws). The data subject has the right to withdraw his/her
consent for the processing of personal data at any time by using the contact methods indicated in
this privacy statement.

5. Contents of the register

The filing system contains data on the following persons:
– The controller’s customers as well as their representatives and contact persons
– Representatives and contact persons of the controller’s subcontractors and suppliers
– Potential customers
– Other stakeholders


The following data necessary for each purpose is processed on the data subject:
– Name
– E-mail
– Phone number
– Country of residence
– Company and position
– Company address information
– Customer relationship and order information
– Newsletter subscription and analytics
– Willingness to participate in a user survey and possible answers submitted
– Ordering of electronic material from the website
– Website behavior and analytics
– Participation in events
– Marketing ban
– Interests related to the use of the services and other information provided by the data subject
– Content created by or pertaining the data subject (for example content and communications
created in the social media platform related to the controller)

The controller shall process and store personal data only for as long as is necessary for the
predetermined purpose of the personal data. Personal data which has become redundant and
which the controller no longer has the grounds to store or process will be erased at regular
intervals in accordance with the controller’s own data protection practices.

6. Regular sources of data

Personal data is generally obtained from the following data sources:
– Directly from the data subject to manage the customer relationship
– Directly from the data subject as part of another cooperation relationship
– Directly from the data subject in connection with participation to a user survey
– From public/publicly available sources (such as the Internet and the Trade Register)
– From a representative of the data subject’s employer or other party in a customer, cooperation or
other contractual relationship with the controller

Personal data is stored in the filing system when a user orders material to download from
Leadership as a Service Ltd, signs up for an event or webinar, participates in a user panel or
survey or prize draws related thereto, or submits a contact request. In addition, personal data is
stored in the filing system if a person belongs to a partner or customer company of Leadership as a

Service Ltd. Direct marketing filing system data is obtained from the data subject or from the public
network.

7. Regular disclosures of data and transfer of data

In principle, the controller will not disclose the personal data of data subjects to third parties unless
legally required to do so by authorities or if compulsory legislation so requires. In addition, in the
technical implementation of its services, the controller uses reliable service providers that process
personal data on behalf of the controller.

Personal data collected together with the partners can be shared with the parties for marketing
purposes.

The controller uses Hubspot service for the purpose of customer contacting, marketing and

customer relationship management, and Typeform service for conducting user surveys. In
connection with using these services, the controller transfers personal data outside of European
Union and the European Economic Area to the United States. Any transfers of personal data under
these services as well as possible other transfers or personal data are always carried out in
compliance with applicable data protection legislation.

8. Principles of data security

Access rights to the filing system are restricted to persons who need the data in the course of their
duties. Personal data may be processed in various information systems managed either by
Leadership as a Service Ltd or its partners. We have ensured that our partners comply with data
protection legislation.

We do not use automated decision-making, such as automated profiling, as part of our personal
data processing activities.

9. Right of access, rectification, and erasure

The data subject has the following rights applicable on a case-by-case basis:
Right Description
Right of access to personal data
The data subject has the right to obtain confirmation from the controller
on whether personal data concerning him/her is being processed or not.
If personal data is being processed, the person has the right to access
the data.
Right to demand data rectification, erasure or restriction of processing
The data subject has the right to request the controller to rectify
inaccurate data concerning him/her and to erase some personal data
concerning him/her, or to request that the processing be restricted on
the grounds provided by law.
Right to object
The data subject has the right to object to the processing of his/her
personal data relating to his/her particular situation when the controller
is processing personal data on the basis of a legitimate interest.
Right to lodge a complaint with a supervisory authority
In Finland, the supervisory authority is the Office of the Data Protection
Ombudsman, whose contact information and instructions are available
at www.tietosuoja.fi/en.

Exercise of rights

The data subject may exercise his/her rights by contacting the controller using the contact

information provided in section 2. We strive to reply to you as soon as possible and, if necessary,
provide additional instructions or ask further questions on account of your request. Please note that
before implementing the request, we have the right and obligation to verify your identity, which
means that we must be able to identify you in an adequate way.

If your request is blatantly unfounded or unreasonable, we may either charge a reasonable fee
based on administrative costs for the implementation of the request or refuse to carry out the
requested action.

10. Cookies

We use cookies on this website to help us process and analyze information related to the use of
our website. Cookies are small text files that are stored on your computer when you visit certain
websites. Cookies help us better understand what kind of content the users of our site are
interested in and provide them with relevant content. Cookies do not harm users’ computers or
files. However, the user may choose to disable the use of cookies through browser settings.

11. Additional information 

If you have any questions regarding our processing of personal data, you can contact us using the
contact information provided in section 2 of this privacy statement.

The privacy statement was last updated on 17.11.2021.