Nov 1, 2022

Sourced Leads Privacy Policy


This Sourced Leads Privacy Policy (referred to as "Privacy Policy") informs why and how we process personal data about potential business customers, whose data we have collected from publicly available sources (referred to as "Lead", “you” and jointly "Leads").

Aiven Ltd, business ID: 2795743-5, is the data controller (referred to as "Aiven", "we" or "us") in relation to the processing of your personal data. As a data controller, Aiven is responsible for ensuring that personal data is processed in compliance with data protection laws. We take your data protection rights seriously and your personal data will be treated in a secure and confidential manner as set out in this Privacy Policy and as required by data protection laws.

We have also designated a Data Protection Officer (“DPO”) to oversee our data protection related matters. If you have any questions or concerns about the way we use your data, you may contact our DPO by email at

Where do we collect your personal data and what personal data are processed?

We collect your personal data from publicly available sources by using different service providers or collecting your data manually. We collect your data from the following publicly available services (referred to as ‘’Public Services’’):

Personal data available in the Public Service(s)

When you create your public profile in any of the Public Services you can choose what information you set to be public and to what extent search engines can access your personal data. You can restrict search engines from accessing your public profile by changing certain profile settings available or by changing or removing the personal data available in the Public Services.

We collect the following categories of personal data from the Public Services:

What is the purpose and lawful basis for processing your data?

We have identified the purposes for processing your personal data as provided in the table below. These purposes each relate to a lawful basis for processing, as required by data protection laws.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

How do we perform the searches?

When we are looking for Leads, we always have certain predefined criteria to which against we perform the searches. The predefined criteria consists of the following information regarding the Lead (the combination used in each search may vary):

In other words, we use pre-determined criteria and automated means to process personal data and create profiles of Leads. Although the processing may amount to profiling, as defined in data protection laws, we do not carry out any automated decision making that would have legal effects or similarly significant effects on the Leads.

After performing the search, our marketing staff will always review the results and decide which Leads to contact. In addition, before communicating, our marketing staff may also manually check the potential Lead’s profile in Public Services in order to determine whether the Lead or Lead’s company could be interested in or benefit from using Aiven products and services.

To whom we share your data?

We may have to share your personal data with the parties set out below for the purposes described in this Privacy Policy. These parties include:

All of our subsidiaries and third party service providers are required to take appropriate security measures to protect your data and they may only process personal data for the purposes mentioned in this Privacy Policy and in accordance with our instructions. We never sell your personal data.

Do we transfer personal data outside the EU/EEA?

We store personal data on servers located in the European Union ("EU"). However, some of our service providers or subsidiaries may be based outside the European Economic Area ("EEA"), including the United States of America, so their processing of your personal data will involve a transfer of personal data outside the EEA.

Whenever we transfer personal data out of the EEA, and unless a specific derogation applies, we seek to ensure that a similar degree of protection is afforded than that provided in the EEA by ensuring at least one of the following safeguards is implemented:

Please email us at if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or to obtain a copy of any contractual clauses in place, although some details may be redacted for confidentiality reasons. 

How long will we retain personal data?

We will only retain personal data for as long as necessary to fulfill the purposes defined in this Privacy Policy. In general, we comply with the following criteria with respect to retaining and erasing personal data:

What rights do you have?

Subject to certain exemptions and limitations, you have certain rights in relation to the processing of your personal data. You have the right to:

Should you wish to exercise your above mentioned rights, please send a request to us at

In case you exercise your rights, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Updates to this privacy policy

We may update this Privacy Policy from time to time. If we make any updates to this Privacy Policy, we will always publish the updated version on this page.


If you have any questions regarding the processing of your personal data, please do not hesitate to contact us. See below for contact details:

Aiven Oy
Antinkatu 1,
00100 Helsinki,

You have the right to make a complaint at any time to the supervisory authority in your country of residence. A list of the EEA supervisory authorities can be found here: In Finland, the relevant supervisory authority is the Office of the Data Protection Ombudsman: We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority so please contact us in the first instance.