Privacy policy

1. Registrar

Klever Ab Oy (”Registrar”)
Business identity code: 2697436-4
Address: Pitkäkatu 34, 65100 Vaasa
Phone: 020 778 0490
E-mail: [email protected]

2. The contact person of the register

Name: Christina Koivula
Phone: 050 337 0369
E-mail: [email protected]

3. The name of the register

The privacy policy of Klever Ab Oy.

4. The use of personal data

Registrar handles personal data for the following purposes:

  • for marketing purposes, including direct marketing
  • for planning, implementing and allocation of marketing
  • for communication with the customers
  • for caretaking and development of the customer service and the business
  • for definition of customer levels
  • for planning, running and monitoring of the business
  • for analyzing and for compilation of statistics
  • for the controller’s other obligations based on law and public officers’ instructions
  • to follow the website traffic
  • to improve the user experience of the website
  • to follow the app’s traffic
  • to improve the user experience of the mobile application

The primary ground for handling personal data is the consent of the registered or the legitimate interest of the Registrar.

5. The information content and groups of personal data of the register

The following information about the registered can be handled in the register:

  • The name, personal data and gender of the individual
  • Contact details (phone number, address and e-mail address)
  • Other information that the user gives about themselves to the registrar
  • The initiation date of the user relationship
  • The change history of the data
  • Transaction data as paid invoices, amount, pay date and payment method
  • Data and information from the invoices that are added to the application
  • Prohibitions and exclusions if direct marketing
  • Data related to internet behavior
  • Technical data from website cookies

To be noted, the registrar doesn’t save bank information such as card numbers and account numbers of the registered, a third party separated from the Registrar’s system manages this information.

6. The regular information sources of the register

The data is generally collected from the registered with the consent of him or her. Data is also collected when leaving a contact request and when using web services (e.g. the websites and social media of Registrar) and cookies, or from another case handling, or from data collected when participating in other events.
The data can also be updated by using other person registers such as the person registers of cooperation partners and from authorities and other enterprises to the extent allowed by applicable legislation.

7. Storage of personal data

Registrar stores personal data only so long as is necessary for achieving the purposes defined in this register description and terms and conditions, acknowledging the limitations set out in the applicable laws. Due to obligations in the applicable legislation, the data might have to be stored longer than the time period mentioned above.

Outdated and unnecessary information will be destroyed in an appropriate way. The data will be marked in the register in the same way as the registered has reported it and the data will be updated when the registered reports an update to the registrar.
The registrar is bound to protect the information about the registered. The information about an individual person is only disclosed to the context of a law-based notification obligation based on an authority’s legal-based claim or because of the proprietor’s own claim or because of the consent of the registrant himself.

Manually collected information is saved after the first dealing in locked spaces and only hired personnel of the registrar has access and rights to handle manually collected information. Automatically collected information is protected from outsiders with help of higher end information protect systems (as firewalls and authentication). Only personnel hired by the registrar has access and rights to handle automatically collected information. Every personnel hired by the registrar has got personal user identification and passwords to the information system. The registrar’s management monitors this personnel’s handling of the information.
The person responsible for the register submits and defines the extent of user rights to the register information.

8. Transfer of personal data

The register is handled internally only by authorized personnel that have signed a non-disclosure agreement.
Registrar can use subcontractors and service providers to technical maintenance of the services, for customer service, administration and analyzation, of user data, customer communication or to carrying out different campaigns.

Your personal data can be transferred to the subcontractors and service providers of Registrar insofar they participate in the enforcement of the purposes which are defined in this privacy policy.
Such third parties cannot use your data to any other purposes than the ones defined in this privacy policy and to the purposes which have been defined by Registrar. Registrar obliges third parties to keep your information confidential and to keep their data protection at a level high enough to protect your personal data.

Personal data will not be disclosed to outside of European Union or European Economic Area.
Your personal data can be transferred in accordance with the demands set by a competent authority and in accordance with the conditions based on law.

8.1 Credit information companies

Personal data, which is stored and processed by the Registrar may be shared with credit information companies in order to evaluate the creditworthiness, verify the identity and address details. The following credit information company services are used.

