Infrakit Privacy Policy
1. Overall description of our data processing practices
Protecting your privacy is important to Infrakit Group Oy and its affiliates (“Infrakit”). In this Privacy Policy, you will find information on how we collect and store your personal data.
We process personal data under this Privacy Policy and in accordance with applicable legal provisions, including the General Data Protection Regulation (2016/679; the “GDPR“) and other applicable national data protection laws (“Data Protection Law“).
This policy describes how we process the personal data of customers’, distributors’, suppliers’ and partners‘ contact persons and other employees and other end users of our services. This policy also describes how we process personal data of our recruitment candidates.
Infrakit has a separate privacy policy for employee personal data.
This Privacy Policy applies to personal data collected by Infrakit e.g. through our branded mobile apps (including but not limited to Infrakit FIELD™ app and Infrakit TRUCK™ app for Android and iOS), our websites and related services operated by Infrakit.
2. The purposes and legal basis for our processing
In compliance with the GDPR, Infrakit may process personal data only if it has a legal basis for processing. Infrakit primarily relies on the following legal grounds:
Performance of a contract;
- Our Legal Obligation;
- Your consent, or
- Legitimate interest pursued by Infrakit.
We may use your personal data for the following purposes:
Service delivery & customer service
Personal data may be collected for the preparation and implementation of our contractual relationship.
We collect and use personal data about you to process orders, deliver services, to provide customer service and to manage payments, contracts and transactions. We may also process your personal data for the handling of general customer service.
The basis for processing your data for service delivery and customer service is typically the performance of our contract. When the agreement is entered into with a company, the companies‘ representatives‘ data will be processed based on our legitimate interest. When required by law, we may ask for your consent to deliver certain services, for example, location-based services.
Marketing, stakeholder communications, data analytics, and service development
Personal data is processed for or us to be able to develop our customer relationships, for planning, developing and monitoring of different parts of our operations and services as well as for communications, marketing and customer satisfaction.
We may contact you through various marketing channels. We will ask for your consent to contact you when required by law, otherwise our contacting is based on legitimate interest.
We may send offers and information about our services and promotional events to representatives of our business customers and prospect customers relevant for their professional role. We send these communications to the work contact address which we have received from the customer, their company, or from a public source.
Further, personal data is processed for developing and monitoring of different parts of our operations and services. These actions include the following purposes:
- recognizing you when you return to our certain services
- administration and protection of our services (including troubleshooting, data analysis, testing, support, fraud, reporting and hosting of data)
- communication with you about support for relevant services and understanding how you use our services
- sending you updates about our services and new features in accordance with your preference as well as push notifications for changes to our services to allow you to participate in new features of our services
- cross-advertising our services and serving personalized advertisements in our services using third-party advertising networks
- location, time, and active model on the equipment are recorded to calculate performance data, such as work efficiency and capacity.
We may collect personal data by using cookies and similar data collection technologies. For more detailed information, please see Section 9 and our Cookie Notice. More information on how third parties may use cookies in our services can be found in Section 10 below.
Legal obligations
We process personal data to comply with our legal requirements, for example, accounting and tax laws.
Security of our services
Personal data is used for ensuring the security of our products and services, for example, by keeping access logs and system backups, authenticating users, and preventing attacks. In such cases the legal ground is typically our legitimate interest.
Defence of legal rights
We use personal data to defend and secure our own rights and our customers’ rights. The basis for processing data for the defense of legal claims, debt collection, credit checking, and prevention of fraud and misconduct is typically legitimate interest.
Recruitment
As regards recruitment related data, we process personal data of recruitment candidates in order to assess whether the candidate could be a suitable new employee at Infrakit. We only process personal data directly necessary for the recruitment process and for recruitment related statistics.
3. The data we process
The personal data that we process include the following data:
- Basic contact information, such as name, address, email address, phone number, company information and your role, language, time zone.
- User information, such as association with tracked equipment, messages on project communications channels, usage of Infrakit Services, login dates and times
- Your device and connection data. When you download and use our services, we may collect information on the type of device you use, operating system, resolution, application version, and the mobile device identifiers, and IP address.
- Data related to our customer relationship with you or your company such as data in relation to the sales of our Services; consents and opt-ins/opt-outs.
