Privacy Policy

Owned by Matti Kiviharju
Last updated: Feb 28, 2024
13 min read

Who we are

i4ware Software (“i4ware”) provides services and products for Application Lifecycle Management and Software Development.

i4ware respects the privacy of individuals and thereby we want to give individuals using our services information concerning our data processing activities in a transparent manner. This Privacy Policy describes how i4ware collects, uses, stores, shares and protects your personal data under i4ware’s services and products and on our website www.i4ware.fi (collectively, the “Services”). i4ware is committed to comply with the obligations related to processing of personal data under the applicable data protection legislation.

To achieve this goal, the information presented in this i4ware Privacy Policy is provided using as clean and plain language as possible. However, should you have inquiries or questions regarding our data processing activities or the information presented in this Privacy Policy, please feel free to contact us at the “Contact Us” page on our website or by sending an email to info@i4ware.fi.

This Privacy Policy does not apply to third parties and their actions that i4ware does not own or control, including, but not limited to, any third-party websites, services and applications that you access through i4ware’s service or website.

Legal basis for processing personal data

In order to provide you certain features of the Services, i4ware processes your personal data. Depending on the circumstances, processing is necessary for the purposes of legitimate interests pursued by i4ware, or for the performance of a contract, or is based on your consent.

You have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. You may withdraw your consent by informing i4ware thereof to address info@i4ware.fi.

Purposes of processing personal data

The personal data that you share with our Services may be used by i4ware for the following purposes:

  • To operate business and provide the Services to users, individuals and customers;

  • To deliver the Services and allow you access and right of use to the Services;

  • To operate, audit, analyze, develop, improve, manage and protect the Services;

  • For statistical and research purposes in accordance with applicable law;

  • To personalize experiences on the Services;

  • To communicate with you and respond to your requests.

i4ware may also collect technical data and information related to your use of the Services. i4ware may also use personal data for offering of software updates, product support and possible other services related to the Services.

Based on your separate consent, i4ware may use personal data also for marketing and promotional purposes.

What personal data we process and why we process it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/ . After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website are able to download and extract any location data from images on the website and i4ware does not have any control or responsibility over such activities of website visitors.

Contact forms

i4ware will not use any other contact forms than the form to contact us and the form to send your job application and upload your resume or curriculum vitae if i4ware is able to hire people. Job application form will ask all your educations, qualifications, work experiences and all other relevant data for job applications and these details is stored on our databases at: https://my.i4ware.fi .

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

i4ware uses Google Analytics and other systems to collect our web-sites visitor statistics.

Sales data

i4ware will collect your Atlassian Purchase history but this data comes via REST Client. This data is not stored on Virtual Private Servers owned by i4ware. Data can be seen publically here: https://revenue.i4ware.fi/ to proof turnover of i4ware.

Data subject rights

Under the applicable data protection legislation, you have certain rights as a data subject. You have the right to request from i4ware access to and rectification or erasure of your personal data or restriction of processing or to object to processing as well as the right to data portability. If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Furthermore, you have the right to lodge a complaint with a data protection supervisory authority.

You may request to exercise your rights by sending i4ware a message to address info@i4ware.fi.

Transfers of personal data

i4ware processes and stores your personal data primarily within the European Union. However, personal data may be transferred, in compliance with applicable regulations, to the United States and/or other third countries that do not have similar laws providing specific protection for personal data or that have different legal rules on data protection. Should i4ware transfer your personal data to such third countries, personal data will be protected as described in this Privacy Policy and in accordance with the applicable law.

Recipients and providers of personal data

i4ware will not sell your personal data to third parties, nor make personal data available to them for other purposes than to enable your use of the Services. i4ware may utilize third party processors to perform data processing on i4ware’s behalf. i4ware is liable towards you for acts and omissions of such third party as for its own. Should i4ware transfer any personal data collected or processed via the Services to any third party, i4ware will ensure at all times that the third party service provider will be bound by appropriate contractual guarantees with respect to such third party’s obligations in accordance with applicable data protection law, and ensuring all times that your data will remain protected in accordance with at least the same standards as under this Privacy Policy.

i4ware shares personal data to Atlassian which provides the purchase platform for certain Services. Atlassian has access to your and our usage statistics data only.

i4ware receives data from Atlassian ( ) on site: .

