Privacy

This Privacy Policy is applicable to personal data processed by Happeo Oy (“Happeo”, “we” or “us”) relating to the users of our enterprise communication platform (the “Service”). 

This Privacy Policy is also applicable to personal data processed by us with regard to the representatives of our customer organisations when such data is processed in connection with the provision of the Service. All of the aforementioned data subjects are hereinafter collectively referred to as “Users” or “you”. This Privacy Policy governs solely the Service and the data processing carried out by Happeo in connection therewith. As regards processing of personal data in connection with our marketing and sales activities or the provision of the website www.happeo.com, or otherwise outside the scope of the Service, please refer to our general Privacy Policy available at www.happeo.com/happeoprivacy.  

In relation to the provision of the Service, we also operate from time to time as a data processor for our customer organisations, in which case the customer organisation is regarded as the data controller. This means that we process personal data based on contracts on behalf of our customers in accordance with their instructions and not for our own purposes. As a data controller, the customer has full control and responsibility on what personal data it decides to enter in the Service and under what legal basis it has the right to process and transfer it to Happeo, including acquiring necessary consents, if required. Happeo does not review the data entered into the Service by the customer organisation. We do not use any personal data submitted to the Service by the members of our customer organisations (the “End-User Data”) for any sales and/or marketing purposes.

We are committed to processing personal data in compliance with this Privacy Policy and applicable laws. This Privacy Policy contains information about what personal data we collect, what are the key principles of processing the data and what rights you have relating to your personal data. 

CONTACT DETAILS

The data controller relating to processing of personal data pursuant to this Privacy Policy is:

Happeo Oy (business identity code: 2802188-2)
Köydenpunojankatu 2a, 00180 Helsinki, Finland
www.happeo.com
Email: security@happeo.com
Data Protection Officer: Antero Hanhirova

PERSONAL DATA PROCESSED AND SOURCES OF DATA

We collect two types of information concerning our Users: (i) User Data; and (ii) Analytics Data.

User Data is primarily received directly from the Users or the representative of the relevant customer (such as the customer’s admin user of the Service). Analytics Data is collected automatically as you use the Service. Although we do not normally use Analytics Data to identify individuals, sometimes individuals can be recognised from it, either alone or when combined or linked with other data. In such situations, Analytics Data shall also be considered to be personal data under applicable laws, and we will treat the combined data as personal data.

User Data and Analytics Data typically consist of the following categories of data. This data is either inputted directly by the User or synchronized by the organisation from an integrated solution, such as G Suite:

User Data
- Name
- Email addresses (primary and secondary)
- Phone numbers & labels
- Profile picture
- Manager’s email
- Addresses
- Organisation information, such as title, department, cost center and location

Analytics Data
- Pseudonymised user identifier
- Time of visit
- Browser type and version
- Action and action related pseudonymised identifiers
- IP address
- Geographical location
- Browser type
- Referral source
- Length of visits
- Pages viewed

COOKIES

We use cookies to provide our Service. Cookies are small text files that are placed on a web user’s computer and are designed to hold a modest amount of data particular to a User. We may use cookies to develop our Service. If you do not wish to receive cookies, you may set your web browser to disable them. Please note that most browsers accept cookies automatically. If you disable cookies, you should understand that our Service may not function correctly.

PURPOSES AND LEGITIMATE GROUNDS OF PROCESSING

Legal grounds for processing

In relation to the provision of the Service, we primarily process personal data on a contractual basis. For individuals acting as representatives of our customer organisations, personal data is primarily processed based on our legitimate interest whilst fulfilling our contractual obligations towards the organisations they represent.

We may also process personal data based on our legitimate interests, for example in connection with analytics. When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy.

In certain cases, you may be requested to grant your consent for the processing of your personal data. In this event, the legal ground for such processing is your consent. You may withdraw your consent at any time.

Purposes of processing

We collect, store and process personal data only for predefined purposes. We also always make sure that there is at least one legal basis for processing personal data. The main purposes and the applicable legal basis for processing personal data are: 

To provide our Service. We collect and process personal data to be able to offer the Service to our Users and to run and maintain our operations. Personal data may be processed in order to carry out our contractual obligations towards an individual User or towards the organisation the User represents. The legal basis for this processing is our legitimate interest and contract between Happeo and the customer.

For our legal obligations. We process personal data to enable us to administer and fulfil our obligations under law. This includes data processed for complying with our accounting obligations and providing information to relevant authorities. The legal basis for this processing is to ensure the compliance with our legal obligations. 

