SERVICES | EXPERT SERVICES | ASKELE INSIGHTS
Askele Insights - Data security and privacy statement
Askele Insights supports employees, reduces errors, improves predictability and helps keep your ERP system up to date. It is a SaaS (Software as a Service) service that integrates with the company's own ERP system. Askele Insights is provided by Askele Ltd.
On this page we have put together important information on data security and privacy for Askele Insights, including the current terms of service.
Askele Insights Security statement
We know how important data security is to our customers and we want to do our part to take good care of your data. We handle our customers' data responsibly and appropriately and are committed to maintaining security in accordance with the protections required by law and regulation. This Security Statement contains important information about Askele Insights' security practices and technical solutions.
Information security means the secure handling of all information, in whatever form it may exist. Information security is the process of ensuring the confidentiality, integrity and availability of information. Security includes both administrative and technical measures and is maintained in a preventive and proactive manner.
Technical environment
The Askele Insights service is hosted in the Microsoft Azure cloud, in Western Europe in the Netherlands. Microsoft Azure is a GDPR compliant, ISO certifiedcloud provider.
We use the built-in security features provided by the Microsoft Azure cloud to maintain the security of the service. The traffic, i.e. the data retrieved and sent by the service, is encrypted using the TLS encryption protocol. Data stored in the database is encrypted using AES-256 bit encryption.
Data from the client's ERP system is retrieved using the REST API interface provided by the ERP system. We try to avoid storing data retrieved from the ERP system in the database and even when necessary, we only store the technical identifier.
We ensure that versions of operating systems, software and network components are up-to-date to minimise security vulnerabilities. One of the benefits of using Microsoft Azure cloud is that the infrastructure is always up to date.
Access to the technical environment is restricted and we use the Principle of Least Privilege to manage access.
The development process
We have taken security and data protection measures into account in our software development process. Data security is taken into account at all stages of the application lifecycle. Information security is implemented and developed using risk-appropriate and cost-effective solutions. We comply withthe Finnish Data Protection Act and the European Union's General Data Protection Regulation (GDPR) when processing data. Our software development partners are contractually committed to implementing the level of data security specified by Askele.
Monitoring of use
We automatically collect log information about your use of the service. Access to these logs is limited.
Partners
We rely on reliable partners and suppliers to deliver our services. We contractually ensure that confidentiality and a high level of data security are maintained in our cooperation.
Our software partners
| Name | Business ID | Role in providing the service |
| Greenstep Oy | 2306461-3 | Application Development |
| Adafy Oy | 2480016-8 | Application Development |
Our supplier
| Name | Location / Country | Role in providing the service | |
| Microsoft Azure | EU | Server centre, infrastructure services | |
| Sendgrid | USA (EU Standard Contractual Clauses) |
|
Contact
If you have any questions or concerns about security, or need detailed information about our security measures, please contact us by email at security@askele.fi.
Askele Insights Privacy Statement
We are committed to respecting and safeguarding the privacy of our customers. As a customer, you trust us with your confidential information and we are committed to acting on that trust every day. In this privacy statement, we explain how we process personal data in Askele Insights.
We process personal data in accordance withthe Finnish Data Protection Act ( 1050/2018, as amended), theEuropean Union General Data Protection Regulation ( EU 2016/679, as amended, "GDPR") and any other applicable national or EU-wide data protection legislation and the guidelines and decisions issued by the competent data protection authorities.
Definitions
- A customer is a purchaser of our services.
- Personal data is information that can be directly or indirectly associated with you as an individual. The types of personal data we process are described later in this statement.
- Services means all Askele Insights services provided by Askele Ltd.
Processing of personal data
We process personal data in Askele Insights as a personal data processor with our client companies acting as data controllers.
Askele Oy acts as a data controller when processing personal data related to the client company's Askele Insights customer and contractual relationship.
The Service retrieves personal data from the customer's ERP system via the REST API interface, which the customer has authorised to use when purchasing the service.
Types of personal data processed
- Personal data of users of the ERP system, such as first name, surname, email address, telephone number, country, language, employment contract (start and end date, expected working hours and working days), keywords, technical id.
- Sensitive data of users of the ERP system such as date and length of absence recorded.
- Customer data for ERP projects, such as customer name and technical id.
- Customer and contractual relationship data such as data concerning, related to and necessary for the provision of the Service, purchases, products, orders, subscriber and user data, billing, credit and payment data, marketing authorisations and bans, customer contacts.
Use of personal data
Askele Oy collects, processes and uses personal data that is necessary for the operation of our business, efficient customer service and appropriate commercial activities. The processing of personal data is based on a contract with us for the use of the Service. We may also process personal data on other grounds such as consent or law. We process your personal data for the purposes set out below:
On the basis of a contractual relationship and for the provision of the Services
We process personal data for the purposes of providing and delivering the Services. We process personal data for the purposes of communication, service provision and security, for example when the Service analyses data from the ERP system and provides the results electronically to the ERP system user.
We also process personal data to detect technical faults and errors, to ensure the security of the Service and information systems and to test their functionality.
In addition, the provision of the Services requires that we process personal data for the management of the customer or contractual relationship, the identification of customers or users, the processing and delivery of orders, billing, quality control of the service and products, credit control, collection, customer service and the correction of various fault and malfunction situations and the handling of complaints.
