Privacy policy

Your privacy is important to us.

Every person values privacy, and so do we. That is why we are committed to respecting your privacy and complying with all applicable legislation regarding the processing of personal data.

Our operations and services require the collection and processing of personal data. Our privacy principles describe, among other things, the purposes and types of personal data we collect and process, who processes your data, and what rights and opportunities you have to influence your data.

As the data controller, AI Roots Ltd processes your personal data in accordance with these principles and applicable legislation, so we ask you to read these privacy principles carefully.

We update our privacy policy and privacy principles as our operations evolve or legislation changes, so we ask you to visit this page from time to time. We will also inform registered users separately if there are significant changes to the implementation of their rights.

Our key principles

Your privacy is important to us

We take the processing and careful management of personal data seriously. We value your privacy and are committed to complying with applicable laws regarding the processing of personal data.

Personal data is confidential information

Your information is confidential and is only processed by authorized personnel, primarily AI Root's own staff.

Collection and use of personal data is systematic and appropriate

We avoid unnecessary collection, processing, and retention of personal data. We only hold personal data that is essential to our business and to providing high-quality services.

Written agreements with subcontractors

We only use subcontractors in the processing of personal data who enter into a written agreement with us and commit to securing personal data.

We process your personal data only for your benefit

The processing of our customers' personal data is always based on written agreements, and we do not process data for any other purpose than for the benefit of the customer and in accordance with their instructions.

Key purposes of processing personal data

We use personal data primarily for the delivery of our services, marketing them, managing customer relationships, billing, and developing marketing services.

How do we use your personal information?

We only collect, store, and process personal information for predetermined purposes. The main purposes include:

Matching professionals with assignments

We process personal information related to matching professionals with assignments, such as contacting individuals and assessing their professional skills.

Some of our services may also be available by logging in with personal credentials to our online service. We may also use personal information to make notifications related to service usage.

Quality service for customers

We process personal information for matters related to customer management, such as providing and delivering services, invoicing and collection, handling complaints, customer support, and measuring customer satisfaction.

Some of our services may also be available by logging in with personal credentials to our online service. We may also use personal information to make notifications related to service usage.

Marketing and communication of services

Within the limits allowed by law, we may also process personal information for marketing purposes and direct marketing purposes. This may include processing and analyzing personal information for marketing or targeting services.

For example, we may display targeted messages or content in our channels based on your previous interests.

Product development for marketing services

We believe in continuous improvement. Therefore, we may also use personal information for the development of our marketing services, such as planning and launching new service concepts or improving processes.

Compliance with legal obligations

Your information may also be collected and processed to comply with legal obligations, such as accounting and regulatory purposes.

Human resources management

Information regarding employees and job applicants is mainly processed for human resources management purposes, to fulfill employment contract obligations, comply with legal obligations related to employment, and evaluate and select job applicants for open positions.

What personal information do we collect and from what sources?

We mainly collect personal information about you when you contact us or later when you use our services. We may also collect information about customers from public sources or registries, such as LinkedIn or other social media channels.

We collect information about visitors to our website through Google Analytics and HubSpot to analyze and improve our site and to target relevant marketing to our visitors.

We primarily collect personal information about our customers (including potential customers), experts offered for contract work (including potential experts), individuals sought for our customers' direct search needs, our employees, and job applicants.

Typically, we may receive the following information directly from our customer contacts:

  • Customer's employer name, contact person's first and last name, work address, work email address, phone number, and title;
  • Information on the contact person's marketing permissions and/or prohibitions;
  • Self-provided classification information of individuals (such as interests);
  • Information entered through contact forms and chat;
  • Customer feedback information.

Typically, we may receive the following information directly from experts:

  • Expert's first and last name, work address, work email address, phone number, and title;
  • Expert's resume, portfolio, or other evidence of experience and expertise;
  • Information on the expert's marketing permissions and/or prohibitions;
  • Self-provided classification information of individuals (such as interests);
  • Information entered through contact forms and chat;
  • Customer feedback information.

Typically, we may receive the following information directly from individuals sought for our customers' direct search needs:

  • Person's first and last name, home address, email address, and phone number;
  • Person's resume, portfolio, or other evidence of experience and expertise;
  • Self-provided classification information of individuals (such as interests);
  • Information entered through contact forms and chat;

When using our services, we may process the following personal information about the customer:

  • IP address or other identifier;
  • Order, billing, and delivery information;
  • Information collected through cookies;
  • Information collected from the use of our web service.

From other sources, we may receive the following information about customers, experts, individuals sought for direct search, or job applicants:

  • Information related to the use of social media, such as LinkedIn, Facebook, and Instagram.

Regarding employees and job applicants, we primarily process information received directly from the individual and other information generated during the employment relationship:

  • Basic information of the employee or job applicant;
  • Applicant's resume, application, and reference information obtained with the applicant's consent;
  • Information required for payroll;
  • Obligations and rights related to the employment relationship...

With your consent, we may also collect and process other information.

What is the basis for processing your information?

We ensure that we always have a legal basis for processing your personal information. We may process your information on several different grounds, but we make sure that we always have at least one legal basis for processing.

We primarily process customer and expert registry information for the purpose of fulfilling and preparing contracts and on the basis of our legitimate interest, which includes providing and delivering our services, managing customer relationships, processing complaints and customer feedback, and providing maintenance and development services.

We mainly process marketing registry information for the purpose of marketing our services and developing marketing expert services.

With your consent, we may also use your email address to send you newsletters and marketing materials, or process other information based on your consent. If we process your information based solely on your consent, you can withdraw your consent at any time.

