Privacy policy

Created December 20, 2022

Privacy statement in accordance with the EU General Data Protection Regulation (GDPR, 2016/679)

Data controller

Whitecoach Oy (name after the ongoing merger will be Startup Lions Oy)

Business ID: 2667703–6

Adress: Haapalankatu 1A, FI-15240 Lahti

Contact person in matters concerning the register

Johan Backas

Name of the register

Customer, shareholder, and partner register for Whitecoach Oy.

Purpose for collecting personal data 

We process personal data in order to provide our services and products in the best possible way. We use collected information for the following purposes: 

  • Communications and marketing. To contact, maintain, develop and update relationships with Whitecoach Oy stakeholders and to find new portfolio companies, as well as to invite stakeholders and shareholders to various events and to share information regarding our business. The processing for this purpose is based on the consent given by the registered individual or an agreement between an individual and Whitecoach Oy. Whitecoach Oy carries out marketing communications only to the general public or to individuals who have given consent. Each individual has the right to unsubscribe from marketing communications.
  • To find potential investment targets 
  • In addition to the marketing and communications described above, we collect information about interesting potential companies as potential investment targets. Collecting information and tracking potential investment targets can be long-term. The information collected may include personal data in the form of decision-making information of potential investment targets. Such personal data is also available in other public sources.
  • Partners and other contractual obligations.
  • We also process personal data on a general level for the performance of contracts that are binding on it or for the implementation of measures preceding the conclusion of a contract and in connection with the procurement of services. The processing for this purpose is based either on contractual obligations or law.
  • Communication. Press releases and company releases about interesting events concerning Whitecoach Oy or its investment companies. Invitation to the company’s and its portfolio companies’ general meetings. The processing for this purpose is based on consent from the registered individual or legal obligations. 
  • Legal obligations. Whitecoach Oy collects and processes personal data in order to comply with legal requirements, for example in relation to anti-money laundering or tax reporting. 
  • To be able to identify website visitors. We may use the compiled lists of personal data to monitor and develop our website.

Data content of the register

The following information is stored in the register:

  • Basic information (name, email address, phone number, organization, role in the organization) 
  • Information related to visiting and navigating our website (incl. cookies)
  • Information related to meetings and contacts
  • Information about investments and potential investments
  • Information about participation in events organized by Whitecoach Oy 
  • Information required e.g., by the Money Laundering Act, tax reporting regulations, or other regulations

Data sources

Personal data is collected from the registered individual or their employer organization. Personal data may also be collected from public or other sources, such as official registers or services maintained by the Finnish Patent and Registration Office and the Business Information System, for which the corresponding information is available for a fee or free of charge (such as Fonecta Finder). We also collect data from registers maintained by credit reference agencies, such as Suomen Asiakastieto. 

In addition, the data sources for the register are: 

  • Other sources of information such as social media channels
  • Customer data registers, such as official and public registers


Whitecoach Oy may also collect, process, and analyze the personal data of website visitors in the form of cookies. Cookies are used to analyze the number of website visitors, develop website content, and carry out digital marketing. The information collected is not used to identify individuals.

Regular disclosure of data

We do not disclose customer information to third parties.

Exceptions to disclosing data

  • Personal data may be processed by approved third parties to whom the data may be disclosed in accordance with applicable law or based on a contractual obligation (such as IT or HR services)
  • Disclosure of data between companies belonging to the Whitecoach group of companies when this is necessary to provide required services or to perform administrative, billing, or other functions.
  • Whitecoach Oy, as a contracting party or representative of a contracting party, may disclose data to lawyers, consultants, or other experts, as well as to foreign law firms or other expert organizations, when this is necessary for the fulfillment of contractual obligations.
  • Information related to the development and reporting of operations, in which individuals are not identifiable.
  • To courts, law enforcement agencies, regulators and supervisory authorities, attorneys, alternative dispute resolution bodies, or others, when this is reasonable and necessary to comply with the law or defend against a legal claim.
  • Other disclosure of data at the request of the authorities
  • We do not sell or rent personal data

Transfer of data outside the EU or EEA 

Personal is not disclosed outside the EU or EEA.

Principles of register protection

We protect personal data with appropriate technical, physical, and organizational actions and instructions. Only limited personnel have access to the collected personal data. 

However, transferring data over a public network (internet) is never entirely secure. While we take all reasonable actions to protect personal information, we cannot guarantee the security of the information an individual submits on our website or other sources. Due to this, each individual discloses data at their own risk. Once we have received information, we use our security policies and technical protection to prevent unauthorized access to the data. All our employees and employees of approved third parties, who are granted access to customer data, are obligated to keep the information confidential.

Verification and deletion of data

The registered individual has the following rights:

  • Access to the personal data collected from them. A request to review collected data must be made in writing to the data controller's e-mail address mentioned above.
  • Request rectification or updating of their data
  • Right to request data deletion, if this is possible under the law or in the interests of the company
  • Object the processing of personal data
  • Withdraw consent to data processing
  • File a complaint with a supervisory authority 

The company must verify the registered individual’s identity before disclosing collected data.  Please send a written data revision request and proof of identity via email to Whitecoach Oy’s contact person mentioned above. We will respond to requests within four (4) weeks of receiving the request.

We aim to keep our records up-to-date and error-free, but we are not liable for direct or indirect damages caused by inaccurate, incomplete, or incorrect personal data.