12.12.2022
Valamis Group Oy ("us," "we," or "our") operates the Valamis product (the "Service"). We act as a processor for our Customer ("Customer"), who acts as the controller of personal data. The user ("you") act as an employee of the Customer.
This Privacy Policy describes our default policy regarding the collection, use, and disclosure of User personal data when you use our Service, as required by EU Regulation 2016/679 (EU GDPR).
Service contains:
- Use of Services’ website, application interfaces, and reporting capabilities.
- Use of the Services’ integrated Teams application
- Use of the Services’ integrated Android and iOS Mobile applications.
By using the Service, you agree to us collecting and using your data per this policy. Personal data is used for providing and improving the Service. We do not sell your personal data to third parties.
Data transfer to external parties will only take place when:
- it is necessary for the implementation of the Service
- it is necessary with our usage agreement with Customer
- we are legally obliged to do so
- it is necessary to enforce our general conditions of use, agreements concluded with Customer as well as our rights and demands.
Information we collect and use
We collect your information from Customer, for use of our Service, as described below.
Personal Data we collect, store, and use, are:
- Your User personal profile data, first name, last name, Customer email address, and your IP -address.
- Your learning actions as User: joining events, learning paths, courses; lesson attempts and results; user competences, etc.
- Your activities such as achieving certificates, publishing and sharing content, and commenting.
Logging
We collect information that your browser sends whenever you visit our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
We collect logs for events happening in the Service application. These logs contain references to Personally identifiable information to enable us to comply with EU GDPR regulations in terms of Audit Log.
How we use Cookies
Cookies are files with a small amount of data, which may include a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive.
Customer has subscribed Valamis as a Service for your use, by using the Service, you agree to store the cookies in your browser.
Service does not contain other than essential cookies unless there is an agreement with Customer to use non-essential cookies as part of Customer’s agreement with Valamis.
International Transfer
Your information, including Personal Information, may be transferred to the computers of Valamis service providers (“sub-processors”). These service providers can be located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.
If you are located outside of the EU and choose to provide information to us, please note that we might transfer the information, including Personal Information, to the EU and process it there. Your consent to this Privacy Policy, followed by your submission of such information, represents your agreement to that transfer.
If you are located in the EU, we use standard contractual clauses with the Customer when the Service is initiated for your use.
Service Providers
We employ third-party companies to facilitate our Service. These third parties have access to the service only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We have signed data protection agreements from these providers.
The service providers we use are:
- Microsoft, Azure, multiple services used as the main workload- and storage platform of this Service
- Fastly Inc., used as the global content delivery network, cache, and provider for public files from Service.
- Flowmailer BV, used as the email gateway platform for email notifications from the Service to you.
Compliance with Laws
We may disclose your Personal Data, where required to do so by law or subpoena or to protect the security or integrity of our Service with GDPR supervisory authority.
Business Transaction
If we are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice to the Customer before your Personal Data is transferred and becomes subject to a different Privacy Policy.
Security
We maintain the appropriate technical and organizational security measures to protect the Personal Data within our area of responsibility to protect your Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. The technologies used for Personal Data security include a detailed role-based permission management system, strong one-way password hashing, configurable password policies, SSO integration, disk-based encryption, and the latest TLS encryption for service data in transit. Further security improvements are continuously investigated and implemented.
Our employees, authorized to process Personal Data, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. Authorizations to operate on the Service are personal and automatically revoked. All operations communications between Service and Valamis staff are encrypted.
Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Minor subject's privacy
With the consent of parents or guardians, we may collect personally identifiable information from children under 16 if they are registered users of the Service. If we become aware that we have collected Personal Information from a child under the age of 16 without verification of parental consent, we will take steps to remove that information from our servers.
Privacy Policy Updates
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this document.
Contact Us
You have the right to amend or update inaccurate or incomplete personal data, request deletion of your personal data, or request that we no longer use it. You may submit a request for access (i.e., request information on personal data collected, used, disclosed, or processed by us), as well as a request for rectification, erasure, or object to our processing of your personal data.
To use your rights regarding GDPR issues, please contact your employee representative of Valamis Service.
If you have any questions about this Privacy Policy, please contact us. Valamis Group's contact address for GDPR-related information is gdpr@valamis.com.