Privacy Policy of Whitelake Software Point Oy Customer Data Filing System (Ticket systems)
- General
Whitelake Software Point Oy (later “We”) is committed to ensure the confidentiality and data protection of personal data at its possession. This privacy policy is applied to personal data that We collect from our customers when providing support services through our ticketing system in the context of service agreements concluded with customers. The ticketing system offered to customers is a cloud-based service offered by two different service providers. The personal data and related processing are described in this privacy policy. Additional information regarding the processing of personal data in the Data Filing System is provided by Our GDPR team at gdpr-team@softwarepoint.com.
We may update this privacy policy from time to time, for example due to changes in applicable legislation. Therefore, We advise you to review this privacy policy. We endeavour to carry out reasonable means to inform You of any possible changes beforehand. This privacy policy was last updated on July 2, 2021.
- Data Controller
Name: Whitelake Software Point Oy
Address: Metsänneidonkuja 6, 02130 Espoo, Finland
Tel: +358 9 439 1320
Business ID: 0893345-4
- Whose Personal Data Do We Collect?
We process the personal data of Our customers’ (later also “You”) in the Data Filing System.
- What Categories of Personal Data Do We Process?
We process the following categories of Your personal data:
- Your email address, name
- Which Sources Do We Use to Collect Personal Data?
We collect personal data primarily from You (when registering to the ticketing system) or Your employer (e.g. when customer, Your employer, decides to make an account for You to the ticketing system).
- Basis for and Purposes of Processing Your Personal Data
The basis for processing Your personal data is Our legitimate interest.
The ticketing service is provided in the context of the maintenance agreement concluded with our customers. In order to fulfill our obligations under our maintenance agreement with the customer (Your employer) and provide support services it is necessary to process personal data through the ticketing system.
We will not process your personal data for any other purposes than specified in this privacy policy.
- Regular Disclosures and Transfers of Your Personal Data to Third Parties
We may also be required to share Your personal data with competent authorities in accordance with data protection legislation.
We do not disclose Your personal data to any third parties for any other purposes than the purposes described in this privacy policy.
- Transfers of Your Personal Data outside the EU or European Economic Area
In order to provide You the support services through our ticketing system, in some cases we transfer your personal data outside the European Union or the European Economic Area in accordance with data protection legislation. The ticketing service is offered in a cloud-based service and they are listed in this section. Furthermore, they may process personal data outside the European Union or the European Economic Area.
Service Providers
- Atlassian https://lims.atlassian.net
- Freshdesk https://softwarepoint.freshdesk.com
In all situations, we transfer your personal data outside the European Union or the European Economic Area only based on one of the lawful grounds mentioned below:
- the EU Commission has decided that the recipient country in question ensures an adequate level of protection;
- by using the standard contractual clauses approved by the Commission. The standard contractual clauses may be supplemented with safeguards, such as technical, organisational or agreement-based additional safeguards;
- you have given your explicit consent for the transfer of your personal data or another lawful basis for the transfer of your personal data outside the European Union or European Economic Area exists.
- Principles for the Retention of Your Personal Data
We retain Your personal data in the Data Filing System as long as support services are being offered under the service agreement.
Your personal data may be retained for longer if applicable legislation or our contractual obligations towards third parties require a longer retention period.
- Your Rights in Relation to the Processing of Personal Data
As a data subject You have the right to, according to applicable data protection legislation, at any time:
- be informed about whether We process Your personal data;
- obtain access to data relating to You and review Your personal data We process;
- require rectification and completion or erasure of inaccurate and incorrect personal data;
- withdraw Your consent and object to the processing of Your personal data in so far as the processing of Your personal data is based on your consent;
- object to the processing of Your personal data on grounds relating to Your particular situation;
and
- obtain a restriction of processing of Your personal data.
You should present Your request for exercising any of the aforementioned rights in the manner described in the ‘Contacts’ Section of this data protection record. We may ask You to specify Your request in writing and to verify Your identity before processing the request. We may refuse to fulfil your request on grounds set out in applicable data protection legislation.
You also have the right to lodge a complaint with the supervisory authority concerned or with the supervisory authority of the EU member state of your habitual residence or place of work if You consider that We have not processed Your personal data in accordance with applicable data protection legislation.
- Principles of Data Security
We respect the confidentiality of Your personal data.
We, who process your data, are bound by professional secrecy. Our protective measures include, among others, regular control and management of user rights
Personal data processed by the cloud-service providers listed in section 8 will be protected and stored in accordance with their data security measures.
We keep Our own data systems appropriately up-to-date and use reputable providers of anti-virus software.
- Information on Cookies and Similar Technologies
We use cookies on Our website.
Atlassian: https://www.atlassian.com/legal/cookies
FreshDesk: https://www.freshworks.com/list-of-cookies/
A “cookie” is a commonly used small text file that the internet browser installs on your computer or other terminal when you visit a website. The browser sends information on your visit back to the website when you revisit it. All contemporary websites use cookies in order to offer you a more personal browsing experience.
Each cookie is separately installed on each terminal You use and cookies can be read only by the server that installed the cookie. Because the cookie is bound to the browser, and is not distributable between separate browsers or terminals in general (unless a browser, plugin or other application separately enable this), Your choices relating to the management of cookies are applicable only to each separate browser. A cookie cannot control software, and it cannot be used as a medium for viruses or other malware, nor to harm Your terminal of files. A single user cannot be identified solely through the use of cookies or similar technologies.
- Contacts
All requests concerning the use of the rights mentioned above, questions about this privacy policy and other contacts should be made by e-mail to our GDPR-team gdpr-team@softwarepoint.com. You may also contact Us in person or in writing:
Whitelake Software Point Oy
GDPR team
Metsänneidonkuja 6
02130 Espoo
Finland