Privacy Policy: Demos Helsinki’s Customer, Marketing and Recruitment Register

This privacy policy describes the personal data processing carried out by Demos ry and its group companies. 


We are Demos Helsinki, an independent think tank working to solve societal problems and challenges. You can read more about our work here.

The rights to privacy and data protection are fundamental rights, and we take them seriously. Our processing of personal data complies with all applicable legislation such as the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (1050/2018). Our aim is to inform you about the processing of personal data as transparently and openly as possible – and thus always remain worthy of your trust.

In this privacy policy you will find information on how we process your personal data when you:

  • apply for a job at Demos Helsinki
  • are our customer or customer’s contact person
  • subscribe to our newsletter 
  • receive marketing messages from us

For information on how we use cookies on our website, please visit our Cookie Policy. 

If there is anything unclear or you wish to exercise your data protection rights. please get in touch with us using the contact information below.  

1. Data controller and contact details

Demos ry (business ID: 1978805-3)

Address: Mechelininkatu 3D, 00100, Helsinki
Tel. +358 40 557 2730

2. Job applicants

Sources of data Data categories collected and processed Purposes of processing Legal basis for processing
The data is collected from you when you apply for a particular position or leave an open application. Based on your consent, for some positions data is collected from external recruitment consultants or professionals. Contact details, work and education history and other CV information, motivational information, information on progress of recruitment process. The assessment of suitability for a particular position of job candidates, assessment of whether there might be a suitable position for the candidate in future, contacting candidates, arranging interviews, and managing the recruitment process. Consent. You can withdraw your consent by notifying us any time.

3. Customers and customers’ contact persons

Sources of data Data categories collected and processed Purposes of processing Legal basis for processing
Data is collected during sales, from customers themselves or their contact persons, or from the contract between Demos Helsinki and the customer. Name, work-related contact details (email, phone number), work title or position. Management of customer relationship, providing agreed services, additional sales, customer satisfaction surveys, invoicing and bookkeeping. Demos Helsinki’s legitimate interest to carry out its business and to ensure the continuity of its business. Data processing for bookkeeping purposes is based on a legal obligation.

4. Newsletter subscription and marketing messages

Sources of data Data categories collected and processed Purposes of processing Legal basis for processing
Data is collected from you when you subscribe to the newsletter. Email address Providing you with news and information about Demos Helsinki as requested by you. Consent. You can withdraw your consent by clicking the ‘unsubscribe’ link in a newsletter email.
Customer contact details, professional networking events or similar occasions. Name, work-related contact details (email, phone number), work title or position. Marketing of Demos Helsinki’s services B2B marketing: Demos Helsinki’s legitimate interest to carry out its business and to ensure the continuity of its business.
B2C marketing: consent.

5. Research respondents

Sources of data Data categories collected and processed Purposes of processing Legal basis for processing
The data is primarily collected from the respondents themselves, usually either through a research interview or related questionnaire.




Name, organisation, position in the organisation, post address, e-mail address, telephone number. Segmentation and profiling information such as gender, birth year, educational information, economic and employment information. Research responses. Information on refusal to participate in research. Research interviews may be recorded, in which case the interviewees will be informed in advance. The information provided by respondents will be used to report and analyse the research results.
In line with the industry practice, we are committed to protecting the anonymity of research respondents. The research results are therefore documented in a format that does not allow individual respondents to be identified. An exception is made for individual research cases where the respondent has given explicit consent to the documentation of responses in a way that allows the response to be linked to personal data.

We will never disclose personal data provided by the respondent for marketing purposes.

Consent or a service contract with a third party whereby the third party discloses respondents’ contact information.

6. How long is the data processed for?

Job applicants

Data is stored for maximum of 24 months unless you withdraw your consent before that by notifying us.

Newsletter subscription

You can unsubscribe from our newsletter whenever you like: an unsubscribe link is included in every notification or marketing email that we send.

Customer or customers contact person:

Data is processed for the duration the customer is an active customer. The contact details of a contact person are erased when the contact person leaves the customer company. 

Marketing messages:

We market our services to persons whose work might benefit from our services. Your contact details are processed for marketing purposes for as long as you work in a field that is relevant to our services. However, you can object the processing of your data for marketing purposes by opting out of marketing emails or by telling our sales people that you no longer wish to receive any information on Demos Helsinki’s services.

Research respondents:

Personal data is stored for as long as necessary for the purpose for which it is collected.

7. The rights of the data subject, that is, your rights

As a data subject, you have the following rights:

  • The right to inspect the data concerning yourself.
  • The right to demand the rectification or deletion of inaccurate data about you.
  • Under certain circumstances, the right to object the processing or ask for the restriction of the processing of your data.
  • The right to complain of the processing of personal data to the supervisory authority. In Finland the supervisory authority is the Office of the Data Protections Ombudsman.

If you wish to exercise your data protection rights, please contact us by using the contact details above

8. Disclosure of personal data

As a rule, we do not disclose your personal data to third parties. However, we use external service partners when carrying out our business such as cloud services for data storage and communications. In these cases, data may be disclosed to them to the extent it is necessary for their service provision. These external service partners act as data processors on our behalf and do not have the right to process your personal data for any other purposes than those described in this privacy policy.

We have contractually ensured that our service providers comply with EU data protection legislation. The following third parties act as personal data processors:

  • Pipedrive
  • MailChimp
  • G-Suite (Google)

We use Pipedrive for storing customer data, MailChimp email service for communications and direct marketing, and the G-Suite cloud service for data management. The aforementioned service providers are American companies, meaning that in some cases personal data is transferred outside the European Union. The data transfers are protected in the manner required by European legislation.

We may also disclose your personal data to our cooperation partners, who are involved and/or participate in the relevant research or development project for which your personal data was collected. Personal data may be disclosed in these cases if such disclosure is necessary to carry out research and development in accordance with the purposes of the project. Upon such disclosure, the recipient shall be deemed as a data controller to the disclosed personal data, and the recipient’s processing of personal data shall be subject to the recipient’s privacy policy.

9. Changes to our privacy policy

This privacy policy describes the processing of personal data at Demos Helsinki. In case there are changes to the way we process data the privacy policy will be updated accordingly.  

Updated: 10/08/2023