Effective from May 25, 2018
Your privacy and the security of your personal data is important to us at Lean Business.
- “Data Controller” - means the organization that determines the purposes, conditions and means of the processing of personal data.
- “Data Processor” - means the organization that processes data on behalf of the Data Controller
- “Entrepreneur” - means any User that wishes to use the Services for the purpose of developing their own business, business idea, or a project in their own organization.
- “Lean Business Entrepreneurship Platform” – “LBEP” for short - is our online application suite consisting of a toolbox that allows you as an Entrepreneurs to develop and model a business idea into a full business case – and the dashboard that allows supporting organizations to manage digitized entrepreneurship processes.
- “Customized Lean Business Entrepreneurship Platform” - “Customized LBEP”-is a version of the LBEP specifically configured for one of our LBEP Partners.
- “LBEP Partner” - is a public or private organization that provides entrepreneurship support programs, entrepreneurship education or entrepreneurship financing, and that wishes to provide a customized digital service to the Entrepreneurs in the LBEP Partner´s target group.
- “Personal Data” - means any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. Examples of Personal Data include, but are not limited to, first and last name, date of birth, or email address.
- “User” - means any person that is using the LBEP or a Customized LBEP.
2. About us and our Services
The Lean Business Entrepreneurship Platform is developed and operated by Lean Business International AS, a company headquartered in Bergen, Norway ("we", "us", "our", and "Lean Business").
Please note that whether you use the LBEP, a Customized LBEP or both, you are using the same basic technical platform. Depending on where you are registered as a User, there are a couple of privacy implications that we really want you to be aware of, and to understand:
Our Services are delivered on the main domain leanbusinessplatform.com.
1. Using the Lean Business Entrepreneurship Platform
The LBEP is provided directly to you from us at https://toolbox.leanbusinessplatform.com .
In this configuration Lean Business assumes the role of Data Controller for you and for your Personal Data
2. Using a “Customized Lean Business Entrepreneurship Platform”
Remember – a “Customized LBEP”, is a version of the LBEP specifically configured for one of our LBEP Partners that strives to provide you with excellent digital entrepreneurship services.
Customized LBEP are normally available from a “partnername.leanbusinessplatform.com” type of subdomain, where the landing page clearly displays the name(s) and logo(s) of the partner(s).
By working in any of these Customized Entrepreneurship Platforms you accept that you, for as long as you chose, share Personal and Case Data with the LBEP Partner(s).
On a Customized LBEP the LBEP Partner is the Data Controller - and for much of the Personal Data we collect and process about you through such specific configuration, we act as a Data Processor on behalf of our Partner(s). Even though Lean Business manages the privacy and security in our Services - we are not responsible for the LBEP Partner´s general privacy or security practices, which may differ from ours. Please check with then individual LBEP Partner about the policies they have in place.
You are in control
We care about your Personal Data - and when you register for any of our Services we will ALWAYS provide you with an easily readable Privacy Notice explaining who the Data Controller and Data Processors are, and why and how your Personal Data is collected, stored, shared and used.
You will control the access to the data in your case, and you can choose to share the case with your co-workers, and/or to publish a case to a Customized LBEP – e.g to your regional incubator or similar. You can of course also unpublish the case from a Customized LBEP and still continue working you case in the LBEP.
3. What personal data do we collect and how?
The Personal Data that we collect can be categorized as follows:
Data that you provide to us;
When you register for an account (Account Data) - we collect some personal data required to create the account like your email address, name, country. You also have the option to provide us with some additional personal data, for instance zip code and city, in order to make your account more personalized and to provide you with more features. or extended services. The exact Personal Data that will be collect depends on the configuration of the Entrepreneurship Platform you register for.
When another User invites you to the join them working in the Service, whether this is on a Customized Entrepreneurship Platform or on a Case - we collect your email address
When you register for an event, consult with our support or customer service team, send us an email, communicate with us in any other way – we collect personal data including name, phone numbers and e-mail address. Provided you give us your express permission (Marketing data) this personal data is used to enable us to send you marketing communications. However you will always be given the opportunity to opt-out.
When you consent to your data being used for research (a specific and revocable permission on a Case by Case basis) – your data will be used for research by a designated team of researchers at NTNU (the Norwegian University of Science and Technology). Their research relates to whether Lean principles applied to business development actually works.
Data we collect automatically;
Usage Data - when you use our Service we collect usage data which include
- information about your account type and access to Customized Entrepreneurship Platforms (“CEP”),
- information about the dates and times you access the Services and your browsing activities (such as what portions of the Service that you use), and
- we may collect information about your content if you interact our Customer Service or support team.
- as most moderns online applications / web-browsers we track but do not collect information such as your URL/IP address, operating system, browser type, and other information about your system.
- we use 3rd party usage tracking tools like Google Analytics and Hubspot.com visitor tracking to optimize the user experience
3rd party tools store cookies in your web-browser
3rd party tools may store IP addresses used
3rd party tools store what pages/features are visited/used and when
We do not collect data from any third parties.
4. Why do we collect your personal data - and how will we use it?
Below we explain why we collect your personal data - and the number of reasons for which we may use these Personal Data, including:
- To provide and improve your experience with Services.
- To provide, personalize, and improve your experience with the Services and other related products provided by Lean Business, and to provide customized, personalized, or localized content and recommendations to you, including via a Customized LBEP.
