Privacy Policy for Netice & Netice Data Transfer Platform

Last updated: January 10, 2025

Netice & Netice Data Transfer Platform (“Netice”) is committed to safeguarding your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website at www.netice.fi, our products, and other websites operated by Netice that link to this policy (“collectively referred to as “Websites”).

If you have any questions or concerns regarding our use of your personal data, please reach out to us using the contact information provided at the end of this Privacy Policy.

CCPA and GDPR Compliance

CCPA-Specific Rights

Under the California Consumer Privacy Act (CCPA), you have the following rights:

• Right to Access: You can request to know the specific personal information we have collected about you, as well as details about its use and disclosure.
• Right to Deletion: You can request that we delete your personal information, subject to certain exceptions (e.g., legal obligations).
• Right to Opt-Out: Netice does not sell personal data. Still, we respect your right to opt out of any future data sales, should they occur.
• Right to Non-Discrimination: Exercising your rights will not result in any adverse treatment or discrimination.

Exercising Your Rights:
For CCPA-related requests, we verify your identity through a secure two-step process:

1. Submission of your user ID via our Support form.
2. Verification of your identity via email.

GDPR-Specific Rights

As a data subject under the General Data Protection Regulation (GDPR), you are entitled to:

• Right to Access: Request access to the personal data we process about you.
• Right to Rectification: Request corrections to inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”): Request deletion of your data under certain conditions.
• Right to Restriction of Processing: Request that we limit the processing of your personal data.
• Right to Data Portability: Request your data in a portable, machine-readable format.
• Right to Object: Object to processing activities based on legitimate interests, including profiling.
• Right to Withdraw Consent: Revoke your consent at any time without affecting the lawfulness of prior processing.

Retention Periods for Personal Data

In compliance with GDPR and CCPA, we retain personal data only for as long as necessary:

• Inactive Transfer Tasks and Related Secrets: Automatically deleted after 1 year.
• Inactive Accounts: Accounts with no login activity for 2 years and no active subscription are manually deleted after prior notification.

Enhanced Data Protection and Transparency

Netice does not sell personal information or data

Netice does not, under any circumstances, sell personal data. We ensure this policy is consistently upheld in compliance with CCPA and GDPR requirements.

Data Sharing Restrictions

• All data shared with service providers (e.g., Google Cloud, Paddle) is governed by strict agreements to ensure security and compliance.
• Sensitive data is neither sold nor shared for advertising purposes.

Automated Data Processing

If automated decision-making processes affect your rights (e.g., profile-based recommendations), we provide detailed explanations upon request, as required under GDPR/CCPA.

Personal data inquiries

You have the right to be forgotten, and you have the right to make an inquiry regarding your personal data at Netice by filling the Netice Support form. There is a 2-step verification process – first you will need to provide you user ID (found in the “Account” section of Netice Data Transfer Platform when logged in) and when doing a data request through Support form, and your identity will be further verified via email prior to providing the response for the Data Request Inquiry, making the process as secure as possible.

What personal data may Netice collect?

Types of personal data we may collect:

Information you provide voluntarily

We may ask you to provide personal data voluntarily on certain parts of our Websites. For example, you may be asked to provide your contact details to register an account, seek technical support, subscribe to marketing communications, register for events, access content, or submit inquiries. The specific personal data requested and the reasons for requesting it will be made clear to you at the point of collection.

Kindly note that when using your existing Google account to sign in with the “Sign in with Google” option, you are providing your Google account user data and consent Netice to access, use and store it in a secure and limited way. This user data is your personal account information such as your full name, and email address. We commit to not transferring your data with the possible exceptions of any of the listed exceptions mentioned in Google API Services User Data Policy under “Limited Use” such as pre-filling your email address, should You open the checkout for Paid Plan, with the purpose of improving a prominent key feature in the Service. We do not allow humans to read your data unless it’s necessary for security purposes or to comply with applicable laws and legal requirements. Similarly to all our users, as a Google account user You are assigned random user, organization and task identifiers which are the basis for our client management and eliminating the need for accessing personal information in regular use cases. We will not transfer or sell user data to third parties like advertising platforms, data brokers, or any information resellers, nor will we transfer, sell or use user data for serving ads, including retargeting, personalized or interest-based advertising, nor will we transfer, sell or use user data to determine credit-worthiness or for lending purposes. The Google Sign-In function is used within our Service solely for the purpose of providing an easier authentication. For transparency, the exact Google OAuth API Scopes that are used for Google OAuth users are:

