Privacy Policy of the products of Ilves Solutions Ltd and Ilves Valmisohjelmistot Ltd / Ilveshaku

Data protection is your fundamental right, which we commit to safeguard. In this Data
protection statement we explain what kind of personal data the Ilves companies (Ilves
Solutions Ltd and Ilves Valmisohjelmisto Ltd) process and to what purpose they are processed.
This statement covers interaction between you and the Ilves companies. This statement also
covers certain Ilveshaku-products.

1.General information

Ilves Solutions Oy and Ilves Valmisohjelmistot Oy (hereinafter ”Service Provider”) are committed to protecting the
privacy of the users of the internet service Ilveshaku.fi (hereinafter ”Service”) maintained by the Service Provider in
accordance with the General Data Protection Regulation (EU) 2016/679 and other applicable regulatory provisions
as they apply to the Service Provider from time to time.
By using the Service the user (hereinafter ”User”) accepts the terms and conditions included in this privacy policy
(hereinafter ”Terms”). In case the User does not accept the Terms, the User must stop using the Service.

2.Collected information

Service Provider collects such personal data concerning the User as is needed for the processing purposes set forth

under the Section 4 of these Terms. Data concerning the User collected include:

User’s personal data:

• contact information such as name, address, phone number and e-mail
• registration data required by the user account such as user name, nickname, password and other
• possible individual identified
• demographic data such as age, gender, rank or profession and native language
• communication between the User and Service Provider such as messages, feedbacks and requests
• recorded customer service calls

• profiling and interest information provided by the User
• permissions, consents and authorisations
• prohibitions
• other information collected with the consent of the User

Data describing the use of the Service

• data about the use of the Service concerning an identified user such as use and browsing of Service functionalities
• data collected by using cookies and other similar technologies such as the page browsed by the

• User, the site through which the User accessed the Service, the device model, individual device orcookie identifier, the channel through which the service is accessed (web browser, mobile browser,application), browser version, IP address, session identifier, session time and duration, screen resolution and operating system

• all other information, which the User inputs or uploads to the Service (such as information, which the User inputs through an online form or a photo, which the User uploads to the Service)

Service Provider stores the following information to its customer register:

• User’s name, rank or profession, age, gender and native language
• one additional identifying information
• contact information for future contacts

3.Sources from which information is collected

• Personal data concerning the User is primarily collected from the following sources:
• Information given by the User during registration or while updating the user profile
• information regarding the use of the Service gathered by using techniques described in these Terms

4. Purposes for which the personal information is collected

Service Provider only collects personal data for predefined purposes, which can be classified as follows:

• management, provision, maintenance and improvement of the Service
• development and definition of the Service and related products and services
• answering questions and implementing requests
• other communication with the User
• fulfilling Service Provider’s legal obligations
• other purposes authorised by the User
• other purposes in compliance with the applicable law

5.Storage of personal data

Service Provider stores personal information only as long as it is needed for the purposes set forth under Section 4
above in accordance with the from time to time applicable laws and regulations.
If the User has not logged onto the user account for an extended time, typically 12 months, most of the personal
data concerning the User will be deleted, transferred to a permanent archive register or anonymised into such a
format that the User can no longer be identified.
Notwithstanding the aforementioned information published by the User shall remain in the public sections of the
Service, such as forums.
Service Provider will also store personal information as required by the from time to time applicable legislation.

6.Processing of personal data

Personal data shall primarily be processed by Service Provider’s employees.
In case the Service Provider has outsourced the processing of personal data to a third party, Service Provider will
ensure through contractual measures that personal data is processed in accordance with the applicable laws and
regulations.
There is no intention to transfer personal data outside EU or EEA. If any personal data is at a later time transferred
outside the EU or EEA, Service Provider will ensure sufficient level of privacy protection by, among other things,
contractual measures required by the law, for example by using standard contractual model clauses approved by the
European Commission.

