Mastercom Oy/Kiho (hereafter Kiho) respects your privacy. This privacy notice describes your rights related to maintaining your privacy and our commitment to protecting your personal data. Kiho aims at complete transparency in its privacy practices and the options that are available to you regarding the processing of your personal data by Kiho.

Kiho is a Finnish company. Kiho delivers software and services to private and public administration customers (Customers) all over the world. The company’s headquarters are located in Siilinjärvi, Finland. As Kiho is located within the EU/EEA area, European data and privacy protection regulations and directives are applied to its operations. Our privacy practices and instructions are based on Directive 95/46/EU and on the valid privacy protection legislation of the countries in which we operate.
This notice can be found on our website at kiho.fi and at the bottom of each Kiho website.

Scope and acceptance

This privacy notice is applied to all Kiho’s business processes and websites, operating fields, mobile solutions, cloud services, communities, websites displaying the Kiho trademark, and third-party social networks (e.g. Facebook) (Kiho websites). Cloud service -specific appendices can be found in the terms and conditions or similar of the said service.

This notice describes the processing of data by Kiho when Kiho determines the purpose and means of the processing (Kiho is the controller) and the processing of data carried out on behalf of Customers and in accordance with their instructions (the Customer is the controller and Kiho is the data processor).
Personal data is data that can be used to identify individual persons, such as an address, email address, or telephone number. We must process such personal data in order to be able to provide services to our Customers. By providing us your personal data, you accept the methods and terms and conditions specified in this privacy notice. If you do not accept this privacy notice, please do not use Kiho’s website or provide your personal data.

Whose personal data is being processed?

Kiho processes the personal data of jobseekers, contact persons, Customers using software, and potential new Customers who contact us through a Kiho website or some other channel. Our notice can be found in the section concerning the controller.
In addition, we process the data of our Customers’ staff members and other persons whose data our Customers process in their role as a controller. Our notice can be found in the section concerning entities that process personal data.
In this notice, we can refer to data subjects as ‘persons’ or as ‘you’.

Kiho as a controller

Kiho acts as the controller of personal data that we collect about jobseekers, members of Customer’s staff who have or can have business relations with Kiho, and persons who request data from us either for themselves or on behalf of their employer. If you represent a Customer of Kiho, you have the same rights as any person who represents only him- or herself.

Why do we process your personal data?

To manage its customer relations and to fulfil the commitments given to its Customers, Kiho needs information of your role as a contact person or service user. Our goals are:
1. a) To make offers on software and services based on the requests submitted by our Customers or potential Customers;
2. b) To tell about software and services that are closely related to the services and software that are currently being used by the Customer;
3. d) To provide software and services in the manner agreed with the Customer;
4. d) To provide support to the users regarding our software and services;
5. e) To enhance the quality of our software, services, and the Kiho website;
6. F) To identify and prevent information security threats, implement maintenance measures, and fix defects;
7. g) To prevent the misuse of our software and services;
8. h) To provide information needed in our deliveries and management of customer relations;
9. i) To send invoices, process orders and payments, and monitor the development of the customer’s financial situation;
10. j) To enable paying for software and services purchased through the Kiho website.

Processing of data for the above purposes (a-j) is necessary for managing customer relations. For this reason, Kiho asks for your permission to process your personal data. In our opinion, this processing does not harm you in any way.

In addition, we collect information on contact persons and service users for the following purposes:
1. k) To manage user rights related to web-based services (cloud services);
2. l) To promote the sale of new products and services.

Personal data must be collected to grant user rights to many of our software products and services, as well as to the data you have requested.

How do we collect your personal data?

Kiho usually collects personal data directly from you or from persons who are related to the Customer company that is your employer. Such a person can be your supervisor or colleague, for example. If the Customer that is your employer buys Kiho’s software or services through Kiho’s partner company, we can collect your personal data from that partner company.

When you use Kiho websites, we use cookies and other tracing technologies subject to your consent in order to optimise the user experience. You can find more information of these technologies and your rights from the sections that concern automatic data collection tools.
In certain situations, we can collect your data from other permitted sources, if you have given the said party permission to disclose your personal data to others. These sources can be third-party data collectors, Kiho’s marketing partners, public sources, or third-party social networks. Kiho can link data received from one source to data received from other sources. This gives us a more comprehensive picture of you as a contact person, ensuring that we are able to provide better and more personal services.

