Privacy Policy

Effective from May 25, 2018

1. Introduction

Your privacy and the security of your personal data is important to us at Lean Business.

This Privacy Policy (“Policy”) explains who we are, why and how we gather, store, share and use your personal data to provide you with the best possible service. In addition, the Policy outlines how you can exercise your privacy rights and what choices you have around sharing your personal data.

We recommend that you read this privacy policy in full to ensure you are fully informed.

If you have any questions or concerns about our use of your Personal Information, please contact us using the contact details provided at the end of this Privacy Policy.

Key terms
In this privacy policy, these terms have the following meanings:

  • “Data Controller” - means the organization that determines the purposes, conditions and means of the processing of personal data.
  • Data Processor” - means the organization that processes data on behalf of the Data Controller
  • Entrepreneur” - means any User that wishes to use the Services for the purpose of developing their own business, business idea, or a project in their own organization.
  • “Lean Business Entrepreneurship Platform” – LBEP” for short - is our online application suite consisting of a toolbox that allows you as an Entrepreneurs to develop and model a business idea into a full business case – and the dashboard that allows supporting organizations to manage digitized entrepreneurship processes.
  • “Customized Lean Business Entrepreneurship Platform” - “Customized LBEP”-is a version of the LBEP specifically configured for one of our LBEP Partners.
  • “LBEP Partner” - is a public or private organization that provides entrepreneurship support programs, entrepreneurship education or entrepreneurship financing, and that wishes to provide a customized digital service to the Entrepreneurs in the LBEP Partner´s target group.
  • “Personal Data” - means any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. Examples of Personal Data include, but are not limited to, first and last name, date of birth, or email address.
  • “User” - means any person that is using the LBEP or a Customized LBEP.

2. About us and our Services

The Lean Business Entrepreneurship Platform is developed and operated by Lean Business International AS, a company headquartered in Bergen, Norway ("we", "us", "our", and "Lean Business").

All use of “LBEP” or a “Customized LBEP” – collectively the “Services” is subject to your acceptance of our general “Terms of Use”.

Our Services

Please note that whether you use the LBEP, a Customized LBEP or both, you are using the same basic technical platform. Depending on where you are registered as a User, there are a couple of privacy implications that we really want you to be aware of, and to understand:

Our Services are delivered on the main domain leanbusinessplatform.com.

1. Using the Lean Business Entrepreneurship Platform

The LBEP is provided directly to you from us at https://toolbox.leanbusinessplatform.com .
In this configuration Lean Business assumes the role of Data Controller for you and for your Personal Data

2. Using a “Customized Lean Business Entrepreneurship Platform”

Remember – a “Customized LBEP”, is a version of the LBEP specifically configured for one of our LBEP Partners that strives to provide you with excellent digital entrepreneurship services.

Customized LBEP are normally available from a “partnername.leanbusinessplatform.com” type of subdomain, where the landing page clearly displays the name(s) and logo(s) of the partner(s).

By working in any of these Customized Entrepreneurship Platforms you accept that you, for as long as you chose, share Personal and Case Data with the LBEP Partner(s).

On a Customized LBEP the LBEP Partner is the Data Controller - and for much of the Personal Data we collect and process about you through such specific configuration, we act as a Data Processor on behalf of our Partner(s).  Even though Lean Business manages the privacy and security in our Services - we are not responsible for the LBEP Partner´s general privacy or security practices, which may differ from ours. Please check with then individual LBEP Partner about the policies they have in place. 

You are in control

We care about your Personal Data - and when you register for any of our Services we will ALWAYS provide you with an easily readable Privacy Notice explaining who the Data Controller and Data Processors are, and why and how your Personal Data is collected, stored, shared and used.

You will control the access to the data in your case, and you can choose to share the case with your co-workers, and/or to publish a case to a Customized LBEP – e.g to your regional incubator or similar. You can of course also unpublish the case from a Customized LBEP and still continue working you case in the LBEP.

3. What personal data do we collect and how?

The Personal Data that we collect can be categorized as follows:

Data that you provide to us;

When you register for an account (Account Data) - we collect some personal data required to create the account like your email address, name, country. You also have the option to provide us with some additional personal data, for instance zip code and city, in order to make your account more personalized and to provide you with more features. or extended services.  The exact Personal Data that will be collect depends on the configuration of the Entrepreneurship Platform you register for.

