CONTRACTZEN PRIVACY POLICY

1 INTRODUCTION

ContractZen Oy (“ContractZen”, “we”, “us”, “our”) is committed to protecting your privacy and to complying with applicable data protection and privacy laws. Throughout this Privacy Policy the term “personal data” means information relating to an identified or identifiable individual (i.e. a natural person).

This Privacy Policy applies to personal data collected in connection with the ContactZen cloud service, however accessed and/or used, whether via personal computers, mobile devices such as mobile device applications or otherwise (the “Service”). This Privacy Policy is a part of the ContractZen General Terms and Conditions.

With the Service you can manage contracts and corporate documentation of a company. By using this Service and/or by submitting personal data to the Service, you express your consent to the processing of personal data about you in the manner provided in this Privacy Policy. If you do not agree with the terms and conditions of this Privacy Policy, please do not use the Service or provide us with personal data about you.

Please acknowledge that this Privacy Policy applies to personal data that is processed by ContractZen as a data controller. It does not apply to any personal data you submit, store or process in the Service utilising the functionalities of the Service. With respect to such personal data, you (or your employee or another entity subscribed to use the Service) act as data controller under applicable data protection laws and ContractZen acts as a data processor for the purposes of providing the Service. The processing of personal data in such case is not controlled by us, and you (or your employee or another entity subscribed to use the Service) are solely liable for appropriate and legal processing of personal data in such case. Moreover, this Privacy Policy does not apply to any links to any third parties’ websites and/or services which you may encounter when you use the Service. The collection, use and disclosure of any personal data by any third parties will be subject to such third parties’ applicable privacy policies. We encourage you to carefully familiarize yourself with privacy policies applicable to any websites and/or services operated by third parties. Please be aware that we are not responsible for the privacy practices of any third parties.

2 THE DATA WE COLLECT

2.1 Data You Provide

When you use the Service, we collect data that you provide to us directly. For example, when you use or register for the Service, we may ask you to provide us with registration information, such as your name, email address, as well as user names, passwords and other such credentials that are used to authenticate users and to validate their actions or that may be needed to provide you access to the Service.

Moreover, we may collect or ask for information relating to your purchase and/or use of the Services and other interactions with us. Such information may include, for example, details of the queries or requests you have made, financial details (including payments made, credit card details, billing address, credit checks and other such financial information), details of agreements between you and ContractZen, records of contacts and communications, information and details relating to the content you have provided us with and other such transactional information.

2.2 Data Collected Automatically

Certain information may be collected automatically as a standard part of your use of the Service. Such information includes, for example, your IP-address, access times, the website you linked from, pages you visit, the links you use, the ad banners and other content you viewed, information about your devices such as (but without limitation) device type and model, unique ID and operating system version of the device, and other such technical information your browser provides us with or as may be otherwise collected in connection with certain products or services. When you use the Service or otherwise interact with us over telecommunications networks, certain additional information, such as your mobile subscription number, may be transmitted to us by the telecommunications operator as a standard part of that communication.

We may place a “cookie” on the hard drive of the device that you use to access the Service. Cookies are text files that are saved on the hard drive of your device by means of your browser, enabling us to recognize your browser type and version for purposes such as saving your preferences and directing relevant content to you. Most of the currently available browsers give you the option of managing cookies by, for example, disabling them entirely, accepting them individually, and deleting saved cookies from your hard drive. We would like to remind you that if you completely disable cookies on your browser, you might not be able to use some features of the Service . Please also note that if you use the Service on a mobile device, we store data from the Service in your device’s local storage for caching purposes.

We may use third party data analytics service providers, such as Google Analytics and Microsoft Azure Application Insights analytics tools, which help us understand usage patterns of the Service. We may permit these service providers to use cookies and other technologies to perform their services for us. Usage information and personal data are stored by such service providers and are subject to their privacy policies. The current list of data analytics service providers we use in connection with the Service can be requested from us at any time by contacting us at contact@contractzen.com.

3 THE PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA

Your personal data may be processed for following purposes and to the extent necessary for that purpose:

(i) to set up and maintain your registration with the Service and to fulfil your requests;

(ii) to provide features available in the Service;

(iii) to ensure the security of the Service;

(iv) to operate, manage, develop and improve the Service;

(v) to personalize the Service;

(vi) to communicate with you; and

(vii) to audit and analyze the Service, including analyzing trends related to the use of the Service;

(viii) to process any transactions you may enter into in the Service;

(ix) for market research and direct electronic marketing in accordance with applicable law;

(x) to ensure the technical functionality and security of the Service;

(xi) to protect our rights and/or our property and to prevent and investigate fraud and other misuses; and

(xii) to comply with any mandatory legal requirements and/or in connection with law enforcement or other civil or criminal legal proceedings.

The legitimate grounds for processing your personal data are either compliance with the agreement entered into between us and you, our legitimate interest, compliance with legal obligations to which we are subject or your consent as further described in the examples below.

