Slush 2025
>
Privacy Policy

Privacy Policy

1. BACKGROUND AND PURPOSE OF PROCESSING

Slush Oy (hereinafter “Slush” or “we”), is a Finnish-owned company specialized and focused on organizing startup and technology conferences as well as designing and developing online products and software related to the same.

In connection with our operations and to be able to provide Slush Services and Events, we may collect and process personal data of you as a user of Slush Services (“User” or “you”). Slush processes personal data under this Privacy Policy and in accordance with applicable laws, including the General Data Protection Regulation (2016/679) (the “GDPR”).

The purpose of this Privacy Policy is to describe and explain:

  • how we as a controller process personal data in connection with Slush Services,
  • what personal data we collect, and
  • how you may use your rights as a data subject.

At times the Slush platform may also be licensed to a third party and in such case, Slush may act as a processor or an independent controller together with the third party.

In this Privacy Policy, “Slush Services” refer to:

  • Slush conference,
  • Slush event mobile application, and
  • websites slush.org and platform.slush.org,

including applicable features such as, but not limited to:

  • online events,
  • online ticket store, and
  • other features available on the online platform provided by Slush.

In this Privacy Policy, the startup and technology events (physical or online) organized by Slush and/or under the Slush brand, and being part of Slush Services, are separately referred to as the “Events”, where necessary.

Please note that we may update this Privacy Policy from time to time – you can find the current version on the slush.org and platform.slush.org websites.

2. CONTROLLER’S CONTACT DETAILS
  • Name: Slush Oy
  • Business ID: 2554151-6
  • Address: Malminkatu 16, 00100 Helsinki
  • Email: hello@slush.org

3. PERSONAL DATA PROCESSED AND SOURCES OF DATA

Our User's personal data collected and processed by us in connection with Slush Oy Services can be divided into two general data categories:

  • “User Data” and
  • “Technical Data” (including cookies and web analytics).

Further, we may also process your personal data in connection with recruitment process. These data categories are explained in more detail below.

User Data

User Data is personal data collected directly from you, or from the customer organization represented by you and on behalf of which you are using Slush Services (the latter hereinafter the “Customer Organization”).

We may collect User Data from our Users in a few different ways, including when the User:

  • registers to Slush Services,
  • creates a profile, or
  • subscribes to our newsletter.

Please note that we may also collect details of transactions, such as ticket purchases, you complete in connection with Slush Services.

User Data will be collected from the User as a part of the registration and when creating a profile to Slush Services. Accordingly, the following User Data is necessary in order to be able to use Slush Services:

Registration
  • First name;
  • Last name;
  • Job title;
  • Country;
  • Email address; and
  • Password.

We may also collect and process the following User Data (listed by feature) in connection with your use of Slush Services:

User profile
  • Profile image;
  • First name;
  • Last name;
  • Job title;
  • Country;
  • Short bio;
  • City;
  • Pronouns;
  • Industry;
  • Occupation;
  • Meeting interests; and
  • Social links.
Chat function
  • Profile image;
  • First name;
  • Last name; and
  • Information the User chooses to provide to other Users through the chat function.
Meeting tool
  • User profile information;
  • Information about User’s activities within the tool, such as information related to User’s meetings; and
  • Information the User chooses to provide to other Users in the tool, such as contact details and information on investments.
Ticket shop
  • Name;
  • Email address;
  • Information relating to transactions and payments carried out through Slush Services;
  • Type of Event ticket purchased for Slush Services;
  • Organization and job title; and
  • Address information.
Activity tool
  • Name;
  • Email address;
  • Job title;
  • Organization; and
  • Other event specific information that might be requested via registration form.
Volunteer registration
  • Name;
  • Date of birth;
  • Gender (optional);
  • Email address;
  • Phone number;
  • Country; and
  • Information regarding availability, interests, education, skills, work experience, previous volunteering or other information the User chooses to provide in connection with their application.
Marketing
  • Marketing opt-in or opt-out;
  • Name;
  • Email address;
  • Event attendance information;
  • Interests of the User;
  • User account and profile information;
  • Information provided via meeting tool (please see the meeting tool section above); and
  • Images and/or video taken in connection with Events.
User correspondence
  • Customer feedback and other information the User provides to us in correspondence.
Company discovery tool
  • User profile information;
  • Information about User’s activities within the tool, such as information related to User’s registration to events; and
  • Information contained in pitch decks, team descriptions, investor and company profiles, and other materials and information provided by the User via the tool.
Calendar Sync
  • If you choose to use the calendar integration feature available on the Slush platform, we will process the email address connected to your calendar as well as information on your scheduled events and meetings.
  • When connecting a Google account, we use Google user data solely to provide this functionality, and for no other purposes such as advertising or data transfer to third parties.

