Privacy Policy
This Privacy Policy has been published on 30.11.2020 version 2.0
Varjo Technologies Oy (later “Varjo”, “we” or “company”) receives, collects and otherwise processes personal data of representatives, employees and personnel of customers, potential customers, suppliers, potential suppliers, vendors, potential vendors, (later collectively “Business Partners”), and other users of our services (including also our website and social media services) and other business contacts of Varjo (later collectively “Data Subjects”).
The purpose of this Privacy Policy is to describe how Varjo processes personal data, what personal data Varjo collects, how the data is used and to whom the data is disclosed. In addition, we tell you how you can control the processing of your personal data. Varjo is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What data is collected, stored and processed?
Varjo receives, collects, stores and otherwise processes a range of personal data about Data Subjects, including:
• Name and contact information, such as email address, phone number, employer name and address and job title / position,
• Other personal data necessary for maintaining the Business Partner relationship, such as billing information, feedback, other message history and marketing preferences,
• Information related to account registration, such as username, email and organization name,
• Other information about subscriptions, such as validity period, last login time, headset serial number and number of active sessions,
• Electronic identification and behavior data such as cookie data and IP address. More information can be found in our Cookie Policy.
Personal data processed by Varjo is mainly collected directly from the Data Subject or through our Business Partner having a direct relationship with the Data Subject (such as employment). In addition, the personal data may also be collected automatically when the Data Subject uses our products and services e.g. when using our online services (including social media) and visiting our websites.
While the provision of certain personal data is necessary for the use of our services (for example contact details of Business Partners’ representatives or usage of the user account), certain personal data is provided voluntarily. personal data may be updated and supplemented by collecting data from private and public sources, such as commercially available directories and websites of the Business Partner.
We do not collect or process sensitive personal data (personal data of special categories).
Why does Varjo process personal data?
We process personal data of Data Subjects to offer services and to maintain our relationship with Business Partners. In this context, personal data may be processed for the following purposes:
• registration and delivery of our products
• subscription and providing of our services
• product and service development
• invoicing (including debt collection), recalls, warranties, customer service, feedback and related
communications
• management and administration of our relationship with our Business Partners and for customer information purposes
• provision of information and materials related to our products and services, for example by newsletters and direct marketing
• identifying potential customers who are using our services for the purposes of targeting relevant marketing to such persons
• registrations for our events and webinars
• market and customer analysis and surveys
• contacting the Data Subject and to provide information on the services.
• complying and fulfilling our legal duties and obligations such as tax law, accounting and product liability related obligations
• ensuring security of our products and services and preventing abuses
• ensuring security of our IT environments and protection of data
• presenting legal claims and/or responding to and defending against legal claims
We process personal data on the following basis:
• for the purposes of our legitimate interest to inform you about our products and services, to deliver, develop and maintain our products and provide and develop our services, ask you for feedback, or provide you other relevant marketing information about our products and services and to maintain the customer relationship. In this respect, processing of personal data is related to the customer, vendor and/or supplier relationship and other relevant relationship between Varjo and the respective Business Partners. Where Varjo relies on legitimate interests as a reason legal basis for processing personal data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
• for the purposes of performance of a contract to which the Business Partner or Data Subject is party or in order to take steps at the request of the Data Subject or the Business Partner prior to entering into a contract
• based on the consent by the Data Subject for the purposes of direct marketing [and other purposes we have ask your separate consent.]
• to comply with legal obligations applicable to us (such as corporate and accounting)
Who has access to personal data and why?
For the purposes stated in this Privacy Policy, personal data is disclosed, when necessary, to authorities, other companies within the same group of companies as us, and accessed by our third-party service providers and contractors (such as our IT vendors, resellers, logistics and service companies and marketing agencies conducting marketing on our behalf etc.). In such case, the personal data will only be disclosed for purposes defined above. We do not sell or otherwise disclose personal data to third parties outside Varjo Group for such third parties’ own purposes.
• List of the processors and other recipients can be provided upon request.
Transfer outside EU/EEA:
Personal data may also be transferred regularly outside the European Union and the European Economic Area (“EU/EEA”) within Varjo Group and also to our service providers. In case personal data is transferred outside EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.
Other transfers:
In addition, we may share the personal data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements.
Personal data are also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety of the products and services.
How does Varjo protect data?
Securing the integrity and confidentiality of personal data is important to Varjo. We have taken adequate technical and organizational measures in order to keep personal data safe and to secure it against unauthorized access, loss, misuse or alteration by third parties, such as by encryption, access controls and firewalls. Nevertheless, considering the cyber threats in modern day online environment, we cannot give full guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to personal data or absolute security of the personal data during its transmission or storage on our systems.
For how long is data kept?
Personal data collected in connection with our services shall be retained as long as need for the purposes defined in this Privacy Policy unless such data is replaced through regular updates or otherwise. As regards personal data related to our relationship with our Business Partners, we retain Data Subject’s personal data for at least five (5) years from end of the respective Business Partner relationship or Data Subject’s latest contact with us. We retain the personal data for five (5) years in order to have adequate knowledge of our relationship with the Business Partner and to enable the continuity of our customer service. Personal data may be, in whole or partly, retained for longer or shorter period if required by applicable law (such as customer data for accounting, tax law and product liability related obligations) or if there is some other justified reason for us to retain or delete the personal data. In such a case, once the reason to retain the personal data ceases to exist, the Data Subject’s personal data shall be erased without delay.
• Detailed retention times can be provided upon request
We evaluate the necessity and accuracy of the personal data on a regular basis and endeavor to ensure that the incorrect and unnecessary personal data are corrected or deleted.
Your rights
As a Data Subject, you have a number of rights under applicable data protection laws. You can:
• access the personal data processed
• obtain a copy of your personal data on request in a structured, commonly used and machine- readable format insofar as the processing is based on contract, and insofar as you have provided the information to Varjo
• require Varjo to change incorrect or incomplete personal data
• require Varjo to delete or stop processing your personal data, for example where the data is no longer necessary for the purposes of processing. However, please note that certain personal data is strictly necessary in order to achieve the purposes defined in this Privacy Policy and may also be required to be retained by applicable laws. Thus, you may not delete such personal data.
• object to the processing of your data where Varjo is relying on its legitimate interests as the legal ground for processing. For example, you may object to your personal data being used for marketing purposes at any time.
• ask Varjo to restrict processing personal data for a period if data is inaccurate or there is a dispute about whether or not your interests override Varjo’s legitimate grounds for processing data
• the right to withdraw any consent given by you.
Data Subject may exercise the aforementioned rights by sending a written request to privacy@varjo.com.
If you believe that Varjo has not complied with applicable data protection laws when processing your personal data, you can lodge a complaint with a supervisory authority. In Finland, that is the Data Protection Ombudsman.
Updates to this Privacy Policy
Varjo may make changes to this Privacy Policy at any time by giving a notice on the website and/or by other applicable means. The Data Subjects are highly recommended to review the Privacy Policy on our website every now and then. If the Data Subject objects to any of the changes to this Privacy Policy, the Data Subject should cease using the services, where applicable, and he/she can request that we remove the personal data, unless applicable laws require us to retain such personal data. Unless stated otherwise, the then-current Privacy Policy applies to all personal data we process at the time.
Contact information
Varjo Technologies Oy (registered in Finland, business ID 2773901-6) is the legal entity determining the purposes and means of processing the information gathered and is the data controller of all the data collected.
If, at any time, you as the Data Subject have questions or concerns about this Privacy Policy, please contact privacy@varjo.com.