- Security data. Data that is used for securing the use of our services and our premises, such as your password and login details and security logs
- Online data & identifiers. Data that is collected with cookies or similar technologies about your use of our services, such as your browsing activities and segments, your IP address, cookie ID and, details about browser and device, and location.
- Your location data. Our applications require access to precise location data on your device in order to function even when the app is closed or not in use. However, precise location data is saved locally and transmitted to our servers and is not shared with any third party.
Infrakit mobile apps and equipment integration services collect and record your precise location and time along with work equipment activity during work hours when you have enabled tracking. Infrakit will not record this information outside your working hours nor when you have paused tracking for a break. Tracking by mobile apps can only be enabled for one day at a time and will not resume until you open the app again next working day. You may stop the recording at any time by pausing or ending your work day in the app. If you decline per-mission for us to collect your geolocation, we will not collect it. - Shareholder information, such as name, address, date of birth, nationality, and amount of shares held by you
- Data related to recruitment, such as name, contact information, education and work experience, and other information necessary for the recruitment that the candidate provides to Infrakit during the recruitment process.
4. Where we collect the data from
We collect personal data directly from you as the data subject.
However, data may also be collected from your employer or your colleagues, or from third parties such as public address registers, credit or debt collection agencies and other partners. We may also receive personal data through our affiliates.
We may receive information about you from our analytic service providers with data they collect through our Services in accordance with their own privacy policies. A list of such can be found in Section 10 below.
As regards recruitment related data, we mainly collected data directly from the recruitment candidate. Infrakit may also collect data from the appointed recruitment team, from potential referees on your consent, and from possible external service providers e.g. in case suitability assessments are conducted. We do not collect data from any external sources without the candidate’s prior consent unless otherwise provided by law.
5. How the data is protected
Personal data will be collected to Infrakit service database. Only administrators have access to the database. Such access is protected with user right management. User interface will only show data that is necessary for the tasks of the respective person. The views of the user interface as well as the access rights have been defined based on role and user.
We will use appropriate technical and organizational means to secure the personal data from inappropriate access, accidental or unlawful destruction, amendment, distribution and transfer of personal data as well as from other unlawful processing.
6. How long we retain your information
We store your personal information according to the applicable laws and only as long as required for the purposes described in this Privacy Policy. When the purposes no longer exist, we will erase your data.
We may store your personal data up to six (6) years and under certain conditions for a longer period than that. This applies, for example, when required by law or when the information may be needed to establish, exercise and monitor legal claims.
Please note, that some of our services may include public interactive and communication elements, like ability to post comments and participate in discussion forums. Your user name and the content you post may remain there even if we remove your personal information and account. If you do not want to be identified based on your user name or content that you post, pay attention to the contents of the same.
As regards recruitment data, Infrakit may store applications and attachments (CVs and copies of certificates) it receives as well as interview summaries during the recruitment process and for maximum two (2) years thereafter to enable Infrakit to respond to possible claims regarding the recruitment process. With your consent Infrakit may also consider your application to other suitable opening positions in addition to the one you initially applied. Personal data of new recruits will be transferred to Infrakit’s HR systems.
7. How we share your information
We will not disclose your personal data to any third parties unless required to do so under applicable laws, to perform Services requested by you or based on legitimate interests pursued by Infrakit in order to carry out our business.
We may provide access to information to our subsidiaries or affiliated companies and other parties belonging to our group of companies or in conjunction with a sale or subscription of our shares. If we decide to sell, buy, merge or otherwise reorganize our business, this may involve us disclosing personal data to our and our owners’ professional advisors, prospective or actual buyers or investors and their professional advisors.
We will disclose your data to competent authorities, such as the police, to the extent required by law. We may also disclose your personal data in relation to legal proceedings or at the request of an authority on the basis of applicable law, or court order or similar, or as otherwise required or permitted by law.
Infrakit engages subcontractors to perform parts of the service. They may have access to personal data so that they can perform their duties but only to the extent required for their performance. Infrakit has appropriate agreements with these parties.
8. International transfers
We primarily process personal data on servers within the European Union or the European Economic Area, unless otherwise agreed with you or your company. We only transfer personal data outside the European Union or the European Economic Area in accordance with the applicable data protection laws.
9. Cookies and similar data collection technologies
Infrakit services use cookies to deliver the best possible user experience. Cookies are used to store user state and login status.
