Privacy Policy

The protection of your data is important to Ecobio. This privacy policy describes how your personal data is used in the Ecobio Manager web application (“Service”).

Ecobio Manager is a web application (Software as a Service, SaaS) provided by Ecobio Oy. Ecobio Manager consists of regulation tracking and chemical management functions. The typical end users of the application are staff members in charge of environmental, chemical, and occupational health and safety compliance either locally or on a broader level.

Collected data

We collect information about you in three ways: directly from your input, from third-party sources, and through automated technologies.

For us to be able to provide access to the Service we need to have your name, email address and the company’s name and/or in some cases company’s internet protocol (“IP”) addresses. We log usage data, when you visit or otherwise use the Service.

User-provided information: When you use the Service, as a User, you may provide, and we may collect Personal Data. Examples of Personal Data include name, email address, mailing address, mobile phone number. Personal Data also includes other information, such as geographic area or preferences, when any such information is linked to information that identifies a specific individual. You may provide us with Personal Data in various ways on the Service. For example, when you register for an Account, use the Service, interact with other users of the Service through communication or messaging capabilities, or send us customer service -related requests.

Data from your organisation: We may obtain personal information about you from the organisation with which you are employed or affiliated in order to activate and manage your access to and use of the organisation’s subscription to the Service, including contact details, such as your name and organisational email address, postal address, and phone number; Other account registration information such as job title; and/or Organisational user ID.

“Automatically Collected” information: When a User uses the Service, we may automatically record certain information from the User’s device by using various types of technology, including cookies. This “automatically collected” information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content the User views or interacts with on the Service, and the dates and times of the visit, access, or use of the Service. We also may use these technologies to collect information regarding a User’s interaction with email messages, such as whether the User opens, clicks on, or forwards a message.

Integrated services: You may be given the option to access or register for the Service through the use of your user name and passwords for certain services provided by third parties, such as through the use of your Microsoft account.

Information from other sources: We may obtain information, including personal data, from third parties and sources other than the Service, such as our partners, advertisers and Integrated Services. If we combine or associate information from other sources with personal data that we collect through the Service, we will treat the combined information as personal data in accordance with this Policy.

We store data on the users of the Service in our data system. We use this data to produce and improve the Service, send information about the service and to support our sales and marketing functions.

Use of personal data

Ecobio may use your personal data to send important information on training, events and offers, for instance, as well as other marketing communications that we believe will interest you.

Ecobio is committed to protecting your data. We will not sell or rent your data to third parties.

Purpose of data processing

The purpose of the processing of personal data is to let you access the Service, manage the customer relationship and to handle the personal data in compliance with the General Data Protection Regulation and Finnish Data Protection Act.

To provide our Services and carry out our contractual obligations

We process personal data in the first place to be able to offer the Services to our Customers and to run, maintain and develop our business. Personal data may be processed in order to carry out our contractual obligations towards the Customer. We may use the data for example to offer essential functionalities of the Services and to provide access to the Services. If Customer contacts our customer service, we will use the provided information for answering questions and solving possible issues.

For user experience, customer communication and marketing

We may process personal data for the purpose of contacting Customers regarding our Services and to inform Customers of changes in our Services as well as to market our Services, including direct marketing.

We use log-ins, cookies, IP addresses and other common Internet technologies to identify you and log your use in order to improve the user experience.

For quality improvement and trend analysis

We may process information regarding the use of the Services to improve the quality of our Services e.g. by analysing any trends in the use of our Services. When possible, we will do this using only aggregated data.

Legitimate grounds for processing

We process personal data to perform our contractual obligations towards Customers and to comply with legal obligations. Furthermore, we process personal data to pursue our legitimate interest to run, maintain and develop our business and to create and maintain Customer relationships. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy.

In some parts of the Services, Customers may be requested to grant their consent for the processing of personal data. In this event, Customers may withdraw their consent at any time.

International data transfers

We store all personal data within the European Economic Area.

