This Privacy Statement has been published on February 19th 2019, version 1.0.
Varjo Technologies Oy (later “Varjo”, “we” or “company”) receives, collects and processes personal data of representatives, employees and personnel (later collectively “Data Subjects”) of customers, potential customers, suppliers, potential suppliers, vendors, potential vendors, other users of our services (including our website and social media services) and other business contacts of Varjo (later collectively “Business Partners”).
The purpose of this Privacy Statement is to describe how Varjo processes Personal Data, what Personal Data Varjo collects, how the data is used and to whom the data is disclosed. In addition, we tell you how you can control the processing of your Personal Data. Varjo is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What data is collected, stored and processed?
Varjo receives, collects, stores and processes a range of personal data about Data Subjects, including:
- Name and contact information, such as email address, phone number, employer name and address and job title / position
- Other information necessary for maintaining the Business Partner relationship, such as billing information, feedback, other message history and marketing preferences.
Personal Data processed by Varjo is mainly collected directly from the Data Subject or through our Business Partner having a direct relationship with the Data Subject (such as employment). In addition, the Personal Data may also be collected automatically when the Data Subject uses our products and services e.g. when using our online services (including social media) and visiting our websites.
While the provision of certain Personal Data is necessary for the use of our services (for example contact details of Business Partners’ representatives), certain Personal Data is provided voluntarily. Personal Data may be updated and supplemented by collecting data from private and public sources, such as commercially available directories and websites of the Business Partner.
We do not collect or process sensitive personal data (Personal Data of special categories).
Why does Varjo process personal data?
We process Personal Data of Data Subjects to offer the services and to maintain our relationship with Business Partners. In this context, Personal Data may be processed for the following purposes:
- registration and delivery of our products and services
- invoicing (including debt collection), recalls, warranties, customer service, feedback and related communications
- management and administration of our relationship with our Business Partners
- provision of information and materials related to our products and services, for example by newsletters and direct marketing
- identifying potential customers who are using our services for the purposes of targeting relevant marketing to such persons
- registrations for our events and webinars
- market and customer analysis and surveys
- contacting the Data Subject and to provide information on the services.
- business planning and product development
- complying and fulfilling our legal duties and obligations such as tax law, accounting and product liability related obligations
- ensuring security of our products and services and preventing abuses
- ensuring security of our IT environments and protection of data
- presenting legal claims and/or responding to and defending against legal claims
We process Personal Data on the following basis:
- for the purposes of our legitimate interest to inform you about our products and services, to deliver and maintain our product and services, ask you for feedback, or provide you other relevant marketing information about our products and services and to maintain the customer relationship. In this respect, processing of personal data is related to the customer, vendor and/or supplier relationship and other relevant relationship between Varjo and the respective Business Partners. Where Varjo relies on legitimate interests as a reason legal basis for processing personal data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
- for the purposes of performance of a contract to which the Business Partner or Data Subject is party or in order to take steps at the request of the Data Subject or the Business Partner prior to entering into a contract
- to comply with legal obligations applicable to us (such as corporate and accounting)
Who has access to data?
For the purposes stated in this Privacy Statement, Personal Data may be disclosed, when necessary, to authorities, other companies within the same group of companies as us, and to other third parties, such as third-party service providers (such as our IT vendors, logistics and service companies and marketing agencies conducting marketing on our behalf etc.). In such case, the Personal Data will only be disclosed for purposes defined above. We do not sell or otherwise disclose Personal Data to third parties outside Varjo Group for such third parties’ own purposes.
- List of the processors and other recipients can be provided upon request.
Transfer outside EU/EEA:
Personal Data may also be transferred regularly outside the European Union and the European Economic Area (“EU/EEA”) within Varjo Group and also to our service providers. In case Personal Data is transferred outside EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.
In addition, we may share the Personal Data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements.
Personal Data are also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety of the products and services.
How does Varjo protect data?
Securing the integrity and confidentiality of Personal Data is important to Varjo. We have taken adequate technical and organizational measures in order to keep Personal Data safe and to secure it against unauthorized access, loss, misuse or alteration by third parties, such as by encryption, access controls and firewalls. Nevertheless, considering the cyber threats in modern day online environment, we cannot give full guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to Personal Data or absolute security of the Personal Data during its transmission or storage on our systems.
For how long is data kept?
Personal Data collected in connection with our Services shall be retained as long as need for the purposes defined in this Privacy Statement, unless such data is replaced through regular updates or otherwise. As regards Personal Data related to our relationship with our Business Partners, we retain Data Subject’s Personal Data for at least five (5) years from end of the respective Business Partner relationship or Data Subject’s latest contact with us. We retain the personal data for five (5) years in order to have adequate knowledge of our relationship with the Business Partner and to enable the continuity of our customer service. Personal Data may be, in whole or partly, retained for longer or shorter period if required by applicable law (such as customer data for accounting, tax law and product liability related obligations) or if there is some other justified reason for us to retain or delete the Personal Data. In such a case, once the reason to retain the Personal Data ceases to exist, the Data Subject’s Personal Data shall be erased without delay.
- Detailed retention times can be provided upon request
We evaluate the necessity and accuracy of the Personal Data on a regular basis and endeavor to ensure that the incorrect and unnecessary Personal Data are corrected or deleted.
As a Data Subject, you have a number of rights under applicable data protection laws. You can:
- access the Personal Data processed
- obtain a copy of your Personal Data on request in a structured, commonly used and machine-readable format insofar as the processing is based on contract, and insofar as you have provided the information to Varjo
- require Varjo to change incorrect or incomplete Personal Data
- require Varjo to delete or stop processing your Personal Data, for example where the data is no longer necessary for the purposes of processing. However, please note that certain Personal Data is strictly necessary in order to achieve the purposes defined in this Privacy Statement and may also be required to be retained by applicable laws. Thus, you may not delete such Personal Data.
- object to the processing of your data where Varjo is relying on its legitimate interests as the legal ground for processing. For example, you may object to your Personal Data being used for marketing purposes at any time.
- ask Varjo to restrict processing Personal Data for a period if data is inaccurate or there is a dispute about whether or not your interests override Varjo’s legitimate grounds for processing data
Data Subject may exercise the aforementioned rights by sending a written request to email@example.com.
If you believe that Varjo has not complied with applicable data protection laws when processing your Personal Data, you can lodge a complaint with a supervisory authority. In Finland, that is the Data Protection Ombudsman.
Varjo may make changes to this Privacy Statement at any time by giving a notice on the website and/or by other applicable means. The Data Subjects are highly recommended to review the Privacy Statement on our website every now and then. If the Data Subject objects to any of the changes to this Privacy Statement, the Data Subject should cease using the services, where applicable, and he/she can request that we remove the Personal Data, unless applicable laws require us to retain such Personal Data. Unless stated otherwise, the then-current Privacy Statement applies to all Personal Data we process at the time.
Varjo Technologies Oy (registered in Finland, business ID 2773901-6) is the legal entity determining the purposes and means of processing the information gathered and is the data controller of all the data collected.
If, at any time, you as the Data Subject have questions or concerns about this Privacy Statement, please contact firstname.lastname@example.org.