Legal Basis for our use: Performance of a Contract, Legitimate Interest
Type of data involved: Account Data or Usage Data
- To send system messages & communicate with you about your account and support issues
- Legal Basis for our use: Performance of a Contract, Legitimate Interest
- Type of data involved: Account Data or Usage Data
- To understand your usage of the Services to enable us to improve them
To understand how you access and use the Lean Business Service to ensure technical functionality of the Service, develop new products and services, and analyze your use of the LBEP / Customized LBEP
Legal Basis for our use: Performance of a Contract, Legitimate Interest
- Type of data involved: Account Registration Data or Usage Data
- To communicate with you
for marketing, research, participation in surveys (or contests) and for promotional purposes, we may contact you, via emails, notifications, or other messages – in accordance with your consent to do this and any permissions you have given.
- Legal Basis for our use: Consent, Legitimate Interest
- Type of data involved: Mainly Marketing Data, potentially data from Contests and Surveys
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided in the “How to contact us” below.
5. Sharing your personal data
Service Providers and Others
We use technical service providers (amongst others Amazon Web Services, Uservoice and Hubspot) which may operate the technical infrastructure that we need to provide the Service, in particular providers which host, store, manage, and maintain the Lean Business application, its content and the data we process. We use technical service providers to help us communicate with you. Our Service Provides data centers are located within the European Economic Area.
To make sure you remember: When you use a Customized LBEP the Data Controller is the LBEP Partner is and by using such a Customized platform you accept that you openly share all your data with the LBEP Partner. However, you control when and for how long you keep your case published to the Customized Platform. Even though Lean Business manages the privacy and security in our Services as the Data Processor - we are not responsible for the LBEP Partner´s general privacy or security practices, which may differ from ours. Please check with then individual LBEP Partner about the policies they have in place.
We will share your personal data for activities such as statistical analysis and academic study.
Provided your explicit consent we will share your personal and usage data for the specifically defined research purpose. All research data to be published will be anonymized and aggregated.
Other Lean Business Group Companies
We will share your personal data with other Lean Business companies (wholly or partly owned or Licensees) to carry out our daily business operations and to enable us to maintain and provide the Service to you.
Legal reasons, Law Enforcement and Data Protection Authorities
We will share your personal data to meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. We will also share your personal data to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements - provided that we deem that such interest is not overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.
We do not share tracking data in the 3rd party tools with anyone but our internal product management team, including subcontractors working with product management, development and hosting.
6. Your privacy rights
The European Union´s General Data Protection Regulation or "GDPR" gives certain rights to you as an individual with regards to your personal data:
- Right to Access - also known as Subject Access Right, entitles you to have access to and information about the Personal Data we process about you
- Right to Rectification – is the right to request that we amend or update your personal data
- Right to be Forgotten – (or Data Erasure), is your right to request that a data controller erase your personal data, and potentially have third parties cease processing them
- Right to Restrict - the right to request that we temporarily or permanently stop processing all or some of your personal data
- Right to Object – is the right, at any time, to object to us processing your personal data on grounds relating to your particular situation and/or the right to object to your personal data being processed for direct marketing purposes
- Right to Data Portability – is the right to request a copy of your personal data in electronic format that allows for easy use with another service (controller) and
- Right not to be subject to Automated Decision-making - the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.
In order to let you exercise these rights, we provide you with the ability to:
- easily view and change your privacy settings and consent(s) that you may have given in the Privacy and Terms section in your User Profile
- request to be deleted from any Customized LBEP or to be permanently deleted form the entire platform.
If we send you electronic marketing messages based on your consent or as otherwise permitted by applicable law, you may, at any time, respectively withdraw such consent or declare your objection (“opt-out”) at no cost. The electronic marketing messages you receive from Lean Business (e.g. those sent via email) also will also include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send to you).
If you have any questions or concerns about our use of your Personal Data, or about your privacy rights and how to exercise them, please contact us using the contact details provided in Section 13.
In the event that you are not satisfied with the way we using your personal data, you can contact and have the right submit a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local Data Protection Authority.
7. Data retention and deletion
We retain Personal Data only as long as we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, but, generally, we'll refer to these criteria in order to determine retention period:
- Whether the data is necessary to provide our Services
- Whether we have a legal or contractual need to retain the data.
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
8. Transfer to other countries
Lean Business shares your personal data with other companies in the Lean Business Group in order to carry out the activities specified in this Policy. This includes to Lean Business Group companies in: Denmark, Norway, South African, Sweden and United Kingdom.
Lean Business may also subcontract processing to, or share your personal data with, third parties located in countries other than your home country. Your personal data, therefore, may therefore be subject to privacy laws that are different from those in your country of residence, and Personal data collected within the European Union may, for example, be transferred to and processed by third parties located in a country outside of the European Union.
In such instances Lean Business shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are in place such as the Standard Contractual Clauses approved by the EU Commission.
We implement appropriate technical and organizational measures to help protect the security of your Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Your user account require a username and a password to log in. You should use a unique password that you do not use for any other websites or services. Keep your password secure and do not disclose it to others. We recommend that you log out after using our Service and that you limit access to your computer
We do not allow users under the age of 13 years, or under the applicable age limit if stricter than 13 years, and we do not knowingly collect personal data from user under the age limit. All data will be deleted if we later become aware of any users that are under the age of 13.
We may make changes to this Policy from time to time.
12. How to contact us
Contact us by sending our DPO – Data Protection Officer an email at firstname.lastname@example.org (also available in the privacy section of your user profile) or by writing to us at the following address:
Lean Business International AS