Duration of personal data processing

i4ware retains your personal data for a period not exceeding the period required for the purposes for which it was collected and processed. However, personal data under your account will be removed once you have deleted your account in accordance with our deletion policies. i4ware then will either delete your personal data permanently or irreversibly anonymize the data so you can no longer be linked to such anonymized data.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Data Security

i4ware ensures the confidentiality, integrity and availability of personal data processed via the Services. i4ware implements appropriate technical and organizational measures and procedures in such a way that ensures the protection of your rights, and always in accordance with applicable data protection law, as well as to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, access and other unlawful forms of processing.

Data is hosted on our Virtual Private Servers at Amsterdam, Netherlands. Servers are located in secure environment which only authorized employees of our Internet Service Provider LeaseWeb ( ) can enter. Our domain www.i4ware.fi is secured by official SSL Certificate if applicable and our servers contain a Firewall and Anti-Virus and/or Anti-Malware protection. All our local computers in our offices are secured behind password protection and Firewall and Anti-Virus, etc. appropriate security measures.

In case of a data security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data, i4ware will inform you of the breach without undue delay, including a summary description of the potential impact and a recommendation on measures to mitigate the possible adverse effects of the breach.

i4ware ensures that the data has been pseudonymized or anonymized wherever possible. The Services contain appropriate authorization mechanisms to avoid unlawful access, as well as effective encryption has been used to mitigate the risk of data security breaches. You will be informed when an updated version of the Service is available, and if the update is security critical, you will be prevented from using the old version of the Service.

Furthermore, i4ware recommends that you take additional measures to protect yourself and your information, keeping confidential your account information and passwords and regularly updating your software and devices to ensure you have enabled the latest security features.

How to contact i4ware

Should you have any questions concerning this Privacy Policy or wish to know more about i4ware’s data processing activities, please feel free to contact us at the “Contact Us” page on our website or by sending an email to info@i4ware.fi.

Data Processing Agreement

This Data Processing Agreement (“DPA“) is an appendix to Software License Agreement (“Agreement“) between i4ware Software (“Processor“) and the Customer, and is subject to its terms and conditions to the extent not otherwise agreed herein.

Hereinafter Processor and Customer shall also be individually referred to as a “Party” and jointly as “Parties“.

1. Background and purpose

  1. Processor is the owner and licensor of certain software products and related services (“Services”) which Processor has licensed to the Customer under the Agreement.

  2. In connection with performing the Services, Processor may process personal data on behalf of the Customer.

  3. his DPA sets out the terms and conditions for the processing of personal data by Processor on behalf of the Customer.

  4. For the purposes of this DPA, “Applicable Law” shall mean the applicable laws and regulations in respect of processing personal data, including but not limited to, the Finnish Data Protection Act (1050/2018) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR“) as well as binding orders from supervisory authorities.

2. Description of processing

  1. The subject-matter, nature and purpose of the processing, the type of personal data and categories of data subjects are described in documentation to be drawn up during Agreement period or in other instructions issued by the Customer. The Customer is responsible for the lawfulness, maintenance and availability of the description and instructions.

  2. At the effective date of this DPA, the Customer has instructed Processor to process personal data for the purposes of the Agreement in accordance with the terms of this DPA.

3. Obligations of the Customer

  • The Customer acts as a data controller and commits to ensure compliance with the data controller’s obligations under Applicable Law. In particular, the Customer shall be responsible to ensure, inter alia, that:

    1. the Customer has the right to disclose and transfer personal data to Processor for the purposes of the Agreement;

    2. there is a valid legal ground for the processing provided in Applicable Law such as contract, legitimate interests of the data controller or data subjects’ consent;

    3. the processing and purposes of personal data processed have been specified prior to the processing activities;

    4. personal data collected is accurate, correct and necessary for each specific purpose of the processing, and no unnecessary personal data is collected;

    5. the Customer is responsible for issuing access rights to nominated persons and removal thereof when such access rights are no longer needed;

    6. the Customer is responsible for proper training and instructions of its personnel on processing of personal data and data security;

    7. personal data has been protected against unauthorized access, and accidental or unlawful destruction, alteration, disclosure, transport or other unlawful processing;

    8. personal data that are inaccurate or incorrect are rectified or erased without delay;

    9. personal data that have become outdated or unnecessary will not be processed, but disposed of in a reliable manner, unless Union or Member State law requires storage of personal data;

    10. data subjects have the opportunity to obtain transparent information regarding the processing of their personal data, which is easily accessible and understandable and provided using clear and plain language.

4. Obligations of Processor

  1. Processor acts as a data processor under Applicable Law. Processor processes the Customer’s personal data on behalf of the Customer for the purposes of the Agreement in accordance with this DPA and the Customer’s documented instructions. Processor shall implement appropriate technical and organizational measures for ensuring the security of the processing and maintain appropriate documentation of these measures and processing activities.

