Scale Company Privacy Policy

1. General information

Scale Company Oy (hereinafter referred to as “the Company” or “We”) is committed to ensuring the confidentiality and privacy of any personal data it holds. This privacy statement is applicable to the personal data We collect in our user and marketing registers (hereinafter the “Register”). This privacy statement describes the personal data that We collect and how We process it. Further information on how We process your personal data can be obtained via email at

We may update this privacy statement from time to time, for example as the related legislation changes. We will strive to use any reasonable means to inform you, well in advance, of any changes and their effects. We strongly encourage you to review this privacy statement whenever you receive information on any changes made to it. This privacy statement was last updated on Sept 13th 2021.

2. Data controller

Name: Scale Company Oy
Address: FI-00100 Helsinki, Finland
Business ID: 3193447-1

3. Whose personal data do we collect?

We process the personal data of our existing and potential business customer representatives (B2B customers and consultancy partners). Furthermore, We process the personal data of users of Scale Company platform (hereinafter also “You”).

4. What types of personal data do we collect and process?

Platform users

Basic information:

- first and last name
- e-mail address.

Other data:

- personal data provided by customers themselves
- direct marketing permissions and prohibitions data based on behaviour and service usage

Potential business customer representatives

Basic information:

- first and last name
- position in company
- name of employer
- mobile phone number
- e-mail address.

Other data:

- personal data provided by customers themselves, on topics such as areas of interest
- direct marketing permissions and prohibitions
- data based on behaviour and location.

5. From which sources is personal data collected?

Primarily, We collect personal data from our customer register the data subject him or herself (e.g. via a registration or contact form) registers disclosed by our collaboration partners public sources, such as from Asiakastieto, companies’ own websites, the Business Information System (YTJ), Fonecta and Kauppalehti Yrityshaku.

5.1 Log-in / authentication information and other information related to our provision of the Services

If you log in to our Site or Services by using credentials from a third party (for example, Google, Microsoft or GitHub), we will receive information that you (or the Customer on your behalf) have authorized for sharing. We use Auth0 as an authentication provider. When creating a profile Auth0 stores your full name, email address and profile picture into the profile. We may use the email address to contact you in matters related to our provision of the Services. We do not access, use, or share, nor store any other third party user data in our databases.

6. Grounds for, and uses and effects of, processing your personal data

Your personal data is processed on the grounds of our legitimate interests mentioned below or on the consent of the data subject. The purpose of personal data processing is producing the digital platform service including authentication, managing and developing customer relationships executing electronic and traditional direct marketing targeting marketing at existing and potential business customers and current beneficiaries sending invitations to occasions and events.

7. Regular transfers of your personal data and transfers to third parties

Our partner and subcontractor may only process your personal data with regard to tasks performed for marketing purposes belonging to us. We may transfer your personal data to third parties, which are partners and subcontractors such as data and communications system providers In every case, We ensure that our partners do not process transferable personal data for any purpose other than the above. We will not disclose any personal data in our user nor marketing Register to third parties.

8. Transfers of your personal data outside the EU or the European economic area

We will transfer your personal data (name, address, company, e-mail address) outside the European Union or the European Economic Area in accordance with the legislation on the processing of personal data for marketing and, in the case of business representatives, for the submission of tenders. Data is only transferred to the following organisations located in the United States complying with the EU-US Privacy Shield Framework:

- HubSpot, Inc. (business representatives only, does not apply to platform users)

In all situations, We will only transfer your personal data outside the EU or the European Economic Area on one of the following grounds:

- the European Commission has decided that an adequate level of data protection has been ensured in the recipient country concerned;
- We have implemented the appropriate safeguards for the transfer of your personal data by using the standard privacy statements approved by the European Commission. In such a case, You have the right to a copy of the standard statements by contacting us in accordance with the “Contacts” section; or
- You have given your explicit consent to the transfer of your personal data, or there are other legitimate grounds for transferring your personal data from outside the EU or the European Economic Area.

9. Principles for retaining personal data

Personal data is retained for the time being unless the data subject has exercised his or her opt-out right. Personal data will be regularly updated, and it will be deleted based on business rules related to the purpose for processing.

10. Rights of the data subject with regard to personal data processing

In accordance with the applicable data protection legislation, You have the right at any time to:

- have access to your personal data;
- have access to your personal data and inspect any personal data that We are processing concerning You;
- demand the correction and supplementing of any inaccurate and incorrect personal data;
- demand the deletion of your personal data;
- object to the processing of your personal data on the basis of your personal circumstances, insofar as our legitimate interests (e.g. direct marketing) form the grounds for processing your personal data;
- obtain your personal data in machine-readable format and transfer the data to another data controller, provided that You have personally submitted the personal data to us, We are processing the personal data on the basis of a contract and it is being processed automatically; and
- demand the restriction of your personal data.

To exercise the above right, You must submit a request to us in accordance with the Contacts section of this privacy notice. We may ask You to specify your request in writing and to verify your identity before the processing of your request. We may refuse to implement your request on the basis of the applicable legislation.

In any case, you have the right to appeal to the appropriate supervisory authority or the supervisory authority of the EU Member State in which your residence or place of work is located, if You believe that We have not processed your personal data in accordance with data protection legislation.

11. Principles of data protection of the register

We respect the confidentiality of your personal data. Digitally processed personal data is stored in our information system and is accessible only to persons who need such data for the performance of their duties. The persons in question use personal usernames and passwords.

Scale Company personnel require a personal username and password in order to engage in personal data processing and to gain access to the marketing Register. Username and password are issued alongside personal access rights. Access rights are defined by the person in charge of the Register together with the administrator of the information system. The data is protected from both intentional and unintentional destruction. Internal data connections within the system are implemented in a closed network. External connections are protected by firewalls. When using, or feeding data into, the Register through a public network, the connection is protected with Transport Layer Security (TLS) security.

We protect personal data transferred to third parties by using all available means to limit access to such data. Access rights to the processing of data in a third-party system must be provided on a need-only basis.

12. Information on cookies and related technologies

A “cookie” is a commonly used, small character string that your web browser stores on your computer or other terminal when You visit a website. Your browser will send data back to the webpage when You revisit it. All modern web pages use cookies to provide You with a more personalised browser experience.

Each cookie is individually installed on each terminal and cookies can only be read by the server on which the cookie is installed. Because a cookie is tied to a certain browser and cannot, in principle, be shared between different browsers or devices (unless a browser, add-on or other application specifically allows this), your cookie management choices are only applicable to that particular browser. A cookie cannot run software and cannot be used to deliver viruses or other malicious code, and it will not damage your terminal or files.

We use Google Analytics in our service and on our website, to analyse how users use our service and website. Google Analytics is a web analytics service provided by Google Inc. (“Google”), which operates by using cookies. Please note that cookies installed by Google are subject to Google’s terms and policies, on which more information can be found at Google Analytics does not transfer personal data from the Scale Company Register, and Google Analytics data is not linked to personal data on the Register.

13. Contacts

All requests related to exercising the above-mentioned rights, questions about this privacy statement and other contact information should be sent by email to: