Skip to main content

Privacy Statement

How Inderes processes personal data in connection with the Videosync service where Inderes acts as the controller.

Last updated: 20 May 2026

Inderes Oyj, Business ID 2277600-2, Porkkalankatu 5, 00180 Helsinki, Finland (“Inderes”), is committed to protecting your privacy and personal data.

This Privacy Statement explains how Inderes processes personal data in connection with the Videosync service where Inderes acts as the controller of personal data.

This Privacy Statement does not apply to events, webcasts, webinars, teleconferences or other content made available by a third-party company, or other customer of Inderes where that third party determines the purpose and means of processing your personal data. In such cases, the third party is normally the controller of your personal data and Inderes acts as a processor on behalf of the controller. You should review the privacy statement or privacy notice of the relevant event organiser, company or customer for information about how your personal data is processed.

This Privacy Statement describes how Inderes collects, uses, discloses and protects personal data in the situations where Inderes acts as controller.

The term “personal data” means any information relating to an identified or identifiable natural person, such as name, email address, telephone number, company, title, IP address, user ID, registration information, viewing information or other information that can be linked to you.

Please read this Privacy Statement carefully before using our services. We may update this Privacy Statement from time to time, for example due to changes in our processing activities, services, legal requirements or business operations. Please review it periodically so that you remain informed of any changes and how they may affect you. Material changes will be communicated to account holders via email and through the Service. Continued use of the Service after changes take effect constitutes acknowledgment of the updated Privacy Statement. Where changes require your consent or another action under applicable law, Inderes will request such consent or action separately.

Controller and Contact Information

Controller:
Inderes Oyj
Business ID: 2277600-2
Porkkalankatu 5
00180 Helsinki
Finland

Contact person:
Janne Vainionpää
+358 40 511 7557
janne.vainionpaa@inderes.fi

Scope of This Privacy Statement

Inderes may process personal data in different roles depending on the context.

Inderes as Controller

Inderes acts as controller when we determine why and how personal data is processed. This includes, for example:

  • events, webinars, webcasts or other content organised, hosted or provided by Inderes for Inderes’ own purposes;
  • user accounts, audience profiles or other registered user services provided by Inderes;
  • audience database, investor/audience relationship management and audience intelligence services operated by Inderes;
  • communications, marketing, customer relationship management, service development and analytics carried out by Inderes for its own purposes;
  • legal compliance, security and protection of our rights.

When Inderes acts as controller, this Privacy Statement applies.

Inderes as Processor

Inderes acts as processor when we provide Videosync or related technical event services to a customer and process personal data on behalf of that customer. In such cases, the customer determines the purposes and means of processing personal data.

This may apply, for example, when a company uses Videosync to organise an event for its own audience. In such cases, the relevant customer’s privacy statement applies to the processing of your personal data. Inderes processes personal data only in accordance with the customer’s documented instructions, the applicable data processing agreement and applicable data protection law.

If you have questions about processing carried out by a customer acting as controller, you should contact that customer directly.

Processing Scenarios Covered by This Privacy Statement

Where Inderes acts as controller, this Privacy Statement covers two main processing scenarios.

Scope A – Event Service

Processing of personal data when you register for, access, attend, view, listen to or otherwise participate in an individual events provided through Videosync. This scope applies to all event participants, including those who attend as a one-time guest without creating a Videosync account.

Scope B – Audience Database & Intelligence Platform

Processing of personal data when you create a Videosync account, and the additional processing activities that the account enables. This processing may involve maintaining a more persistent profile of your interactions with Inderes content and services over time, subject to applicable law and your choices.

Account creation is voluntary and is always a separate, informed choice. You can attend events as a one-time guests without creating an account.

Scope A applies to everyone who uses the Service. Scope B applies only to registered users who create a Videosync account. If you participate in an event as a one-time guest without creating an account, only Scope A applies to you.

Account Eligibility

Videosync accounts are intended for individuals acting in a professional capacity in the financial markets. This includes, but is not limited to, institutional investors, fund managers, equity analysts, portfolio managers, investor relations professionals, financial journalists, and other capital markets professionals.

By creating a Videosync account, you confirm that you are acting in a professional capacity and that the personal data you provide relates to your professional identity and activities.

Inderes reserves the right to verify account eligibility and to restrict or remove accounts that do not meet the professional use criteria.

Personal Data Inderes Collects

The personal data Inderes collects depends on the relevant service, your choices and whether you use the Service as a one-time guest or as a registered Videosync account user.

Scope A – Event Service

When you use the Service as a one-time guest, Inderes may collect the following categories of personal data.

Information you provide. This may include your name; email address; telephone number; company or organisation; job title; event registration details; questions, comments, chat messages, poll responses or feedback submitted during or after an event; and other information you provide when registering for or participating in an event.

Automatically collected information. When you use the Service, Inderes may collect technical and usage information, including: IP address; data related to video playback quality (playtime, buffering time, packet losses, play errors); log data; device, browser and operating system information; event access time and duration; viewing or listening activity; interaction data; and information necessary to maintain the service security and prevent misuse. Playtime data may be connected to the registration information you provided.

Scope B – Audience Database & Intelligence Platform

If you create a Videosync account, Inderes may collect and process additional personal data, including: account and profile information; professional contact details; company, organisation, title, role and professional category; communication preferences; account login and authentication information; event registrations and attendance history; content viewing and engagement history; questions, comments, poll responses, feedback and other interactions; interests inferred from your use of Inderes services; marketing and communication history; analytics information about your interactions with Inderes content, events and services; and enrichment data from external sources (collected from third-party sources). Professionally relevant information obtained from external sources may include: your professional role and seniority; the type of organisation you represent; industry or sector focus of your professional activities; and publicly available information about your organisation’s investment mandates or fund holdings.

Purposes and Legal Bases for Processing Personal Data

Inderes processes personal data only where Inderes has a legal basis under applicable data protection law. Depending on the context, the legal bases may include performance of a contract, compliance with legal obligations, legitimate interests or consent.

Scope A – Event Service

Inderes processes personal data in connection with the Event Service for the following purposes:

Providing the Event Service (legal basis: performance of a contract or legitimate interest). This includes, for example, processing your personal data to give you access to the event, enable interactive features, and ensure service quality.

Event analytics and reporting (legal basis: legitimate interest). This includes, for example, measuring attendance, viewing times, engagement and technical quality.

To fulfil legal obligations (legal basis: legal obligation). This includes, for example, processing your personal data to provide data to competent authorities.

Claims and legal proceedings (legal basis: legitimate interest). Inderes may process your personal data, for example, for exercising or defending legal claims, to prevent fraud or misuse, and to maintain the cyber security of Inderes’ systems and data networks.

Event communications (legal basis: performance of a contract or legitimate interest). This includes, for example, registration confirmations, reminders, service messages and event-related updates.

Marketing and feedback (legal basis: legitimate interest or consent). This includes, for example, feedback surveys, invitations and relevant communications about similar services or events.

Scope B – Audience Database & Intelligence Platform

Inderes processes personal data in connection with the Audience Database & Intelligence Platform for the following purposes:

Account and profile management (legal basis: performance of a contract or legitimate interest). This includes, for example, creating and maintaining Videosync accounts, user profiles and preferences. Inderes stores your profile, event history, and preferences to enable one-click event registration, personalised event recommendations, event history tracking, transcript delivery, and other account features.

Account eligibility and professional use verification (legal basis: legitimate interest). Your personal data may be processed to verify that you are acting in a professional capacity in the financial markets.

To build and maintain the Audience Database (legal basis: legitimate interest). Inderes aggregates account holders’ event attendance, engagement patterns, and profile data into a centralised audience database. This database enables Inderes to provide Inderes’ clients (the listed companies and IR teams that organise events on Videosync) with audience insights, attendance analytics, and engagement metrics that help them understand and serve their investor audience more effectively.

To enrich your profile with professional data (legal basis: legitimate interest). Inderes may supplement account profiles with professionally relevant information from external sources as described above, in order to provide Inderes’ clients with more meaningful audience insights and to improve the relevance of the Service for account holders.

To share audience insights with event organisers through the Inderes IR Suite (legal basis: legitimate interest or consent). Inderes may share account holders’ profile data, event attendance history, engagement data, and any enrichment data with Inderes’ clients through the Inderes IR Suite platform. Inderes’ clients consist mainly of listed companies and their IR teams who organise events in Videosync. IR Suite is the platform through which Inderes’ clients access and manage their event services, including audience data. This sharing is an integral part of the event service Inderes provides to Inderes’ clients.

To recommend events and content (legal basis: legitimate interest or consent). Inderes may use your profile, event history, and preferences to recommend relevant upcoming events, content, and companies to follow. You can object to or opt out of non-essential recommendations by contacting Inderes or using any unsubscribe or preference-management tools made available in the Service.

Marketing communications (legal basis: legitimate interest or consent). Inderes may process personal data to communicate with you regarding the Service, including event notifications, transcript delivery, and account updates. Inderes may also use your data to inform you about relevant Inderes services. You can opt out of non-essential communications at any time. Inderes sends electronic direct marketing only where permitted by applicable law. Where consent is required, Inderes requests consent before sending such communications. Where marketing is based on legitimate interest or permitted B2B marketing rules, recipients may opt out at any time.

Service development (legal basis: legitimate interest). Your personal data may be processed for improving Videosync, audience services and related Inderes platforms.

Claims and legal proceedings (legal basis: legitimate interest). Inderes may process your personal data, for example, for exercising or defending legal claims, to prevent fraud or misuse, and to maintain the cyber security of Inderes’ systems and data networks.

Where Inderes makes personal data available to a company or event organiser through IR Suite for that company’s own investor relations, communications, analytics or audience management purposes, that company acts as an independent controller of the personal data it receives.

Where processing is based on legitimate interest, Inderes has assessed that Inderes’ interests are not overridden by your rights and freedoms. You have the right to object to processing based on legitimate interest as described in the section “Your Rights”.

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Transparency About External Data Sources

When Inderes enriches your profile data with data from external sources, Inderes may use the following categories of sources:

  • Publicly available professional databases and directories
  • Licensed financial market data providers
  • Public regulatory filings and disclosures (e.g. flagging notifications, fund holding reports)
  • Publicly accessible company websites and professional networks
  • Publicly available shareholder registers and ownership records

Inderes does not purchase personal data from data brokers. Enrichment is limited to professionally relevant information from legitimate, professional data sources.

Upon request, Inderes can provide you with a copy of your complete profile, including any enrichment data Inderes holds about you. If any enrichment data is inaccurate, you may request its correction or removal.

Disclosure and Transfer of Personal Data

Inderes may disclose personal data only as described in this Privacy Statement and where permitted by applicable law.

Within Inderes

Personal data may be processed within Inderes and by authorised personnel only to the extent necessary for the purposes described in this Privacy Statement.

Event Organisers, Partners and Customers

Where Inderes acts as controller for an event, Inderes may disclose event registration and participation information to event partners, speakers, sponsors or other parties only where this is clearly communicated to you and where Inderes has a legal basis to do so.

Where a third-party customer is the controller of an event, Inderes processes personal data on behalf of that customer. In such cases, personal data may be made available to that customer in accordance with the customer’s instructions and the customer’s privacy statement.

Authorised Service Providers

Inderes uses authorised service providers to provide, maintain and develop Inderes’ services. These service providers may process personal data on Inderes’ behalf, for example in relation to:

  • hosting and data storage;
  • video and webcast delivery;
  • teleconference services;
  • real-time communication functionality;
  • analytics and reporting;
  • communications and marketing tools;
  • customer support;
  • security and technical infrastructure;
  • accounting and administrative services.

Inderes requires service providers to process data only in accordance with Inderes’ instructions, applicable data protection law, confidentiality obligations and appropriate security measures.

Legal and Business Reasons

Inderes may disclose personal data to third parties where reasonably necessary to:

  • comply with applicable laws, regulations, authority requests or court orders;
  • detect, prevent or investigate fraud, misuse, security incidents or technical issues;
  • protect the rights, property or safety of Inderes, users or third parties;
  • establish, exercise or defend legal claims;
  • carry out a merger, acquisition, financing, restructuring or other business transaction, subject to appropriate confidentiality and data protection safeguards.

International Transfers

Inderes and its service providers store and process personal data mainly within the European Economic Area. However, some service providers may process personal data in, or allow access from, countries outside the European Economic Area.

Where personal data is transferred outside the European Economic Area to a country that has not been recognised as providing an adequate level of data protection, Inderes relies on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and, where required, supplementary safeguards.

TurboBridge

Some parts of the Service use TurboBridge, a third-party teleconference service provider located in the United States. TurboBridge provides teleconference bridge functionality for Videosync teleconferences.

TurboBridge may process personal data such as IP address, name, company name and telephone number of users who participate in a teleconference by telephone or WebCall functionality.

Transfers are based on the European Commission’s Standard Contractual Clauses, together with transfer impact assessments and supplementary technical, contractual and organisational safeguards where necessary.

Personal data processed by TurboBridge in relation to a teleconference is permanently removed from TurboBridge storage when the teleconference bridge is removed, and at the latest one month after the relevant event has ended.

Daily

Some parts of the Service use Daily, a third-party real-time communication service provider located in the United States. Daily provides real-time communication technology for Videosync breakout rooms and talkback functionality, which allows audience members to ask questions using voice.

Daily may process personal data such as IP address and name of users connecting to a breakout room or talkback room.

Daily is certified under the EU-US Data Privacy Framework and transfers are based on the relevant adequacy decision.

Inderes does not sell personal data to third parties.

Marketing Automation

The Service may include marketing automation, audience tracking or analytics functionality.

Where Inderes acts as controller, Inderes may use identifiers, links, cookies or similar technologies to understand how users interact with Inderes’ events, content and communications. This may include information such as visit time, pages or content viewed, event attendance, viewing duration, number of visits and engagement with communications.

Where a customer of Inderes uses its own marketing automation system in connection with an event or content provided through Videosync, that customer may act as controller for the related processing. In such cases, the customer’s privacy statement applies.

A URL used to access the Service may contain a unique identifier. This identifier may be used to recognise that a visitor accessing the Service corresponds to a specific contact in a marketing automation or audience management system. Depending on the context, information about the visit, such as visit time, number of visits, event participation or content viewed, may be returned to the relevant system.

Inderes processes marketing automation and audience tracking data only where Inderes has a legal basis to do so. Where consent is required by applicable law, Inderes requests consent separately. You may manage your choices or withdraw consent where applicable.

Cookies

The Service may use cookies and similar technologies to provide the service, maintain security, measure performance, analyse use and support marketing or audience analytics.

Where required by law, Inderes requests your consent before using non-essential cookies or similar technologies. You may manage your cookie choices through the available cookie settings or your browser settings.

Data Retention

Inderes retains personal data only for as long as necessary for the purposes described in this Privacy Statement, unless a longer retention period is required or permitted by law.

The applicable retention period depends on the type of personal data, the processing purpose and the relevant legal requirements.

Scope A – Event Service

For one-time guest participants (no Videosync account), event registration data is retained for a maximum of 12 months after the event has ended, after which it is permanently deleted. Technical and interaction data (playback quality, Q&A submissions) is retained for the same period.

