Privacy Policy and Data Protection
Privacy Policy
Updated 5 April 2024
This privacy policy applies to the processing of personal data in connection with products and services owned and operated by IPRally Technologies Oy (“IPRally” or “we”). IPRally is committed to protecting your privacy and complying with applicable data protection and privacy laws, such as the General Data Protection Regulation (2016/679). This Privacy Policy (“Policy”) is designed to help you understand what kind of information we collect and how we process and use such information.
The Policy covers how IPRally handles personal information, meaning information relating to an identified or identifiable individual, i.e. a natural person (“Data Subject”). This Policy applies to personal data ("Personal Data") collected in connection with the products and services offered by IPRally, www.iprally.com website and interactions related to our service or website such as customer support, customer events, or promotions and campaigns and usage information from such interactions, products, services, events, promotions and campaigns.
Information We Collect
Contacting us on the website. You can contact us on the www.iprally.com website by providing your e-mail address. The e-mail address is used to allow us to contact you for offering or negotiating about the services requested and can be added to a mailing list and/or used for subsequent marketing purposes.
Registering to services and providing products and services. When you register for our services, we may ask you to provide us with certain information such as your name, email address, passwords and other such credentials that are used to authenticate users and to validate their actions or that may be needed to provide you with the products and services you have requested or to communicate with you.
Newsletter and other marketing materials requiring a subscription. When you sign up for our regular newsletter or another service requiring giving your e-mail address, we shall send you newsletter(s) (based on your consent) or communications regarding products that may be of interest to you. If you no longer wish to receive these communications, you can follow the unsubscribe instructions contained in each of the email communications you receive.
Recipients
For the purposes stated in this Policy, the Personal Data may be disclosed, or the access may be granted, when necessary, to selected third parties, such as third-party service providers.
Planhat. We may use the Planhat AB ("Planhat") technology to proactively support our customers when it comes to usage, feedback and any other feature and/or product related feedback. This enables us to optimize product features, measure user behaviour and better understand how users interact with the product. Through Planhat, IPRally might conduct customer focused surveys during the duration of the agreement.
Intercom. We use Intercom, Inc. ("Intercom") technology to provide support and information for website visitors and product users. This enables us to serve customers quickly and to maintain up-to-date product documentation.
Adroll. We may use NextRoll, Inc. (“Adroll”) technology to automate our marketing tasks, in particular to show you retargeted ads. Adroll shows the targeted ads through use of cookies that are being stored on each page visit by you. Adroll collects data to show you retargeted ads to promote our product and services and to better show you ads that match your interests. You can opt-out from use of your Personal Data for retargeting by visiting this link.
Mailgun. We may use Mailgun Technologies, Inc., a Delaware corporation (“Mailgun”) to communicate with our users.
Hubspot. We may use Hubspot, Inc. (“Hubspot”) to communicate with our newsletter subscribers and users, to manage our marketing and sales process, and for website analytics. Hubspot uses cookies. You can prevent storage of cookies by appropriately setting your browser software.
Slack. We may use Slack Technologies, LLC (“Slack”) to get notifications from some of the above-mentioned services to improve customer journeys and our service and support level. The notifications may include Personal Data, which are stored by Slack and are subject to their technical and organizational data security measures.
Zapier. We may use Zapier, Inc (“Zapier”) technology to connect some of the above mentioned services together in an automated fashion.
Auth0. We may use Auth0 by Okta, Inc. (“Auth0”) to add authenticate and authorize users and services to our application and services.
Google reCAPTCHA. We may use Google reCAPTCHA by Google Inc. (“reCAPTCHA”) technology to detect abusive traffic on our website and to protect the website from spam.
Google Analytics. We may use Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses cookies. You can prevent the storage of cookies by appropriately setting your browser software. In addition, you can prevent data generated by the cookie and relating to your use of the website (including your IP address) from being collected and processed by Google, by downloading and installing a browser plug-in from the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Purposes and Legal Bases of Processing
Provision of products and services. We may process and use Personal Data to provide you with the product or service you have requested, fulfill your other requests, process your order or as otherwise may be necessary to perform or enforce the contract between you and IPRally. We may also process and use your Personal Data to ensure the functionality and security of our products and services, to identify you, and to prevent and detect fraud and other misuses. The legal basis for the above-mentioned processing is the contract or its preparation, or our legitimate interest.
