To us, privacy is a priority. We value your privacy. We value that you trust us with your personal information in us and we will do everything in our power to live up to that trust.
We are Cleac Oy, a company based in Finland, EU. Our customers include consumers, corporations and educational institutes from Finland, in EU and outside of EU. We naturally follow local legislation, but mainly build our operations to at least meet the EU GDPR standards, which are the strictest privacy laws around. This gives our customers outside the EU the benefit of strict privacy standards, even if their local laws don’t cover as much.
Scope of this policy
On some instances, we act as the data controller and on others, as data processor. To simplify: if you give us your personal information or if you are our customer (you pay us), we are the data controller in relation to you. If you give your personal information to our customer (for example, a company utilising our video servers), we act as a data processor.
When you wish to exercise your rights concerning your personal information, please contact us, if you have given your information to us. If you have given your information to our customer, please contact them.
Nature and purpose of collecting and processing personal information
We collect information from our customers, users, partners and their contact personnel.
We collect personal information, in order to:
- Offer our services the best way we can. For example, we ask for you name to know who we are talking to.
- Contact you, if need be. Naturally, we need your contact information.
- Further develop and improve our services. To this end, we collect for example usage analytics on web page behaviour.
- Find out, prevent and fix problems and anything broken.
- Prevent misuse of our products and services.
- Offer the right services to our customers.
- Maintain and improve customer relationships.
- Inform users of any changes, improvements of our products or introduction of new features or services.
- Send invoices, deliver services and to handle orders and payments.
To recap, we collect and process personal information to service our customers and to deliver the products/services that we have promised. The information is essential for delivery and that is why we don’t explicitly ask for permission. To exemplify: if you don’t give us the permission to collect your contact information, there is no way we could deliver you your username to our service. Even though we don’t ask for explicit permission to collect your data, we will keep it all very safe.
Besides this essential information, we also collect information for communication and promotion purposes, as well as for recruitment purposes. In these cases, we ask for permission before collecting any personal information.
We collect personal information directly from you or the company/institution that you represent.
In addition to previously stated, we collect information by using automatic tools such as web browser analytics and cookies. These tools are partly provided by third parties, such as Google Analytics. By using our online services, you give the permission to collect this information. If you wish, you can use your browser’s settings to prevent information sharing or cookies. Be aware though, that if you block all cookies, our services might not function as expected.
In some cases, we can collect data that you have given to third parties. This will require that you have given them the permission to give your information away. These third parties include our marketing partners, public data sources and social media services. In some cases, we can combine this information with the personal information you have given us. Our purpose is to build a better understanding of you as our customer in order to service you better and in a more personal manner.
The information we collect and process
We collect and process all the information we need, but nothing more. For example, we might ask you your age – not to know if you are 25 or 42, but to know whether you are a minor or not.
We collect personal information that can include:
- Contact information, such as name, telephone number, address, email address and other messaging addresses
- Date of birth, age, gender, language, citizenship
- Employment information
- Image, video and audio recordings
- Messaging, such as chat messages
- Feedback, questions, suggestions and bug reports
- Any files you upload to our services
- User credentials, such as username and password
- Payment details, such as credit card and invoicing information
- Web browser technical details, such as browser and operating system version, IP-address, search terms, device information and location and time stamps.
- Web service behaviour, such as clicked links.
- User information and personal information provided by social media profiles.
We don’t collect this information on every user. Only when it is necessary.
We don’t collect, process or even want your sensitive information such as religion, medical history, union affiliation or criminal records. It is forbidden to use our services to collect sensitive information or anything illegal.
Last point of clarification: We are a video stream provider. If you choose to divulge personal information on a video call, we have no way of knowing that. If you are not recording the call, none of it will ever stay with us. It flows through our servers in micro- or milliseconds and after that, the information is no more. In this use, we do not collect the personal information, nor do we process it – we just deliver it to the other party/parties of the call.
Transfer of personal information
If a government official, police or magistrate compels us to give out personal information, we will do so, as long as they have the legal grounds or an order by a court of law.
We will never give away your information for outsiders to use for marketing.
If you use our services in combination with a third party service, the services can exchange information that is necessary for the operation of the combined service.
In some cases, we can transfer your information to third parties, if it is essential for the delivery of products or services. For example, in order to process a credit card payment, we will transfer your information to the credit card company.
If Cleac Oy is merged into another company, is part of restructuring or is sold in whole or in part, collected personal information will be transferred as part of the deal. If the company’s operation, processes or technology is inspected or audited by a third party, they will always be required to sign a non-disclosure agreement to keep any personal information safe.
Your rights to your information
You have the right to inspect and correct any personal information we have of you. In most cases, you can simply log in to our service and exercise your rights instantly. In other cases, please contact us in writing.
You have the right to demand the deletion of your personal information and we will comply. However, if it is essential in the handling of our customer relationship to retain some information, we will retain it until it is no longer necessary. For example, we retain all billing information until you have paid any outstanding bills.
You have the right to opt out from our marketing. We hate spam, so we are pretty careful about how we send you anything. If you choose to opt out on our emails, just click on the unsubscribe-link on any of the emails. You can also notify us in writing, if you wish to opt out from all of our marketing. We will still retain the right to contact you in matters of your customership, like billing, delivery of new password and notices of outages.
Protection of personal information
We keep your personal information safe. Very safe. Actually so safe that our CEO cannot access our services’ users’ personal information. It is accessible only by a select few administrators.
Your personal information is kept secret by industry-standard technical solutions, the same kind that online banks use. Some of your information is so secret that we have no way of accessing it. As a simple example, we have no means to retrieve your password, even if you, the police and our owners’ mothers demanded.
Technical details aside, we have privacy processes to protect your personal information. This means that for every type of information we collect or process, there are only a few named people, who are allowed to process them. We have clear ways and documentation on how to process personal information. This is to ensure that personal information is not spread outside of our company and to protect against accidents.
Retaining personal information
We only keep your personal information as long as it is required for their specific purpose. For example, we keep billing information as long as the service is bought and until the last invoice has been paid.
When the need for personal information ends, that information is deleted.
Besides personal information, we collect anonymous data such as usage statistics. Because this information is anonymous, it cannot be attributed to you and it is not personal information. In order to develop and improve our services, we store anonymous and statistical data until the heat death of the universe, should we still be in operation at that time.
Data processing and third party information
When any of our services is user by our customer who uses it to collect personal information, we act as data processor. In these cases, our customer is obligated to follow all laws and regulations as well as taking good care of their own privacy processes. In these cases, we operate with their mandate, but we still take care of any personal data as carefully as if we were the data collector.
When we operate as a data processor, we don’t handle any requests to inspect, correct or delete personal information without an order from the actual data collector. If a government official demands any information from us to which we are just the data processor, we will only forward the demand to the actual data collector. Otherwise, we only comply if compelled by law or an order by a court of law.
Subcontractors and the use of capacity services
To develop and deliver our services, we user subcontractors and capacity services. These include companies such as technical consultancies and web hosting providers.
If any of these companies can access any personal information that we collect or if they act as a data processor to us, we require them to handle privacy issues at least as well as we do. In the EU, all companies are subjected to mostly the same legal requirements.
This policy is a book by its own rights and congratulations, if you read it all, but these are important matters. We keep your information secure. Please, do the right thing, be mindful of your personal information and your rights. Make sure that all services that you use take privacy issues seriously.
Last updated: 13.4.2018