Privacy policy

Leanlab's customer and marketing register privacy policy

Last updated: March 2024

At Leanlab, we value the privacy of our customers, partners and other stakeholders. As a data controller, we need to collect and process personal data in order to provide all of our stakeholders with the best possible content. In particular, we process the contact information of representatives and our corporate customers. We do the same concerning potential customers. Personal data is any information that relates to an identified or identifiable individual, such as a name, email address and photograph.

We process personal data related to all persons belonging to the aforementioned groups in accordance with this privacy notice and the applicable legislation. We may update the privacy notice as our operations develop and the legislation changes.

Data Controller:

LeanLab Oy 
Business ID: FI32254689

Siltasaarenkatu 18-20 C
FI-00530 Helsinki

Contact information for register matters:

Ville Österlund
Tel: +358 40 513 8001

Personal data processed and data-gathering methods

Leanlab collects personal data related to customers and potential customers from the person in question. With regard to potential sales leads, we may also gather data from LinkedIn or company websites. Our website and any forms posted on it constitute another important source of personal data related to this group. Based on use of the Leanlab website, we also use cookies (see below) and services such as Google Analytics to gather site behaviour data.

Leanlab may process the following personal data held on its customer and marketing register:

Basic information such as name*, date of birth, customer number, title, preferred language

Contact information such as e-mail address, phone number, address information

Information related to the company’s contact persons
Delivering and improving our products and services according to your needs Legitimate interest
Fulfilling our contractual and other promises and obligations Performance of a contract
Direct marketing Consent (private persons) or legitimate interest (companies)
Bookkeeping Legal obligation
Possible direct marketing opt-outs Serving customers interest of not receiving direct marketing Legitimate interest in being able to fulfil our legal obligation to ensure opt-out from direct marketing in accordance with the law
Information you provide in connection with the events we host, registration data, special diets, invoicing data Organizing events Legitimate interest in being able to host events and invoice when applicable
Consent regarding health data (e.g. allergies)
Information of the customer relationship and the contract such as information of past and current contracts and orders, correspondence with you and other communication, payment information and other information which you have voluntarily provided to our systems Compliance with our contractual and other promises and obligations Performance of a contract
Managing the customer relationship Legitimate interest in managing and developing the customer relationship
Bookkeeping Legal obligation
Data of the connection and terminal device you are using such as the IP address, device ID or other device identifier and cookies Targeting advertising in our online services Consent
Analyzing and profiling behavior

In addition, we gather data related to the corporate customer and its contact persons during the customer relationship. Personal data is also gathered via sign-ins for events we arrange and, occasionally, from seminars and webinars arranged in cooperation with partners.

Processing, handover and transfer of data outside the European Economic Area

In general, data in our marketing and customer register is processed by Leanlab employees for whom the processing of such data is a key element of the duties. Throughout our operations, we ensure that personal data is handled confidentially, in compliance with the law and solely by us.

We do not disclose data to third parties, but may share it with other companies within our group (Leanlab is part of Digitalist Group) where necessary. In addition, data may be disclosed if so required under law, by a court of law, or by the competent authorities. We may also hand over personal data that is in our possession if we are involved in a company or business acquisition.

As a rule, we do not transfer personal data outside the EU or EEA. Some of our service providers may be located outside the EU, because we primarily store and process data in digital format, particularly via cloud-based services. Service providers of this kind may include CRM and Email marketing software. In such cases, Leanlab ensures that data transfers involve sufficient data security as required by law.

Data security, protection and storage

The personal data held by Leanlab is duly protected from unauthorised access and accidental or unlawful erasure, alteration, handover, transfer, or unlawful processing in any other manner. Only employees who need to process such data for work-related reasons are entitled to use systems containing the data. Personal data is protected by a password and firewall in a secure cloud service/and database.

Personal data is stored only as long as required for the purpose in question, or for as long as the related contract or legislation requires. The storage time of data can vary, depending on the purpose for which it is used, the legal grounds for its processing, and the circumstances. In general customer personal details are kept during the duration of the contract and on average 2 years after the relationship has ended. The billing information is kept by law for the duration of 6 years from the end of the fiscal year in which the relationship has ended.

Personal data can be erased if the data subject withdraws his or her consent, or requests that it be erased (unless Leanlab has other legal grounds for processing the data), or if the contractual relationship is terminated, or the data becomes obsolete or incorrect. We attempt to update or erase superfluous, incorrect or obsolete data at least once a year.


Leanlab uses cookies on its website in order to provide the best possible user experience for website visitors. Cookies are small text files which are downloaded, can be stored on your device and enable the use of internet and other service features on your computer, smartphone or tablet, for example. We use cookies to obtain information on how visitors are using our website. We also use them for purposes such as developing our services and website, analyzing the use of our website, and targeting and optimizing our marketing.

You can prevent the downloading of cookies on your device, block their use or receive notification that cookies are being downloaded by changing the settings on your web browser. However, please be aware that blocking or restricting the use of cookies may prevent you from benefiting from some of our website’s features.

For further information on cookies can be found: You can manage your cookies preferences in Cookie Preferences.

Your rights

You are guaranteed several rights under the applicable data protection legislation. Leanlab is committed to respecting these rights in its operations. With respect to the processing of your personal data, you have the following rights under certain additional legal provisions:

1. the right to request that we provide you with a copy of any personal data concerning you which we have in our possession, and with certain information on the processing of such data;

2. the right to request the restriction, in certain circumstances, of the processing of your personal data, for example if you dispute the accuracy of such data or we no longer need it for the original purposes for which we were processing it, but it is still needed in order to draw up or present a legal claim, or for legal defense against such a claim;

3. the right to request the erasure of your personal data in certain circumstances, such as a situation in which your personal data is no longer needed for the purposes for which it was originally gathered or processed (the so-called right to be forgotten);

4. the right to object to the processing of data conducted in the pursuit of our legitimate interests;

5. the right, at any time, to withdraw your consent to our processing of your data when such processing is based on your consent;

6. the right to request that we update your personal data, or correct inaccurate data; and

7. the right to file a complaint with the local competent authority, such as the Data Protection Ombudsman in Finland (

Should you wish to exercise the aforementioned rights, you may do so by contacting Leanlab (see the contact information above). We may have to ask you for further details on your identity before fulfilling your request, in order to ensure that you are entitled to make such a request.

The personal data processed under this privacy policy is not subject to automated decision-making nor used to profile individuals in such a way that produce legal effects on the data subject or otherwise similarly significantly affect the data subject.