Automatic data collection tools

Kiho uses various technologies for collecting data of your navigation on websites and to learn about your interests and preferences subject to your consent.

Cookies

Cookies are small text files that contain a string of characters and allow the browser to identify the user. Cookies are sent onto your computer by websites or third parties. Most browsers have been configured to accept cookies. However, you can change the browser settings in order to disable third-party cookies, or to be notified of them. For further information about cookies and their operation, please visit www.allaboutcookies.org.
Automatic marketing tools

Google

Google Analytics: This cookie gives us information about the navigation of users on the website, e.g. which pages they visit, from which site do they come to the website, and how long they stay on the website. This data is not linked to personal data and is stored as statistical data, meaning that it cannot be used to trace individual persons. This helps protect your privacy. Google Analytics service enables us to see which content of our website is the most popular and to use that information to develop the website in order to offer you a better user experience.

Google Analytics Remarketing: This function saves cookies on your computer. When you have left our website, Google can display to you Kiho’s advertisements that might interest you based on your visit on our website. This data cannot be linked to an individual person.
Google AdWords: Google AdWords tells us from which website we have been contacted. This enables more effective use of our search engine budget. This data cannot be linked to an individual person.

Google Adwords Remarketing: This function saves cookies on your computer. When you have left our website, Google can display to you Kiho’s advertisements that might interest you based on your visit on our website. This data cannot be linked to an individual person.
You can prevent Google from collecting and processing the data provided by Google cookies by downloading and installing Google Analytics Opt-out Browser Add-on on your browser. This add-on is available at http://tools.google.com/dlpage/gaoptout.

Which personal data do we process?

Kiho can process for example the following personal data:
• Your contact details and the Customer’s contact details, such as name, address, email address, and telephone number
• Date of birth, age, and gender
• Data related to your employment, such as the work task, position in the company, and professional preferences and interests
• Feedback, comments, and questions that are related to Kiho as a subcontractor, our software, or services
• Photographs or videos you have taken or filmed on our operating premises
• Content you have uploaded, such as photographs or videos
• Unique user data, such as username, password, and security question
• Data provided by your browser, such as the type and language of the browser, address of the website from where you came to the website, and other traffic data, such as the IP address
• Clickstream behaviour, such as the links you clicked and when you clicked on them.
In some case, we can compare the IP addresses we have collected with the map service in order to establish your location.
If you submit a comment to a public discussion group or a Kiho website, all website users can read it and use it for purposes that is beyond the control of Kiho or yourself. Kiho is not responsible for any information that you submit to such discussion groups or Kiho websites. Kiho never forwards e.g. your comments or statements without your prior consent.
As a controller, Kiho does not process your sensitive personal data.

How do we convey your personal data?

It is important that we provide the best possible customer service and produce as positive experiences as possible. The aim is to ensure that you get access to the information that you need in a timely manner and that you will not be contacted by Kiho too often.
Kiho will not convey your personal data to third parties for marketing purposes without your consent.
Kiho can convey your personal data to third parties for other purposes only in the following situations:

Business partners

Kiho can convey your personal data to its partners if this is required by the business operations. This can happen e.g. if you buy our software or services on behalf of your employer from one of our authorised partners.

Authorities

The police and other authorities can require Kiho to disclose personal data. In such a case, Kiho only discloses information based on a court order.
Company acquisition
If Kiho merges with another company or makes a company acquisition, or if Kiho’s business operations are sold either in full or in part, the buyer and the consultants used by the buyer and Kiho will be given access to the data managed by Kiho’s unit. In some cases, this data can include personal data. In such a situation, parties will sign with Kiho a confidentiality agreement that covers also any conveyance of personal data.

Your rights

The right to refuse receiving marketing communications
You have the right to refuse receiving any marketing communications from Kiho. You can do this by:
(a) following the instructions provided on how to refuse receiving marketing communications;
(b) or by contacting us by email.
If you refuse to receive marketing communications, you can still receive from Kiho administrative notifications, such as order confirmations and notifications related to the use of your user account (e.g. confirmations and notifications related to changing your password).
User rights and corrections
You have the right to request a copy of your personal data. You can do so by sending us a written request on the matter.
You also have the right to request Kiho to correct any errors included in your personal data. If you have a Kiho password, you can usually do this through ‘Contacts’ on the Kiho website. You can manage your Kiho newsletter subscription by clicking on the order management link displayed at the bottom of each message. You can also send us a request to correct your data.
Information security and data storage

How do we protect your personal data?

