PURPOSE OF THIS DOCUMENT
The purpose of Interactive Ads Ai Oy Data Protection Policy is to describe how Interactive Ads approaches protecting our customers and users data and privacy, and how we’re complying with GDPR & the national data protection policies & laws.
DEFINITIONS OF KEY TERMS
Data Privacy Officer (DPO)
An expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the GDPR.

Data Controller (DC)
The entity that determines the purposes, conditions and means of the processing of personal data.

Data Processor (DP)
The entity that processes data on behalf of the Data Controller.

Data Subject (DS)
A natural person whose personal data is processed by a controller or processor.

Processing
Any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.

Personal Data
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person.

Right to Access
Also known as Subject Access Right, it entitles the data subject to have access to and information about the personal data that a controller has concerning them.

Pseydonymisation
The processing of personal data such that it can no longer be attributed to a single data subject without the use of additional data, so long as said additional data stays separate to ensure non-attribution.

Profiling
Any automated processing of personal data intended to evaluate, analyse, or predict data subject behaviour.

PRINCIPLES OF DATA PROCESSING
See Interactive Ads ‘Privacy Policy’ for detailed documentation on Personal Data we’re gathering & the Personal Data gathering purposes.

Interactive Ads will never disclose nor sell the gathered personal data for third parties without an explicit consent from all of the data subjects being affected. Personal Data processing activities within Interactive Ads can be broken down into 2 separate categories as follows:

1 Processing performed by Interactive Ads
Interactive Ads authorised personnel will be processing the personal data gathered solely for the purpose of helping our customers do better marketing in a more cost effective manner, and within the boundaries of implementing the contracts between Interactive Ads and our customer companies.

Interactive Ads can perform automated machine learning powered analysis on the gathered data, in order to gain better understanding of the users of our platform and to better connect them with possibly interesting companies using our services.

Interactive Ads will never use the gathered data for anything else except for activities driven by the purpose of advancing our customers marketing process & it’s efficiency directly or indirectly.

2 Processing performed by Interactive Ads customer companies
Interactive Ads customer companies processors participating in the processing activities are always explicitly specified in a separate attachment provided for the data subjects in beforehand in conjunction with this document & Interactive Ads official Privacy Policy.

Interactive Ads customers shall only be performing data processing activities for the following purposes:

1.  Gathering & nurturing companies own lead & customer database for more efficient marketing activities
2. Discovering their gathered leads from the database based on given criteria
3. Educate, help and engage potential website visitors and customers.
Interactive Ads will sign a separate contract with every individual data processor where the processor agrees to honor the privacy of our data subjects and to obey this data privacy policy document + any possible additional national data privacy code of conducts available at the time of signing the contract.

All data subjects have a legal Right to Access and Right to be Forgotten as per GDPR. Due to this data subjects are able to request a record of all data Interactive Ads has about them via email, or can request an erasure of stored data regarding them. In order to fulfil this request the requester has to be able to identify themselves via the same email address they’re requesting the data about.

KEY REQUIREMENTS AND CONTROL PROCEDURES
All parties involved in the data processing activities either as Interactive’s personnel or Interactive’s customers are required to sign a contract binding them to comply with this Data Protection Policy & Interactive Ads Privacy Policy. All in beforehand undisclosed processing, unlawful processing, or processing that does not obey Interactive’s Privacy Policy & Data Protection Policy are forbidden.

All customer facing communication with Interactive Ads servers are protected via (HTTPS) encrypted connections to prevent accidental disclosure of confidential data by our users when using eg. a public wi-fi access point.

All production servers are being hardened and maintained according to industry’s best security practises to minimise the chance of accidental data breaches and incidents. Data is regularly, redundantly and automatically being backed up into multi-location storage solutions for incident recovery situations. Backups are being stored for a maximum duration of 12 months from their creation date.

Interactive Ads data is protected by an Access Control List (ACL) layer integrated into our web application that makes sure only authorised personnel are allowed to process certain personal data objects belonging to their company. All data processing activities are being automatically logged for later auditing purposes to ensure processing to be always lawful.

All data is being physically processed and stored within the borders of EU nations (Finland, Ireland, Germany, Netherlands), and will not be transfer-red outside of EU without a prior consent and notice of all data subjects being affected.

Interactive’s DPO ensures and monitors that all data processing activities of Interactive Ads data is only being performed by authorised parties and in compliance with this policy, our Privacy Policy, and the related laws and regulations.

Interactive’s DPO co-operates regularly with the local supervising data privacy authority to ensure compliance with the latest laws and regulations, and to ensure safety and privacy of our users.