When another User invites you to the join them working in the Service, whether this is on a Customized Entrepreneurship Platform or on a Case - we collect your email address

When you register for an event, consult with our support or customer service team, send us an email, communicate with us in any other way – we collect personal data including name, phone numbers and e-mail address. Provided you give us your express permission (Marketing data) this personal data is used to enable us to send you marketing communications. However you will always be given the opportunity to opt-out.

When you consent to your data being used for research (a specific and revocable permission on a Case by Case basis) – your data will be used for research by a designated team of researchers at NTNU (the Norwegian University of Science and Technology). Their research relates to whether Lean principles applied to business development actually works.

Data we collect automatically;

Usage Data - when you use our Service we collect usage data which include
- information about your account type and access to Customized Entrepreneurship Platforms (“CEP”),
- information about the dates and times you access the Services and your browsing activities (such as what portions of the Service that you use), and
- we may collect information about your content if you interact our Customer Service or support team.

Technical information
- as most moderns online applications / web-browsers we track but do not collect information such as your URL/IP address, operating system, browser type, and other information about your system.
- we use cookies (stored in your web-browser) to remember your preference in the Service and give you the best user experience possible.
- we use 3rd party usage tracking tools like Google Analytics and Hubspot.com visitor tracking to optimize the user experience

       3rd party tools store cookies in your web-browser
       3rd party tools may store IP addresses used
       3rd party tools store what pages/features are visited/used and when

We do not collect data from any third parties.

4. Why do we collect your personal data - and how will we use it?

Below we explain why we collect your personal data - and the number of reasons for which we may use these Personal Data, including:

  • To provide and improve your experience with Services. 
  • To provide, personalize, and improve your experience with the Services and other related products provided by Lean Business, and to provide customized, personalized, or localized content and recommendations to you, including via a Customized LBEP.
  • Legal Basis for our use: Performance of a Contract, Legitimate Interest

  • Type of data involved: Account Data or Usage Data

  • To send system messages & communicate with you about your account and support issues
    For example, we may inform you about temporary or permanent changes to our Services, such as planned maintenance, or send you account, security or compliance notifications, such as new features, version updates, releases, and changes to this privacy policy – or contact you with regards to any active support issues.
  • Legal Basis for our use: Performance of a Contract, Legitimate Interest
  • Type of data involved: Account Data or Usage Data
  • To understand your usage of the Services to enable us to improve them
    To understand how you access and use the Lean Business Service to ensure technical functionality of the Service, develop new products and services, and analyze your use of the LBEP / Customized LBEP

    Legal Basis for our use: Performance of a Contract, Legitimate Interest
  • Type of data involved: Account Registration Data or Usage Data
  • To communicate with you
    for marketing, research, participation in surveys (or contests) and for promotional purposes, we may contact you, via emails, notifications, or other messages – in accordance with your consent to do this and any permissions you have given.
  • Legal Basis for our use: Consent, Legitimate Interest
  • Type of data involved: Mainly Marketing Data, potentially data  from Contests and Surveys

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided in the “How to contact us” below.

5. Sharing your personal data

Lean Business does not sell or give information to any 3rd party unless specified in this privacy policy. Below we explain the categories of recipients to whom we may share the personal data collected or generated through your use of the Services.

Service Providers and Others

We use technical service providers (amongst others Amazon Web Services, Uservoice and Hubspot) which may operate the technical infrastructure that we need to provide the Service, in particular providers which host, store, manage, and maintain the Lean Business application, its content and the data we process. We use technical service providers to help us communicate with you. Our Service Provides data centers are located within the European Economic Area.

LBEP  Partners

To make sure you remember: When you use a Customized LBEP the Data Controller is the LBEP Partner is and by using such a Customized platform you accept that you openly share all your data with the LBEP Partner. However, you control when and for how long you keep your case published to the Customized Platform. Even though Lean Business manages the privacy and security in our Services as the Data Processor  - we are not responsible for the LBEP Partner´s general privacy or security practices, which may differ from ours. Please check with then individual LBEP Partner about the policies they have in place. 