In addition, we may also collect User Data from our Customer Organizations when they purchase Event tickets in connection with and/or to Slush Services. The User Data we collect from the Customer Organizations include:

  • Email address connected to the Customer Organization;
  • Customer Organization's representative User and thereto related User Data, as applicable.
Technical Data

We do not normally use Technical Data to identify you as an individual, but you can sometimes (e.g. in certain technical support cases) be recognized from such data, either alone or when combined or linked with User Data.

In these situations, Technical Data can also be considered personal data under applicable laws and we will treat such data as personal data.

We and/or our authorized third-party service providers may automatically collect the following Technical Data when you visit or interact with Slush Services:

  • Browser type and version;
  • Device and device identification number;
  • Time spent at Slush Services;
  • Interaction with Slush Services;
  • URL of the website you visited before and after visiting Slush Services;
  • The time and date of your visits to Slush Services;
  • IP address; and
  • Operating system and the Internet service providers utilized.
Cookies

We use various technologies to collect and store Technical Data and other information when you visit Slush Services, including cookies.

Cookies are small text files sent and saved on your device, helping us – for example – in tailoring Slush Services and personalizing the information we provide to our Users.

They allow us to:

  • identify visitors of Slush Services,
  • facilitate the use of the same, and
  • create aggregate information of the Users.

By using cookies, we are able to improve Slush Services and better serve and support our Users, for example, by remembering usernames, passwords and language preferences.

We also use tracking and analytics cookies to see how well our services are being received by the Users.

The Users may choose to refuse cookies, and we will request your consent before using other than necessary cookies. However, please note that some parts of Slush Services may not function properly if use of cookies is, in part or in whole, refused.

Web analytics and session replay services

Slush uses web analytics and session replay services to collect and analyze Technical Data and reports on visitors' usage and help us improve Slush Services.

Job applications

We process personal data submitted by you, such as job application and CV, in connection with a recruitment process.

4. PURPOSES AND LEGITIMATE GROUNDS FOR PROCESSING OF PERSONAL DATA

Slush Oy processes personal data of the Users of its services for the purposes described in this Privacy Policy.

These processing purposes, of which one or more may apply depending on the case at hand, are listed below:

To organize Events and provide Slush Services

Slush processes personal data to be able to organize Events and provide Slush Services to you under the contract between you and Slush, or between the Customer Organization and Slush.

We use the data, for example, to:

  • handle your online registration,
  • manage ticket(s) and payments,
  • enable organization of side events, and
  • provide you and the other Users with the information necessary for the proper use of the meeting tool as well as other tools of the Slush platform.

We may also process personal data to contact you regarding the Events and Slush Services as well as to inform you of any changes to the same.

In the event you contact our customer service, we will use the provided information to answer your questions or solve the possible issues.

Legitimate grounds for processing:

  • performance of a contract with you, and
  • legitimate interest to fulfil an agreement with our Customer Organization.

If registration for an Event organized with/by a third party takes place on Slush Services (not redirecting to other registration site or platform), the respective organizer and Slush are joint controllers for the personal data processed for the purpose of the event registration.

Legitimate ground for processing: performance of a contract.

With any questions related to such processing, you can reach out to us.

To provide personalized content and customized user experience

If you have selected to use our meeting tool and/or company discovery tool, we process personal data to generate an optimal and customized user experience and to provide you with the most relevant content based on your user profile.

This may, for example, include:

  • individualizing your feed, and
  • providing you with customized recommendations, including meeting recommendations created using artificial intelligence.

You may at any time decide to stop using any tool available on the Slush platform, and remove your profile. After removing the profile, Slush no longer processes the user profile information for the abovementioned purposes.

Legitimate ground for processing: performance of a contract.

If you choose to use the calendar integration feature available on the Slush platform, we process your personal data to synchronize your calendar with the platform. Your synchronized calendar data will only be visible to you and not to other Users of the Slush platform.

Legitimate ground for processing: your consent.

You can turn off the synchronization at any time on the Slush platform. This feature is available for calendar providers that we support from time to time, as listed on the Slush platform.

For customer communication, marketing and development

We process personal data for the purposes of maintaining our customer relationships as well as for marketing and advertising Slush Services and other products offered by Slush or via Slush platform.

This means, for example:

  • customizing the user experience by showing targeted offers,
  • side event information, job opportunities and advertisements based on the information gathered from the User during his/her visits to Slush Services, and
  • publishing images and video from Events on Slush website, social media platforms, and other media.

We process personal data also to run, maintain and develop our business and to create new customer relationships.

Legitimate ground for processing: the legitimate interests of Slush to market, run, maintain, and develop its services, products, and operations.