Scope B – Audience Database & Intelligence Platform

Account profile data is retained for as long as your Videosync account is active. If you delete your account, all personal data associated with your account — including your profile, event history, enrichment data, and IR Suite sharing — will be permanently deleted within 90 days, except where we are required by law to retain certain data. If your data has previously been disclosed to an event organiser or other independent controller, that controller may retain the data in accordance with its own privacy notice and legal obligations. Inderes will delete or disable access to the data in systems controlled by Inderes unless retention is required or permitted by law.

If your account has been inactive (no logins, no event attendance) for more than 24 months, we will notify you and give you the opportunity to keep your account active. If you do not respond within 30 days, the account and associated data will be deleted.

We may retain anonymised, aggregated statistical data that cannot be used to identify you, regardless of account deletion or inactivity.

Data Security

Inderes takes administrative, organisational, technical and physical precautions to protect the personal data Inderes collects and processes. Data is stored in technically secure locations. Physical access to data is prevented by access control and other security measures. Access to data requires sufficient rights and multi-factor identification. Unauthorised access is prevented by firewalls and other technical protection measures. Only specifically named persons have the right to process and maintain data, and these persons are bound by confidentiality obligations. Back-ups are made securely and data can be restored where needed. Information security levels are audited regularly through external or internal audits.

Inderes’ security measures are designed to ensure the ongoing confidentiality, integrity, availability and resilience of Inderes’ processing systems and services, and the ability to restore access to personal data in the event of an incident.

If, despite Inderes’ security efforts, a personal data breach occurs that is likely to result in a risk to your rights and freedoms, Inderes will notify the relevant data subjects and competent authorities where required by applicable data protection law.

Your Rights

Where Inderes acts as a controller, you have the following rights under applicable data protection law.

Right of Access. You have the right to request access to the personal data Inderes processes about you and to receive a copy of such data, including any enrichment data added from external sources. Inderes may refuse to provide a copy where doing so would adversely affect the rights and freedoms of others or where another legal limitation applies.

Right to rectification. You have the right to request that incorrect or incomplete personal data be corrected or completed.

Right to erasure. You have the right to request deletion of personal data concerning you. Inderes will comply with such a request unless Inderes has a legal basis or legal obligation to retain the data. For account holders, deleting your account will remove all associated data as described in the Data Retention section.

Right to Restriction of Processing. You have the right to request that Inderes restrict the processing of your personal data, for example while Inderes verifies the accuracy of the data or assesses an objection to processing. Restricting processing may affect your ability to use some parts of the Service.

Right to object. You have the right to object to processing based on legitimate interest on grounds relating to your particular situation. This includes the right to object to:

  • Your data being included in the Audience Database
  • Profile enrichment from external sources
  • Sharing of your data through IR Suite
  • Event and content recommendations

Upon receiving a valid objection, Inderes will cease the specific processing unless Inderes can demonstrate compelling legitimate grounds that override your interests.

You also have the right to object to direct marketing at any time. If you object to direct marketing, Inderes will stop processing your personal data for direct marketing purposes.

Right to data portability. You have the right to receive your personal data in a commonly used, machine-readable format and to transfer it to another controller. The right to data portability applies where processing is based on consent or contract and carried out by automated means.

Right to withdraw consent. Where any processing is based on consent, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

How to Exercise Your Rights

You can exercise your rights by contacting us at the contact information listed above. Please include your full name, email address, and a description of your request. Inderes may request additional information to confirm your identity. Inderes will respond within one month of receiving the request. This period may be extended by up to two further months where necessary, taking into account the complexity and number of requests.

Inderes may refuse to act on a request or charge a reasonable fee where requests are manifestly unfounded or excessive, in particular because of their repetitive character, or where Inderes has another lawful basis for refusing the request.

Where Inderes acts as processor on behalf of a customer, Inderes may not be able to respond directly to your request. In such cases, Inderes will, where appropriate, direct your request to the relevant controller or advise you to contact that controller directly.

Referral to a Supervisory Authority

If you believe that Inderes’ processing of personal data is contrary to applicable data protection legislation, you have the right to file a complaint with a competent supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (tietosuojavaltuutetun toimisto), www.tietosuoja.fi.