Privacy Policy

In order to serve our customers and promote our services, we collect necessary information about our customers and potential customers' contact persons. We comply with applicable data protection legislation and authorities' guidelines when collecting and processing personal data.

The processing of data is based on a legitimate interest related to customer relationships or customer acquisition, or on the consent given by the data subject. The data is used to manage customer relationships, deliver services, and for advertising and marketing targeted at businesses and other organizations.

Data Controller

Caleido Oy, Jääskeläntie 55 A, 02660 Espoo

Contact person regarding the register: Ali Omar, ali.omar [at] caleido.io, p. 044 5278511

Name of the Register

Caleido Oy's Customer and Marketing Registers

Purpose of processing personal data, legal basis, and retention period

The purpose of processing personal data is to enable the management of customer relationships and communication. Personal data may also be used during the processing of orders and the delivery of products and services, for analytics and statistical purposes, as well as for targeted advertising and marketing. Direct marketing aimed at a company or other organization may be sent to the data subject based on their job duties or position, unless the data subject has prohibited it.

The primary legal basis for processing personal data is Caleido Oy's customer relationship or a potential customer relationship with the company or another organization where the data subject is employed, along with the legitimate interest related to managing customer relationships and targeting marketing. Processing may also be based on the consent given by the data subject.

We retain the personal data we collect only as long as it can be deemed necessary for the purposes described in this privacy policy, unless the retention of data for a longer period is required or permitted by law. We delete the personal data stored in the register when we become aware that the data subject's employment relationship with our customer has ended, or their duties change in a way that no longer justifies the processing of personal data.

Contents and sources of the register

The registers contain the basic information of the data subject, such as name, employer's name, position/job duties, email address, phone number, and workplace address, as well as the prohibition of direct marketing. Sensitive data is not collected in the registers.

The data collected in the registers is obtained from the data subject when they send us a message through our website or via email, order our products, or otherwise contact us, for example when requesting support services. Additionally, the data subject's personal data may be obtained from the information provided by their employer and from public sources or registers. Data may be combined and merged.

Data may also be collected automatically using various methods when the data subject uses our website on a computer or mobile device. Automatic methods may include cookies, web beacons, and other technologies. The data subject can prevent the automatic collection of data based on cookies by disabling cookies in their browser settings. Our cookie policy is detailed in the Cookies section.

Principles of register protection

In the processing of personal data contained in the registers, we exercise care and have ensured appropriate measures to secure personal data. Personal data are protected from unauthorized access and accidental or unlawful destruction, alteration, disclosure, transfer, or other unlawful processing. Stored data and access rights to servers as well as other critical information regarding the security of personal data are handled confidentially and only by those employees for whom it is part of their work duties.

Disclosure of data

Data is not disclosed to third parties except by law, regulation, or at the request of authorities or in connection with the sale or transfer of business.

Transfer of data outside the EU or EEA

Personal data are primarily processed within the European Union. However, we also use U.S. service providers in direct marketing and support service communications, which may result in the transfer of personal data outside of the European Union, provided that the requirements of data protection legislation are met. To protect personal data and ensure the rights of data subjects, we only use service providers that are committed to complying with the EU General Data Protection Regulation and to implementing the necessary additional measures to ensure an adequate level of data protection, in accordance with the EU Commission's standard contractual clauses or procedures under Article 46 of the GDPR.

Data subject’s rights

The data subject has the right to check the information stored in the register and to request correction of any incorrect information or completion of incomplete information, as well as to request the deletion of their personal data from the register. Data subjects also have other rights under the EU General Data Protection Regulation, such as restricting or objecting to the processing of personal data in certain situations. If a person wishes to check the information stored about them or make requests regarding it, the request must be sent in writing to the data controller. The data controller may ask the requester to verify their identity when necessary. The data controller responds to the data subject within the period stipulated by the EU General Data Protection Regulation (generally within one month).

The data subject also has the right to deny the use of their data for direct marketing, remote selling, or other direct marketing. If the data subject has given us permission to send marketing communications, they can later refuse communications in accordance with the instructions included in the messages.

We always aim to resolve questions about the processing of personal data directly with the data subject, respecting all of the data subject's rights. However, if the data subject is dissatisfied with our processing of personal data, they have the right to refer the matter to the data protection authority.

Cookies

Our website uses cookies. A cookie is a small text file that is stored on a computer when a user visits the website. The file contains a small amount of information about what the user does on the site during their visit.

Cookies are used to statistically monitor the use of the site, to personalize content, and to target marketing. This allows the service to be developed to be more user-friendly and useful.

Most web browsers accept cookies by default, but the user can reject the use of cookies in their browser settings. If the use of cookies is prevented in the browser, the functionality of the site may be impaired, and some functionalities may not work at all.

Google Analytics

Our site uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses a series of cookies to collect data, create usage-related statistics, monitor the site, and improve its performance. All data collected through these cookies is aggregated anonymously and does not identify the user personally.

Google Tag Manager

Google Tag Manager is a tool provided by Google that allows the management and updating of JavaScript and HTML tags on the website without code changes. This tool itself is cookie-free and does not collect any personal data. Google Tag Manager facilitates the use of other tags and snippets that may collect data.

Microsoft Clarity

We collaborate with Microsoft Clarity and Microsoft Advertising to record how you use and interact with our website using behavioral metrics, heat maps, and session replays to improve and market our products/services. Website usage data is collected using first-party and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. We also use this information for site optimization, fraud/security purposes, and marketing. For more information on how Microsoft collects and uses your information, see Microsoft's privacy statement.