Privacy Policy

Kaito collects, stores and uses personal data of a user of the www.kaito.fi website and other services provided by the Service Provider (the “Services”). Personal data is collected and used in order to provide and develop the Services as well as the Service Provider’s other products and services in accordance with the terms of this Privacy Policy (the “Policy”). We also process personal data when we receive and handle recruitment applications.

We respect and protect the privacy of visitors to our Websites and users of our Services. This Policy explains the what, how and why of the personal information that we collect when you visit our Websites or when you use our Services.

To register as a user of the Services, you must accept and agree to this Policy. By using the Services, you acknowledge that you have read and understood this Policy.

  1. Controller

Kaito Insight Oy
Business Code (Y-tunnus): 2567248-7
Malminkatu 34
00100 Helsinki

 

  1. Contact person

Henrik Lares
henrik.lares@kaito.fi

 

  1. DATA COLLECTION

Personal data is collected when a user registers as a user of the Services. Personal data may include, but is not limited to:

  • identification and contact details such as name, address, email address,
  • IP-address and other online identifiers and
  • service-related data such as user name and passwords.
  • information about the use of the Services

Personal data is further collected in connection with the use of the Services, included but not limited to messages or recruitment applications sent by the user on the Services.

Personal data is collected from the user itself, other users of the Services or a third party. The Service Provider may further collect information which cannot be linked to any natural person, such as identification and profiling data (“anonymous data”). The Service Provider may combine personal data and/or anonymous data with data collected from other services of the Service Provider, or from third parties in connection with advertisement and marketing services.

The failure to provide personal data required by a contract may prevent entering into one or may prevent the Service Provider for further delivery of the Service.

 

  1. Personal Information From Third Party Services:

We also obtain other information, including personal information, from third parties and combine that with information we collect through our Websites and Services. For example, we may have access to certain information from a third party social media or authentication service if you log into our Services through the service or otherwise provide us with access to information from the service. Any access that we may have to such information from a third party social or authentication service is in accordance with the authorization procedures determined by that service. By authorizing us to connect with a third party service, you authorize us to access and store your name, email address(es), current city, profile picture URL, and other personal information that the third party service makes available to us, and to use and disclose it in accordance with this Policy. You should check your privacy settings on these third party services to understand and change the information sent to us through these services. For example, you can log in to our Websites and Service using sign-in services such as Facebook Connect or an Open ID provider. These third-party services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign up form.

 

  1. Use of data

The Service Provider may use and process personal data and/or anonymous data collected from the Services and/or other services provided by the Service Provider for the provision, maintenance and development of the Services and the Service Provider’s other products and services as well as sales, customer service and other similar marketing and business purposes. The Service Provider may use collected data for direct marketing purposes, unless the user has prohibited such use. The Service Provider may further use personal data and/or anonymous data for profiling purposes, e.g. targeted marketing to the users of the Services, or for performing its own analytics or any other services.

The legal basis for processing user’s personal data are:

  • user’s consent to the processing,
  • performance of a contract between user and the Service Provider,
  • preparation of a contract between user and the Service Provider at user’s request,
  • legal obligations to which the Service Provider is subject to or
  • legitimate interests of the Service Provider, such as development of the Services and marketing to inform potential customers about them and to generate interest towards them

Any data, whether personal or other data, from Third Party Services such as Facebook or other similar social media services is managed according to the platform policy of that specific service.

The Service Provider does not use automated decision-making when processing the personal data.

 

  1. TRANSFER OF PERSONAL DATA

The Service Provider does not disclose or transfer personal data to any third parties. The Service Provider may however disclose and/or transfer personal data to service providers used by the Service Provider. The service providers used by The Service Provider includes Providers of contact (such as Giosg), analytics (such as Google) and marketing (such as Facebook) solutions. The Service Provider may further disclose and/or transfer personal data to third parties in connection with a corporate merger, an asset purchase transaction or a similar corporate transaction. The Service Provider may transfer data to public authorities when legally required to.

Personal data is not transferred to third parties located outside the European Union or the European Economic Area unless the recipient has implemented relevant safeguards required by the transfer.

 

  1. COOKIES

The Service Provider may use cookies in connection with the Services to collect data of users. A cookie is a small file stored on the user’s web browser. The user may disable the use of cookies, but this may lead to inability to use the Services properly.

 

  1. DATA PROTECTION

The Service Provider follows generally accepted industry standards and maintains reasonable safeguards to attempt to ensure the security and privacy of any personal data in the possession of the Service Provider.

 

  1. STORAGE OF PERSONAL DATA

The Service Provider stores personal data for the period necessary for fulfilling the purposes set forth in this Policy. However, The Service Provider limits the storage period of the data based on following criteria:

  • A contact request and recruitment applications sent by the user: stored for up to 2 years from the time of the contact
  • Messages exchanged with the user: stored for up to 2 years from the time of the last exchange

The storage period may be extended if the storage of the data is required by legal obligations, such as the ones imposed by The Accounting Act.

 

  1. USER RIGHTS

The user has the rights to:

  • access,
  • rectification,
  • erasure,
  • restriction on processing,
  • objection to processing and

The user also has the right to withdraw consent at any time and the right to lodge a complaint with a supervisory authority.

In order to use the said rights, the user shall contact the Service Provider in accordance with Section 8 (Contact Information). The use of rights requires the Service Provider to identify the user. Information required for identification must be provided in the request to use rights. The Service Provider retains data related to use of the user’s rights for 2 years to comply with regulation.