Updated on 9th of April 2021

1 Controller

Framery Oy (“Framery” or “we”)

Patamäenkatu 7, 33900 Tampere, Finland

+358 40 7239995

security@frameryacoustics.com

2 Contact person for Privacy Notice matters

Veikko Lindberg

Patamäenkatu 7, 33900 Tampere, Finland

+358 50 5406887

veikko.lindberg@frameryacoustics.com

3 Scope of Framery Online Services and this Privacy Notice

This privacy notice (“Privacy Notice”) describes how Framery processes personal data of its users of Framery Online Services. Framery Online Services consist of separate services for different use cases. Additionally this Privacy Notice describes how Framery Online Services use cookies and similar techniques to gather technical and browser information.

Framery Online Services consist of:

Framery websites located in URLs https://www.frameryacoustics.com and https://www.clubframery.com (“Website”)

Framery product configurator and dealer portal located in URL https://configurator.frameryacoustics.com (“Portal”)

Framery 360 portal located in URL https://360.frameryacoustics.com (“360 service”)

Framery Connect online service located in URL https://connect.frameryacoustics.com (“Connect service”)

Framery Service Tool located in URL https://service.frameryacoustics.com (“Service Tool”)

In this Privacy Notice, the word “Services” refers jointly to the Website, the Portal, the Connect service, the 360 service and the Service Tool. In this Privacy Statement, the word “User” or “you” refers jointly to the representatives and other authorised users of our customer organisations and potential customer organisations (“Customer Organisation”) and the visitors of our Website.

4 Personal data processed

“Personal Data” is data that can be used to identify you or data that can otherwise be linked to you. We mainly collect and process two types of data, User data and Analytics Data.

4.1 User Data

User Data is Personal Data collected directly from you or from our Customer Organisation on behalf of which you are using the Services. We collect User Data from our Users and Customer Organisations when the Customer Organisation concludes a product purchase agreement with us or a service agreement regarding the use of the Portal, the 360 service or the Connect service or when a User gives us Personal Data by filling in a form on our Website or in any of our Services. Furthermore, we collect pseudonymised Personal Data when you use our Services on behalf of a Customer Organisation e.g. when making a Pod reservation through the Connect service.

After the conclusion of an agreement between Framery and the Customer Organisation, the Customer Organisation or the User provides us with Personal data of the User using our Services on behalf of the Customer Organisation.

We mainly process the following types of your Personal Data that is necessary for the use of our Services:

  • basic information, such as your name, your contact information (email address, address, phone number(s)), your employer, your title or position
  • log-in information, such as username and password
  • any other information relating to you which you may provide to us.

4.2 Calendar User Data

To enable all the features of Framery Online Services, our customer organization’s administrator may need to give us certain permissions in the organization’s calendar system. We will need a permission to read and edit calendar events, create calendar resources, and when necessary, create an event organizer user. These permissions are required to enable the following features:

  • Our pods will show the calendar event information on the pod’s display.
  • Pod will display the remaining time of the user’s reservation.
  • Users can create buildings and calendar resources in Framery Connect and link them to Framery pods.

User data from calendar system associated with calendar events might be transferred to Framery Online Services but this data will not be stored in a way where Framery can identify the identity of the user. We will not permanently store on our servers any calendar or event information. User’s calendar data is not shared with any third parties.

4.3 Analytics Data

In addition to the User Data collected, we may also collect Analytics Data. Analytics Data is data that accumulates from the User’s use of our Services. Analytics Data may sometimes identify a User when processed alone or combined with User Data. When this is the case, we will treat Analytics Data as Personal Data. We may automatically collect the following Analytics Data when the User visits or interacts with our Services:

  • IP address
  • device and device identification number
  • browser type and version
  • Internet service providers
  • time and date spent using our Services
  • duration and sites visited using our Services
  • internal user identification of the User if it is logged in to our Services

4.4 Cookies

Framery tracks the behaviour of the User with cookies. We use Google Analytics, Facebook Pixel, Leadfeeder, Hotjar and Sentry to analyse this data. These services do not enclose Personal Data of Users to Framery as they only aggregate the data into analyses of Users and their behaviour when using the Services.

Framery uses Facebook and LinkedIn services for online marketing. If a User who visits Framery’s website is logged in to their Facebook or LinkedIn accounts then this fact can be used for targeting ads of Framery’s products to the User when he/she uses these services.

A consent for using the cookies mentioned above is requested when the User enters the website for the first time. The User has the right to withdraw his/her consent without an effect on the legal grounds of processing before the withdrawal at any given time. You can Change your consent or Revoke your consent. To review your consent status and the description of different cookies in use, please visit this page.

Framery uses Salesforce technology to provide the 360 service.

More information about the privacy of Google services is available here: https://policies.google.com/privacy?hl=en

More information about the privacy of Facebook services is available here: https://www.facebook.com/full_data_use_policy.

More information about the privacy of LinkedIn services is available here: https://www.linkedin.com/legal/privacy-policy .