If we want to use identifiable images and/or video taken at Events for Slush's marketing and promotional purposes, we will request your prior consent.

Electronic direct marketing

In relation to electronic direct marketing, the legitimate ground for processing personal data is the legitimate interest of Slush to market its services.

However, in certain cases, to be allowed to send electronic direct marketing (for example, utilizing email or text messages), a consent of the receiver of electronic direct marketing is collected where required by applicable laws.

Such a consent may be requested in certain parts of Slush Services, e.g. in connection with the registration.

The Users may withdraw given consent at any time by:

  • contacting us via email (see section 2 above for contact details), or
  • managing consent settings via their own user account.
To fulfil our legal obligations

Slush processes personal data to be able to administer and fulfil its obligations under the applicable laws.

This includes processing data for:

  • complying with the bookkeeping obligations, and
  • providing information to relevant authorities such as tax authorities.

Personal data may also be disclosed due to mandatory grounds arising from the applicable laws, regulations and/or, if required, to the court or competent authority for legal and justified grounds.

Legitimate ground for processing: to comply with legal obligations.

For potential claims handling and legal processes

Slush may process personal data in relation to handling of claims, debt collection and legal processes.

Slush may also process personal data to:

  • prevent fraud,
  • prevent misuse of Slush Services, and
  • ensure information, system and network security.

Legitimate ground for processing: the legitimate interests of Slush to handle claims, to collect debt, to conduct legal processes, to prevent fraud and misuse of Slush Services, and to ensure information, system and network security.

For quality and service improvement, trend analysis and research

We may process information about your use of Slush Services to improve the quality e.g. by analyzing trends in the use of Slush Services, and to adjust, develop and improve our offering and operations, including the user experience.

This includes using User Data, such as information on a User's interests and activities collected through the meeting tool, to develop and train artificial intelligence models to be used by Slush to provide personalized content and customized user experience to Users in connection with Slush Services.

Further, we may process the information you provide us via Slush platform for research purposes (e.g. compile a publication on the State of European Tech or equal).

However, we will never publish other than aggregated, non-personally identifiable data.

Legitimate ground for processing: the legitimate interests of Slush in maintaining and improving its services to ensure their relevancy and quality.

When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy. We also use pseudonymized or non-personally identifiable data when possible.

5. TRANSFERS TO COUNTRIES OUTSIDE EUROPEAN UNION AND EUROPEAN ECONOMIC AREA

Slush and its service providers store personal data in the European Union (EU) and European Economic Area (EEA).

However, the personal data may also be processed outside the EU/EEA, if necessary, for example, for:

  • maintenance purposes, or
  • support purposes.

We always take necessary steps to ensure that Users’ personal data receives an adequate level of protection in the jurisdictions where it is stored and processed.

We ensure adequate safeguards and protection for the transfers of personal data to countries outside of the EU/EEA through:

  • an adequacy decision by the European Commission, or
  • an appropriate transfer mechanism, which may be the Standard Contractual Clauses of the European Commission available here, or
  • other appropriate mechanism in force and accepted from time to time.

More information regarding the transfers of personal data may be obtained by contacting us (see section 2 above for contact details).

6. RECIPIENTS AND DATA DISCLOSURES

We only share personal data within our Slush organization, if and as far as reasonably necessary, for the purposes of this Privacy Policy, e.g., with our employees responsible for customer service and marketing.

We do not share personal data with third parties outside of our organization unless one of the following circumstances applies:

It is necessary for the purposes of this Privacy Policy

To the extent third parties (such as other Users of Slush Services, side event organizers, or other collaborators/event organizers) need access to your personal data in order for us to perform Slush Services.

Slush has taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with applicable laws and regulations.

Furthermore, we may provide your personal data to our affiliates, other trusted businesses, or persons to process it on our behalf, based on our instructions and in accordance with our Privacy Policy as well as any other appropriate obligations of confidentiality and security measures.

For legal reasons

We may share personal data with third parties outside our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to:

  • meet the requirements or obligations under the applicable law, regulation, and/or court order;
  • detect, prevent, or otherwise address fraud, security, or technical issues; and/or
  • protect the interests, properties, or safety of Slush, the Users, or the public in accordance with the applicable law.

When possible, we will inform the User of such data transfer and processing.

To authorized service providers

We may share personal data with authorized service providers who perform services for us, including but not limited to:

  • data storage,
  • accounting,
  • payment, and
  • sales and marketing service providers.

Our agreements with our service providers include commitments ensuring that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.

Lead scanning

If you wish to share with other Users of Slush Services your contact details and professional information through the Slush Lead Scanning Service, we will keep the information available for them for fifteen (15) months.