  2. Processor commits to ensure that persons processing personal data under the authority and supervision of Processor have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality in addition to that such persons shall process personal data only pursuant to this DPA, the Agreement and the Customer’s instructions.

  3. Processor commits to assist, to the extent possible, taking into account the nature of the processing operation, the Customer to ensure compliance with the Customer’s responsibility to respond to requests that concern the use of rights of data subjects by appropriate technical and organizational measures, and to inform the Customer about the requests received from the data subjects.

  4. Processor shall, upon request and to the extent possible, provide the Customer information necessary to demonstrate compliance with the obligations concerning the processing of personal data under this DPA. Processor shall allow the Customer either on their own or with a third-party auditor to conduct audits relating to processing of the Customer’s personal data in the presence of Processor. Such third-party auditor shall not be a competitor to Processor and must be approved by Processor prior to the audit. The Customer shall notify Processor in writing at least 30 days prior to the audit. Thereafter, the Parties shall mutually agree on the extent and timing of the audit, always conducted during Processor’s normal working hours. The audit may not interfere with Processor’s normal business activities, nor lead to breaches of confidentiality obligation of Processor towards third parties nor endanger Processor’s data security. The Customer shall bear all costs related to the audit.

  5. Processor shall, taking into account the nature of the processing and information available to Processor, assist the Customer in completing possible data protection impact assessments, notifications of personal data breaches and prior consultation requests to the extent they relate to the software service provided by Processor.

  6. After the end of the provision of Services under the Agreement, Processor commits to either delete or return all personal data to the Customer, based on the Customer’s choice. Processor deletes existing copies of personal data unless legislation requires longer storage of personal data.

  7. Processor commits to answer to notifications, complaints and other inquiries of the Customer without undue delay.

  8. Processor shall be entitled to invoice the Customer for costs incurred by the assistance measures performed under this Clause 4 in accordance with its then-valid price list.

5. Subcontractors of Processor

  1. Possible subcontractors used by Processor, which take part to processing of the Customer’s personal data, also act as data processors on behalf of the Customer. By accepting this DPA, the Customer has provided a written authorization for the use of subcontractors. Processor shall have full responsibility for the actions and omissions of its subcontractors and shall ensure that the subcontractors comply with the data protection obligations of Processor under this DPA.

  2. Processor shall, as soon as reasonably possible, inform the Customer in writing of any intended changes concerning the addition or replacement of subcontractors, thereby giving the Customer an opportunity to object to such changes. The Customer shall have the right to object to such changes within fourteen (14) days after receipt of such notification by terminating this DPA and the Agreement. There will be no returns of payments made under the Agreement. If the Customer does not object to such changes within said time period, the Customer is deemed to have accepted the use of the new subcontractor.

6. Transfers of personal data

  1. Processor shall not transfer personal data to any third parties other than its approved subcontractors. Processor is entitled to transfer personal data outside the European Union or the European Economic Area, provided that Processor commits to ensure that Processor itself and its subcontractors transfer personal data in compliance with the Applicable Law.

7. Personal data breach notifications

  • In the event of a personal data breach, Processor shall notify the Customer in writing without undue delay after having become aware of it. The personal data breach notification shall contain at least the following (to the extent the information is in the possession of Processor):

    1. a description of the nature of the personal data breach including, the categories and approximate number of data subjects concerned and the categories and approximate number of data records concerned;

    2. the name and contact details of the person responsible for the data processor’s data protection matters;

    3. a description of likely consequences and/or realized consequences of the personal data breach; and

    4. a description of the measures taken to address the personal data breach and to mitigate its possible adverse effects.

  • Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.

8. Limitation of Liability

  • Liability of the Parties concerning administrative fines imposed by supervisory authorities or compensation claims presented by data subjects are determined in accordance with the stipulations of the Applicable Law.

  • Processor shall not be responsible for any consequential or indirect damages. In any event Processor’s liability shall not exceed the amount paid by the Customer to Processor under the Agreement during a 6-month period preceding the occurrence of the damage.

9. Other terms

  • This DPA replaces all other agreements and terms related to processing of personal data and information and data security in force between the Parties.

10. Applicable law and dispute resolution

  • This DPA shall be governed by and construed in accordance with the laws of Finland without giving effect to its choice of law provisions.

  • Dispute resolution clause in the Agreement shall be applied to this DPA.

11. Term and termination

  • This DPA enters into force when the software is taken into use by the Customer and remains in force as long as Processor processes personal data as the Customer’s data processor.