More information about the privacy of Hotjar is available here: https://www.hotjar.com/privacy

More information about the privacy of Leadfeeder is available here: https://www.leadfeeder.com/privacy/.

More information about the privacy of Salesforce is available here: https://www.salesforce.com/company/privacy/.

More information about the privacy of Sentry is available here: https://sentry.io/privacy/.

5 The purpose and legal grounds for processing data

5.1 Purposes for processing

We process your Personal Data for several purposes, depending on the Services you are using.

We process your Personal Data in order to provide the Services to our Customer Organisations for which you are a contact person or authorised user of the Services, and to carry out our contractual obligations provided under the agreement between Framery and the Customer Organisation for which you are the contact person. We collect and process your Personal Data e.g. if you contact us on behalf of the Customer Organisation and in order to give you, when acting on behalf of the Customer Organisation, access to our Services. Furthermore, we process Personal Data for purchasing and invoice management and for improving and marketing our Services.

5.2 Legal grounds for processing

We process your Personal Data in order to pursue our legitimate interest to run, maintain and develop our business, to create and maintain customer relationships, and perform our contractual obligations towards the Customer Organisation on which behalf you use our Services. If you are an individual contacting us through the contact form on our website and subscribing to our marketing communications, you can opt-out from our marketing communications at any time by clicking “unsubscribe” at the bottom of the email.

6 Regular disclosures of data and transfer of data outside the EU or the EEA

Framery may disclose Personal Data to third parties, such as Framery’s resellers or subcontractors, when such third parties perform services on Framery’s behalf. However, such third parties are obliged to process the Personal Data only on our behalf and for the abovementioned purposes only.

The Personal Data we process is not regularly transferred outside the EU or the EEA. However, if we transfer your personal data outside the EU or the EEA, such transfer will be performed subject to appropriate safeguards required by applicable data protection laws.

7 Principles of register protection and period of data storage

Framery uses different technical and organisational security measures in order to protect your Personal Data against unauthorised or unlawful processing, accidental loss or destruction, or damage in accordance with our internal security procedures covering the storage and destruction of Personal Data as well as access to Personal Data. Only the employees who need to process your personal data for the purposes mentioned above are entitled to access the system containing Personal Data. Each employee has a personal username and password to the system. The Personal Data is collected to databases that are protected by firewalls, passwords and other technical means.

Personal data is stored for the purposes mentioned above as long as we have a meaningful business contact or contractual relationship with the Customer Organisation, or as may otherwise be required by law.

We regularly evaluate the necessity of data storage taking into account the applicable legislation. Additionally, we take reasonable measures to ensure that Personal Data that is incompatible, outdated or incorrect concerning the purpose of processing the data is not stored, but rectified or removed without delay.

8 Rights of the User

8.1 Right of access by the User

You have, upon a request, the right obtain a copy of your personal data.

8.2 Right to rectification

You have the right to obtain from Framery the rectification of inaccurate personal data concerning you, without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

8.3 Right to erasure

The GDPR also provides our Users a right to have their information erased from our database under certain conditions.

8.4 Right to object or restrict processing

You have the right to object to the processing of your Personal Data if Framery processes the Personal Data for public interest or authority or on the basis of a legitimate interest. Legitimate interest refers to, e.g., a situation in which Personal Data is used for direct marketing.

You also have the right to request the restriction of Personal Data processing if the data is incorrect or processed illegally, if Framery does not require the data for the original purpose but you require it for the establishment, exercise, or defense of a legal claim, or if you have objected to the processing of your Personal Data but the final decision is still under consideration.

The notification concerning the objection or the request for the restriction of processing must be submitted to the contact person indicated above in this Privacy Notice. The User has a right to obtain from Framery restriction of processing. In case, there is no situation where restriction would be in use, the registrant may use the right to erasure instead.

8.5 Right to data portability

The User has a right to receive the Personal Data concerning him or her from the controller in a commonly used format in order to transmit that data to another controller. The data subject also has the right to have the Personal Data transmitted directly from one controller to another, where it is technically feasible. This right applies only when the processing of data has either been based on consent or a contract and through automated processing of Personal Data.

8.6 The User’s right to file a complaint with the supervisory authority

The User has the right to file a complaint with the supervisory authority particularly in the member state where they reside or work permanently or where the alleged GDPR infringement has taken place. In Finland, the supervisory authority is the Data Protection Ombudsman (Tietosuojavaltuutettu) https://tietosuoja.fi/voiko-tietosuojavaltuutettu-auttaa-oikeudet.

9 Rights of California residents

The California Consumer Privacy Act (CCPA) requires Framery to disclose if it sells Personal Data. Framery does not sell any Personal Data to third parties. Information of what data is processed and how it is processed among our online services is disclosed in section 4.

In case you are a California resident, CCPA states that you still have the right to opt-out of Framery selling your Personal Data to external parties, in addition to disclosure and/or deletion of any of your Personal Data from Framery. Requests concerning the matter shall be delivered personally or in writing to the contact person referred to in section 2.