Privacy Policy

Yellow Method Oy: Privacy Policy
Updated February 15th, 2022

This privacy statement describes how Yellow Method Oy processes personal data, as required under the EU General Data Protection Regulation and other personal data legislation. This statement applies to all Yellow Method software users and anyone with data stored in the Yellow Method client register. 
Data controller Yellow Method Oy VAT ID: FI 3210654-7 Aatelitie 8, 01520 Vantaa, +358 506 0653| pauliina@yellowmethod.co
Contact for questions related to the register Yellow Method Oy Data Security Officer Aatelitie 8, 01520 Vantaa, Finland Privacy@yellowmethod.co

1 General privacy principles for all services by Yellow Method Oy
1.1 General
1.2 Our Privacy Principles:
2 Privacy Principles for “The Yellow Method” service
2.1 Privacy principles for Yellow Method’s coaching services
2.2 Yellow Method individual creativity surveys’ Privacy Principles:
3. Privacy Principles for the yellowmethod.co website
4. Data retention and erasure

1
General privacy principles for all services by Yellow Method Oy1.1 General
Your privacy is important to us. The Yellow Method Privacy Policy (“Privacy Policy”) is designed to protect your privacy and to help you understand what personal data Yellow Method Oy (“Yellow Method”) collects from you, how we collect the data, and how we use the data. Yellow Method offers a range of services directly to customers, via employers, and via channel partners. Our services include but are not limited to personal coaching, remote coaching via digital tools, individual creativity reports and aggregate creativity reports. 
When taking any of our services into use, you have actively given consent to our Terms of Service and this Privacy Policy.  Please read the details in this Privacy Policy, which provide detailed information about Yellow Method’s services, including cookie usage practices and register information for products and services, which collect personal data. This Privacy Policy applies to Yellow Method’s interactions with you and the Yellow Method products and services listed below, as well as other Yellow Method products and services that display this Privacy Policy.

1.2
Our Privacy Principles:
We fulfil the requirements of the General Data Protection Regulation 2016/679 (GDPR) and the Privacy and Electronic Communications Directive 2002/58/EC (E-Privacy Directive) of the European UnionWe fulfil the requirements of the Act on the Protection of Privacy in Working Life 759/2004 of the Finnish law.

You as an end-user have control over your personal data: You decide how much of your personal details you want to share with others. You can transfer your personal data from our digital tools in machine readable format (“data portability”). You can remove your personal data from our digital tools (“right to erasure”).We only collect and process personal data that is necessary for providing our products and services.

We provide aggregate level reporting to our customers. These reports are only shown, when sample sizes are large enough to not enable identifying individuals. We use data created in our services for anonymised data analysis for research purposes, targeting to create new knowledge on creativity and factors impacting it. Anonymised data used in research is not personal data, and individuals cannot be identified from this data. We might work with research partners such as universities and government agencies. Results of our research might be made public.

We do not sell, rent, loan or give out your name, email address, or other personal data to anyone. However, if the service provider or all of its assets would be acquired, customer information might be transferred to the acquiring party.
As a rule, your personal data will not be transferred across international borders to server locations supporting the service. Yellow Method does not transfer or process personal data outside the EU or the EEA. If data transfers occur to countries outside the EU or the EEA they are done under SCCs (Standard Contractual Clauses) ensuring GDPR compliance.
We may use cookies in order to provide a better service, related to Authentication, Security, User Preferences, Performance, Analytics, Research, and Advertising. Changes to our Privacy Policy will be published on our website.Should you have any privacy related questions or suggestions, please contact us at Privacy@yellowmethod.co.
‍
2
Privacy Principles for “The Yellow Method” service

2.1
Privacy principles for Yellow Method’s coaching servicesYellow Method offers creativity coaching programmes for individuals and teams. 
Before starting any of our creativity coaching programmes, participants are required to give consent for collecting and processing personal data. Personal data is collected and processed in accordance with the consent and shared only to your nominated coach and supporting team of specialists, whom you have approved to this role.
During our creativity coaching programmes, we may collect personal data through Yellow Method individual creativity surveys. The privacy policy for these surveys is provided in section 2.2 of this document.
‍
We utilize digital services by external service providers for running our coaching services. These service providers work as data processors on our behalf and have committed to privacy and personal data processing compliant with the GDPR:
Google Meet: online meetings
Google Cloud Services: storage of notes and other programme data
Typeform: surveys

