BRANDBASTION

Privacy Policy

Last Updated 08/2021

Introduction

BrandBastion (“BrandBastion”, “we”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy (together with our Terms of Use and any other documents referred to in it) explains the policies adopted and used by us in order to protect your privacy as you visit and use our services (including but not limited to the BrandBastion Platform and to BrandBastion Lite), our website located at brandbastion.com, and associated sub-domains (collectively the “Service”) and in connection with the goods and services you purchase from us. The Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be handled by us as a data controller. In this Privacy Policy, the term “personal data” means information that relates to an identified or identifiable natural person.

We know you care about how we use and disclose personal data, and we are committed to complying with data protection and privacy laws that apply to us. This Privacy Policy tells you about the ways in which we protect your privacy and personal data that we process. We wish to remind you that this Privacy Policy applies to personal data that we collect when you use the Service and that we process as a data controller. It does not apply to any links to third parties websites and/or services, such as third-party applications, that you may encounter when you use the Service. We encourage you to carefully familiarize yourself with privacy policies applicable to any websites and/or services operated by third parties. Please be aware that we are not responsible for the privacy practices of any third parties.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT ACCESS OR USE THE SERVICE.

Contact details of the controller:

Name: BrandBastion Oy

Company ID in Finnish Trade Register: 2570173-5

Mail address: Eteläesplanadi 2   FI-00130 Helsinki  Finland

E-mail address: info(at)brandbastion.com

www.brandbastion.com

Name: BrandBastion Inc

Mail address: 228 Park Avenue S., NY 10003-1502, United States

E-mail address: info(at)brandbastion.com

www.brandbastion.com

Information We May Collect From You

Data You Provide to Us

We may collect the following information from our users that in certain circumstances, alone or in connection with other data, may constitute personal data, including but not limited to the following:

  • Full Name;
  • Email address;
  • Job Title
  • Company name;
  • Phone Number
  • Social media username;
  • Social media profile URL;
  • Any other personal data you may decide to share with us.

Data Collected Automatically

The Service may automatically collect the following information from you that in certain circumstances, alone or in connection with other data, may constitute personal data:

  • Technologies such as cookies, pixels, beacons, tags, and scripts are used by us. These technologies are used to analyze trends, administer the Service, enable features on the Service, track users’ movements around the Service, and to gather demographic information about our users. We use technology created by third parties to enable such technological features.
  • The logging technology used in the Service automatically collects the URL of the site from which you came and the site to which you are going when you leave the Service.
  • We collect information on the device you use to access the Service. This device data may include, without limitation, unique device identifiers, the Internet Protocol (IP) address from which you access the Service, information about the operating system of your device, as well as the name of your Internet service provider.
  • We may place a “cookie” on the hard drive of the device that you use to access the Service. We use both session cookies and persistent cookies. Cookies are text files that are saved on the hard drive of your device by means of your browser, enabling us to recognize your browser for purposes such as saving your preferences and directing relevant content to you. Most of the currently available browsers give you the option of managing cookies by, for example, disabling them entirely, accepting them individually, and deleting saved cookies from your hard drive. We would like to remind you that if you completely disable cookies on your browser, you might not be able to use some features of the Service.
  • We use third-party technologies, such as Facebook remarketing pixel and AdWords remarketing technology, to target users once they leave our Service and advertise to them – commonly referred to as remarketing or retargeting.
  • Google Analytics is an element of the Service. By using cookies, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the website, the Internet Protocol address, and the type of operating system used in the devices used to access the Service. By using a browser plugin http://www.google.com/ads/preferences/plugin/ provided by Google, you can opt-out of Google Analytics.  
  • We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
  • We may collect information regarding your general location using your IP address. By using the Service, you expressly consent to the processing of your location data.
The Purposes for Which We Use the Data

We use the personal data collected directly from you for the following purposes:

  • To communicate with you;
  • To prevent and investigate fraud and other misuses;
  • To protect our rights and/or our property;
  • To operate and improve our products and services;
  • To manage the Service;
  • To provide features available on the Service;
  • To develop, and protect the Service;
  • For market research and electronic direct marketing, in accordance with applicable law;
  • To keep you updated with newsletters, service updates or other information that you may find useful and that you have requested from us;
  • To respond to your requests, inquiries and to provide customer support;
  • To audit and analyze the Service; and
  • To ensure the technical functionality and security of the Service.

 We use the data collected automatically for the following purposes:

  • To improve customer service;
  • To personalize user experience;
  • To manage the Service;
  • To provide features available on the Service;
  • To develop, improve, and protect the Service;
  • For market research;
  • To audit and analyze the Service; and
  • To ensure the technical functionality and security of the Service     .

Legitimate Grounds for Processing

We process personal data under this Privacy Policy to pursue our legitimate interest to run, maintain and develop our business and to create and maintain customer relationships towards the organisation you represent. When choosing to process or use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy.

In certain cases, you may be requested to grant your consent for the processing of your personal data. In this event, the legal ground for such processing is your consent. You may withdraw your consent at any time.

How We Disclose Data

We do not sell, lease, rent or otherwise disclose the personal data relating to our users to third parties unless otherwise stated below.