Academic Researchers

We will share your personal data for activities such as statistical analysis and academic study.

Provided your explicit consent we will share your personal and usage data for the specifically defined research purpose. All research data to be published will be anonymized and aggregated.

Other Lean Business Group Companies

We will share your personal data with other Lean Business companies (wholly or partly owned or Licensees) to carry out our daily business operations and to enable us to maintain and provide the Service to you.

Legal reasons, Law Enforcement and Data Protection Authorities

We will share your personal data to meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. We will also share your personal data to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements - provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.

We do not share tracking data in the 3rd party tools with anyone but our internal product management team, including subcontractors working with product management, development and hosting.

6. Your privacy rights 

The European Union´s General Data Protection Regulation or "GDPR" gives certain rights to you as an individual with regards to your personal data:

  • Right to Access - also known as Subject Access Right, entitles you to have access to and information about the Personal Data we process about you
  • Right to Rectification – is the right to request that we amend or update your personal data
  • Right to be Forgotten – (or Data Erasure), is your right to request that a data controller erase your personal data, and potentially have third parties cease processing them
  • Right to Restrict - the right to request that we temporarily or permanently stop processing all or some of your personal data
  • Right to Object – is the right, at any time, to object to us processing your personal data on grounds relating to your particular situation and/or the right to object to your personal data being processed for direct marketing purposes
  • Right to Data Portability – is the right to request a copy of your personal data in electronic format that allows for easy use with another service (controller) and
  • Right not to be subject to Automated Decision-making - the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

In order to let you exercise these rights, we provide you with the ability to:
- easily view and change your privacy settings and consent(s) that you may have given in the Privacy and Terms section in your User Profile
- request to be deleted from any Customized LBEP or to be permanently deleted form the entire platform.

If we send you electronic marketing messages based on your consent or as otherwise permitted by applicable law, you may, at any time, respectively withdraw such consent or declare your objection (“opt-out”) at no cost. The electronic marketing messages you receive from Lean Business (e.g. those sent via email) also will also include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send to you).

If you have any questions or concerns about our use of your Personal Data, or about your privacy rights and how to exercise them, please contact us using the contact details provided in Section 13.

In the event that you are not satisfied with the way we using your personal data, you can contact and have the right submit a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local Data Protection Authority.

7. Data retention and deletion

We retain Personal Data only as long as we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, but, generally, we'll refer to these criteria in order to determine retention period:

  • Whether the data is necessary to provide our Services
  • Whether we have a legal or contractual need to retain the data.

When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

8. Transfer to other countries

Lean Business shares your personal data with other companies in the Lean Business Group in order to carry out the activities specified in this Policy. This includes to Lean Business Group companies in: Denmark, Norway, South African, Sweden and United Kingdom.

Lean Business may also subcontract processing to, or share your personal data with, third parties located in countries other than your home country. Your personal data, therefore, may therefore be subject to privacy laws that are different from those in your country of residence, and Personal data collected within the European Union may, for example, be transferred to and processed by third parties located in a country outside of the European Union.

In such instances Lean Business shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are in place such as the Standard Contractual Clauses approved by the EU Commission.

9. Security

We implement appropriate technical and organizational measures to help protect the security of your Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Your user account require a username and a password to log in. You should use a unique password that you do not use for any other websites or services. Keep your password secure and do not disclose it to others. We recommend that you log out after using our Service and that you limit access to your computer

10. Children

We do not allow users under the age of 13 years, or under the applicable age limit if stricter than 13 years, and we do not knowingly collect personal data from user under the age limit.  All data will be deleted if we later become aware of any users that are under the age of 13.

11. Changes to this Privacy Policy

We may make changes to this Policy from time to time.

In the event that we make major changes to our Privacy Policy, we will provide you with an appropriate notice, either by displaying a notice within the Service or by sending you an email. We may notify you in advance.

For minor updates there will be no notification of changes, so please visit the privacy section in your user profile or go to our website to find the current Privacy policy or Terms of Use

12. How to contact us

Contact us by sending our DPO – Data Protection Officer an email at dpo@leanbusinessplatform.com (also available in the privacy section of your user profile) or by writing to us at the following address:

Lean Business International AS
Thormøhlensgate 51
5006 Bergen
Norway

X