Slush Oy (hereinafter "Slush" or "we"), is a Finnish-owned company specialized and focused on organizing startup and technology conferences as well as designing and developing online products and software related to the same.
In connection with our operations and to be able to provide Slush Services and Events, we may collect and process personal data of you as a user of Slush Services (“User” or “you”). Slush processes personal data under this Privacy Policy and in accordance with applicable laws, including the General Data Protection Regulation (2016/679) (the "GDPR").
The purpose of this Privacy Policy is to describe and explain how we as a controller process personal data in connection with Slush Services, what personal data we collect and how you may use your rights as a data subject. At times Slush platform/Slush mobile app may also be licensed to a third party and in such case, Slush may act as a processor or an independent controller together with the third party.
In this Privacy Policy, “Slush Services” refer to Slush conference, Slush mobile app (My Slush), Node by Slush online community at node.slush.org, Soaked by Slush media as well as websites slush.org and platform.slush.org, including applicable features such as, but not limited to, online events, online ticket store and online matchmaking platform provided by Slush. In this Privacy Policy, the startup and technology events (physical or online) organized by Slush and/or under Slush brand, and being part of Slush Services, are separately referred to as the “Events”, where necessary.
Our User's personal data collected and processed by us in connection with Slush Services can be divided into two general data categories: "User Data" and "Technical Data" (including cookies and web analytics). Further, we may also process your personal data in connection with recruitment process. These data categories are explained in more detail below.
User Data
User Data is personal data collected directly from you, or from the customer organization represented by you and on behalf of which you are using Slush Services (the latter hereinafter the “Customer Organization”). We may collect User Data from our Users in a few different ways, including when the User registers to Slush Services, creates a profile or subscribes to our newsletter. Please note that we may also collect details of transactions, such as ticket purchases, you complete in connection with Slush Services.
User Data will be collected from the User as a part of the registration and when creating a profile to Slush Services. Accordingly, the following User Data is necessary in order to be able to use Slush Services:
Registration
First name;
Last name;
Email address;
Password; and
Marketing opt-in or opt-out.
We may also collect and process the following User Data (listed by feature) in connection with your use of Slush Services:
Matchmaking tool
Picture, domicile, job title, organization, phone number;
Information regarding interests, employer, education, professional background and/or other information the User chooses to provide in connection with his/her public profile on the matchmaking tool;
Information about User’s activities within the tool, such as information related to User’s meetings;
Information the User chooses to provide to other Users in the chat function available on the matchmaking tool; and
Angel investor information: first name, last name, domicile, phone number, job title, organization, investment information (such as previous investments, industries, investments in hardware/software startups, social and environmental impact of the investments, range of typical investment, turnover stage and primary investment regions).
Ticket shop
Name;
Email address;
Information relating to transactions and payments carried out through Slush Services;
Type of Event ticket purchased on Slush Services;
Organization and Job Title; and
Address, Postal Code, Domicile or Location.
Side event tool
Name;
Email address;
Job title;
Organization; and
Other event specific information that might be requested via registration form (such as motivational information).
Volunteer registration
Name;
Date of birth;
Sex (optional);
Information regarding education, skills, work experience, previous volunteering or other information the User
chooses to provide in connection with his/her public profile; and
Information regarding future recruiting interests.
Marketing
Name;
Email address;
Event attendance information;
Interests of the User;
User account and profile information; and
Information provided via matchmaking tool (please see the matchmaking tool section above).
Other
Customer feedback and other information the User provides to us in correspondence.
Node by Slush
Job title, organization;
Information about User’s activities within the tool, such as information related to User’s registration to events;
Information the User chooses to provide to other Users in the chat function available on the tool; and
Angel investor information: first name, last name, domicile, phone number, job title, organization, investment information (such as previous investments, industries, investments in hardware/software startups, social and environmental impact of the investments, range of typical investment, turnover stage and primary investment regions).
In addition, we may also collect User Data from our Customer Organizations when they purchase Event tickets in connection with and/or to Slush Services. The User Data we collect from the Customer Organizations include:
Email address connected to the Customer Organization;
Customer Organization's representative User and thereto related User Data, as applicable.
Technical Data
We do not normally use Technical Data to identify you as an individual, but you can sometimes (e.g. in certain technical support cases) be recognized from such data, either alone or when combined or linked with User Data. In these situations, Technical Data can also be considered personal data under applicable laws and we will treat such data as personal data.