However, if we or our service providers in the future do transfer personal data to, or access it in, jurisdictions outside the European Economic Area, we will take steps to ensure that the personal data receives an adequate level of protection in the jurisdictions in which it is processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements.

Data Storage

We do not store the personal data for longer than is legally permitted and necessary for the related processing purposes. The storage period depends on the type of personal data, the purposes and the applicable law and therefore varies per use.

Typically, we store User’s personal data for as long as the User is using our Services or for as long as we have another purpose to do so and, thereafter, for no longer than is required or permitted by law or necessary for internal reporting and reconciliation purposes.

We erase personal data after the above described storage period or when the User requests us to erase his/her personal data unless we have a legitimate ground not to do so.

Cookies

We may use cookies in order to improve the user experience. A cookie is a short text file that your Internet browser stores on your device when you visit a website. The emails and other messages we send you based on the personal data you provide to us or the information contained therein, which we have otherwise included in our customer data system, may include cookies or other technology that tells us whether you have opened, read, or deleted the message.

When you click a link in marketing communication that you have received from Ecobio, we may also use a cookie that tells us which pages you visit and what content you download from our website. If you do not want cookies to be stored on your device, you can change your browser settings accordingly.

Disclosure and sharing of personal data

We do not share personal data with third parties outside of our organization unless one of the following circumstances applies:

It is necessary for the purposes set out in this Privacy Policy

To the extent that third parties need access to personal data to perform the Services, Ecobio has taken appropriate contractual and organisational measures to ensure that personal data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations.

For legal reasons

We may share personal data with third parties outside Ecobio’s organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Ecobio, our customers or the public in accordance with the law. When possible, we will provide notice about such transfer and processing.

To authorized service providers

We may share personal data to authorized service providers who perform services for us (including data storage, sales, marketing and customer support services). Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.

Please bear in mind that if you provide personal data directly to a third party, such as through a link on our website, the processing is typically based on their policies and standards.

For other legitimate reasons

If Ecobio is involved in a merger, acquisition or asset sale, we may transfer personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.

With explicit consent

We may share personal data with third parties outside Ecobio’s organization for other reasons than the ones mentioned before, when we have an explicit consent to do so.

Our commitment to data protection

Ecobio aims to ensure the security of your personal data. We have adopted reasonable physical, electronic, and administrative methods that enable us to protect and secure the data contained in the service and collected by us online.

Ecobio Manager is hosted on Microsoft’s Azure Cloud platform. Azure provides high-security, high-availability industrial-grade data centers. Azure is a continuously maintained and monitored service environment that is designed based on the tenets of security, privacy, transparency, and compliance. All of the data will be kept within EU/EEA borders in accordance with the European Union’s current regulations on personal information.

The data system is protected from external use. The rights of the persons who update and use the data to use and process the register data are defined at the individual level, and their access is protected using personal user IDs and passwords.

Your rights

All persons in the data register managed by Ecobio Oy have:

  • the right to receive transparent information about the processing of personal data
  • the right to access their data
  • the right to rectify their data
  • the right to have their data removed
  • the right to restrict the processing of their data
  • the right to refuse the processing of their data by the register controller
  • the right to request information from those recipients of personal data who the controller must inform of the rectification, removal, and restriction of processing of personal data
  • the right to transfer the data from one system to another
  • the right of refusalrights related to automatic decisions and profiling
  • right to lodge a complaint with the data protection supervisory authorities

We will carry out your requests based on these rights unless we have a legitimate ground not to do so.

Updates and access rights

We update our personal data system and verify its content regularly so that we can better serve our customers and other interest groups.

If you want to view your personal data or if you would like it to be deleted from our data system, please send a request to support@ecobiomanager.com.

Right to object to direct marketing

You can unsubscribe to our direct marketing email messages using the link provided with each message. If you would like to stop using the Ecobio Manager service, please contact support@ecobiomanager.com.

Controller and contact information

Updates to this privacy policy

Ecobio reserves the right to update this privacy policy from time to time.

Last updated April 27, 2018