Discover our latest offers and promotions!

Stay updated with our exclusive deals and discounts.

Oops! Something went wrong. Please try again.
bibook

Privacy policy

Privacy Statement - BI Book

Last Updated: 8.4.2026

1. Introduction

This Privacy Statement outlines what and how personal data are processed in the BI Book services. BI Book is provided by Renance - Automated Financial Services Oy (”Renance”), a subsidiary of Greenstep Oy (collectively, the “Vendor", “we”,  “us”, or “our”). We process personal data primarily in connection with our service delivery, service development, customer relationship management activities, and other communications related to sales and customer cooperation. The information we gather enables us to manage customer relationships, deliver and develop our services, and communicate relevant updates to our existing and potential customers in a secure and lawful manner.

2. Controller and contact details

The Controller of personal data processed in accordance with this Privacy Statement is:

Renance - Automated Financial Services Oy, business ID 2697751-4

Address: Keilaranta 5, 02150 Espoo, FINLAND

DPO: compliance@greenstep.com

In addition, companies belonging to the Greenstep Group act as joint controllers with Renance whenever they process the same personal data in their activities, and all Group companies follow the data protection principles described in this Privacy Statement. While the Group companies act as joint controllers, Greenstep Oy serves as the primary point of contact for exercising data subject rights and managing compliance related queries.

3. Basis of processing of personal data

Renance’s primary duty is to provide services to our customers, and this constitutes the main purpose for which we process personal data. Renance processes personal data only when there is a specific and lawful purpose for doing so under applicable data protection legislation. Renance relies on one or more of the following legal bases when processing personal data:

  • Performance of a contract: Processing is necessary to fulfil contractual obligations or to take steps at the request of a data subject prior to entering a contract.
  • Legitimate interests: Processing is necessary for Renance’s legitimate interests in operating a secure and efficient business, provided these interests are not overridden by the person’s     rights and freedoms. These legitimate interests may include:
    • manage and develop our relationship with the customer, e.g. service improvement and business analytics;
    • conducting and analysing customer surveys and marketing activities.
  • Consent: Renance may rely on the person’s consent in certain situations, such as testing or proof of concept, recording collaboration meetings, sending marketing communications, event invitations, or processing optional information. Consent may be withdrawn at any time, without affecting the lawfulness of processing carried out before the withdrawal.
Purpose of Processing Table
Purpose of processing Categories of personal data Legal basis
Service delivery, testing or proof of concept
  • Account information (e.g. name, email address, company name)
  • Access management (e.g. user, user role, log history)
  • Usage data (e.g. features accessed, session duration, error logs)
  • Any other personal data that user inputs in the system
Performance of a contract
Consent
Service development
  • Account information (e.g. name, email address, company name)
  • Usage data (e.g. functionalities used, features accessed, session duration, error logs)
Performance of a contract
Legitimate interest
Customer Relationship management
  • Contact information (e.g. name, email address, phone number, company name)
  • Title and association with the customer, such as work title
  • Sales, communication, and marketing information (e.g. marketing preferences, event participation, and meeting transcript)
  • Information essential for providing Renance's services and fulfilling contractual engagements
Taking steps to enter or executing a contract
Legitimate interest
Consent

6. Transfer and disclosure of personal data

Renance and its processors shall not transfer any personal data to any country outside of the European Economic Area (EEA) unless the transfer is made to a country considered as a place giving an appropriate level of protection by the European Commission, or subject to such other data transfer mechanism or protections that are approved and accepted by the applicable Data Protection Legislation taking into account the requirements of the competent authorities.

Renance may also disclose personal data when:

  • requested by the person;
  • required to deliver publications or reference materials requested by the person;
  • required to facilitate conferences or events hosted by a third party;
  • required by law, regulation, or competent authorities; or
  • otherwise described in this Privacy Statement.

7. Storage and retention of personal data

Personal data is stored only for as long as required to support operational needs, fulfil the purposes for which it was collected, or comply with statutory retention requirements. Retention periods are defined in Renance’s data administration practices and take into account the nature of the data, its sensitivity, and applicable legal obligations. When data is no longer needed, it is securely deleted or anonymised in accordance with Renance’s data governance and protection policies.

8. Protection of personal data

Renance has implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, alteration, or destruction. Only authorised persons are granted access to personal data processed by Renance, and such persons have agreed to maintain the confidentiality of this information.

While Renance uses appropriate security measures once we have received personal data, the transmission of data over the internet (including by e-mail) is never completely secure. Renance strives to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

9. Rights of data subjects

Data protection legislation guarantees persons as data subjects with several rights concerning the processing of their personal data. The scope of these rights depends on the legal basis applied to the relevant processing activities. Renance is committed to respecting and facilitating these rights.

The rights available to data subjects include where applicable:

  • Right of access – The person can request confirmation of whether we process their personal data and receive a copy of that data, along with information on how it is used.
  • Right to rectification – The person may ask us to correct inaccurate personal data or, when necessary, complete incomplete data.
  • Right to object – The person may object to processing based on our legitimate interests if their situation outweighs those interests. The person may always object to the use of their data for direct marketing.
  • Right to data portability – The person may request the personal data they have provided to us - when processed based on consent or a contract - in a structured, commonly used, and machine‑readable format, and have it transferred to another controller.
  • Right to erasure (“right to be forgotten”) – The person may request the deletion of their personal data when there is no valid reason for us to continue processing it, for example if it is no longer needed or the person withdraws their consent.

10. Questions and complaints

Requests for the execution of the data subject’s rights may be addressed to compliance@greenstep.com. The fulfilment of certain rights may be subject to additional legal requirements. Renance may also request further information from the person submitting the request to ensure secure and lawful processing of the request.

The data subject has the right to lodge a complaint with a competent data protection supervisory authority, including the Office of the Data Protection Ombudsman in Finland, if they believe their personal data is being processed in violation of applicable laws.

11. Amendments to this Privacy Statement

This Privacy Statement was last updated on 8 April 2026. Renance may update or amend this Privacy Statement at any time by publishing an updated version on BI Book’s website.