Version: 3
Date: 24.3.2022
This is a privacy policy document that provides You (“You”, “Your”, “User”, “Customer”) with very important information directly related to You as a data subject and to the protection of Your personal data. This privacy policy applies to Our
– Web site data (www.kaltiot.com)
– Marketing data
– Customer data
1. The identity and the contact details of the data controller.
1.1. Identity of the data controller. Kaltio Technologies Oy (“Controller”, “Kaltiot”, “We”, “Our”, “Us”; Finnish business ID:2653826-3).
1.2. Contact details of the Controller.
Street address: Kirkkokatu 18
Postal code/Zip: 90100
City: Oulu
Country: Finland
Email address: privacy@kaltiot.com
2. The person who is responsible for data protection
(“Data Protection Responsible Person”): Timo Konu Street address: Kirkkokatu 18; Postal code/Zip: 90100; City: Oulu; Country: Finland; Email address: privacy@kaltiot.com;
3. The purposes of the processing and the legal basis for the processing.
3.1. Purposes of the processing
(i) Measuring and analysing Our web site traffic and optimizing the web site. We need to know how You are using Our website to make it serve You better. Processing is based on Your choice of using or not using cookies (so called cookie consent). See our Cookie policy. We use Google Analytics to understand how Our website is used.
(ii) Marketing our products, measuring the effects of Our marketing messaging and targeting to the right customers. It is in Our legitimate interest to market Our products to potential customers. We may want to tell You about Our products and services by sending marketing email messages to You. For this We need to have Your consent to do that (so called marketing consent). Some links in Our marketing messages may carry personalized links to Our web site content that helps Us to find out if the information that We did send interests You. It is also good to know for us how many of the recipients of Our marketing messages return to Our web site to read articles and other content referred by Our marketing messages.
(iii) Keeping record of the customer data. In case You are Our customer we may process Your personal data for the performance of the contract to which You are party. If you are not yet Our customer We may process your personal data also in order to take steps at the request of You prior to entering into a contract.
(iv) Kaltiot technology test and development environment. If You are a technology professional We can provide access to Kaltiot Smart Console (“Service”) or Our other such services for You (“Users”) for testing and software development. This applies strictly for non-business use. If you need to use the service environment for business use, please contact Kaltiot representative. You would use the Service to create Service specific attributes and binaries such as name of Your own service, PKI keys and signed smart phone application installation package which includes ready to run configuration of Your own application against the newly created development/testing service. Legal basis for processing in this case is Your given consent to the processing of Your personal data for this purpose.
4. Personal data processed.
4.1. We process Our web site log file and Google Analytics data such as
(i) Visited page identity
(ii) Time of visiting the page (timestamp)
(iii) Source IP address
(iv) Device info
(v) Source Page
(vi) Cookie information (see Cookie Policy)
4.2. We process customer relationship related personal data such as
(i) First and last name
(ii) Organization
(iii) Job Title
(iv) Email address (business)
(v) Phone number (business)
(vi) Street address of company
(vii) Billing information
(viii) City
(ix) Postal code/Zip
(x) Messaging history
(xi) Meeting minutes
(xii) Service details
4.3. We process marketing related personal data such as
(i) First and last name
(ii) Organization
(iii) Email address (business)
(iv) Consent (marketing consent)
(v) Newsletters (sent)
(vi) Marketing messages (sent)
(vii) Signup and profile update timestamps
4.4. We process Kaltiot technology test and development environment relate personal data such as
(i) Email address (main user of the test environment)
(ii) Service specific attributes generated by the service
(iii) Data generated by the applications of the service
(iv) Log data
(v) Web server log data such as source address
5. Origins of the personal data.
5.1. Most of the personal information is collected from You or Your company.
5.2. Company related information is collected from the publicly available sources such as company web pages.
6. Retention period.
6.1. Web site log data and Google Analytics data: 26 months
6.2. Marketing data: marketing related processing is ended and personal data is deleted when there does not exist any further need for processing.
6.3. Customer data: two years from the day when the performance of the latest contract is ended. However, some customer relationship related data and contract performance related data can be included into Our accountancy. In accordance to the Finnish Accounting Act (1336/1997) the vouchers for the financial year, correspondence regarding transactions and other accounting material must be retained for at least six years after the end of the year during which the financial year ended.