Development of products and services. We may process and use your Personal Data to develop our products and/or services. However, for the most part we only use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. We may also process and use your Personal Data to personalize our offerings and to provide you with services more relevant to you, for example, to make recommendations and to display customized content. The legal basis for the above-mentioned processing is our legitimate interest.
Communicating with you and marketing. We may process and use your Personal Data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your Personal Data for marketing. Marketing purposes may include using your Personal Data for personalized marketing or research purposes in accordance with applicable laws. The legal basis for the above-mentioned processing is our legitimate interest or your consent.
Complying and fulfilling our legal duties and obligations. We may process and use your Personal Data to fulfill our legal obligations, such as tax law and accounting related obligations based on statutory obligations.
Establishing, exercising, or defending against legal claims. We may process and use your Personal Data to establish, exercise or defend against legal claims. The legal basis for the above-mentioned processing is our legitimate interest.
For processing activities that are based on a legitimate interest, we have carefully balanced such legitimate interest with your right to privacy and concluded that our interest outweighs your Data Subjects’ rights and freedoms.
Where the processing is such that a consent is required by the applicable legislation, we will state so and obtain the consent, and this will be the legal basis for the processing. However, you have the right to withdraw that consent any time, without affecting the lawfulness of processing based on consent before its withdrawal. If such withdrawal means that we are no longer able to provide our services, we may cease to provide the services.
Data Retention
We will retain your Personal Data for as long as needed to provide services to you. After such reason no longer exists, we shall retain the Personal Data for a maximum of twelve months plus an ordinary backup storage period, unless otherwise explicitly agreed.
In general, we retain Personal Data only for a period that is necessary to achieve the purposes for which Personal Data is processed, unless there is a legal obligation to retain Personal Data for a longer period of time (for example, responsibilities and obligations under specific legislation, accounting or reporting obligations). We may retain Personal Data for a longer period of time if it is required, for example, to exercise a legal claim, to defend a legal claim, or to settle a similar dispute or in order to enforce our agreements.
We evaluate the necessity and accuracy of the Personal Data on a regular basis and endeavor to ensure that the incorrect and unnecessary Personal Data are corrected or deleted.
Detailed data retention times can be provided upon request.
Data Security
IPRally implements appropriate technical and organizational security measures to prevent and minimize risks associated with providing and processing your Personal Data.
Such security measures include, where appropriate, the use of firewalls, secure server facilities, encryption, implementing proper access rights management systems and processes, careful selection of processors, sufficient training of personnel involved in the processing, and other necessary measures to provide appropriate protection for your Personal Data against unauthorized use or disclosure. Where appropriate, we may also take backup copies and use other such means to prevent accidental damage or destruction of your Personal Data.
All traffic is encrypted using Secure Socket Layer technology (SSL) or other encrypted tunnels.
We restrict access to Personal Data only to authorized personnel, contractors and agents who need to know that information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
Transfers Of The Personal Data
We may disclose your Personal Data to third parties solely as stated below in this Policy, or as obligated by mandatory law.
International transfers. Our main principle is that your Personal Data is processed within the European Union (EU) or the European Economic Area (EEA). However, some of the service providers used by us may operate outside the territory of the EU/EEA and thus, your Personal Data can be transferred outside the EU/EEA.
In case Personal Data is transferred outside the EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as Standard Contractual Clauses (SCC) adopted, including any supplementary measures, where assessed to be necessary, or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.
The servers directly used by IPRally are located in the European Union. However, some service providers may use servers located outside the EU/EEA.
Service Providers. From time to time, IPRally may contract with third parties to perform functions necessary for its research operations and, under the terms of those contracts, may transfer Personal Data to those third parties. IPRally requires any such third party to maintain the confidentiality of such Personal Data. We use other third parties such as an email service provider to send out emails on our behalf. When you sign up for our services, we will share your Personal Data only as necessary for the third party to provide that service. We also use third parties to assist us in selling our services.
