Last updated: October 12, 2017
Contact details of the controller:
Tel. +358 (0) 923 165 575
Contact email: email@example.com
Personal data we collect
We collect and process personal data of the User through different means which are explained below.
Most of the personal data we process is collected directly from the User. We may also collect personal data in the process of providing the Service. We also use publicly available sources to verify the accuracy of the personal data we collect, such as the address service provided by the Finnish Post and the Population Register Centre.
Data the User provides as part of the registration
When the User registers to use our Service, we collect information that is needed to set up a user account. At registration, we collect some basic personal data, such as:
- Company name
- Email address
- Password to the Service
The User also has the possibility of providing us with other personal data to interact with the Service, such as:
- First name and last name
- Contact phone number (mobile and fixed connection)
- VAT number
- Consent to / prohibition of direct marketing
- When our customer is a corporation, we also collect basic information on contact persons and representatives of the corporation, and information on the Users.
Providing this personal data is optional and is not needed to set up an account to the Service – however, such personal data may be needed to get full advantage of the features of the Service.
Data regarding the use of the Service
We may also collect data automatically when the User uses our Service. This information includes:
- The User’s activity in the Service, such as transactional information based on the User’s activity and transactional data the User uploads to the Service;
- Subscription information, such as information on invoicing and collection of the User’s monthly subscription fees;
Payments of the User’s monthly subscription fees within our service are made via external payment providers: Stripe, Braintree and Maksuturva. We use secure and transparent payment methods with these providers and we do not store any card details in our system. Payment providers only provide us with tokens, and we process payments via tokens. Validity of these is checked when payment is processed.
Data we get automatically from the use of the Service
We also get technical usage data from the Service, such as:
- Timestamps and log data relating to the use of the Service;
- Data about the devices that are used to access the Service, including IP address and the version of the software program obtained through the User’s browser and cookies.
How we use personal data
We process personal data for three main purposes.
Some areas of our Service require the processing of personal data in order to provide services to the User. In this case, the processing may concern e.g. data that is necessary for us to deliver the Service to the User, to provide customer service or to invoice the User. The processing in this case is based on the contract between the User (or the corporate customer) and Zervant.
Service development and research
We may use personal data to improve the quality of the Service, to solve problems detected within the Service and to develop better features to the Users. We base this processing on our legitimate interest to improve our Service and its features and content. We may also generate anonymous, aggregate statistical information for research purposes, including Business Intelligence.
Marketing and communications
We may use personal data to send the User relevant information about the Service. Personal data may also be used for the purposes of advertising, marketing, direct marketing and personalised marketing to Users. We may create general profiles of the Users to provide more relevant content and advertisements. We base this processing on our legitimate interests to keep the Users up-to-date about our Service and to market relevant new products and services to our Users. The User has the right to prohibit direct marketing at any time.
Sharing of personal data
We may disclose personal data to third parties:
- when permitted or required by law;
- when our trusted service providers provide services to us on behalf of us and under our instructions. However, we will control and be responsible for the use of the User’s personal data at all times;
- if Zervant is involved in a merger, acquisition, or sale of all or a portion of its assets;
- when we believe in good faith that disclosure is necessary to protect our rights, protect the User’s safety or the safety of others, investigate fraud, or respond to a government request.
Zervant does not sell personal data of Users to third parties.
Transfer of personal data outside the EU/EEA
In general, we do not transfer personal data of Users outside the EU/EEA. However, some of Zervant’s trusted service providers operate in the United States. When these service providers provide services to us, we may need to transfer some personal data of the Users to the United States. In these cases, our service providers have committed themselves to safeguards that are required by European data protection laws to provide adequate level of data protection, such as the Privacy Shield.
Retention of personal data
The User’s personal data will be retained only for as long as necessary to fulfil the purposes defined in this Policy. When the User’s personal data is no longer required by law or rights or obligations by us or the User, we will delete the personal data. For example, when the User removes the User’s account from the Service, the data is deleted without delay from the Service. In this case, due to technical reasons, the personal data will be retained in our backups up to one year before it is deleted.
The User’s privacy rights
The User has a right to access personal data we hold about the User. The User may access, correct, update, change or remove personal data at any time. However, certain information is strictly necessary in order to fulfil the purposes defined in this Policy and may also be required by law. Thus, the User may not remove such personal data.
The User has a right to object for certain processing, such as profiling for marketing purposes. To the extent required by applicable data protection law, the User also has a right to restrict data processing.
The User has a right to data portability, i.e. right to receive personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable law.
The User can correct, delete and otherwise handle personal data within the Service, or contact Zervant’s customer service team via the contact form in the Help Centre.
If the User finds that there is a problem with the way we are handling personal data, the User has a right to file in a complaint to the User’s national data protection authority in the EU/EEA. In Finland that is the Data Protection Ombudsman. Contact details of the Finnish Data Protection Ombudsman.
Our Service is not directed to children under 16. If you become aware that a child under 16 has provided us with personal information, please contact us at the information referred to in the ‘Data controller’ section, or simply send us an email at firstname.lastname@example.org.
Cookies and other similar techniques
Zervant takes security seriously. We take various steps to protect personal data from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
To learn more about current practices and policies regarding security and confidentiality of personal data and other information, please see our data security description – a document we keep updated as these practices evolve over time.
We may change this policy from time to time. If we do, we will post a notification in the Service.