We and our advertising networks and their partners may use cookies and similar technologies, such as mobile “SDK”, to provide and personalize our services and to provide targeted advertisements. Some of these technologies can synchronize behavior across different mobile apps, devices, and websites so that advertisements can be tailored to your interests. This process is called personalized advertisement experience.
If you’d like to opt-out from having advertisements personalized in this way on your mobile device, please see Section 11 on Your rights and options.
For more detailed information, please see our Cookie Notice.
10. Advertising networks, analytics service providers, and their partners
Below, you can find a list with third-party advertising networks and their partners, with whom we work to provide you with a personalized advertisement experience within our apps. You can learn more about how each of them handles data by accessing their respective privacy notices using the hyperlinks below.
In order to provide personalized advertisements to our users, those listed below use device information that include personal and non-personal information, such as advertising (or ad) identifiers, IP address regarding the delivery of advertisements and your interaction with them and/or other tracking technologies to enable and optimize this advertising procedure. Ad identifiers are non-permanent device identifiers such as the Android advertising ID and/or Apple’s ID for advertising (IDFA).
We may also use your information to perform our own analytics and to enable analytics provided by third parties and other essential functions. We use analytical information for supporting business analysis and operations, business intelligence, product development, improving the Services, personalizing content, providing advertising, and making recommendations. In order to learn about how your information is used by our analytics service providers, you can follow the hyperlinks in the list below to each provider’s privacy notice.
Apple
Apple is an American multinational technology company that specializes in consumer electronics, software and online services.
Google is an American multinational technology company that specializes in Internet-related services and products, which include online advertising technologies, a search engine, cloud computing, software, and hardware.
Infrakit uses Google Analytics to improve and develop the Services‘ usability.
For more information on how Google uses the collected information, please visit the Privacy Policy of Google: http://www.google.com/policies/privacy/
You can opt-out from Google ads service by following the instructions described by Google: https://policies.google.com/technologies/ads
Meta (Facebook)
This information applies to Infrakit’s Facebook community pages and Facebook’s messaging services, such as when you like Infrakit’s Facebook pages, join Infrakit’s Facebook community or become a fan of one, contact us in a messaging service or use Facebook social plugins such as the Like and Share buttons. This information may also apply to the extent we use Facebook’s Business Tools e.g. for targeted marketing purposes.
Meta, formerly known as Facebook, is an American multinational technology conglomerate based in Menlo Park, California. Facebook and Infrakit are, where applicable, joint data controllers with regard to the aforementioned functions. Facebook processes data in accordance with its data protection principles at https://www.facebook.com/about/privacy/. Facebook is primarily responsible for compliance with data protection legislation and for the implementation of data security as well as the rights of data subjects in the service. You can manage Facebook’s data protection settings on Facebook.
Infrakit is responsible for the compliance with applicable data protection legislation and processes data relating to visitor information on community pages in accordance with this Privacy Policy.
More information on the joint processing by Infrakit and Facebook is available at: https://www.facebook.com/legal/controller_addendum
Microsoft
Microsoft is an American multinational technology corporation which produces computer software, consumer electronics, personal computers, and related services.
Infrakit uses Microsoft products and services for communications and collaboration.
Brand Overflow
Brand Overflow is an all in one SEO tool that can be used for Rank Tracking, Backlink Monitoring, Keyword Research, SEO Audit, etc
Eventilla
Eventilla is an event management software company based in Oulu, Finland.
Infrakit uses Eventilla services for marketing events and webinars.
Firebase
Firebase is analytics service provided by Google Inc. (US)
You may opt-out of certain Firebase features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy: http://www.google.com/intl/en/policies/privacy/
GoTo
GoTo is a provider of flexible-work work tools for collaboration and IT management. (Boston, US)
Gaconnector
Gaconnector is an integration solution that connects our CRM with Google Analytics.
Infrakit uses gaconnector to learn which sources, campaigns and keywords website visitors derive from for marketing purposes. For more information on how Gaconnector uses the collected information, please visit the Privacy Policy: https://gaconnector.com/about-us/privacy-policy.php
Groove HQ
Groove is a cloud-based help desk software for small businesses. It helps companies to communicate with their customers via email, live chat, social media and phone calls. (Newport, Rhode Island, US)
Haiilo
Haiilo is a mobile-first employee communications platform that helps enterprise companies reach all their employees, from corporate to frontline, with targeted communications.