Other disclosures. We may disclose and otherwise process your Personal Data in accordance with applicable laws to defend IPRally’s legitimate interests, for example, in civil or criminal legal proceedings.
The Personal Data may also be disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety and usability of the products and services. In the event of emergencies or other unexpected circumstances, we may be required to disclose the Personal Data in order to protect human life, health and property.
Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise reorganize our business, this may involve us disclosing Personal Data to prospective or actual purchasers and their advisers, or receiving Personal Data from sellers and their advisers, for the purposes of such transactions.
Social Media Features. Our website and some surveys may include social media features. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features are hosted by a third party. Your interactions with these features are governed by the privacy policy of the company providing them.
Use Of Cookies
IPRally may use cookies primarily to identify returning users from the same computer and ensure the integrity of its research. As part of its basic uses of Internet technology to provide surveys, IPRally also collects technical information such as: respondent IP address; the date and time and respondent HTTP request headers. IPRally also uses third-party analytical cookies for tracking web traffic and usage.
If you wish to disable cookies, or want to be notified before they are placed, you may do this in the cookie settings in the cookie banner. However, we may not be able to provide certain services or you may not be able to view certain parts of this website if you have disabled cookies.
Some of our business partners whose content is linked to or from our website may also use cookies. However, we have no access to or control over these cookies.
Your Rights
You, as a Data Subject, have several rights under applicable data protection laws.
Right of access and right of inspection
You have the right to obtain confirmation as to whether or not Personal Data concerning you is being processed.
You have the right to inspect and view Personal Data concerning you and, upon request, the right to obtain data in a written or electric form. This applies to information that you have provided to us insofar the processing is based on a contract/consent.
Right to rectification and right to erasure
You have the right to demand the rectification of incorrect Personal Data concerning you and to have incomplete Personal Data completed.
You have the right to require us to delete or stop processing your Personal Data, for example where the Personal Data is no longer necessary for the purposes of processing.
However, please note that certain Personal Data is strictly necessary in order to achieve the purposes defined in this Policy and may also be required to be retained by applicable laws.
Right to data portability
You have the right to receive the Personal Data that you have provided to us in a structured, commonly used, and machine-readable format and, if desired, transmit that data to another controller. The right to data portability applies to the processing of personal data based on consent or a contract.
Right to restriction of processing
You have the right, under conditions defined by data protection legislation, to request the restriction of processing of your Personal Data. In situations where Personal Data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, we will limit the access to such data.
Right to object to processing
You have the right to object to the processing of your Personal Data where we are relying on our legitimate interests as the legal ground for processing. For example, you may object to your Personal Data being used for marketing purposes.
Right to withdraw consent
In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time.
Exercising rights
In case you wish to make use of your rights mentioned above, you may, as appropriate and in accordance with applicable laws, exercise such rights by contacting us through the contact points referred to in the marketing materials or below in this Policy. In some cases, especially if you wish us to delete or cease the processing of your Personal Data, this may also mean that we may not be able to continue to provide the services to you.
Complaint To The Supervisory Authority
In the event you consider our processing activities of your Personal Data to be inconsistent with the applicable data protection laws or that IPRally has not sufficiently ensured the realization of your rights, you may lodge a complaint with the local supervisory authority responsible for data protection matters.
The relevant authority in Finland is the Data Protection Ombudsman (http://www.tietosuoja.fi).
Notification Of Changes
If we decide to change our Policy, we will post these changes to the IPRally website. We reserve the right to modify this Policy at any time, so please review it frequently. If we make material changes to this Policy, we will notify you here, by e-mail, or by means of a notice on our website prior to the change becoming effective.
If you have any questions or comments about this Policy, or the practices of this website, or unresolved privacy and data use concerns, please contact IPRally by e-mailing support@iprally.com.
The data controller responsible for the purposes of the applicable data protection laws is:
IPRally Technologies Oy (registered in Finland, business ID: 2901197-7)
Mikonkatu 15 A
00100 Helsinki