We and/or our authorized third-party service providers may automatically collect the following Technical Data when you visit or interact with Slush Services:
Browser type and version;
Device and device identification number;
Time spent at Slush Services;
Interaction with Slush Services;
URL of the website you visited before and after visiting Slush Services;
The time and date of your visits to Slush Services;
IP address; and
Operating system and the Internet service providers utilized.
Cookies
We use various technologies to collect and store Technical Data and other information when you visit Slush Services, including cookies.
Cookies are small text files sent and saved on your device, helping us – for example – in tailoring Slush Services and personalizing the information we provide to our Users. They allow us to identify visitors of Slush Services, facilitate the use of the same and create aggregate information of the Users. By using cookies, we are able to improve Slush Services and better serve and support our Users, for example, by remembering usernames, passwords and language preferences. We also use tracking and analytics cookies to see how well our services are being received by the Users.
The Users may choose to refuse cookies or to alert when cookies are being sent. However, please note that some parts of Slush Services may not function properly if use of cookies is, in part or in whole, refused.
Web analytics services
Slush Services use Google Analytics and other web analytics services to compile Technical Data and reports on visitors' usage and help us improve Slush Services. For an overview of Google Analytics, please visit Google Analytics. It is possible to opt-out of Google Analytics with the following browser add-on tool: Google Analytics opt-out add-on.
Job applications
We process personal data submitted by you, such as job application and CV, in connection with a recruitment process.
Slush processes personal data of the Users of its services for the purposes described in this Privacy Policy. These processing purposes, of which one or more may apply depending on the case at hand, are listed below:
To organize Events and provide Slush Services
Slush processes personal data to be able to organize Events and provide Slush Services to you under the contract between you and Slush, or between the Customer Organization and Slush. We use the data, for example, to handle your online registration, managing ticket(s) and payments, to enable organization of side events and to provide you and the other Users with the information necessary for the proper use of the matchmaking tool as well as other tools of the Slush platform/Slush mobile app. We may also process personal data to contact you regarding the Events and Slush Services as well as to inform you of any changes to the same. In the event you contact our customer service, we will use the provided information to answer your questions or solve the possible issues. The legitimate grounds for processing is performance of a contract.
If registration for an Event organized with/by a third party takes place on Slush Services (not redirecting to other registration site or platform), the respective organizer and Slush are joint controllers for the personal data processed for the purpose of the event registration. The legitimate ground for processing is performance of a contract. With any questions related to such processing, you can reach out to us.
To provide personalized content and customized user experience
If you have selected to use our matchmaking tool and/or Node by Slush, we process personal data to generate an optimal and customized user experience and to provide you with the most relevant content based on your user profile.
This may, for example, include individualizing your Node by Slush and matchmaking tool feed and providing you with customized recommendations. You may at any time decide to leave Node by Slush and/or turn the matchmaking tool feature off, and remove your profile. After removing the profile Slush no longer processes the user profile information for the abovementioned purposes. The legitimate grounds for processing is the performance of a contract.
For customer communication, marketing and development
We process personal data for the purposes of maintaining our customer relationships as well as for marketing and advertising Slush Services and other products offered by Slush or via Slush platform/Slush mobile app. This means, for example, customizing the user experience by showing targeted offers, side event information, job opportunities and advertisements based on the information gathered from the User during his/her visits to Slush Services. We process personal data also to run, maintain and develop our business and to create new customer relationships. The legitimate ground for processing is the legitimate interests of Slush.
Electronic direct marketing
In relation to electronic direct marketing, the legitimate grounds for processing personal data is the legitimate interest of Slush. However, in certain cases, to be allowed to send electronic direct marketing (for example, utilizing email or text messages) a consent of the receiver of electronic direct marketing is collected where required by applicable laws. Such a consent may be requested in certain parts of Slush Services, e.g. in connection with the registration. The Users may withdraw given consent at any time by contacting us via email (see section 2 above for contact details) or by managing consent settings via their own user account.
To fulfil our legal obligations
Slush processes personal data to be able to administer and fulfil its obligations under the applicable laws. This includes processing data for complying with the bookkeeping obligations and providing information to relevant authorities such as tax authorities. Personal data may also be disclosed due to mandatory grounds arising from the applicable laws, regulations and/or, if required, to the court or competent authority for legal and justified grounds. The legitimate ground for processing is to comply with legal obligations.