The personal data collected may be disclosed in the following manner:

Personal Data You Provide to Us

BrandBastion does not rent or sell your Customer Personal Data, but we may disclose such data to a limited set of trusted third parties in the situations explained in this policy, for which you, by using our Service, hereby explicitly consent. We may disclose personal data you provide to us with the following categories of third parties:

  • Service providers, such as data storage service providers such as AWS or third party applications such as Hubspot, which enable us to provide the Service and our products and services;
  • Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and
  • Our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Service and/or our products and services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Policy. In this case, we will give notice to all data subjects concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.

 Data collected automatically

The data collected automatically may be disclosed to the following categories of third parties:

  • To service providers, such as AWS, Hotjar, and/or Hubspot;
  • To public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and
  • To our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Service and/or our products and services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Policy.

Moreover, we may disclose information to third parties in an aggregate and anonymous format that does not constitute personal data and does not allow the identification of individual users.

Access tokens

If you use any of BrandBastion’s applications and grant BrandBastion rights to access the tokens needed to initiate and run our Service, these are used only to the extent agreed to in the agreement between BrandBastion and each individual client. These access tokens are protected by BrandBastion according to best industry standards.

Your Rights

You have the following rights with respect to the personal data we hold about you:

Right to access

You have the right to access your personal data processed by us. You may contact us and we will inform what personal data we have collected and processed regarding you.

Right to withdraw consent

In case the processing is based on a consent, you may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use our services and products. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to rectify

You have the right to have incorrect or incomplete personal data we have stored about you corrected or completed.

Right to erasure

You may also ask us to erase your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.

Right to object

You may object to the processing of personal data if such data are processed for other purposes than purposes necessary for the performance of our services to you or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.

Right to restriction of processing

You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our services.

Right to data portability

You have the right to receive your personal data from us in a structured and commonly used format and to independently transmit those data to a third party.

How to use the rights

The above mentioned rights may be used by sending a letter or an e-mail to us on the addresses set out above, including the following information: the full name, company name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

Direct Marketing

Notwithstanding any consent granted beforehand for the purposes of direct marketing, you have the right to prohibit us from using your personal data for direct marketing purposes, market research and profiling made for direct marketing purposes by contacting us on the addresses indicated above or by using the unsubscribe possibility offered in connection with any direct marketing messages.

Lodging a Complaint

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.

In Finland, the local supervisory authority is the Data Protection Ombudsman (https://www.tietosuoja.fi).

Your California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year.

To request a copy of the information disclosure provided by us pursuant to Section 1798.83 of the California Civil Code, please contact us via email at info(at)brandbastion.com or by mail at Eteläesplanadi 2   FI-00130 Helsinki  Finland or BrandBastion, Inc, 228 Park Avenue S., NY 10003-1502, United States.

Storage period

The personal data processed is stored for a reasonable amount of time depending on the extent of the data, the use case, regulations, BrandBastion’s internal policies and the exact data at hand. If the user has opted in by for example giving BrandBastion his or her personal data requesting to be contacted or requesting to receive a newsletter, the personal data is stored until the user opts out.

Data Security

The security of personal data is important to us. We take reasonable measures to protect personal data about you from unauthorized access or against loss, misuse or alteration by third parties. Despite these efforts to store personal data collected on and through the Service and otherwise by us in a secure operating environment that is not available to the public, we cannot guarantee the security of personal data during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third-parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against, loss, misuse, or alteration by third parties.

Should despite of the security measures, a security breach occur that is likely to have negative effects on your privacy, we will inform you and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.

International Transfers of Personal Data

Some elements of the Service and/or our products and services may be hosted on servers located in countries outside your own country. The laws applicable to the protection of personal data in such countries may be different from those applicable in your home country. In particular, if you are located within the European Union, please note that personal data collected by us may be transferred outside the European Union. By accepting this privacy policy and by using BrandBastion’s Service, you consent to personal data about you being transferred outside your own country and, where applicable, outside the European Union.

We will take steps to ensure that the personal data receives an adequate level of protection in the jurisdictions in which it is processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements.

More information regarding the transfers of personal data may be obtained by contacting us on any of the addresses indicated above. More information regarding the Standard Contractual Clauses can be obtained here.

Children’s Privacy

The Service is not directed to children younger than thirteen (13) years of age. We do not intend to collect personal data from children under 13. If you are under 13, please do not use the Service and do not send any information about yourself to us.

Changes to the Privacy Policy

From time to time we may change this Privacy Policy. You can tell when changes have been made to the Privacy Policy by referring to the “Last Updated” legend on top of this page. Please review this Privacy Policy regularly to ensure that you are aware of any changes. If we materially change the ways in which we use and disclose personal data, we will post a notice on the Service and send an e-mail to our registered users. Your continued use of the Service and/or our products and services following any changes to this Privacy Policy constitutes your acceptance of any such changes made.

Questions or Concerns?

Should you have any questions regarding this Privacy Policy, your privacy as it relates to the use of the Service, or the protection of the personal data we hold about you, please contact us via e-mail at info(at]brandbastion.com or by mail at Eteläesplanadi 2   FI-00130 Helsinki, Finland or BrandBastion Inc, 228 Park Avenue S., NY 10003-1502, United States. We seek to promptly resolve any concerns you may have.