Privacy Notice

Data controller: Drift Consulting Ltd (“Drift” or “we”)
E-mail address: anton@drift.legal
Contact person: Anton Pirinen, Executive Director

General Information

This Privacy Notice describes how we process personal data concerning our clients, potential clients, suppliers, other business partners, and the representatives of the aforementioned parties.

Personal Data Processed and Sources of Data

We may process the following personal data relating to you:

  • Name and contact details

  • Organization and title

  • Phone number

  • Email address

  • Correspondence between Drift’s representatives and you

  • Information relating to meetings between Drift’s representatives and you

  • Invoicing and billing information

  • Marketing opt-outs and opt-ins

Typically, we receive personal data directly from you, your employer, or your employer’s counterparts during an engagement with your employer.

Additionally, we may collect personal data from public sources, such as public websites, social media, and public registers.

Purposes and Legal Basis for Processing of Personal Data

We process personal data for the following purposes:

  • To Operate Our Business: We process personal data primarily to offer our services to our customers and to otherwise run and develop our business.

  • For Legal Obligations: We may process your personal data to fulfill our legal obligations, such as complying with bookkeeping requirements.

  • For Legal Processes: We may process personal data in connection with claims handling, debt collection, and legal processes. We may also process data to prevent fraud and money laundering.

  • For Marketing: We may process personal data for marketing purposes, such as corresponding with you via email and other communication channels.

Legal Basis for Processing We process your personal data mainly to pursue our legitimate interest in maintaining and developing customer and business relationships and running and developing our business. Additionally, we process personal data to comply with legal obligations, such as KYC and AML procedures and other procedures based on applicable law.

You may be asked to grant your consent for the processing of personal data. If the processing is based on consent, you may withdraw your consent at any time.

Transfer to Countries Outside Europe

We store your personal data primarily within the European Economic Area (EEA). However, we have service providers in various geographical locations. As such, we and our service providers may transfer personal data to or access it in jurisdictions outside the EEA or your domicile.

If we transfer your personal data outside the EEA or to a country that does not provide adequate protection of personal data according to the European Commission, we will ensure adequate protection for such transfers through agreements with our service providers and technical and organizational measures.

Personal Data Recipients

We only share personal data with third parties if one of the following circumstances applies:

For Legal Processes: We may share personal data with third parties if access to and use of the personal data is reasonably necessary to: (i) comply with applicable law, regulation, or court order; or (ii) detect, prevent, or address crime or security issues.

To Service Providers: We may share personal data with service providers who perform services for us (including data storage, accounting, sales, and marketing services). The agreements with our service providers include commitments that they will limit their use of personal data and comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.

For Other Legitimate Reasons: If Drift is involved in a merger, acquisition, or asset sale, we may transfer personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will notify you when personal data is transferred or becomes subject to a different Privacy Policy as soon as reasonably possible, provided that the transfer concerns your personal data.

With Explicit Consent: We may share personal data with third parties outside Drift’s organization for reasons other than those mentioned above when we have your explicit consent to do so. You have the right to withdraw this consent at any time.

Storage Period

We do not store personal data longer than is legally permitted and necessary for the purposes set out in this Privacy Notice. As the storage period depends on the nature of the information and the purposes of processing, the maximum period may vary per use.

When the storage of personal data is no longer necessary for the purpose for which it was initially collected, we may continue storing the data only as long as such processing is required by law or reasonably necessary for our legal obligations or legitimate interests, such as claims handling, bookkeeping, internal reporting, reconciliation purposes, and direct marketing.

Your Rights

You have the right to access your personal data processed by us and request a copy of your personal data. If the processing is based on consent, you may withdraw the consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You have the right to have incorrect or incomplete personal data corrected or completed. You may also request that we erase your personal data from our systems. We will comply with such requests unless we have a legitimate ground to not delete the data.

You may object to the processing of personal data on grounds relating to your particular situation if such data is processed for our legitimate interest. You also have the right to prohibit us from using your personal data for direct marketing purposes. You may request us to restrict the processing of personal data, for example, when your data erasure, rectification, or objection requests are pending and/or when we do not have legitimate grounds to process your data.

If the processing is based on consent or an agreement, you have the right to receive your personal data in a structured and commonly used format.

The above-mentioned rights may be exercised by contacting us at the addresses set out above. We may request additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.

Lodging a Complaint

If you believe our processing of personal data is inconsistent with applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection in your jurisdiction.