Database Privacy Policy

Published: Sep 1st, 2021
Stealth Black Oy (FI31383892)
Last reviewed: Sep 1st, 2023

This privacy policy describes how Stealth Black Oy will process and protect your personal data.

Please note that to the extent Stealth Black Oy processes personal data for its customers as a data processor, such processing is governed by a separate data processing agreement.

1. Contact Details

Stealth Black Oy (FI31383892) is the controller of personal data collected from public and open data sources. Stealth Black Oy is the processor of personal data received from its customers (user data). If you have any questions or queries regarding the processing of your personal data, Stealth Black Oy can be reached using the following contact details:

Address:
Satamaradankatu 1, 00510 Helsinki
Email:
privacy@stealth.black

Stealth Black Oy's current data protection officer is Antti Lehtimäki, who can be reached using the contact details above.

2. Purpose and Legal Basis of Processing Personal Data

Processing of a limited amount of personal data is based on our legitimate interest to freely conduct business and maintain our Service in accordance with Union law and national laws and to carry out a task of public interest.

Processing is limited to 1) persons holding a role in public life such as business-people, members of regulated professions and personal data available in the public domain or which is in the public interest and 2) users of the Service.

In accordance with the statement by the Article 29 Working Party (an independent advisory body established under the EU’s Data Protection Directive (95/46/EC)), business people and members of the (regulated) professions can usually be considered to fulfill a role in public life.

Our use, processing and maintaining such public data in the database record is limited to have a minimal privacy impact, and processing of personal data is not extended to beyond what the data subjects could reasonably expect during the period that the data subject is in the position at the legal entity, and the same information is available and freely accessible by the public in the public domain.

Personal data in the Stealth Black’s database record may be processed for the following purposes:

  1. Presenting the personal data in connection with the legal entity, which is connected to the data subject,
  2. Statistical analyses on Companies based on pseudonymized or anonymized data,
  3. Fulfilling the obligations based on law and orders of the authorities, and
  4. Providing the basic functionalities of the Service (in case of Service users).

3. Data Collection

The Service uses intelligent data collection algorithms to build and maintain a database of legal entities. These algorithms index open and public data and process the data in order to link the collected information with the right company. The data is collected from numerous sources, such as public company registers, company websites, press releases and other similar publicly available sources.

4. Regular Sources of Personal Data

Stealth Black collects personal data primarily from open and public data of legal entities, which is available in the public domain or has been made available to the public by the legal entities.

Regular sources include national Patent and Registration offices (or their equivalents), public officials, company websites, press releases and other source material made available to the public by the Company or its representatives. All personal data in our database is linked to the source where it was acquired, and our technology is designed to update the personal data based on that source.

Personal data regarding the users of the Service is received from the users themselves or from their employer, with their consent.

5. Scope of Personal Data

The Record contains a limited amount of personal data which is directly linked to the data subjects’ role in the legal entity. Other personal data is not included in the Record.

The Register may contain the following personal data in connection with the legal entity:

  • Basic information (name, title, position, country),
  • Communication channel identifiers (e.g. phone, email address)

6. Recipients of Personal Data

Service users and Stealth Black's customers have access to the personal data in relation to the Companies selected and displayed automatically by the Service or that they search for or where such data is available in the Service. A limited amount of Company information and relative personal data may also be available through a search engine on Stealth Black’s website, which may be used without a customer relationship with Stealth Black.

All personal data that is available to the users and customers of our Service is freely accessible in the public domain, or otherwise available to the public in the same manner and similar format as is provided in our Service. Stealth Black's customers may export data from the service. When our customers use this feature, they will become data controllers in respect to personal data, in which case the customer’s privacy notice will apply to the data processing they might carry out. In cases where personal data is disclosed to our Customer, we require the Customer to commit into appropriate data processing practices through contractual means.

