fbpx

PRÖNÖ MASTER DATA PRIVACY POLICY

Prönö Ltd’s mission is to provide professionals with a flexible SaaS platform in order to help professionals to find, interact with and consult their peers globally. Central to this objective is the compliance with applicable data protection laws and regulations as well as transparency about the collection, use and sharing of personal data related to the provision of our services.

 

This Privacy Policy is applicable to the personal data processed by Prönö Ltd (“Prönö” or “we”) relating to the  registered users, visitors and/or user’s contacts (aforementioned data subjects are hereinafter collectively referred to as “User” or “you”) of our prono.fi website and online platform, Prönö-branded applications and other services or off-site services provided by us (“Services”), but excluding services stating that they are offered under a different privacy policy. Service Users may be private professionals or company representatives.

 

The purpose of this Privacy Policy is to provide you with information about the processing of your personal data in accordance with the information obligations set in Article 14 of the General Data Protection Regulation 2016/679/EU (GDPR).

 

Throughout this Privacy Policy the term “processing” is used to cover all activities involving your personal data, including collecting, handling, storing, accessing, using, transferring and disposing of information. 

Please note that this Privacy Policy only applies to our processing of personal data of the above mentioned data subjects where we act as a data controller. This Privacy Policy does not address, and we are not responsible for, the privacy and data processing practices of any third parties.

 

This Privacy Policy may be updated if required in order to reflect the changes in data processing practices or otherwise. The valid version of the Privacy Policy shall be available at [*]. We will not make substantial changes to this Privacy Policy or reduce your rights under this Privacy Policy without providing a notice thereof.

1. CONTACT DETAILS

Prönö Oy

Business ID: 2470067-7

Nokitontunkuja 3 a 4

02200 Espoo, Finland

privacy@prono.fi

www.prono.fi

2. PERSONAL DATA PROCESSED AND SOURCES OF DATA

2.1 Data you provide us

2.1.1 Registration

 

We may collect the following type of personal information concerning the User depending on the capacity of the User as a private professional and/or company representative and whether you provide such information directly or via LinkedIn, Facebook or Google account using browser extention:

  • full name;
  • e-mail address;
  • user name and password;
  • photograph; and
  • company name/logo.

 

If you register for a premium Service or act on behalf of a company User, you will need to provide us with payment (e.g. credit card) and billing information.

 

2.1.2 User Profile

 

You have choices about the information you provide on your profile, such as:

  • country and place of business;
  • whether your profile is publicly available to everyone or privately to other Service Users;
  • personal or company descriptions;
  • chosen skills and categories;
  • offerings;
  • work experience;
  • age;
  • professional status; and
  • endorsements.

 

The User does not have to provide additional information on the his/her User profile. Please acknowledge, however, that profile information may help you to get more from our Services.


To the extent that User provides personally identifiable information on his/her employees or colleagues to the User profile, the User must obtain a prior approval from such party in order to provide their information.


Please do not post or add personal data to your profile that you would not want to be publicly available.

 

2.1.3 Posting and uploading

 

We may collect personally identifiable information from you when you provide, post or upload it to our Services. If the User opts to import his/her contact address book from LinkedIn or other third party service via browser extention, we receive personal information on your contacts.
Additionally, we may collect User notes from interactions with you or your direct correspondence with us concerning the Service.

2.1.4 Analytics

 

We may collect analytical data generated by the use of our Services. Analytical data shall be collected in an aggregated form meaning that the identification of individual persons from such data is not possible. However, individual person may be identifiable from aggregated data in certain situations when combined with other data accesible by Prönö. In these situations, aggregated data shall constitute as personal data under applicable data protection laws and shall be processed in accordance with this Privacy Policy.

Analytical data collected by Prönö may include the following:

  • browser type and version;
  • language settings;
  • IP-address;
  • visiting time and time zone;
  • settings and preferences; and
  • type and model of User’s device.

2.2 Data from other sources

2.2.1 Publicly available sources

 

We may collect personally identifiable information (including contact information) about you when other Users import or sync their contacts or calendar hosted by a third party service provider with our Services, associate their contacts with User profiles or send invitations and/or connection requests using the Services.


Furthermore, other Users may post content that includes information about you on our Services.

3. PURPOSES AND LEGITIMATE GROUNDS OF PROCESSING

3.1 Purposes of processing

3.1.1 Publicly available sources

 

To provide our Service and fulfill our contractual obligations (legal ground: performance of a contract and legitimate interest)

 

We process your personal data in order to provide the Service to you and to run and maintain our Service and business. Personal data shall be processed e.g. in order to fulfill our contractual obligations towards the User and to provide relevant functionalities for the Services.

 

For our legal obligations (legal ground: compliance with a legal obligation)

 

We may process personal data to enable us to administer and fulfil our obligations under law. This includes data processed for providing information to relevant authorities, where necessary.

 

For claims handling and legal processes (legal ground: legitimate interest)

 

We may process personal data in relation to claims handling and legal processes. We may also process personal data for data, system and network security.

 

For communication and marketing purposes (legal ground: legitimate interest)

 

We may process personal data in order to contact our Users regarding the Services and to inform about any changes to the Services. We may also process personal data in order to market and promote the Services, for example via newsletters.

