PRIVACY POLICY Ankkuri Software Oy
GENERAL INFORMATIONThis privacy statement describes how Ankkuri Software Oy (“company”, or “we”) processes personal data; what kinds of personal data the company collects, for which purposes the data is used and to which parties the data can be disclosed. Personal data refers to any information relating to a natural person (“data subject”) that can identify him/ her directly or indirectly. Personal data, data subject, controller and other key terms are defined in the General Data Protection Regulation (2016/679, “GDPR”). The company complies with the GDPR in all processing of personal data in conjunction with other applicable national data protection legislation (data protection legislation). CONTROLLERController: Ankkuri Software Oy (Business ID: 3372640-6)Address: Niemenmaantie 10 D, 33960 Pirkkala, FinlandTelephone: +358 452 093 779Email: info@booosted.comPURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATAPersonal data will be processed for the following purposes: • Managing and analyzing the customer relationship (contract or its preparation, legitimate interest)• Providing products and services (contract or its preparation, legitimate interest)• Developing services (consent). • Direct marketing based on company’s legitimate interest to send you promotional material about products and services you might be interested in. The data subject has the right to refuse personal data being used for direct marketing and may at any time recall prior consent. • Fulfilment of statutory obligations, such as obligations under tax and accounting legislation (statutory obligation)• Ensuring security of our products and services and preventing abuses (statutory obligation,legitimate interest)For processing activities that are based on a legitimate interest, we have carefully balanced such legitimate interest with the data subjectsright to privacy and concluded that our interest outweighs the data subjects’ rights and freedoms.WHAT PERSONAL DATA IS COLLECTED, STORED AND PROCESSED?The company collects only such personal data from the data subject that is relevant and necessary for the purposes described in this privacy statement.The following personal data from the data subjects will be processed:• Name and contact information, such as email address, phone number, employer name and address and job title / position.• Username and password.• Other information necessary for maintaining the business partner relationship, such as billing information, feedback, other message history and marketing preferences.• Electronic identification and behavior data such as IP address. DATA SOURCESThe personal data is mainly collected directly from the data subjects themselves, for example, in connection with preparing or signing of a contract or during a customer relationship. The personal data may also be collected automatically when the data subject uses our products and services e.g when using our AI chatbot and visiting our website.In addition, and with the permission of the data subject, data may be collected in other ways in a marketing context.Personal data may be updated and supplemented by collecting data from private and public sources.RETENTION OF PERSONAL DATAPersonal data collected in connection with our services shall be retained as long as need for the purposes defined in this privacy policy and as required by the law, unless such data is replaced through regular updates or otherwise. The periods vary greatly from one type of processing to another.Detailed retention times can be provided upon requests.We evaluate the necessity and accuracy of the personal data on a regular basis and endeavor to ensure that the incorrect and unnecessary personal data are corrected or deleted.WHO HAS ACCESS TO THE PERSONAL DATA?For the purposes stated in this privacy statement, the personal data may be disclosed, when necessary, to authorities, and to other third parties, such as third-party service providers (such as our IT vendors and marketing agencies conducting marketing on our behalf etc.). In such case, the personal data will only be disclosed for purposes defined above. List of the processors and other recipients can be provided upon a request.In addition, the company may share the personal data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements. The personal data is also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety of the products and services.IS DATA TRANSFERRED OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREAOur AI Chatbot and related servers and data are hosted within the European Union (EU). In case personal data is exceptionally transferred outside EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.HOW IS THE DATA PROTECTED?Securing the integrity and confidentiality of personal data is important to us. We have taken adequate technical and organizational measures in order to keep personal data safe and to secure it against unauthorized access, loss, misuse or alteration by third parties, such as by encryption, access controls and firewalls. Nevertheless, considering the cyber threats in modern day online environment, we cannot give full guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to personal data or absolute security of the personal data during its transmission or storage on our systems.RIGHTS OF DATA SUBJECTSThe data subject has a number of rights under applicable data protection laws. Right of access and right of inspectionThe data subject has the right to obtain confirmation as to whether or not personal data concerning him or her is being processed.The data subject has the right to inspect and view data concerning him or her and, upon a request, the right to obtain the data in a written or electric form. This applies to information that the data subject has provided to the company insofar the processing is based on a contract/consent.Exercising this right is generally free of charge.Right to rectification and right to erasureThe data subject has the right to require us to delete or stop processing the data subject’s personal data, for example where the data is no longer necessary for the purposes of processing.However, please note that certain personal data is strictly necessary in order to achieve the purposes defined in this privacy statement and may also be required to be retained by applicable laws.Right to data portabilityThe data subject has the right to receive the personal data that he or she has provided to us in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller. Right to restriction of processingThe data subject has the right, under conditions defined by data protection legislation, to request the restriction of processing of his/ her personal data. In situations where personal data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, the company will limit the access to such data. Right to object to processingThe data subject has the right to object to the processing of data where we are relying on its legitimate interests as the legal ground for processing. For example, the data subject may object to his/her personal data being used for marketing purposes.Right to withdraw consentIn cases where the processing is based on the data subjects’ consent, he/she has the right to withdraw his/her consent to such processing at any time.Exercising rightsRequests regarding the rights of data subjects shall be made in written or in electronic form, and the request shall be addressed to the controller mentioned on this privacy policy.If the data subject’s request cannot be met, the refusal shall be communicated to the data subject in writing. The company may refuse a request (for example erasure of data) due to a statutoryobligation or a statutory right of the company, such as an obligation or a claim relating to our services.The data subject may exercise the aforementioned rights by sending a written request toinfo@booosted.comIf you have any questions relating to our data protection policies or wish to exercise your rights, please do not hesitate to contact us.Right to lodge a complaint with a supervisory authorityThe data subject has the right to lodge a complaint with a competent data protection authority if the data subject considers that the processing of personal data relating to him or her infringes current legislation. However, we request that the matter be deal with the company in the first instance. The relevant authority in Finland is the Data Protection Ombudsman (www.tietosuoja.fi). CHANGES TO THE PRIVACY STATEMENTAnkkuri Software Oy may make changes to this privacy policy at any time by giving a notice on the website and/or by other applicable means. The data subjects are highly recommended to review the privacy policy on our website every now and then. If the data subject objects to any of the changes to this privacy policy, the data subject should cease using the services, where applicable, and he/she can request that we remove the personal data, unless applicable laws require us to retain such personal data. Unless stated otherwise, the then-current privacy policy applies to all personal data we process at the time.This privacy statement has been published on [31.7.2023], version 1.0Field Code Changed