2.2
Yellow Method individual creativity surveys’ Privacy Principles:
Yellow Method individual creativity surveys are surveys for the purpose of providing a holistic assessment of an individual person’s status across different elements of creativity. We collect and process personal data with the active consent of the individual in order to provide an individual report based on survey answers. Consent for personal data processing can be removed at any time by contacting us at GDPR@yellowmethod.co. 
Individual users’ survey results are always private and are never shared with anyone, with the following exceptions:If you are taking part in Yellow Method coaching programmes, your designated coach and possibly other designated specialists will see your data.If you are taking part in Yellow Method coaching programmes via your employer, your results may be included in aggregate level, anonymous reporting for the employer. However, your data cannot be identified from the aggregate level reports and we never share any individual level data from the survey to the employer.Yellow Method’s analytics team will have access to your data and process your data in order to create the aggregate reports. However, this access right is not used for the purpose of analyzing or monitoring your personal data. All members of the analytics team are bound by confidentiality agreements.
The results can be used to improve the quality of our services. All members of our team are bound by confidentiality agreements.
Personal data collection in Yellow Method individual creativity surveys:
Personal data collection register information according to the GDPR (679/2016), articles 12-14:
The register is maintained by:
Yellow Method Oy contact: Privacy@yellowmethod.coRegister name: Yellow Method Oy client and user registerPurpose of use: The register is used for providing the Yellow Method individual creativity surveys service.
Register content:
The user’s personal information (name)The user’s contact information (email)The user’s organizational identifiers (employer)Answers to surveys inputted by the user
Reporting showed to the userEmail messages sent to the user (message header)Information sources: Information provided by the user her/himselfRegister protection principles: In order to provide Yellow Method individual creativity surveys, we use external service providers for data collection and data hosting. Our external service providers include Typeform S.L. for the data collection and Google Cloud servers for the hosting. Data processing is done with Portant PTY LTD and Zapier Inc. Our service providers fulfill the requirements of the General Data Protection Regulation (GDPR) and/or the Privacy Shield.
‍
3.
Privacy Principles for the yellowmethod.co websiteUpon certain interactions with yellowmethod.co (e.g. subscribing to our newsletter), you give consent for your personal details to be added to the Yellow Method marketing register, which may contain the following personal data, submitted by the user her/himself:
NameE-mail address
Mobile phone number
Age and gender
Job level and position
Company name and industry
User submitted interests for newsletter subscription preferences
‍
In addition to self-submitted data, we use analytics and marketing automation tools, which collect data on users’ browsing information, such as traffic sources, browser and devices used, time spent in Yellow Method’s website, pages visited, geographic location etc.
We collect personal data mainly at the point of subscription, but also later during the customer relationship. Yellow Method’s website uses cookies, web beacons and other similar methods in order to improve user experience, to develop our websites and services further, and for targeting content and communications. Cookies are small pieces of data sent from a website and stored on the user’s computer by the user’s web browser. Cookies can be blocked from your browser’s settings. Our pages may also include other third-party components, such as lead trackers.
We process personal data for the uses of customer relationship management and  marketing with the consent of the visitor, without disclosing customer personal data to any third party. We maintain a register on newsletter subscribers and other users of our website’s functionality. Newsletters are sent to subscribers by email based on the marketing register’s information.Yellow Method’s website runs a marketing automation system that is used for improving the general user experience of our website and its content, and for creating target segments for marketing.
We places cookies, when a visitor first arrives to our website, in order to learn how visitors consume content in the site. A visitor’s personal data remains anonymous to Yellow Method until:
Visitor subscribes to Yellow Method’s newsletter or other material. A user’s personal data may be linked to the cookie, when a visitor subscribes to a newsletter, white paper etc. Submitted information is stored in the Yellow Method marketing register.Visitor arrives at the website from an email marketing message sent by Yellow Method
A user’s personal information may be linked to a cookie, when the user arrives at the website via an email marketing message sent by Yellow Method. The source for email marketing messages is Yellow Method’s marketing register. A user, whose cookie is linked to personal data, may receive email marketing that is personalized based on their website visitor history. In case a user wishes to be unassociated from their previous browsing history, they can do so by clearing their browser cookies.
Yellow Method uses Google Tag Manager and Google Analytics to collect anonymous browsing data.
The advertising networks used by Yellow Method give users various opportunities to influence the use of cookies in said advertising network. Google's targeting of advertising in online services and videos: https://www.google.com/settings/ads/
Yellow Method utilizes social media platforms such as LinkedIn, Twitter, Facebook and Instagram for targeting marketing and advertising. A user can influence the targeting of advertising by social media through the privacy and advertising settings of said services.
You have the legal right to inspect the data we have collected concerning you. You also have the right to request the correction or deletion of incorrect, defective, unnecessary or outdated personal data.
Your data can be removed from the Yellow Method marketing register based on a personal request. Requests for register-related matters shall be submitted by email to Privacy@yellowmethod.co.
‍
4. Data retention and erasure

Following the end of the customer relationship, backups of all client environment data (including user information) are kept for 18 months. After this, the data is erased. When the client erases an individual user or survey from the system, the deleted data is stored in a backup for 12 months. For the purposes of the Yellow Method’s legitimate interests (e.g. prospecting and marketing), client information can be kept after the end of customer relationship. Deletion of the client data may also differ from the above-mentioned user data deletion. Yellow Method will always erase personal data immediately upon client request if technically possible within a reasonable time. Transfer of data to third countries Yellow Method does not under any circumstance transfer or process personal data outside the EU or the EEA. Technical and organizational security measures Personal data in electronic form is secured with commonly accepted and reasonable technical measures, such as firewalls and passwords. Any non-electronic materials containing personal data in the register are stored in a locked facility with no access provided to non-authorised persons.
Only assigned Yellow Method customer support, tech staff and research services personnel have access to personal data. All such assigned persons have signed a valid and binding non-disclosure agreement and have their own personal ID and password. Users may not disclose any information under the non-disclosure agreement. In addition to Yellow Method, specific Yellow Method’s contractors may also perform processing activities on behalf of the data controller. These contractors are required to comply with the same requirements as Yellow Method. An up-to-date listing of contractors is available here. The right to review data, the right to rectify incorrect data, and the right to be forgotten According to the EU’s General Data Protection regulation , the data subject has the right to review data stored in the register and to request incorrect data to be rectified and/or erased. The data subject may at any time refuse the use of his or her personal data for marketing purposes. If the data subject no longer wishes his or her data to be processed, he or she has the right to request all data to be erased. Any data-related requests must be sent in writing by e-mail or by post to Yellow Method Oy.