Last updated: June 30, 2020
The key aspects of this Policy include the following:
- Personal data we collect and reasons why we collect it;
- How we use the personal data;
- How we share the personal data;
- How long we retain the personal data; and
- What rights Users have.
1. Data Controller
The data controller is Swarmia Oy (hereinafter "Swarmia", "we", "us" or "our"). Swarmia is responsible for ensuring that personal data is processed in compliance with this Policy and applicable data protection laws.
Contact details of the data controller:
Business ID: 3094736-9
Address: Lapinlahdenkatu 16, 00180 Helsinki, Finland
2. Processing of Personal Data
We collect personal data through different means, which are explained below. As a rule, personal data is collected directly from User in connection with the customer relationship or website activity.
2.1 Customer data
The following personal data is processed in connection with the customer relationship:
- User information, such as name, email address, job title, company name;
- Customer relationship details, such as contract, start and end date of customer relationship and services ordered;
- Billing information, such as bank account information, payments made and outstanding and bills delivered;
- Customer interaction, such customer contacts, feedback and complaints; and
- Marketing communications.
2.3 Technical data
We collect some technical data automatically through the use of our website or Service, which may be associated with Users. This includes IP address, type and device ID of the User's device as well as mobile operating system, browser type, browser version, the specific sub-sites of our website that the User visits, the time and date of the visit, the time spent on those sites, unique device identifiers and other statistical data.
2.4 Special categories of personal data
We do not process special categories of personal data about our Users.
3. Purpose and legal basis for processing personal data
We process personal data for the following purposes:
1) Providing the Service and managing customer relationship
The primary purpose of processing personal data is to provide the Service and to manage and maintain the customer relationship between us and User/the company the User represents. In this case, our processing of personal data is based on the customer contract.
We may send Users emails to inform about new features of the Service, ask for feedback, or provide you other relevant information about our Service. In this respect, processing of personal data is based on our legitimate interest to provide Users with relevant information as part of the Service and to promote the Service as well as to personalize the User experience.
A User may unsubscribe from marketing communications at any time by clicking on the "unsubscribe" link located on the bottom of emails or by contacting us at firstname.lastname@example.org.
3) Service development and information security
We also process personal data to improve the quality of the Service, including to monitor and analyse the use of the Service, and to ensure its security. In these cases, the legal basis for data processing is our legitimate interest to ensure that our Service has an adequate level of data security, and that we have sufficient and relevant information at hand to develop our Service.
4. Disclosures of personal data
We may disclose personal data to third parties:
- when permitted or required by law, e.g. to comply with requests by competent authorities or related to legal proceedings;
- when our trusted service providers provide services to us on behalf of us and under our instructions. We use third parties, such as cloud service providers. We will be responsible for the use of the personal data at all times;
- if we are involved in a merger, acquisition, or sale of all or a portion of our assets; and
- when we believe in good faith that disclosure is necessary to protect our rights, protect safety of our Users or the safety of others or to investigate fraud.
5. Transfers of personal data outside of the EU/EEA
We may transfer personal data outside European Economic Area ("EEA") when our trusted service providers are established there. For example, for marketing purposes we use Google Ads, and remarketing services by Twitter and Facebook. To the extent personal data is transferred to a country outside of the EU/EEA, Swarmia will use the required established mechanisms that allow the transfer to these service providers in those thirds countries, such as the Standard Contractual Clauses approved by the European Commission or rely on the so-called Privacy Shield for those service providers located in the U.S that are Privacy Shield-certified.
6. Retention of personal data
Swarmia will only retain personal data for as long as necessary to fulfill the purposes defined in this Policy. As a rule, the data will be processed during customer relationship. After that personal data will be removed except when retention is required by local laws, such accounting laws, or contractual rights or obligations by either party, for example for billing purposes.
7. Data subject rights
Users have the following rights:
- The right to request access to personal data about himself/herself;
- The right to request rectification, restriction or erasure of personal data. However, certain information is strictly necessary in order to fulfil the purposes defined in this Policy and may also be required by law. Thus, it may not be possible to remove such personal data.
- The right to object for processing, that is based on legitimate interest;
- The right to object to processing for marketing purposes and prevent from receiving future direct marketing;
- If processing of personal data is based on consent, the User has the right to withdraw consent at any time. The withdrawal will not affect the lawfulness of the processing carried out before the withdrawal; and
- The right to data portability, i.e. right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable law. This applies for personal data processed based on contract or the User's consent.
Please send above-mentioned requests to us at email@example.com.
If you think there is a problem with the way we are handling your personal data, you have a right to file in a complaint to your national data protection authority in the EU/EEA. You may also file in a complaint to the data protection authority in any other EU country where you live, work, or where you think the alleged violation has occurred.
We maintain reasonable security measures (including physical, electronic, and administrative) to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure.
Please be aware that, although we endeavour to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.
9. Changes to this policy
We may change this Policy from time to time. If we make any changes to this Policy, we will actively bring it to the attention of the users by using the available communication channels. The most recent version of this Policy can be found at https://www.swarmia.com/privacy.
A "cookie" is a piece of information that is stored on a user's computer, tablet or phone (hereinafter together "device") when they visit a website or use a service. Other technologies classified here as cookies may be used in the same purpose. Cookies can help in identifying a user's device when they use a mobile application or visit a website and remember helpful details of the use and the choices made by the user to improve the user experience.
Cookies cannot be used alone to identify an individual, but they may be linked directly or indirectly to an identifiable individual when combined with other information. In these cases, cookies may be treated as personal data. If we identify a user based on cookies, we make sure that all cookie information is processed as personal data in accordance with applicable data protection laws.
We use both session and persistent cookies for various purposes.
- Session cookies are stored in memory for the duration of the session and removed once the User closes the browser.
- Persistent cookies are placed on hard drive of the User's computer and stored until they expire or the User deletes the cookies. We will retain information collected via persistent cookies no longer than 2 years (or 10 years for Heap Analytics cookies).
We use both first and third party cookies for various purposes.
- First party cookies refer to both session and persistent cookies placed by us on our website.
- Third party cookies are cookies placed by third parties on our website, such as Google Analytics, Heap Analytics, and Intercom.
- Essential cookies
- Type: Session cookies
- Administered by us
- Purpose: These cookies are essential to provide the Swarmia website and to enable the use some of its features. They help to authenticate users and prevent fraudulent use of user accounts.
- Notice acceptance cookies
- Type: Persistent cookies
- Administered by us
- Functionality cookies
- Type: Persistent cookies
- Administered by us
- Purpose: These cookies allow us to remember choices a user makes when using the Swarmia website, such as remembering their login details or language preference. The purpose of these cookies is to provide a more personalised experience and to avoid a user having to re-enter their preferences every time they use the Swarmia website.
- Tracking and performance cookies
- Type: Persistent cookies
- Administered by third-parties
- Purpose: These cookies are used to track information about traffic to the Swarmia website and how users use the website. We may also use these cookies to test new advertisements, pages, features or new functionality of the website to see how our users react to them.