• …/auth/userinfo.email (See your primary Google Account email address)
• …/auth/userinfo.profile (See your personal info, including any personal info you’ve made publicly available )
• openid (Associate you with your personal info on Google)

Information collected automatically

Netice uses Google Analytics. When you visit our Websites, we may collect certain information automatically from your device. This can include your IP address, device type, unique device identification numbers, browser type, general geographic location, and other technical details. We may also collect information on how your device interacts with our Websites, such as pages accessed and links clicked. This information helps us understand our visitors and improve our Websites.

Information from third-party sources

Occasionally, we may receive personal data about you from third-party sources such as lead generation providers, partners, content syndication providers, third-party enrichment tools, and meeting maker vendors. The types of information we receive include name, contact details, title/role within your organization, and company data, which we use to market our services to you.

Sensitive Personal Data

We may collect sensitive personal data as part of our services. We do not use sensitive personal data for any other commercial purpose, nor do we sell or share sensitive personal data for online advertising.

Who does Netice share personal data with?

You consent that we may disclose your personal data to the following categories of recipients:

• Group companies and service providers: To support the delivery of our services, provide functionality on our Websites, or enhance security.
• Partners: For enabling the selling, marketing (in line with your expressed preferences) and distributing of our products and services.
• Legal and regulatory authorities: Where disclosure is required by law, regulation, or necessary to protect our legal rights or the safety of our users.
• Potential buyers: In connection with any actual or proposed purchase, merger, or acquisition of our business.
• With your consent: Any other parties where you have expressly consented to the disclosure.

Legal basis for processing personal data within GDPR

We process personal data based on the following legal grounds under the GDPR:

• Contractual necessity: Where processing is necessary to perform a contract with you.
• Legitimate interests: Where processing is in our legitimate interests and not overridden by your data protection rights.
• Consent: Where you have given your consent to process personal data.
• Legal obligation: Where processing is necessary for compliance with a legal obligation.
• Vital interests: Where processing is necessary to protect your vital interests or those of another person.

Cookies and similar tracking technologies

We use cookies and similar technologies to collect and use personal data about you, including serving interest-based advertising. For more details on the types of cookies we use, why we use them, and how you can control cookies, please see our Cookie Policy.

How does Netice secure my personal data?

We employ appropriate technical and organizational measures to protect the personal data we collect and process. These measures are designed to provide a level of security appropriate to the risk of processing your personal data. Personal data is stored on secure servers, and all communications between the end user and our servers are encrypted using SSL.

For U.S. customers: How to retain all data in the U.S.

While CCPA/HIPAA do not explicitly mandate retaining all data in the U.S. the U.S., CCPA/HIPAA version of Netice Data Transfer Platform does enforce that no data transfer would take place outside the U.S., and this version of the application ensures that customers are only able to transfer to/from U.S. located Google Cloud data destinations (e.g. GCS buckets and BigQuery datasets). However, when it comes to SFTP servers and other customers’ self-managed platforms, the customer is responsible for their location.

For EU customers: EU or International data transfers?

If you wish to do so, and if you wish to use data transfer sources, destinations or nodes located elsewhere than in the European Union or European Economic Area, your data may be transferred to/through and processed in countries outside of the European Economic Area (EEA). These countries may have different data protection laws. We have implemented appropriate technical and administrative safeguards to ensure that your data remains protected and encrypted in accordance with this Privacy Policy and our Security Policy.

(GDPR) How to retain all transferred data within EU between SFTP, Google Cloud Storage and BigQuery

When setting up your transfer tasks, ensure your infrastructure, such as SFTP servers, Google Cloud Storage buckets and Google BigQuery datasets are located within the EU. Unless you have opted to specifically use the CCPA/HIPAA compliant version of Netice, the infrastructure of Netice is located within the EU, making your data transfer take place within EU only, starting from the data source all the way to the data destination.

Data retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to meet any legal, accounting, or reporting requirements. When we no longer have a legitimate business need to process your personal data, we will either delete or anonymize it.

How to Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Email: info@netice.fi

Netice Oy is the data controller for personal data collected for marketing purposes. For service-related data, Netice acts as a data processor on behalf of its customers.