- Privacy policy
Finnish Business Angels Network ry (”FiBAN”, “we” or “us”) respects your privacy and we are dedicated to protecting the privacy of your personal data when you are using FiBAN’s membership services, funding services, webpages and other services provided by us (“Services”). This Privacy Policy helps you understand what personal data we collect, and how we process it. This Privacy Notice also applies to the processing carried out by us in the context of its events, communications, research and public affairs activities as well as its processing of any information relating to representatives of associations, companies or other partners cooperating with or providing services to us.Personal data, data subject, controller and other key terms are defined in the General Data Protection Regulation (2016/679, “GDPR”). The company complies with the GDPR in all processing of personal data in conjunction with other applicable national data protection legislation (“data protection legislation”).
Our Services may also contain links to external websites and services operated by other organizations that we do not manage. This privacy policy is not applicable to their use, so we encourage you to review the privacy policies that apply to them. We are not responsible for the privacy policies of other websites or external services.
1. CONTROLLER AND CONTACT INFORMATION
Finnish Business Angels Network ry
Business ID: 2480326-2
Address: Mannerheimintie 109, 00280 Helsinki
Email: info@fiban.org2. PURPOSE OF THE PROCESSING OF PERSONAL DATA AND LEGAL BASIS
We process personal data that is necessary for the following purposes:
• Customer service and communication
• Provision and development of the Services
• Measuring startup and member satisfaction
• Marketing, including market research, other marketing promotion and analysis, and the production of statistics and the measurement of marketing effectiveness
• Improving the user experience of our Services and tracking user traffic
• Organizing events
• Handling inquiries related to Services
• Processing application information, customer information
• Processing information related to service purchase, payments and sales
• Management of legal obligations (e.g accounting and other legislation) and reporting obligations, such as reporting related to tax legislation
• Prevention of abuse and fraud
We will use the membership application data submitted to:
• evaluate your application;
• review your qualifications, interests and capacity;
• communicating with you in relation to the application, process and membership;
We will use the startup application data submitted to:
We will use the startup application data submitted to:
• evaluate the application;
• reviewing founder/employee/company qualifications and assisting our members in making funding decisions;
• communicate with you in relation to the application, process and funding;
• communicate with you in relation to events and Services;
• forwarding the information you provided to prospective angel investors;
• produce statistics
The legal basis for the processing of personal data is, where not stated otherwise or another legal basis is otherwise applicable, the performance of the contract for providing our’ Services. We can also process your personal data where we have a legitimate interest to do so, such as for marketing purposes. Where we rely on legitimate interests as a reason and legal basis for processing personal data, we have considered whether or not those interests are overridden by the rights and freedoms of the data subjects, and we have concluded that they are not.Where the processing is such that a consent is required by the applicable legislation, we will state so and obtain the consent, and this will be the legal basis for the processing. However, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If such withdrawal means that we are no longer able to provide the Services, we may cease to provide the Services.
3. PERSONAL DATA PROCESSED AND SOURCES OF INFORMATION
Personal data collected and processed by us is mainly collected directly from the applicant, both member and startup. We will only collect such personal data that is relevant for the purposes described in this privacy policy, including information you give to us, and technically gathered information when you use our Services.While the provisioning of certain personal data is necessary for the provisioning of our Services, certain personal data is provided voluntarily by you. Personal data may be updated and supplemented by collecting data from private and public sources, such as commercially available directories and websites.
Personal data is collected directly from you, such as through registration, the application forms, credit rating protection forms or by logging the activities in the Services. This data includes:
Category of personal data Examples of information content Information gathered at registration, contact or via application during the application process • name
• address & email address
• phone number
• social security number
• work or investment history
• qualification and skills
• date of birth or age
• references
• ownership share
• credit reports
• other personal data possibly include in application and pitch decks including pictures provided to usTechnical behavioural data and identification data Monitoring the data subject’s web behaviour and use of Services, for example by means of cookies or similar technical identification data.
Examples of data that can be collected include unique device identifiers, IP addresses, device software version numbers and identifiers, and rough location information via GPS, IP address or mobile networks.Rights management of the data subject, such as consents and prohibitions Marketing prohibitions and consents.
Consents regarding sharing of personal data with prospective angel investors.
Communication and measures relating to the rights of the data subject (see the rights of the data subject below).Other (additional) information provided voluntarily Preferences related to the contract or marketing.
Event and event participation related information.
Other additional information provided in contacts or appointments.
If you do not provide us the required information, this may mean that we may not be able to provide the Services to you, perform the contract necessary for the provisioning of the Services or to comply with our legal obligations.We may collect your personal data also from publicly available sources (such as LinkedIn). If reference checks are included in the process, we will also collect your personal data from the persons you have indicated as appropriate references in your application process.
4. RETENTION OF PERSONAL DATA
The personal data we collect is retained for the period necessary to fulfil the purposes outlined in this privacy policy unless a longer retention period is required by law. Thereafter, the personal data will be deleted within a reasonable timeframe or rendered anonymous. The retention periods depend on the purpose of the processing and type of the information. Personal data and retention periods are listed in the table below:
Personal Data Retention period or criteria used to determine the period Membership and startup data As long as necessary to fulfill the purpose personal data has been gathered for or as required by applicable laws. Contractual data As long as necessary for the performance of a contract based on which the personal data has been gathered and retained as required by retention requirements set out by applicable laws and regulations Technically gathered data As long as necessary to fulfill the purpose personal data has been gathered for or as required by applicable laws. We may keep certain personal data for other purposes than those of the performance of a contract, such as for the settlement of disputes. We will only retain data that is pertinent to the reason it is being retained for and in any case only for as long as allowed by applicable law.