For claims handling and legal processes. We may process personal data in relation to claims handling, debt collection and legal processes. We may also process data for the prevention of fraud, misuse of our Service and for data, system and network security. The legal basis for this processing is our legitimate interest. 

For communication. We may process personal data for the purpose of contacting our Users regarding our Service, including handling of support requests and customer feedback as well as notifying Users about the Service. The legal basis for this processing is our legitimate interest. 

For quality improvement and trend analysis. We may process information regarding your use of the Service to improve the quality thereof, for example by analysing any trends in the use of our Service. Similarly, we may process any feedback provided by you to improve our operations in general. Where possible, we will do this using only aggregated, non-personally identifiable data. The legal basis for this processing is mainly our legitimate interest. 

PERSONAL DATA RECIPIENTS

Personal data is mainly stored in electronic format and only authorised personnel within our organisation have access to the data. 

We may also use third party service providers for data storage (e.g. cloud storage), digital marketing, processing of payments and other processing of personal data. In these situations, we make sure we have a written contract with each respective service provider with minimum data processing provisions. We will also otherwise ensure that the confidentiality of personal data is secured, and data is otherwise processed and transferred lawfully. Some of these service providers include, at the date of writing this policy, HubSpot, Google and Stripe.

We may also disclose or transfer personal data to fulfil legal obligations or when a legal authority requires a disclosure. We may also disclose personal data if we are a party of a business sale, such as a merger or an acquisition.

We may also transfer pseudonymized or anonymised data, from where it is not possible to identify a person. If this kind of data is no longer considered personal data, we may provide the data to third parties also for other purposes than those described in this Privacy Policy.

TRANSFERS OUTSIDE THE EU

By default, personal data is not transferred outside the EU. However, in various situations data may be transferred outside the EU if our service provider is located there.

If personal data is transferred outside the EU, we make sure that (i) the transferee is located in a country with adequate safeguards (as decided by the EU commission from time to time); (ii) the transferee is Privacy Shield certified (if a US-based company); or (iii) the transfer occurs by using model clauses published by the EU commission. 

DATA STORAGE PERIOD AND SECURITY

We will not store personal data for a longer period than is necessary for its purpose or required by contract or law. The retention periods for personal data may vary based on its purpose and the situation. The retention periods may also be based on applicable laws (e.g. accounting, tax laws, employment contracts act). We may also update data from time to time. With respect to the End-User Data, it is each customer’s responsibility to plan and supervise the data retention periods for such data. 

Personal data is stored and secured in accordance with general industry standards and practices. We consider and keep personal data confidential. Subcontractors that we use for processing personal data are selected also based on their data security measures. For our own systems and data storage, we use only well-established service providers and robust software tools. Access to personal data is also protected with user-specific logins, passwords and user rights. Our premises are also safe and secure.

USER’S RIGHTS

Right to access

You have the right to confirm whether we are processing your personal data and also to know what data we have about you. 

Right to withdraw consent

If we process personal data based on your consent, you can at any time withdraw your consent by contacting us. Withdrawing a consent may lead to fewer possibilities to use our Service. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to rectify

You have the right to request that we correct any inaccurate or outdated personal data we have about you by contacting us. 

Right to prohibit direct marketing

You have the right to request that your personal data is not processed for direct marketing purposes.

Right to unsubscribe marketing communications

You may unsubscribe from receiving our marketing communications at any time by clicking the "unsubscribe" link located on the bottom of our emails or by contacting us. 

Right to object

If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.

Right to restriction of processing

You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our Service. 

Right to data portability

If we process your personal data based on your consent or fulfilling of a contract, you have the right to require transfer of the data you have provided to us to another service provider in a commonly used electronic format.

How to use the rights

You can execute and use your rights by contacting us by sending email to security@happeo.com. In such case, we ask you to provide us your name, contact details, phone number as well as something that we can use to verify your identity, such as written and signed (and scanned) request, or a copy of your personal ID, but without social security number and other such information that we don’t need. If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervisory authority (in Finland tietosuojavaltuutetun toimisto).

PRIVACY POLICY UPDATES

We may update this Privacy Policy when our operations change or develop. Also changes in law may make it necessary to update this Privacy Policy. The changes become valid once we have published them in the form of an updated privacy policy. Therefore, please visit this page and read this Privacy Policy from time to time.

Inspire, imagine and innovate - together with Happeo.