Privacy Policy

In the Privacy Policy (“Privacy Policy”), we describe how we collect and process your personal information as part of Kotopro services and marketing. We also tell you what kind of information we collect, how it is processed and what rights you have.

This Privacy Policy has been prepared in accordance with the EU General Data Protection Regulation (“GDPR”).

The Privacy Policy applies to all registered and added users of the Service, visitors to our website, and anyone else whose personal information we have collected from other sources.

Contact details of the Data Controller

Kotopro Oy
Läkkisepäntie 23, 00620 Helsinki, Finland

Contact details of the Data Protection Officer

Ville Kaksonen
Chief Technology Officer
+358 50 346 3359

The information we collect

  • User Account information such as name, email address, password, profile picture and organization you are a user of, as well as other information that you can add to your user account.
  • Invoicing information, contract information, and other information and settings of your organization.
  • Automatically collected information that we receive when you use our services, such as devices you use, browsers, IP addresses, as well as activity logs and usage activity information.
  • Contact information that we may collect from public sources or our partners, or that you provide to us in other contexts.
  • Emails and other information when you are in contact with us, and related additional information such as timestamps and notes.
  • Contact information of carefully selected companies and their employees. These persons are selected on the basis of their position and role in the company.

We use information

  • To provide the Service in accordance with the General Terms and Conditions.
  • To provide customer service, support and training.
  • To communicate and inform in the service.
  • In sales and marketing of services.
  • For service development, troubleshooting, and usage analysis
  • Implementing security.

Disclosure of information to third parties

  • Network identifiers of visitors to our website, such as the IP address and unique cookies, may be disclosed to our trusted partners for the purpose of targeting and measuring online advertising.
  • When you use the Kotopro services, some of your user account information, such as your name and email address, will be shared with the administrators of your organisation, and also to other users and organisations of the service when the content you use is shared among multiple participants.

Data transfer outside the EUEEA

We use subcontractors and partners who process the data on our behalf to provide the service, allowing personal data to be transferred to the countries where the data is processed. Personal data may also be transferred outside the EU/EEA. All our partners comply with GDPR requirements for data transfers outside the EU/EEA.

Legal basis for the use of the data

  • Agreement when the information is used to provide the service to users who are logged in to the service and have a valid username.
  • The legitimate interest of our or any third party, when the data are used for information, customer service, service development, diagnostic tools or implementation of information security.
  • Consent when information is used for direct marketing.
  • We also collect contact information of carefully selected companies and their employees. These persons are selected on the basis of their position and role in the company.

Data retention period

As a general rule, data will be kept for as long as the legal bases for processing the data for that purpose remain in force. We regularly delete information that is no longer necessary.

You have a right to

  • Request access to personal information about you and the right to request that such information be rectified or deleted.
  • Request or restrict processing and the right to transfer data from one system to another.
  • Cancel consent-based data processing.
  • File a complaint with the data protection authority.

Processing of data when we are not the controller

Content you add, such as text annotations, images and attachments, and any other content you add while using the Service, the purposes and means of which are not defined by us, will be treated as personal information in accordance with GDPR. In this case, the responsibility of the data controller lies with the organisation that is the adder or owner of that content on the service.