PRIVACY NOTICE

PRIVACY NOTICE

Effective date: January 2026

With this privacy notice, FINDINGS/Dr. Rouhiainen-Neunhäuserer (hereinafter referred to as “FINDINGS”,we”, “us”) informs you how we collect, use, disclose and otherwise process personal data, in particular when you use findings.fi, or our other websites or online platforms, such as Findings.Codes (collectively “website” and “Service”), obtain services or products from us, interact with us in relation to a contract, communicate with us or otherwise deal with us. Other privacy notices, individual notices or information may apply to specific matters. Personal data is understood to be all information that relates to a specific or identifiable natural person.

Data controller and contact details

The controller of the data processing described in this privacy notice is FINDINGS. You can notify us of any data protection-related concerns using the following contact details:

datasecurity@findings.fi 

Data regulation

The service provider FINDINGS complies with all legal data protection requirements. This Privacy Notice is aligned with the EU General Data Protection Regulation (“GDPR”), the Swiss Data Protection Act (“DPA”). However, the application of these laws depends on each individual case.

Data security

We take appropriate reasonable security measures in order to maintain the required security of processed data and ensure its confidentiality, integrity and availability, and to protect it against unauthorized or unlawful processing, and to mitigate the risk of loss, accidental alteration, unauthorized disclosure or access. 

We protect the data that is sent through our website in transit by appropriate encryption. However, we can only secure areas in our control. We also require our data processors to take appropriate security measures. However, security risks can never be excluded completely; residual risks are unavoidable. 

Collection and processing of personal data

We process personal data that we receive from you, our clients and their employees, business partners, from authorities or other third parties. Insofar as it is permitted to us, we may also obtain certain personal data from publicly accessible sources.

The categories of personal data that we collect and process about you may include, in particular, the following:

  • Personal information and contact details, such as name, age, gender, company, telephone number, email address, professional function, education, qualification, company role, team name, organizational unit,  data for online assessment, pictures.
  • Information contained in communication and other interactions with us, such as correspondence by letter or e-mail or through other means of communication with you or with third parties.
  • Financial information, such as invoicing information, payment details, bank details.
  • Data related to marketing activities, such as preferences and interests, newsletter opt-ins and opt-outs, responses to marketing activities, invitations and participation in events and activities.

Purposes of data processing and legal bases

We may process personal data in accordance with applicable data protection law for the following purposes and, if necessary under applicable data protection law, on the basis of the following legal bases:

  • For the performance of contracts and provide the products and services you request. We process personal data in connection with the conclusion and performance of contracts with our clients and business partners, in particular in the context of providing consulting services to our clients, as well as performing an online assessment ordered by you or your organization and granting you access to certain features. We further process data for the procurement of products and services from our suppliers and subcontractors, as well as in order to comply with our legal obligations relating thereto.
  • To fulfill legal obligations. We process personal data in order to comply with our legal or regulatory obligations. Processing purposes include, but are not limited to documenting compliance with legal and regulatory requirements.
  • To safeguard legitimate interests. We process personal data for the following purposes if this is necessary to protect the legitimate interests of us or of third parties or to protect legitimate public interests:
    • ensuring, monitoring and improving our business operations, including our products, services, IT, our websites, apps, support and other appliances;
    • advertising and marketing (including organizing events and updating you about our services), provided that you have not objected to the use of your data for this purpose;
    • asserting legal claims and defense in legal disputes and official proceedings;
  • Based on your consent: If you have given us consent to process your personal data for certain purposes, we process your personal data within the scope of and based on this consent, unless we have another legal basis and we require such a basis.
  • To produce FINDINGS Codes report: FINDINGS Codes online assessments follow the principles of a 360-degree evaluation and data are gathered from several individuals. Any data on yourself, your team, leader, peer or organization are anonymized and merged so that no further distinction is made between the respondents. Thus, FINDINGS CODES report is personalized but anonymous. 
  • To publish reports: Data may be included in anonymized form (i.e., with identifiers that link individuals to stored data removed or encrypted) in an industry report on leadership, team, and communication trends. 

Cookies, tracking and other technologies related to the use of our website

We currently do not monitor in any way traffic on our website, nor use any cookies.

Disclosure of personal data to other persons

We will not trade or sell your personal data to third parties.

We may disclose personal data to providers and third parties to the extent it is needed to support the functionality and maintenance of the Service.

Data storage and duration of personal data retention

The data may be stored on MS’ servers within Europe and on Amazon’s AWS and Google’s servers located in the US. Personal data is deleted in compliance with the legal deadlines. 

Transfer of data

Please note that data exchanged via the internet is often routed through third countries. Your data may therefore be transferred and maintained on servers located outside of your jurisdiction where the data protection laws may differ from those of your jurisdiction. Your consent to this privacy notice followed by your submission of such information represents your agreement to that transfer.

Retaining data

Your personal data will be retained for as long as necessary to:

  • Comply with legal retention requirements.
  • Fulfill legal obligations.
  • Complete the agreed services.
  • Generate progress and industry reports.
  • Develop and improve our services.

Participation in our Service is voluntary. You can exercise your rights under the GDPR regarding information, correction, limitation, portability, revocation and deletion of your data. You have the following choices regarding the processing of your data:

  • The right to be informed about the data processing.
  • The right to access the personal data we hold about you.
  • The right to correct any inaccurate or incomplete data.
  • The right to request deletion of personal data, under certain conditions.
  • The right to object to the processing of your data.
  • The right to data portability, where applicable.
  • The right to withdraw your consent

Modification of this privacy notice 

We may amend this privacy notice at any time without prior notice. The current version published on our website shall apply.

datasecurity@findings.fi