 

For quality control and trend analysis (legal ground: legitimate interest)

 

We may process information regarding the use of our Services in order to enhance the service quality, for example by analysing different trends regarding the use of the Services. To the fullest extent possible, we shall process such information in an aggregated, anonymous form.

 

3.2 Legal grounds for processing

3.2.1 Publicly available sources

 

We primarily process your personal data based on the performance of our contractual obligations towards the User and our legitimate interest of providing our Services to the Users.
When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy.

In some cases Users may be asked to provide their consent for the processing of personal data. In such cases, the legal ground for processing shall be consent. The User may always withdraw his/her consent without any adverse consequences thereof. The withdrawal of a consent shall not, however, affect the lawfulness of any processing activities conducted prior to such withdrawal.

The use of our Services does not depend on the provision of any special categories of personal data under GDPR article 9(1). To the extent that the User voluntarily decides to provide such data to the Services, we shall in addition to our legitimate interest primarily rely on articles 9(2)(e) and/or 9(2)(f) of the GDPR.

Your personal information shall not be processed for the purposes of automated decision-making, including profiling.

 

4. INTERNATIONAL TRANSFERS

Prönö stores personal data primarily within the European Economic Area. However, we have service providers in several geographical locations. As such, we, our service providers may transfer personal data to, or access it in, jurisdictions outside the European Economic Area or outside of your domicile.


We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which it is processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards, such as the Privacy Shield Framework.

5. PERSONAL DATA RECIPIENTS

We do not share personal data with third parties outside of the Prönö organization unless one of the following circumstances applies:

It is necessary for the purposes set out in this Privacy Policy.


To the extent that third parties need access to personal data to ensure the performance of the Service, Prönö has taken appropriate contractual and organisational measures to ensure that personal data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations.


To (other) Service Users


We share your personal data with our other Users subscribed to the Services as well as visitors to the Services. Please note that any subsequent use of your personal data by our other Users and/or visitors shall be subject to other Users and/or visitors compliance with applicable data protection laws as Prönö shall not be responsible for such subsequent use.


For legal reasons


We may share personal data with third parties outside of our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address security or technical issues; and/or (iii) protect the interests, properties or safety of Prönö, our Users or the public in accordance with the law. When possible, we will inform you about such transfer and processing.

 

To authorized service providers

 

We may share personal data to authorized service providers who perform services for us (including data storage and support services). Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.


For other legitimate reasons


If Prönö is involved in a merger, acquisition or asset sale, we may transfer personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to those concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.


With explicit consent


We may share personal data with third parties outside of our organization for other reasons than the ones mentioned before, when we have your explicit consent to do so. You have the right to withdraw this consent at all times.

6. COOKIES AND ANALYTICS

We use various technologies to collect and store analytics data and other information when Users visit our Services, including cookies.


Cookies are small text files sent and saved on your device that allows us to identify visitors of our websites and facilitate the use of our Services and to create aggregate information of our visitors. This helps us to improve our Service and better serve our Users. The cookies will not harm your device or files. We use cookies to tailor our Services and the information we provide in accordance with the individual interests of our Users.


Users may choose to set their web browser to refuse cookies, or to alert when cookies are being sent. For example, the following links provide information on how to adjust the cookie settings on some popular browsers:

 

Please note that some parts of our Services may not function properly if use of cookies is refused.


We also use Google Analytics to compile analytics ata and reports on visitor usage. For an overview of Google Analytics, please visit Google Analytics. It is possible to opt-out of Google Analytics with the following browser add-on tool: Google Analytics opt-out add-on.

7. STORAGE PERIOD

We will primarily store your personal data for the duration of your use of the Services, unless we have legitimate grounds to process your personal data for a period longer than this in accordance with this Privacy Policy.

8. YOUR RIGHTS

Right to access


You have the right to access your personal data processed by us. You may contact us and we will inform what personal data we have collected and processed regarding you.


Right to withdraw consent


In case the processing is based on a consent you have granted to us, you may withdraw the consent at any time.The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.


Right to rectify


You have the right to have incorrect or incomplete personal data we have stored about you corrected or completed by contacting us.


Right to erasure


You may also ask us to erase your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.


Right to object


You may object to the processing of personal data on grounds relating to your particular situation if such data are processed for our legitimate interest. In case we do not have compelling legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.
Right to restriction of processing
You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data.


Right to data portability


You have the right to receive your personal data from us in a structured and commonly used format and to independently transmit those data to a third party.


How to use the rights


The above mentioned rights may be used by sending a letter or an e-mail to us on the addresses set out above. We may request the provision of additional information necessary to confirm your identity.


We reserve the right to reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

9. INFORMATION SECURITY

We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability restore the data. We regularly test our systems, and other assets for security vulnerabilities.


Should despite of the security measures, a security breach occur that is likely to have negative effects on your privacy, we will inform you and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.

10. LODGING A COMPLAINT

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.

 

In Finland, the local supervisory authority is the Data Protection Ombudsman (https://www.tietosuoja.fi).


Should despite of the security measures, a security breach occur that is likely to have negative effects on your privacy, we will inform you and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.