Hootsuite
Hootsuite is a social media management platform. The company is based in Vancouver, Canada.
Hotjar
Hotjar is an online behavior analytics and user feedback service headquartered in Saint Julian’s, Malta.
Infrakit uses Hotjar to improve the site’s user experience and performance.
LinkedIn is an American business and employment-oriented online service that operates via websites and mobile apps. The platform is primarily used for professional networking and career development, and allows job seekers to post their CVs and employers to post jobs. Infrakit uses Linkedin for networking, recruitment and marketing. For more information on how Linkedin uses the collected information, please visit the Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Looker
Looker is an enterprise platform for business intelligence, data applications, and embedded analytics that helps you explore and share insights in real time. Looker is a part of the Google Cloud Platform.
Mailchimp
Mailchimp is a marketing automation platform and email marketing service based in Atlanta, US.
Nixu
Nixu is a Finnish cybersecurity services company helping organizations embrace digitalization securely.
Outfunnel
Outfunnel is a marketing automation software company in Tallinn, Estonia.
PandaDoc
PandaDoc is a web and mobile application for creating, sharing, and tracking documents online. The company is headquartered in San Francisco, US.
Pipedrive
Pipedrive is a deal-driven customer relationship management CRM solution that also works as an account-management tool with the ability to assist with marketing and the entire sales process
Zapier
Zapier is a product that allows end users to integrate the web applications they use. Zapier is based in Sunnyvale, California.
11. Your rights and options
You may at any time exercise your rights as data subject in relation to your personal data that we process. Your rights include the following:
Right to access and rectification: You have the right to request access to the personal data relating to you. You can contact us to verify what personal information we process and the legal grounds for such processing. You also have right to request from us rectification of your inaccurate or incomplete personal data.
Right to object: You have right to object to our data processing when we base our processing of your personal data on a legitimate interest of ours or a third party.
Right to erasure: You may also request that your personal data be erased if, for example, the personal data is no longer necessary for the purposes for which it was collected, the processing is unlawful, or the personal data has to be erased to comply with a legal requirement.
Right to data portability: If personal data about you that you yourself have provided is being processed automatically with your consent or in accordance with a contract between you and Infrakit, you may request that the data is provided to you in a structured, commonly used and machine-readable format and you may also request that the personal data is transmitted to another controller, if this is technically feasible.
Right to withdraw your consent: In cases where the processing is based on your consent, you have right to withdraw your consent to such processing at any time.
Opt-out option: You will always have a right to unsubscribe from direct marketing messages. However, if you are our customer, we may still send you notifications concerning our services, such as information on changes or service failures and interruptions. You can also opt-out from personalized advertisement experience, at any time by checking the privacy settings of your Android or iOS device.
For Apple Devices:
- Open Settings
- Select Privacy
- Select Advertising and enable “Limit Ad Tracking”
For Android Devices:
- Open Settings
- Select Google
- Select Ads and enable “Opt out of Ads Personalization”
If you want to utilize your rights stated above please contact us via email to our email address support@infrakit.com or use the contact addresses specified below.
In addition to the rights described above you are entitled to make a complaint to the data protection authority, especially in the European Union country where you have your domicile or permanent work place or where the claimed breach of data protection regulation occurred. In Finland this authority is the Data Protection Ombudsman (tietosuoja@om.fi, https://www.tietosuoja.fi).
12. Contact us
The data controller of your personal data for the purposes described above is Infrakit Group Oy (Keilaniementie 1, 21st Floor, 02150 Espoo, Finland) or its affiliate you or your company have made a contract with.
If you have any questions about this Privacy Policy, please contact us using the in-app support feature in our services, which is the preferred method to be able to quickly respond you your requests.
You can also send us an email at support@infrakit.com.
13. Links to other sites
Our Privacy Policy may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy terms of every site you visit. We have no control over and assume no responsibility for the content, privacy terms or practices of any third-party sites or services.
14. Changes to this Privacy Policy
Infrakit may from time to time amend this Privacy Policy without prior notice to you, and we encourage you to review it periodically. Your continued use of our services signifies your acceptance of changes to this Privacy Policy. In some cases, we may notify you of changes to this Privacy Policy with a prominent notice on our services (for example by way of a notification or pop-up) or via your registered email address, and update the “effective date” at the top of this Privacy Policy.