General Information
Registrar
Interactive Ads Ai Oy
Business ID: 2922046-1

Contact Person
Mikael da Costa
CEO
Mikael@leadoo.com

Purpose of this Document
The purpose of Interactive Ads’s Privacy Policy is to specify exactly what information Interactive Ads is collecting from it’s users and how + why that data is being processed.

Users of Interactive Ads platform are required to grant Interactive Ads consent for the data gathering & processing activities specified in this document, due to the nature of lead generation software services Interactive Ads is providing.

Unfortunately without consent to proceed the users will be unable to utilise Interactive Ads’s services.

Interactive Ads will always log the granted consent (per email address being used by our visitors) for later auditing purposes.

You can at any time withdraw your data processing consent by contacting our Data Protection Officer via the contact details provided in this document. In such occasion please make sure you’re contacting us via the same email address you originally granted the consent with.

Please refer to our ‘Data Protection Policy’ + it’s appendix for more information about how Interactive Ads will be protecting your privacy, and who will be authorised to perform processing activities on the data related to you within our system. These documents are required to always be presented to you together, and you’ll be required to read through them before granting Interactive Ads consent for processing your data.

Interactive Ads honours it’s users privacy and never discloses nor sells the gathered information for 3rd parties.

What data do we collect & how is it utilised?
Personal data gathered varies slightly depending on the use case with which the data was collected from you. If you interacted with our customers’ chatbots, the following information can be collected from you:

1. Full name
2. Email address
3. Phone number
4. Answers to chatbot questions
5. Company name
6. Source of your lead (can be the HTTP referrer, or an ID of a specific page where you applied through)

If you register to our platform or connect with us by any other digital means, the data collected from you can slightly differ from the most popular use case specified above. The collection of personal data can be manually extended by the Company processing your data, in a form of labels and categories.

You will always be presented with our ‘Privacy Policy’, ‘Data Protection Policy’ and the terms of our service, and will be required to grant Interactive Ads a consent for data gathering & processing, before any personal data will be collected and stored.

Personal data gathered will only be processed by the following parties:

1. Interactive Ads’s authorised personnel or direct contractors
2. Interactive Ads’s customer company’s authorised personnel

Interactive Ads platform requires every user processing the data to authenticate with their personal user credentials. Users will be further authorised via Interactive Ads platform’s members functionality that ensures that they will only be granted option to process data they’re explicitly authorised to.

Personal data can be processed for the following purposes:

1. By Interactive Ads to analyse the users of our service for providing more valuable functionality to companies utilising our platform to generate more leads
2. By Interactive Ads’s customer company that originally collected the information from you, to communicate with you
3. By Interactive Ads’s AI, for giving companies using our services insights into their analytics

Personal data is always company specific, and won’t be accessible by any other Interactive Ads customer company but the one that was associated when you voluntarily granted the consent for data gathering purposes and initially submitted the data into our system.

Interactive Ads will pseudonymise (make the data unidentifiable) if it’s used in more general or wide statistical purposes, to make sure your privacy won’t be threatened by such process.

Your personal data will be automatically erased or pseudonymised when the company that originally gathered the data is either no longer using our tools, or doesn’t need that particular piece of data in order to either measure or improve their lead generation process.

How & Where is the Data Stored?
All personal data is stored electronically, and will be physically stored within EU nations.

Our most commonly utilised data centre locations are in Finland, Netherlands, Germany, and Ireland.

All data processing is handled through industry best practise procedures and encrypted connections (TLS/HTTPS, SSH), more about this in the ‘Data Protection Policy’ document.

No data storing or processing happens outside of EU borders, without a prior consent of the data subjects.

Rights of the Data Subject
You have a legal right to either withdraw your data processing consent, or to object the processing of your personal data, at any time.

If you decide to not grant consent for processing your personal data, you unfortunately won’t be able to further utilise Interactive Ads’s services.

You can withdraw your earlier data processing consent by informing Interactive Ads’s Data Protection Officer (DPO) via the same email address you originally granted the consent with. You will receive an email confirmation after your data has been erased from our active system.

Interactive Ads honours your legal rights and privacy, and will inform you in beforehand via email if/when the contents of this document change.

If you have any questions regarding data processing at Interactive Ads Oy, please don’t hesitate to contact us.

If you for some reason feel like your privacy has not been handled appropriately or lawfully, you can either contact Interactive Ads’s DPO, or directly file a complaint to the local supervising authority for further inspection.