6.4. Kaltiot technology test and development environment data: two years from the day when the User logged in last time.
7. Your rights as a data subject.
7.1. We need to identify You before We can proceed and let You exercise Your rights of the data subject. However, We shall not be obliged to maintain, acquire or process additional information in order to identify You or data related to You. In case where We cannot identify Your data for the purpose of exercising Your rights as a data subject, You can still provide Us with an additional information enabling Your identification.
7.2. You have the right to request from the Controller confirmation as to whether or not personal data concerning You are being processed, and, where that is the case access to personal data concerning You. You need to describe what data You need access to the Data Protection Responsible Person.
In Kaltiot technology test and development environment You get access to Your personal data by logging into the environment and viewing Your data on the user interface of the Service environment.
7.3. You have the right to request from the Controller rectification of personal data concerning You. You need to describe the issue clearly to the Data Protection Responsible Person.
7.4. You have the right to withdraw Your marketing consent by clicking “unsubscribe from this list” link or modifying your newsletter subscription and marketing permissions via link “update your preferences” that are shown in the end of our newsletters and marketing messages.
You can withdraw your given consent concerning processing your personal data in Kaltiot technology test and development environment.
You can also describe the issue clearly to the Data Protection Responsible Person.
About the cookie consent and how to avoid using cookies see Our Cookie policy.
7.5. You have the right to request from the Controller erasure for the personal data (‘right to be forgotten’) concerning You:
(i) if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. You need to describe the issue clearly to the Data Protection Responsible Person.
(ii) if You object to the processing of personal data concerning You, on grounds relating to Your particular situation, at any time and there are no overriding legitimate grounds for the processing. You need to describe the issue clearly to the Data Protection Responsible Person.
(iii) if Your personal data have been unlawfully processed. You need to describe the issue clearly to the Data Protection Responsible Person.
(iv) if the personal data have to be erased for compliance with a legal obligation in EU or Finnish law to which the Controller is subject. You need to describe the issue clearly the Data Protection Responsible Person.
i-iv shall not apply to the extent that processing is necessary for compliance with a legal obligation which requires processing by EU or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
7.6. You have the right to request from the Controller restriction of processing of personal data concerning You in case one of the following applies:
(i) the accuracy of the personal data is contested by You, for a period enabling the Controller to verify the accuracy of the personal data. You need to describe the issue clearly to the Data Protection Responsible Person.
(ii) the processing is unlawful and You oppose the erasure of Your personal data and request the restriction of their use instead. You need to describe the issue clearly to the Data Protection Responsible Person.
(iii) the Controller no longer needs Your personal data for the purposes of the processing, but they are required by You for the establishment, exercise or defence of legal claims. You need to describe the issue clearly to the Data Protection Responsible Person.
(iv) You have objected to processing on grounds relating to Your particular situation andthe verification whether the legitimate grounds of the Controller override those of You is pending. You need to describe the issue clearly to the Data Protection Responsible Person.
Where processing has been restricted because of condition of i-iv, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of Finland.
7.7. You have the right to object the processing of personal data concerning You. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You need to describe the issue clearly to the Data Protection Responsible Person.
7.8. You have the right to lodge a complaint with a supervisory authority, Data Protection Ombudsman (in Finland).
7.9. You have the right to get notified without undue delay by the Controller when the personal data breach is likely to result in a high risk to Your rights and freedoms.
8. Data transfers.
We use Google Analytics cookie technology in Our web site. Google Analytics transfers cookie related data to the United States of America. Google complies with the
EU-US Privacy Shield Framework (see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI)
We do not disclose Your personal data as such to any third parties except those who process data on behalf of us.
9. Obligation or necessity for You to provide the personal data and the possible consequences of failure to provide such data.
If you do not provide to us personal data such as email address then we are not able to provide you with relevant information related to Our products and services. For the performance of the contract to which You are party We might need some data from You that is necessary. Without such data We might not be able to do efficiently everything that we need to do for the performance of the contract.
10. Automated decision making or profiling
We do not utilize such functionalities that execute automated decision-making or profiling.
11. Updating this document
If the We intend to further process the personal data for a purpose other than that for which the personal data were collected, We shall provide You prior to that further processing with information on that other purpose and with any relevant further information. You will be provided with a new version of this document that will inform You concerning such new purpose or purposes.