Privacy policy for Auma Space Online Services

1 Controller

Auma Space Oy, 3021639-8

Nokitontunkuja 4, 02200 Espoo, Finland

2 Contact for register matters

3 Name of the register

Auma Space Online Services User Register

4 Scope of Auma Space Online Services and this privacy policy

Auma Space Online Services (referred later individually as Service and together as Services) consist of separate services for different use cases. Since it might not be obvious for the user when he or she moves from one service to another we will cover the privacy matters for all services in this privacy policy.

Auma Space Online Services consist of:

Auma Space websites located in the URL

5 The purpose and legal grounds for processing data

The purpose and legal ground for processing data varies by Service and whether the user has logged into the service or not.

Website and is service that users can use without logging in. In this case the legal ground for gathering data from users is that they have entered a Service and have interest toward the Controller or the Controller’s products.

The purpose why we process data of users that have not logged in is to develop our Website to serve our visitors better and to understand demographic background of users visiting our Services. Auma Space uses tools like Google Analytics to analyse the data of the users. Based on user analytics provided by these tools we analyse what type of content we should provide for the users and how the user interacts with the user interface we have developed.

On Website there is a possibility to contact the Controller via online forms. The data provided through these forms is processed by the Controller in order to fulfill the request the user has sent. The Controller can use user’s personal data for direct marketing purposes if user provides his/her personal data through online forms and gives a consent for it.

At a later stage Auma Space introduces services that require logging in. Auma Space updates privacy policy and terms of service accordingly.

Subcontractors the Controller uses are SaaS providers that provide software the Controller uses to run its daily business operations, web analytics providers, such as Google Analytics, and consultants who develop Auma Space Online Services together with the Controller. The Controller discloses only the types of the subcontractors because co-operation with the subcontractors is not continuous and the Controller has required Data Processing Agreements with the subcontractors.

6 Data content of the register and categories of data subjects

The Controller processes the following types of personal data of users in connection with the Services.

6.1 Data content processed on Website

On Website the Controller tracks the behavior of the user with cookies. The Controller uses Google Analytics and tools to analyse this data. These services do not enclose personal data of users to the Controller as they only aggregate the data into analyses of users and their behavior on Website.

The controller uses Facebook and LinkedIn services for online marketing. If an user who visits the controller’s website is logged in to their Facebook or LinkedIn accounts then this fact can be used for targeting ads of the controller’s products to the user when he/she uses these services.

More information about the privacy of Google services is available here: More information about the privacy of Facebook services is available here: More information about he privacy of LinkedIn services is available here: 

If user uses an online form on Website to contact the Controller the mandatory information user must provide are: Company or organization of the user, name, email address, city, state and country. Optional information is telephone number. We ask users to provide this information so that we are able to fulfill the request the user sends us.

7 Regular sources of data

The Controller regularly updates the data in Customer Relationship Management (CRM) system according to the data updates the Controller receives from its business partners which are employers of data subjects.

8 Regular disclosures of data and transfer of data outside the EU or the EEA

In a case where a user sends a quote request through Website form the data the user provided in the request can be disclosed to a reseller of the Controller’s products. If data the user provided in such request indicates that user’s organisation is located outside EU or the EEA the controller can disclose this data to a reseller located outside EU or the EEA. When the Controller discloses personal information to resellers there are appropriate contractual safety measures in place.

If user allows it when sending the contact request through a Auma Space Online Service then users personal information may be transferred to an email marketing system.

If user’s organisation forms a commercial relationship with the Controller then user’s personal data is transferred to CRM system and user becomes part of Partner Contact Register. 

Otherwise the Controller does not disclose to other parties or transfer personal data outside the EU or the EEA.

9 Principles of register protection and period of data storage

The Controller uses different technical and organizational security measures to protect personal data in Services. Only employees are entitled to use the system containing personal data that are entitled to process customer data based on their official capacity. Each employee has a personal username and password to the system. The data is collected to databases that are protected by firewalls, passwords and other technical means.

Personal data in Services is stored as long as the Controller has commercial or other contractual relationship with the data subject’s employer and other legal data storing requirements regarding the commercial transactions between the Controller and data subject’s employer has been fulfilled. If personal data in Services is not related to any commercial or contractual relationship of the Controller the data is stored for maximum of 24 months.

The controller regularly evaluates the necessity of data storage taking into account the applicable legislation. Additionally, the controller takes care of the reasonable measures that are used to ensure that personal data that is incompatible, outdated or incorrect concerning the purpose of processing the data is not stored, but rectified or removes such data without delay.

10 Right of the data subject

The data subject has right to request access from the controller to personal data concerning him/herself and the right to request rectification of such data or remove or restrict or object processing the data and the right to transfer the data from one system to another (in certain situations) and data subject´s right to lodge a complaint with a supervisory authority responsible for processing personal data.

The data subject has whenever right to withdraw his/her consent without an effect on the legal grounds of processing before the withdrawal. The data subject is entitled to review the data concerning him/herself that is stored in the register and to demand the removal of data or the rectification of incorrect data. Requests concerning the matter shall be delivered personally or in writing to the contact person referred to in section 2.

The data subject is entitled to object or request restriction of the processing of his/her personal data and to lodge a complaint concerning the processing of data to a supervisory authority in accordance with the General Data Protection Regulation (from 25.5.2018).