Cleverom Privacy Policy

Introduction

Cleverom is dedicated to respecting and protecting the privacy of our customers and ensuring the confidentiality and availability of the information processed, adhering to the applicable data protection laws. This privacy policy outlines our practices regarding the collection, use, and sharing of your personal information.

How to Contact Us

If you have any questions or concerns regarding our Privacy Policy or the handling of your personal data, please do not hesitate to contact us. Our dedicated team is committed to addressing any of your privacy-related inquiries.

Contact details for privacy matters:

Company: Cleverom Oy, 3492914-1

Address: Tekniikantie 4 A, 02150 Espoo

Email: juuso.rantala@cleverom.com

Please reach out to us through any of the channels listed above for any queries or requests related to your personal data.

Who We Are

Cleverom provides innovative application solutions designed to enhance business efficiency and productivity. This Privacy Policy applies to personal data collected by us through the Cleverom application and any related services.

Information We Collect

We collect various types of personal data to provide and improve our services. This includes:

  • User and contact information (e.g., name, email address, phone number)
  • Account details (e.g., username, password)
  • Contract-related information (e.g., contract number, service details)
  • Billing and payment information
  • Product and service purchase history
  • Device information (e.g., hardware model, operating system)
  • Customer feedback and communication records
  • How We Use Your Information
  • We use the collected information for the following purposes:
  • To facilitate the use of the Cleverom application
  • For marketing, sales, and promotional activities
  • To develop and enhance the Cleverom application and customer service
  • To process transactions and fulfill contractual obligations
  • For customer communication and support

How We Share Your Information

We respect your privacy and do not share your personal data with third parties, except as necessary to provide our services or as required by law. In cases of legal requirements or corporate transactions, we may disclose your information as necessary.

Roles and Responsibilities under GDPR

Cleverom acts as the data controller only with respect to the contact information of its own customer organizations and their registered users.

For any personal data that customers themselves input, upload, or generate within the Cleverom platform (including user-generated content, process data, or other materials), the customer organization is considered the data controller under the General Data Protection Regulation (GDPR). In these cases, Cleverom acts as the data processor and processes such data on behalf of the customer.

It is the responsibility of each customer to ensure that any personal data they manage or submit to the Cleverom platform complies with applicable data protection regulations, including obtaining any necessary consents from data subjects.

Legal Basis for Processing

For users in the European Economic Area (EEA), we process your personal data in compliance with the General Data Protection Regulation (GDPR) based on the following legal grounds:

Consent: We process personal data based on the consent you provide.

Contractual Necessity: We process personal data to fulfill our contractual obligations to you.

Legal Obligations: We process personal data as necessary to comply with our legal obligations.

Legitimate Interests: We process personal data when we have a legitimate interest, and this interest is not overridden by your data protection rights.

Cleverom acts as the data controller solely with respect to the contact details of its own customer organizations. Any user management activities and all content or materials uploaded, entered, or otherwise processed within the Cleverom application are the sole responsibility of the respective customer organization, which acts as the data controller for such data. Cleverom, in these cases, operates as a data processor on behalf of the customer, pursuant to the applicable data processing agreement.

For users in the United Kingdom, we comply with the UK General Data Protection Regulation (UK GDPR) alongside the Data Protection Act 2018. The legal bases for processing personal data are aligned with those under the GDPR.

For users in the United States, we comply with applicable state and federal privacy laws. We process personal data based on consent, to fulfill our contractual obligations, or as necessary for our legitimate business interests.

Your Rights

Under the GDPR (for EEA users) and UK GDPR (for UK users), you have several rights, including access, rectification, erasure, restriction of processing, data portability, and the right to object.

In the United States, your rights to access and control your personal data may vary by state. For example:

California Residents: If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to know about the personal information collected, accessed, and shared, as well as the right to request deletion of your personal data and the right to opt-out of the sale of your personal data.

Virginia Residents: Residents of Virginia have rights under the Virginia Consumer Data Protection Act (VCDPA), including the right to access, correct, delete, and obtain a copy of your personal data, as well as the right to opt-out of processing for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

We are committed to respecting and accommodating the privacy rights afforded to individuals in various jurisdictions. For any inquiries or requests regarding your privacy rights, please contact us using the contact details provided in this policy.

Data Security

At Cleverom, ensuring the security of your data is of utmost importance to us. We implement comprehensive technical measures to protect your information from unauthorized access, alteration, disclosure, or destruction. Here’s how we safeguard your data:

Data Storage Location: Our production data is hosted on Amazon AWS servers located within the European Union (Sweden), ensuring that all data transfers comply with GDPR regulations. For clients requiring dedicated physical storage solutions, we offer the possibility to arrange this through an Enterprise plan.

Technical Security Measures: We are committed to maintaining the highest level of security. Updates to our technology stack’s security features are implemented as soon as they become available. Our infrastructure includes industry-standard encryption levels, such as TLS-encrypted hard drives and network segmentations. Data transmission between your device and Cleverom’s servers is encrypted using HTTPS technology. Detailed information on our platforms and technologies is available upon request.

Access Control: Access to your data within Cleverom is strictly limited. Only a select group of employees, who have necessary access for their role, can access the production environment. All personnel with access to confidential customer information have signed non-disclosure agreements to further ensure the protection of your data.

Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA): We recognize the importance of advanced security measures like 2FA/MFA for user authentication. Customers interested in these options are encouraged to contact us for an Enterprise plan arrangement.

Single Sign-On (SSO) Authentication: Understanding the need for streamlined access controls, we provide SSO authentication options for our users. This feature is available as part of our Enterprise plan offerings.

Cleverom is dedicated to maintaining a secure environment for our users’ data through rigorous adherence to security best practices and constant monitoring of our systems. For any further inquiries about our data security measures or to discuss specific security requirements, please reach out to us.

International Data Transfers

We do not transfer personal data outside the European Union or the European Economic Area.

Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

Links to Other Websites

Our application may contain links to other websites. We are not responsible for the privacy practices of these websites.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or relevant laws. We encourage you to review this policy periodically.