Stealth Black Oy will share your personal data with the data processors which Stealth Black Oy has entered into processing agreements with, namely the following data processors:

  • Google Inc. (California, USA)
    Google Cloud Platform (GCP) is used for secure cloud computing services and database storage. Google Firebase is used for managing users.
  • Amazon Web Services EMEA Sarl (EU)
    Amazon Web Services (AWS) is used for secure cloud computing services and database storage.
  • OpenAI, LLC (USA)
    OpenAI’s solutions are used for language interpretation and generation.

7. Transfers and Handing Over of Information

The data that Stealth Black collects from data subjects is not transferred to, or stored at, a destination outside the European Economic Area (“EEA”), with the following exceptions:

  • Our Service may be used by our customers and other users at a location outside the EEA. As part of the use of the Service, our customers may access the database through searches and filters and choose to import data from our database into their systems. We require our customers to commit to the lawful use of the data provided by us, including the lawfulness of any data transfer. By using the Service our customers and users independently evaluate whether they choose to collect and process the personal data which is available in the Service for its purposes.
  • In order to interpret and generate natural language, the users of the Service may opt to use a feature that uses a solution provided by OpenAI, LLC (listed in Clause 6). As part of this process, the minimum required information about the sender and recipient are handed over to their service. OpenAI, LLC is highly committed to providing adequately protected service, approved under GDPR. For the avoidance of doubt, it should be stated that this feature uses specifically the API’s (not the web app) provided by OpenAI, LLC. The data provided through API’s is not used to train OpenAI’s models or improve OpenAI’s service offering.

Personal Data may be disclosed to authorities in cases required by the mandatory local legislation or court order. Data may also be disclosed if the disclosure is permitted by applicable law or regulation.

8. Retention of Personal Data

Personal data will be stored in the database only as long as and only to the extent that is necessary to provide timely and accurate information on Company decision-makers as part of providing information on Companies included in the Stealth Black's database, as designed in the Service. When such requirements no longer exist, personal data will be deleted. The requirement is deemed to exist during the period that the data subject is in the position of the legal entity, which has been recorded in the original source.

The retention periods for personal data in Stealth Black have been designed to reflect the retention period of the original data source. The database is automatically updated on a regular basis, and personal data will not be stored beyond a reasonable time after it has been removed from the original source.

Personal data regarding the users of the Service is stored in the database while the customer relationship is valid, and at maximum 12 months after the relationship ends.

9. Data Protection Principles

The information security of personal data and processing and confidentiality, integrity and usability are ensured with appropriate technical and administrative measures in accordance with Stealth Black's information security principles. The employees of Stealth Black have bound themselves to comply with professional secrecy and concealment regarding the information they receive during the processing of personal information. Privacy and security guidelines have been communicated to employees and strictly enforce privacy safeguards within the company.

All databases and information systems are accessible only with individual and personal login information (username and password) granted by Stealth Black. The rights to access the master database are restricted, so that the information can only be viewed and processed by persons who are legally admitted and required to do so. The customers and users of our Service may only have access to the personal data which is made available in the Service by Stealth Black.

10. What Rights Do You Have?

You have the right to request information about the personal data which Stealth Black Oy holds about you at any time and demand data erased. You further have the right to request rectification of your personal data if the information is incorrect, and you have the right to demand incomplete personal data completed. Moreover, you have the right to object to the processing and demand portability.

Please contact Stealth Black Oy by using the contact details in Clause 1 above, should you wish to access your rights. Stealth Black Oy will attend to your query as soon as possible and within 30 days at the latest.

If you withdraw your consent, that will not have any legal impact on any processing which took place prior to you withdrawing the consent.

11. Complaints

Should you wish to submit any complaints in regards to Stealth Black Oy's processing of personal data and compliance with GDPR, please contact the Data Protection Authority (Tietosuojavaltuutettu). You will find information on how to contact the Data Protection Authority on their website, https://tietosuoja.fi/tietosuojavaltuutetun-toimisto.