Please note that Slush will not be responsible for any use of such shared contact details. You can control the information to be shared in the settings page on the Slush platform.

With explicit consent

We may share your personal data with third parties outside Slush for reasons other than the ones mentioned above, when we have your explicit consent to do so.

The User has the right to withdraw the aforementioned consent(s) at any time.

7. INFORMATION SECURITY

We use administrative, organizational, and technical measures as well as physical safeguards to protect all personal data we collect and process.

Measures include, for example and where necessary:

  • encryption,
  • pseudonymization,
  • firewalls,
  • secure facilities, and
  • access right systems.

Our security controls are designed to maintain an appropriate level of:

  • data confidentiality,
  • integrity,
  • availability,
  • resilience, and
  • ability to restore the data.

If a security breach that is likely to have a negative effect on the privacy of the Users occurs despite the security measures, Slush will inform:

  • the relevant Users,
  • other affected parties, and
  • relevant authorities

in accordance with applicable data protection laws, as soon as possible.

8. STORAGE PERIOD

Slush does not store your personal data longer than is legally permitted and necessary for the purposes of this Privacy Policy.

The storage period depends on:

  • the nature of the information, and
  • the purposes of processing.

The maximum storage period may therefore vary per use.

  • Registration information relating to the user account with Slush Services will be deleted after a period of five (5) years from the last use of the user account in question. Slush will inform you about the oncoming deletion.
  • Data collected for a specific Slush Service or Event will be deleted or anonymized three (3) years after the completion of the Slush Service or Event.
  • A part of the personal data relating to the user account or otherwise to Slush Services may be stored if processing is required by applicable law or is reasonably necessary for our legal obligations or legitimate interests, such as handling of claims, bookkeeping, internal reporting, and reconciliation purposes.
  • All personal data relating to the user account with Slush Services will be anonymized or deleted after a period of five (5) years from last use of the user account, with the exception of personal data required in certain rare situations, such as legal proceedings.
  • We will store Technical Data of unregistered Users for a reasonable time period, but in no event longer than two (2) years for the purposes specified in this Privacy Policy.
9. USERS’ RIGHTS
Right to access

The Users have the right to access the personal data relating to them and processed by us. We give you the possibility to:

  • view certain data through your user account with Slush Services, or
  • request a copy of your personal data.
Right to object

If the data is processed based on our legitimate interest, you may have the right to object to certain use of your personal data.

Note: If you object to the further processing of your personal data, this may lead to fewer possibilities to use Slush Services.

Right to rectify

The Users have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored about the User corrected or completed by contacting us.

You can correct or update some of your personal data through your user account in Slush Services.

Right to erasure

The Users may also request us to delete their own personal data from our systems.

We will comply with such requests unless we have a legitimate ground not to delete the personal data. Such legitimate ground may be based on, e.g., the applicable laws.

Right to data portability

In certain situations, you may have the right to:

  • receive your personal data from us in a structured and commonly used format, and
  • independently transmit the data in question to a third party.
Right to withdraw consent

In case the processing is based on a consent granted by the User, the User may withdraw the consent at any time.

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to restriction of processing

You may request us to restrict processing of personal data, for example:

  • when your data erasure, rectification, or objection requests are pending, and/or
  • when we do not have legitimate grounds to process your personal data.

Note: This may lead to fewer possibilities to use Slush Services.

The abovementioned rights may be exercised by sending an email or a letter to us on the addresses set out in section 2 (Controller's Contact Details).

The message should include the following information:

  • full name,
  • home address,
  • email address, and
  • telephone number.

We may request the provision of additional information necessary to confirm the identity of the User.

We reserve the right to reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.

10. DIRECT MARKETING

The User has the right to prohibit us from using User’s personal data for:

  • direct marketing purposes,
  • market research, and
  • profiling made for direct marketing purposes.

This can be done by:

  • contacting us at the address indicated in section 2 (Controller's Contact Details), or
  • using the unsubscribe function offered in connection with each direct marketing message.
11. LODGING A COMPLAINT

The User can lodge a complaint with the local data protection supervisory authority in case the User considers that Slush's processing of personal data appears to be inconsistent with applicable data protection laws.

In Finland, the local supervisory authority is the Data Protection Ombudsman (www.tietosuoja.fi).

Contact details of the supervising authority:

  • Office: Office of the Data Protection Ombudsman
  • Visiting address: Lintulahdenkuja 4, 00530 Helsinki
  • Postal address: P.O. Box 800, 00531 Helsinki, Finland
  • Email: tietosuoja@om.fi
  • Telephone (switchboard): +358 (0)2956 66700
  • Telephone guidance: +358 (0)2956 66777