Bisnode Finland Oy, Kumpulantie 3, 00520 Helsinki

9. Cookies

The Registrars website uses cookies and at times cookies can be transmitted to the user. Cookies are small text files which will be stored at the user computer or in another computer terminal. Cookies do not harm the computer terminal.
To develop the site, Registrar collects statistical information based on the Google Analytics service. Google Analytics cookie saves Information about how users have accessed the site (via search engine, direct link, etc.), which pages were visited and how long the visit to each page lasted. With this information we can further develop our website and follow how successful new development projects are. Statistics are current usage, user country, user time, browser used, and content visited by the visitor.
The Registrar is also using the Leadfeeder service. Leadfeeder saves information about how users have accessed the site, which pages were visited and how long the visit to each page lasted. Together with other cookies, it is possible to recognize the site’s users. In addition, Registrar has used the MailChimp service to manage newsletters and e-mail. The information is available on the MailChimp server, which is located in a supervised server center.
The data that is collected from cookies is anonymous. However, taking into account data protection legislation, information obtained through cookies may also be linked to the User’s personal data that may have been collected in other contexts.

The user can, if needed, disable cookies in the browser settings. Disabling cookies may lead to some websites reacting slower and the access to some websites being blocked completely.

10. The rights of the registered

Right to access
The registered has the right to control the data which is being stored about the registered in the Privacy Policy register of Registrar. The right of access can be denied on the grounds prescribed in the applicable legislation.
The request must be made in writing, by e-mail or with a self-signed letter or in person at the Registrar.
As a starting point, the right of access is free of charge.

Right to oppose and limit
The registered has the right to oppose the handling of data that concerns the registered if the registered considers that Registrar has handled the data illegally or that Registrar does not have the right to handle data concerning the registered.
The right to oppose does not apply to the extent handling of the data is necessary for Registrar to fulfil its legal obligations or necessary on another legal ground.
Each registrant is entitled to require correction of incorrect or outdated information contained in the registry. A claim for rectification must be made in writing either by e-mail or with a self-signed letter or in person with the controller.
The registrant may change some of the information provided by themselves in their Kleverapp user profile. However, the registry’s ability to change information via the user profile has been limited by security issues.

Right to eliminate
The registered has the right to have wrongful data corrected or imperfect data complemented. The registered also has the right to demand data which concerns the registered to be deleted from the privacy policy register of Registrar.
The right to eliminate does not apply to the extent handling and storing of the data is necessary for Registrar to fulfil its legal obligations or necessary on another legal ground.

Right to transfer
Insofar the registered self has delivered data to the privacy policy register of Registrar, and this data is handled on the basis of the consent of the registered or an assignment, the registered has the right to get this data in mainly electronic form and the right to transfer this data to another registrar.

Prohibition against direct marketing
The registered has the right to prohibit that his or her data is used for direct marketing purposes.

Right of appeal
The registered has the right to appeal to the competent regulatory authority in case Registrar has not complied with the applicable regulation of data protection.

Other rights
If data is handled on the basis of the consent of the registered, the registered has the right to cancel the consent by informing the Registrar about this in accordance with section eleven in this privacy policy.

11. Contact

The registered shall send a request regarding the registree’s rights to the e-mail address mentioned in section 2.
Registrar may ask the registered to specify the request and to prove the registree’s identity before the enquiry is handled. Registrar can refuse to fulfil the request on grounds specified in the applicable legislation.
Registrar will answer the request within one (1) month from the date when the request was made.

12. Principles for protecting the register

Protecting registered data is important for Registrar. The data is stored in electronic systems, which are protected by firewalls, passwords and other technical solutions. Only the staff of Registrar and other defined persons who need the data for the purposes of performing their assignments have access to the register. Everyone using the register is bound by confidentiality.

13. Changes in the privacy policy

Registrar is constantly developing its business and therefore reserves the right to make changes to this privacy policy by informing about this on its website. Changes may also need to be made because of changes in the applicable legislation. Registrar recommends the registered individuals to familiarize themselves with the privacy policy on a regular basis.

(The privacy policy is updated 24.10.2018)