7.Transferring or disclosure of data

Service Provider will not sell, rent or transfer User’s personal data to third parties except in the cases set forth below
in this Section 7.
Personal data may be disclosed to a third party in case the User has given their express consent thereto.
Personal data may be disclosed to due to an order, which is compelling on Service Provider, issued by a competent
authority or another party based on the from time to time applicable legislation.
Personal data may be transferred to third parties for scientific or historical research purpose, in which case
information will be anonymized so that the data subject can no longer be identified.
Personal data may be transferred to a party of such transaction or their advisors in case of re-arrangements of the
business relating to the Service such as sale or acquisition of business, merger or diffusion.

8.Protection of personal data

Service Provider uses necessary technical and organizational measures to protect personal data against unauthorized
access, transfer, deletion or other unauthorized handling.
Such methods include the use of firewalls, encryption technologies and safe server rooms, proper access control, the
controlled provision of user rights and supervision of their use, providing instructions for data processors, and
diligent selection of competent subcontractors.
Although Service Provider does its best to protect personal data from possible risks and disclosures, it is not possible
to achieve perfect data security in a network environment. Therefore the User should not disclose any such
information in the Service, which is especially sensitive or which is not required to be disclosed in the relevant context.

9.Use of cookies

Cookies are small files that the browser saves in the User’s device and they contain an individual identifier, which
Service Provider can use to identify the User and to track browsers which have visited the Service.
Service Provider may collect data from User’s terminal and concerning the use of the Service by using cookies and
other techniques such as browser’s local data storage.

Collection of data by third parties
Third parties mean parties, who are not part of the Service, but are connected to the Service such as providers of
online measurements and analytics services as well as providers of so-called social plugins, such as Facebook, Twitter
and Google+.
Due to the fact that the services provided by the above mentioned third parties are based, if and to the extent they
are offered or utilized in connection with the Service, on data transfer between the Service and the respective services
offered by the third party, it is possible, that such a third party may collect information regarding the User for example
by installing cookies on the User’s terminal.
Service Provider undertakes to the extent possible through contractual measures to ensure that such third parties
comply with the from time to time applicable legislation.

11.User’s influence

Direct marketing consent
The User has the right to prohibit the transfer or handling of their information for direct advertising, distance selling
or other direct marketing by giving a notice thereof to the following e-mail address asiakaspalvelu@ilveshaku.fi.

Right to access and rectification
The User has the right to access personal data collected and to demand rectification, erasing or supplementation of
erroneous, unnecessary, incomplete or obsolete personal data by giving notice thereof to the following e-mail
address asiakaspalvelu@ilveshaku.fi.

Right to be removed
The data subject has the right to ask for removal of registered data. After having processed the request, we either
remove the data or inform the subject on what basis the data cannot be removed.

Withdrawal of consent
When it comes to processing of personal data based on consent, the subject has the right to withdraw consent for
processing of such data at any point.

Right to limit the process
The data subject has the right to request that we limit the processing of controversial data until the matter has been
settled.

Right to transfer
The data subject has the right to request that the subject’s personal data is transferred to another system

Preventing the use of Cookies
The User can prevent the use of cookies by changing their browser settings. Preventing cookies may have an impact
on the User’s user experience.

Clearing Cookies
The User can clear the cookies from their browser settings. Clearing cookies may have an impact on the User’s user
experience.

Right to appeal to supervising authority
If the data subject has grounds for suspecting that we are in not complying with effective legislation regulating data
protection, the subject has the right to make an appeal to the Data Protection Ombudsman. The Data Protection
Ombudsman’s contact information:
https://tietosuoja.fi/en/office-of-the-data-protection-ombudsman

12.Changing privacy policy

Service Provider strives to continuously develop the Service, which may result in a need change these Terms. Need
for changes may also arise from changes of laws and regulations.
Service Provider reserves the right to change these Terms. Changes to the Terms will be announced in the Service.
Service Provider recommends that the User regularly familiarizes with the content of the Terms.
Continued use of the Service after the release of new Terms is deemed acceptance of the amended Terms.

13.Contacts

We request that the User primarily directs all contacts relating to these Terms to the following contact person
responsible for issues relating to personal data: Heikki Ilvessalo, phone +040 5471501
The User can also contact use in relation to these Terms through the following address:
Ilves Solutions Ltd / Ilves Valmisohjelmisto Ltd
Niittymäentie 9
02200 Espoo
This privacy policy was last updated on October 2023.