5. RECIPIENTS OF PERSONAL DATA
We will only disclose personal data to third parties if there is a justified reason, legitimate interest, or express consent. We regularly transfer startup application related personal data to prospective investors.
Personal data may be disclosed to authorized third party processors who process the data for us for example IT and technical service providers. All such processing is based on our prior instructions set out in a binding contract that is compliant with the requirements of the applicable law. We do not sell, rent, distribute, or otherwise make your personal data available to any third party except with regard to providing certain personal data to investors and our affiliates in order to provide our Services.The personal data may also be disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the Services as well as to ensure the safety of the Services. In addition, personal data may have to be disclosed in connection with legal proceedings or for similar dispute resolution purposes.
Some of the services we use for processing personal data my operate outside the territory of the European Union or the European Economic Area. Thus, personal data can be transferred regularly outside the European Union (EU) and the European Economic Area (EEA). In cases where personal data is transferred outside EU/EEA, such transfers are either made to a country that is either deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as the Standard Contractual Clauses approved by the EU Commission ensuring also that the data processing and confidentiality fulfills the requirements under applicable laws.
We will provide more information regarding the processing upon request.
6. PROTECTION OF PERSONAL DATA
We use appropriate technical, administrative and organizational security measures to protect personal data against unauthorized access, disclosure, destruction or other unauthorized processing: firewalls, proper access control, controlled provision of access and monitoring of use, and the use of encryption technologies are also in use. The servers are located in the EU. Network services are protected by a HTTPS connection, which encrypts communications.
All parties processing personal data have a duty of confidentiality in matters related to the processing of personal data. Access to personal data is restricted to those employees and parties who need it to perform their duties. We also require our service providers to have appropriate methods in place to protect personal data.
7. RIGHTS OF THE DATA SUBJECTS AND SUPERVISORY AUTHORITY
Right to access, rectification and erasure
You have the right to contact us, and we will inform you what Personal Data We have stored regarding you, and the purposes such data is used for.
You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from all of our systems. Such copies shall be deleted as soon as reasonably possible.Right to Object or Restrict Processing
You may object to certain use of personal data when such processing is based on legitimate interest, including direct marketing or profiling. You may opt-out of receiving promotional emails by following the instructions in those emails. If you opt-out, we may still send you non-promotional customer information, such as emails about your account, providing our services and products or our ongoing relationship with you.
You may request that we restrict processing of certain personal data. Your personal data will then only be stored and not processed otherwise; this may however lead to fewer possibilities to use the Services. If such restriction means that we are no longer able to provide the Services to you, we shall be entitled to stop providing the Services.
Right to data portability
You have the right to receive personal data provided by you to us in a structured, commonly used format. We provide no guarantee that this information will be compatible, relevant or useful to any other service.
Withdrawal of consent
You can deny any direct marketing and withdraw your consent regarding electronic direct marketing. You can always withdraw any other consent including parental consent.
How to exercise your rights
These rights may be used by sending an e-mail to the addresses set out below. Your identity will be verified before the information is given out, which is why we may have to ask for necessary additional details. We will respond to the request within a reasonable amount of time and, where possible, within one month of the request and the verification of your identity. If your request cannot be met, the refusal shall be communicated to you in writing. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
Right to lodge a complaint with the supervisory authority
In case you consider our processing activities of your Personal Data to be inconsistent with the General Data Protection Regulation (GDPR) (EU) 2016/679 or other applicable data protection legislation, you have the right to complain to the applicable data protection supervisory authorities.
8. CHANGES TO THIS PRIVACY POLICY
We may make changes to this privacy policy at any time by giving a notice on the website and/or by other applicable means. You are also recommended to review the privacy policy on our website every now and then.
Date: 30.6.2021
- Data sharing policy
FiBAN General Data Sharing Policy
General principles
● FiBAN aims at processing and storing data anonymously always when possible. Only the specified personnel at the FiBAN office where access to personal data is required to perform job tasks have access to the personal data for a limited, need-to-use time.
● All data handed over to FiBAN is processed confidentially and its storage and destruction is handled professionally.
● Ownership, copyright and other intellectual property rights of the material provided by FiBAN belong to FiBAN, but FiBAN may grant different types of access and use rights (mentioning the source).Entities
The above mentioned principles apply. In addition to these:
● In principle, the intended use of the data should promote angel investing.
● The entity using the data must be a non-profit or public sector entity that does not seek commercial advantage using FiBAN data.
● The ownership of the data remains with FiBAN and the data cannot be used without a separate written consent of FiBAN each time the data is used.
● Data related to startup companies (or management companies) will not be disclosed to third parties without the explicit consent of the data subject.
● FiBAN must get rights to use the research output if material provided by FiBAN has been utilized.Members
The above mentioned principles apply. In addition to these:
● In principle, no raw and/or identifiable data is distributed to members.
● Aggregated data available on FiBAN web pages can be shared without FiBAN’s consent.
● If a member wishes to gain and use other that publicly available aggregated data on FiBAN web pages, member shall make a request for FiBAN’s consideration.
● In special situations, where the appointed employee at the office sees it justified, a data request may be submitted to the FiBAN Board for decision, in which case an exemption may be granted for sharing data.Others (for example other individuals, thesis writers)
All the above mentioned principles apply. In principle, only publicly available data is shared. In special situations, where the appointed employee at the office sees it justified, a data request may be submitted to the FiBAN Board for decision, in which case an exemption may be granted for sharing data. FiBAN may charge costs incurred by collecting and delivering data, such as use of work time.