Kiho wants to live up to the trust placed by its Customers in us. Kiho seeks to prevent the unauthorised use, disclosure, and other inappropriate processing of your data. Kiho will also ensure that the data is used correctly in order to ensure information security and secure availability. As part of our commitment, we use reasonable physical, technical, and administrative measures to secure the data we collect and process. Kiho has taken several measures to ensure information security:
• A secure environment – Kiho stores your data in secure environments that can only be accessed by the staff members of Kiho and its subcontractors who need the said data in their work. In addition, Kiho follows generally accepted standards of the field.
• Encryption of payment data – Kiho uses encryption that meets the requirements laid down in the standards of the field e.g. regarding the protection of confidential data, such as credit card data, that is send via Internet when you make payments on Kiho’s online stores.
• Pre-verification of user rights to the account – Kiho requires that registered users prove their identity e.g. by means of a username and password to be able to use their account or make changes to account data. This prevents unauthorised use of the account.
These measures are not used to protect personal data that you share e.g. on websites.

How long do we store your personal data?

Kiho only stores your personal data for as long as it is necessary to do so in order to fulfil its specified purpose, such as answering a question, solving a problem, or fulfilling statutory obligations.
Therefore we can store your personal data for a reasonably long time after you have contacted us. Once the personal data we have collected is no longer needed, the data will be destroyed or deleted in a secure manner. We can process the data for statistical purposes, but in such a case the data is anonymised.

Kiho as a data processor

Kiho offers its Customers various services. These services include processing of Customer data and possibly also processing of personal data. The purpose of the processing is determined by our Customers, not Kiho. In such a case, the Customer acts as the Controller. Kiho acts as the data processor. Kiho processes the data in accordance with the instructions provided by the Customers. When it acts as the processor of data, Kiho follows the data processing agreement (DPA) signed with the Customer based on data protection legislation. The customer has given his or her consent and ensures that:
• The Customer owns or is otherwise entitled to transferring the data for Kiho’s processing and that the Customer is responsible for the accuracy, correctness, content, reliability, and compliance with legislation of the data.
• As the controller, the Customer must report any violations or unauthorised disclosure of personal data to the authorities and/or the data subject in the manner specified in legislation.
When Kiho acts as the processor of data, it must take the necessary technical and organisational information security measures to protect privacy on behalf of the Customer.
As the processor of data, Kiho only processes personal data as permitted by the agreement signed with the controller.
If the data subjects have questions, comments, or requirements related to the personal data processed by Kiho, these must be submitted to the controller. As the processor of data, Kiho does not disclose personal data to data subjects, unless the controller has instructed Kiho to do so. If the police or some other authority requires that personal data be disclosed, Kiho notifies the controller of this immediately and only discloses the data subject to a court order.
Kiho provides non-public information of its internal systems and data processing routines to its Customers and partners upon request. This can depend on the conditions of the confidentiality agreement.

Subcontractors and transfers of personal data

In certain cases, Kiho outsources the processing of data to subcontractors. In such a case, your data or Customer data can be transferred outside the EU. These subcontractors are usually producers of cloud services or other IT services. If subcontractors are used, Kiho signs a data processing agreement with them to ensure that your privacy is protected and commitments made to the Customer are fulfilled.

Changes to this notice

If we make changes to this privacy notice, we will publish the updated notice and the date the changes were made here. We encourage you to read the notice regularly. If we make significant changes to this notice that have an essential impact on our privacy protection practices, we can notify you of this also by other means, e.g. in an email or by publishing a notification of this before the changes take effect on our website and/or on our social media page.
This privacy notice was last updated on 13 December 2018.

Contacts

We value your opinion. If you have comments or questions related to our privacy notice, or if you are worried about your privacy or the use of your data, or if you suspect that your privacy has been violated, please contact us by sending an email to: XXX. You can also contact us by post: Mastercom Oy/Kiho, Sammonkatu 3 D 4, 70500 Kuopio, FINLAND.

We will process your request or complaint confidentially. Our representative will contact you using the address provided. We will do our utmost to ensure that all complaints are processed in a timely and appropriate manner.