Varjo Technologies Oy (later “Varjo”, “we” or “company”) receives, collects and otherwise processes personal data of representatives, employees and personnel of customers, potential customers, suppliers, potential suppliers, vendors, potential vendors, (later collectively “Business Partners”), and other users of our services (including also our website and social media services) and other business contacts of Varjo (later collectively “Data Subjects”).
What data is collected, stored and processed?
Varjo receives, collects, stores and otherwise processes a range of personal data about Data Subjects, including:
• Name and contact information, such as email address, phone number, employer name and address and job title / position,
• Other personal data necessary for maintaining the Business Partner relationship, such as billing information, feedback, other message history and marketing preferences,
• Information related to account registration, such as username, email and organization name,
• Other information about subscriptions, such as validity period, last login time, headset serial number and number of active sessions,
Personal data processed by Varjo is mainly collected directly from the Data Subject or through our Business Partner having a direct relationship with the Data Subject (such as employment). In addition, the personal data may also be collected automatically when the Data Subject uses our products and services e.g. when using our online services (including social media) and visiting our websites.
While the provision of certain personal data is necessary for the use of our services (for example contact details of Business Partners’ representatives or usage of the user account), certain personal data is provided voluntarily. personal data may be updated and supplemented by collecting data from private and public sources, such as commercially available directories and websites of the Business Partner.
We do not collect or process sensitive personal data (personal data of special categories).
Why does Varjo process personal data?
We process personal data of Data Subjects to offer services and to maintain our relationship with Business Partners. In this context, personal data may be processed for the following purposes:
• registration and delivery of our products
• subscription and providing of our services
• product and service development
• invoicing (including debt collection), recalls, warranties, customer service, feedback and related
• management and administration of our relationship with our Business Partners and for customer information purposes
• provision of information and materials related to our products and services, for example by newsletters and direct marketing
• identifying potential customers who are using our services for the purposes of targeting relevant marketing to such persons
• registrations for our events and webinars
• market and customer analysis and surveys
• contacting the Data Subject and to provide information on the services.
• complying and fulfilling our legal duties and obligations such as tax law, accounting and product liability related obligations
• ensuring security of our products and services and preventing abuses
• ensuring security of our IT environments and protection of data
• presenting legal claims and/or responding to and defending against legal claims
We process personal data on the following basis:
• for the purposes of our legitimate interest to inform you about our products and services, to deliver, develop and maintain our products and provide and develop our services, ask you for feedback, or provide you other relevant marketing information about our products and services and to maintain the customer relationship. In this respect, processing of personal data is related to the customer, vendor and/or supplier relationship and other relevant relationship between Varjo and the respective Business Partners. Where Varjo relies on legitimate interests as a reason legal basis for processing personal data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
• for the purposes of performance of a contract to which the Business Partner or Data Subject is party or in order to take steps at the request of the Data Subject or the Business Partner prior to entering into a contract
• based on the consent by the Data Subject for the purposes of direct marketing [and other purposes we have ask your separate consent.]
• to comply with legal obligations applicable to us (such as corporate and accounting)
Who has access to personal data and why?
• List of the processors and other recipients can be provided upon request.
Transfer outside EU/EEA:
Personal data may also be transferred regularly outside the European Union and the European Economic Area (“EU/EEA”) within Varjo Group and also to our service providers. In case personal data is transferred outside EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.
In addition, we may share the personal data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements.
Personal data are also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety of the products and services.
How does Varjo protect data?
Securing the integrity and confidentiality of personal data is important to Varjo. We have taken adequate technical and organizational measures in order to keep personal data safe and to secure it against unauthorized access, loss, misuse or alteration by third parties, such as by encryption, access controls and firewalls. Nevertheless, considering the cyber threats in modern day online environment, we cannot give full guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to personal data or absolute security of the personal data during its transmission or storage on our systems.
For how long is data kept?
• Detailed retention times can be provided upon request
We evaluate the necessity and accuracy of the personal data on a regular basis and endeavor to ensure that the incorrect and unnecessary personal data are corrected or deleted.
As a Data Subject, you have a number of rights under applicable data protection laws. You can:
• access the personal data processed
• obtain a copy of your personal data on request in a structured, commonly used and machine- readable format insofar as the processing is based on contract, and insofar as you have provided the information to Varjo
• require Varjo to change incorrect or incomplete personal data
• object to the processing of your data where Varjo is relying on its legitimate interests as the legal ground for processing. For example, you may object to your personal data being used for marketing purposes at any time.
• ask Varjo to restrict processing personal data for a period if data is inaccurate or there is a dispute about whether or not your interests override Varjo’s legitimate grounds for processing data
• the right to withdraw any consent given by you.
Data Subject may exercise the aforementioned rights by sending a written request to firstname.lastname@example.org.
If you believe that Varjo has not complied with applicable data protection laws when processing your personal data, you can lodge a complaint with a supervisory authority. In Finland, that is the Data Protection Ombudsman.
Varjo Technologies Oy (registered in Finland, business ID 2773901-6) is the legal entity determining the purposes and means of processing the information gathered and is the data controller of all the data collected.