We also process personal data for customer communications, such as sending notices in connection with the Services and to communicate with customers in connection with our Services.
On the basis of legitimate interest
Askele Ltd may process your personal data on the basis of legitimate interest. For example, Askele has a legitimate interest in processing your personal data in the following situations:
Marketing
We process and use personal data for marketing purposes and to form marketing target groups within the limits permitted by applicable law. We may process Personal Data to personalise and target the Services, for example by making recommendations and displaying targeted content on the Services or in our customer channels. To the extent permitted by law, we may use Personal Data to market products and services, such as direct marketing, market research and customer satisfaction surveys.
Statistical purposes
We may also process personal data to generate statistical analysis to help us improve our business, our customer offering or to improve our services or products.
Compliance with legal obligations and other purposes based on consent
We process personal data to comply with our legal obligations, such as for accounting and regulatory purposes. We may also process your personal data for the purposes for which you have given your consent.
Safeguarding personal data
Data security and the protection of customer data is of paramount importance to us. It is important for Askele to strive to ensure the availability, accessibility, integrity and security of personal data. We strive to implement appropriate procedures to protect personal data and to prevent and detect unauthorised access to and loss of personal data by third parties.
We work continuously to safeguard the rights of our customers. We ensure the security of our staff, data, information systems and offices. We pay particular attention to the security of personal data.
In securing data, we take into account the risks to privacy and business related to the processing of personal data, the technical capabilities available and the various threats in accordance with applicable laws, regulations and contractual obligations.
Disclosure of personal data to third parties
We may disclose your personal data as required and permitted by applicable law.
Parties to whom we may disclose personal data
Askele Ltd may disclose personal data to subcontractors acting on behalf of Askele Ltd who process personal data on our behalf. These third parties may not use the personal data for any purpose other than to provide the service agreed with us. Where we use subcontractors, we will take reasonable care to ensure that the processing is carried out in accordance with the Service Agreement and the Privacy Statement. Subcontractors in this context include our application development partners or IT service providers.
Partners processing personal data on our behalf may be established outside Finland, the European Union or the European Economic Area. When we transfer personal data outside the EU or EEA, we will ensure by contract (for example, by using the EU Commission's standard contractual clauses) or otherwise (European Commission's equivalence decision) that the transfers are carried out in accordance with the law. We also ensure and require our partners to ensure, also in such cases, that the personal data remain protected, regardless of whether they are transferred outside the EU, as required by law.For more information on the conditions for transferring personal data outside the EU or EEA.
Askele Ltd may disclose personal data in connection with legal proceedings or at the request of a public authority on the basis of applicable law or by order of a court in connection with legal proceedings or proceedings before a public authority. We may also disclose information to a competent authority, such as the police or an emergency response authority, to the extent required by law in accordance with a predetermined procedure.
In addition, we may disclose personal information in connection with business transactions such as mergers and various business acquisitions or transfers.
Storage of personal data
We will retain personal data only for as long as necessary to fulfil the purposes of use specified in the Service Agreement and the Privacy Statement, unless otherwise required by law. We will not retain outdated or unnecessary data.
Data processed on the basis of a contractual relationship will in principle be kept for the duration of the contractual relationship or for as long as necessary for the provision of the Services. After the termination of the contractual relationship or the provision of the Services, personal data will be kept for as long as necessary, for example in the context of pending matters, invoicing or complaints. As a general rule, the data will be kept for six months after the termination of the Service or the contractual relationship.
Data processed on the basis of legitimate interest will be processed for as long as the processing ground exists. If the customer objects to the processing, the data will be deleted once the customer's objection has been processed and the objection has been accepted. Such legitimate interest processing may include, for example, direct marketing to the customer after the termination of the contractual relationship.
Data processed on the basis of legal obligations will be processed and kept for as long as required by law. Obligations to retain personal data are imposed, for example, by accounting or money laundering legislation (5-6 years).
Rights of the data subject
The data subject cannot exercise all rights in all situations. For example, the grounds on which personal data are processed may affect the situation. If you are an ERP user whose personal data is analysed by Askele Insights, you should contact your controller, i.e. your employer, regarding your rights and the processing of your personal data. If, on the other hand, you are a party to an Askele Insights service contract, you have the following data subject rights:
- The right to be informed about the processing of your personal data
- Youhave the right to access your data ( you can request access to your data once a year free of charge).
- Right to rectification of data
- Right to have your data erased ( right to be forgotten)
- The right to have your data deleted or cancelled (right to be informed at any time)
- Right to data portability
- Right not to be subject to automated decision-making
If you believe that Askele Ltd has acted in breach of the Privacy Statement or applicable law, you have the right to complain. You can also lodge a complaintwith the Office of the Data Protection Ombudsman, which monitors the lawfulness of the processing of personal data.
Changes
We will update the Privacy Statement as necessary as our operations and Services evolve. We encourage you to regularly check our website for the latest version.
Contact
Questions relating to the processing of personal data or the Privacy Statement, as well as complaints or requests to exercise rights in relation to the processing of personal data:
Askele Oy
Brahenkatu4
53100 LAPPEENRANTA
Business ID 2645207-2
Data Protection Officer: security@askele.fi
Customer service: support@askele.fi
Askele Insights Terms of service
We will update the Terms of Service as our operations and Services evolve. You can download the latest version here.