We may also process your information to fulfill our legal obligations.

Who processes your information and is it disclosed to third parties?

Your personal information is processed by employees of our company who are designated as data processors in their work.

In some cases, your information may be disclosed confidentially to our subcontractors who process personal data under a written mandate agreement. Our subcontractors process personal data in accordance with our written instructions and only for the purposes mentioned in this privacy policy.

Regarding personal data of customers and experts, we may use subcontractors, especially for data storage and customer management purposes (cloud storage services, project management and communication tools, CRM), technical support, and website design and implementation. Our subcontractors are mainly responsible for secure storage of personal data and do not participate in processing.

In personnel matters, we use subcontractors, especially for financial management and payroll and electronic data storage (cloud storage service).

We may also disclose information to fulfill contractual obligations or as required by law or competent authority.

We may also disclose your information if we are involved in a corporate or business transaction.

We may also disclose anonymized or statistical information that cannot be linked to an individual. If such information is no longer considered personal data, we may also disclose information to third parties for purposes other than those mentioned here.

Will your information be transferred outside the EU?

In certain situations, your information may be transferred outside the EU. Some of the cloud services we use may be located outside the EU. If information is transferred outside the EU, we ensure that the country is a country with sufficient data protection as defined by the EU Commission, the recipient of the transfer is Privacy Shield-certified (for recipients located in the United States), or the transfer is made using the model clauses published by the EU Commission. Therefore, we always ensure that any possible data transfer is carried out on the basis of legal requirements and with sufficient protection mechanisms.

How long will your personal data be stored?

We do not store your personal data for longer than is necessary for its intended purpose or as required by contract or law. However, the storage times for personal data may vary depending on the purpose and situation. The storage times for personal data may also be based on legislation, such as the Accounting Act. We regularly update your information to ensure that it is up to date and that its processing is appropriate. Unnecessary information is deleted.

We regularly take measures related to the lifecycle management of personal data to ensure that personal data, whose intended purpose is ending, are either anonymized or deleted.

How do we secure your information?

Your information is mainly stored in electronic form on servers provided by our service providers, which are protected according to industry standards.

The personal information we collect and process is kept confidential and not disclosed to anyone other than those who need it for their work or confidentially and on a limited basis based on contracts with our partners, such as subcontractors.

Access to your personal information is restricted and protected by user-specific usernames, passwords, and access rights. Our premises are locked and protected.

Is providing information mandatory?

If you do not provide personal information or allow its processing, we may not be able to serve you fully and meet the purpose of our operations. If you do not want us to process your information in accordance with these principles, we ask that you do not provide us with any information.

How do we use cookies?

To improve the user experience of our website, we use HubSpot Analytics and Google Analytics software to collect information about how visitors use our site.

Cookies are short text files that are stored by the web server on a user's device. They provide us with information on how users interact with our website.

We may use cookies to improve our services and website, analyze website usage, and optimize marketing efforts.

Users of the website can give consent or deny the use of cookies through their web browser settings. Most web browsers allow cookies automatically, but please note that blocking cookies may limit the functionality of our website.

What rights and modes of action do you have

Withdrawal of consent

If we process your information based on your consent, you may withdraw your consent at any time by notifying us, for example, by sending an email to tietosuoja@rootsof.ai.

Access to information

You have the right to receive confirmation from us whether we process personal data concerning you, and to know what personal data concerning you we process. In addition, you have the right to obtain supplementary information about the grounds for the processing of your personal data.

Right to rectification

You have the right to request that we correct any inaccurate or outdated, or otherwise incomplete personal data concerning you.

Right to object to direct marketing

You may object to the processing of your personal data for direct marketing purposes by sending an email to tietosuoja@rootsof.ai.

Right to object to processing

If we process your personal data on the basis of public interest or our legitimate interest, you have the right to object to the processing of personal data concerning you to the extent that there is no significant reason that overrides your rights or the processing is not necessary for the fulfillment of a legal obligation.

Please note that in this case, we may no longer be able to serve you.

Right to restrict processin

In certain situations, you have the right to request that we restrict the processing of your personal data.

Right to data portability

If we have processed your data on the basis of your consent or for the performance of a contract, you have the right to receive the personal data you have provided us with in a commonly used and machine-readable format, so that the data can be transferred to another service provider.

Right to be forgotten

If we have processed your data on the basis of your consent or for the performance of a contract, and you do not want us to retain and/or process personal data concerning you, you have the right to request that we erase all personal data concerning you that is not necessary for the exercise of legitimate interests or legal obligations.

How can I exercise my rights?

You can exercise your rights by contacting us, for example, by sending an email to tietosuoja@rootsof.ai.

We also ask you to provide your name, address, and phone number, and to suggest a suitable time for identification and identity verification at our office.

If you believe that the processing of your personal data is not lawful, you may also make a complaint to the competent supervisory authority (Data Protection Ombudsman).

Can this privacy policy be updated?

We update our privacy policy when our operations or data protection principles change. Updates may also become necessary due to changes in legislation. The changes take effect when we have published the updated privacy policy. Therefore, we ask you to regularly familiarize yourself with the content of this privacy policy.

If the content of the privacy policy changes significantly in terms of your rights, we will inform you separately by email if you have provided us with an up-to-date email address.

If the content of the privacy statement changes significantly in terms of your rights, we will inform you separately by email, provided that you have provided us with an up-to-date email address.

Who can I contact for privacy matters?

Contact information:

AI Roots Oy

Töölönlahdenkatu 3 B

00100 Helsinki

Business ID: 3096719-1

Data protection contact person: Pekka Hackspik, pekka.hackspik@finitec.fi