• Contractual obligations: Processing of your personal data to certain extent is necessary to enable us to fulfil the agreement we have concluded with you. For example, when you subscribe to our Service, it is necessary for us to process your personal data so that we can carry our contractual obligations so that you can use the Service.
• Our legitimate interest: We process your personal data based on our legitimate interest in particular to improve, audit and analyze the Service as well as for administrative purposes and to preventing and resolving possible misconduct.
• Consent: Based on your consent, we can process your personal data to sending you direct electronic marketing.

The provision of your personal data as described in this Privacy Policy is partially a contractual requirement. For example, when you subscribe to the Service, you are required to provide us with certain personal data for processing purposes specified in this Privacy Policy. Failure to provide us personal data may prevent us from performing our contractual obligations, which may lead to you being unable to use our Service.

4 SHARING YOUR PERSONAL DATA

We do not sell, lease, rent or otherwise disclose personal data about you to unauthorized third parties without your explicit consent unless expressly otherwise stated below.

We may provide personal data about you to third parties who work on our behalf for the above purposes. Such parties are not permitted to use personal data about you for other purposes, and we require them to act consistently with this Privacy Policy and to use appropriate security measures to protect personal data about you.

The Service is provided using resources locating in Azure data center in the Netherlands and ContractZen does not transfer your personal data outside the European Economic Area (EEA). However, some features of the Service you may choose to use may enable personal data about you to be transferred to third party service providers, such as payment processors and service providers providing e.g. electronic signature services. Such third party service providers may be located anywhere in the world, and thus personal data about you may be transferred across international borders outside the country of your residence and/or the country where you use our Service, including to countries outside the European Economic Area that do not have similar laws providing specific protection for personal data or that have different legal rules on data protection.

We may be obligated by mandatory legislation to disclose personal data about you to certain authorities, such as law enforcement agencies. We may also process personal data about you in case needed to defend our legitimate interests in civil or criminal legal proceedings or to prevent and investigate fraud and other misuses.

We may transfer, assign and disclose personal data about you to our subsidiaries and affiliates or a subsequent owner, co-owner or operator of the Service and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all of our stock and/or assets or in connection with bankruptcy proceedings or other corporate reorganization, in accordance with this Privacy Policy.

Moreover, we may disclose information to third parties in an aggregate and/or anonymized format that does not constitute personal data and does not allow the identification of individual users.

5 SECURITY OF YOUR INFORMATION

We recognize our responsibility to protect the personal data and other information you have provided us. We take reasonable technical and organizational information security measures to safeguard personal data about you against loss and misuse, as well as unauthorized access. Despite these efforts to store personal data collected in and through the Service in a secure operating environment that is not available to the public, we cannot guarantee the security of personal data during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third-parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against, loss, misuse, or alteration by third parties.

6 YOUR RIGHTS

In case you wish to know what personal data we hold about you, you may, as appropriate and in accordance with applicable law, exercise such rights by contacting us through the contact points referred to below.

Also, in case you wish to rectify any incomplete, incorrect or outdated personal data, you may, as appropriate and in accordance with applicable law, exercise such rights by contacting us through the contact points referred to below.

You also have the right at any time to request us to erase personal data concerning you and processed by us and we are obliged to erase the data if there is no longer a legal ground for processing the data.

Also, in some cases, you have the right to object to the processing of your personal data if the data has been processed on the basis of our legitimate interest, and we are obliged to stop processing such personal data unless we can demonstrate compelling legitimate grounds for further processing of such personal data. You have also the right to opt out of receiving electronic direct marketing communications from us. All electronic direct marketing communications that you may receive from us, such as e-mail messages and SMS-messages, give you an option of not receiving such communications from us in the future. If you have any additional questions about electronic direct marketing received from us, please contact us through the contact points referred to below.

In addition, you as a data subject have the right to file a complaint with the competent supervisory authority regarding our processing of personal data.

7 CHILDREN’S PRIVACY

The Service is not directed to children younger than thirteen (13) years of age. We do not intend to collect personal data from children under 13. If you are under 13, please do not use the Service and do not send any information about yourself to us.

8 THE CONTROLLER OF YOUR PERSONAL DATA AND CONTACT DETAILS

Your personal data is controlled by ContractZen Oy, Eteläesplanadi 2, 00130 Helsinki, Finland, contact@contractzen.com.

9 CHANGES TO THIS PRIVACY POLICY

ContractZen may from time to time change this Privacy Policy or change, modify or withdraw access to this site at any time with or without notice. However, if this Privacy Policy is changed in a material, adverse way, ContractZen will post a notice advising of such change at the beginning of this Privacy Policy and in the Service. We recommend that you revisit this Privacy Policy from time to time to learn of any changes to this Privacy Policy. Your continued use of the Service following any changes to this Privacy Policy constitutes your acceptance of any such changes made.