For potential claims handling and legal processes
Slush may process personal data in relation to handling of claims, debt collection and legal processes. Slush may also process personal data to prevent fraud, misuse of Slush Services and for information, system and network security. In these situations, the legitimate grounds for processing is the legitimate interests of Slush.
For quality improvement, trend analysis and research
We may process information about your use of Slush Services to improve the quality e.g. by analyzing trends in the use of Slush Services, and to adjust, develop and improve our offering and operations, including the user experience. Further, we may process the information you provide us via Slush platform/Slush mobile app for research purposes (e.g. compile a publication on the State of European Tech or equal). However, we will never publish other than aggregated, non-personally identifiable data. The legitimate ground for processing is the legitimate interests of Slush in maintaining and improving its services to ensure their relevancy and quality.
When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy. We also use pseudonymized or non-personally identifiable data when possible.
We always take necessary steps to ensure that Users’ personal data receives an adequate level of protection in the jurisdictions where it is stored and processed. We ensure adequate safeguards and protection for the transfers of personal data to countries outside of the EU/European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards, in force and accepted from time to time.
Currently we store Users’ personal data primarily in the United States of America, as it is the domicile of our service providers. Slush has service providers in certain other geographical locations too. As such and subject to this section 4, we and our service providers may transfer to and access the personal data from jurisdictions outside the EU/European Economic Area.
More information regarding the transfers of personal data may be obtained by contacting us (see section 2 above for contact details).
We only share personal data within our Slush organization, if and as far as reasonably necessary, for the purposes of this Privacy Policy, e.g. with our employees responsible for customer service and marketing. We do not share personal data with third parties outside of our organization unless one of the following circumstances applies:
It is necessary for the purposes of this Privacy Policy
To the extent third parties (such as other Users of Slush Services, side event organizers or other collaborators/event organizers) need access to your personal data in order for us to perform Slush Services. Slush has taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with the applicable laws and regulations. Furthermore, we may provide your personal data to our affiliates, other trusted businesses or persons to process it on behalf of us, based on our instructions and in accordance with our Privacy Policy as well as any other appropriate obligations of confidentiality and security measures.
For legal reasons
We may share personal data with third parties outside our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet the requirements or obligations under the applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Slush, the Users or the public in accordance with the applicable law. When possible, we will inform the User of such data transfer and processing.
To authorized service providers
We may share personal data to authorized service providers who perform services for us (including but not limited to data storage, accounting, payment, sales and marketing service providers). Our agreements with our service providers include commitments ensuring that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.
Lead scanning
If you wish to share to other User of Slush Services your contact details and professional information through Slush Lead Scanning Service, we will keep the information available for them for fifteen (15) months. Please note that Slush will not be responsible for any use of such shared contact details. You can control the information to be shared in the Settings page on the Slush Platform.
With explicit consent
We may share your personal data with third parties outside Slush for other reasons than the ones mentioned above, when we have your explicit consent to do so. The User has the right to withdraw the aforementioned consent(s) at any time.
We use administrative, organizational and technical measures as well as physical safeguards to protect all personal data we collect and process. Measures include, for example and where necessary, encryption, pseudonymization, firewalls, secure facilities and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data.
If a security breach that is likely to have a negative effect to the privacy of the Users would occur despite the security measures, Slush will inform the relevant Users and other affected parties, as well as relevant authorities in accordance with the applicable data protection laws, as soon as possible.
Slush does not store your personal data longer than is legally permitted and necessary for the purposes of this Privacy Policy. The storage period depends on the nature of the information and on the purposes of processing. The maximum storage period may therefore vary per use.
Registration information relating to the user account with Slush Services will be deleted after a period of five (5) years from the last use of the user account in question. Slush will inform you on the oncoming deletion. The data collected for specific Service or Event will be deleted or anonymized three (3) years after the completion of the Service or Event. A part of the personal data relating to the user account or otherwise to Slush Services may be stored in case processing is required by the applicable law or is reasonably necessary for our legal obligations or legitimate interests such as handling of claims, bookkeeping, internal reporting and reconciliation purposes.
All personal data relating to the user account with Slush Services will be anonymized or deleted after a period of five (5) years from last use of the user account, with the exception of personal data required in certain rare situations such as legal proceedings.
We will store Technical Data of unregistered Users for a reasonable time period, but in no event longer than two (2) years.