Privacy Statement
Privacy statement
This is a statement on the processing of your personal data pursuant to the EU’s General Data Protection Regulation (679/2016).
Controller
Maire Oy
Business ID: 3336141-9
Communication regarding privacy matters
We request that data subjects contact the person listed hereinabove for all questions related to the processing of personal data and situations related to the exercising of your rights.
Basis and purpose of processing personal data
The legal basis for the processing of personal data is:
-
The consent to the processing of personal data provided by the data subject
-
The contractual relationship between the data subject and controller
-
Fulfillment Of The Controller's Statutory Obligations
-
The Controller's Legitimate Interest
-
Public interest or the exercise official authority by the controller
-
Protection Of Vital Interests
The purposes of processing personal data is to ensure Maire can further develop existing services and investigate new services that enable Maire to better assist with your requirements.
Personal data being processed
The controller only collects personal data concerning the data subjects that is essential and relevant for the purposes explained in this privacy statement.
The following data concerning the data subjects is processed:
- email address
Disclosure of personal data
Personal data will not be disclosed to third parties, unless the law imposes an obligation to do so. Data may, therefore, be disclosed in exceptional cases, such as to the authorities when so required by law.
Transfers of personal data to third countries
As a rule, personal data will not be transferred outside of the EU or the European Economic Area.
If this is exceptionally done (due to reasons related to data technology, for example), the controller ensures an adequate level of protection for personal data as expressly provided for in the data protection legislation. The primary solution is that the controller draws up an agreement pursuant to the European Commission’s standard contractual clauses on the processing of personal data with a processor located outside of the EU. The agreement creates the framework for high-quality data protection also outside of the European Union or the European Economic Area.
Protection of personal data
The controller processes personal data in a manner that aims to ensure the appropriate security of the personal data, including their protection against unauthorised processing and accidental loss, destruction or damage.
The controller uses appropriate technical and organisational safeguards in order to achieve this goal; these include the use of firewalls, encryption techniques and safe equipment rooms, appropriate access control, careful management of data system user IDs, and providing instructions to the personnel participating in the processing of personal data.
All employees processing personal data have a non-disclosure obligation for matters related to the processing of personal data of the data subjects based on the Employment Contracts Act (55/2001) and non-disclosure agreements that supplement it.
Retention period for personal data
The controller will process the personal data for the length of customer relationship. At the end of this period, the controller will delete or anonymise the data within two years in accordance with the deletion processes it follows.
The controller may have an obligation to process some personal data belonging to the filing system for longer than stated above in order to comply with the legislation or authority requirements.
Profiling
The processing of personal data contains profiling. Profiling refers to the automatic processing of personal data wherein the data is used to assess specific characteristics of the data subject. The data subjects are profiled in order to better target direct marketing and other communications to suit their interests.
Rights of the data subject
Right to request access to personal data
The data subject has the right to receive confirmation regarding whether personal data concerning them is being processed and, if it is, the right to receive a copy of their personal data.
Right to rectification
The data subject has the right to request that inaccurate and erroneous personal data concerning them be rectified. The data subject also has the right to supplement incomplete personal data by submitting the required additional information.
Right to erasure
The data subject has the right to request erasure of personal data concerning them if
a. the personal data is no longer required for the purposes for which they were collected;
b. the data subject withdraws their consent which the processing of personal data was based on, and no other legal basis exists for the processing; or
c. the personal data has been unlawfully processed.
Right to restriction of processing
The data subject has the right to restrict the processing of personal data concerning them if
a. the data subject contests the accuracy of their personal data;
b. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; or
c. the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
Right to object
The data subject has the right to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning them.
The controller shall no longer process the data subject’s personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right not to be subject to a decision based solely on automated processing
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
The above shall not apply if the decision is necessary for the creation or execution of an agreement between the data subject and the controller, or if it is based on the explicit consent of the data subject.
Right to withdraw consent
The data subject has the right to withdraw the consent they have provided for the processing, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to data portability
The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller.
Right to lodge a complaint with a supervisory authority
The office of the Data Protection Ombudsman, operating under the Ministry of Justice, is the national supervisory authority for personal data matters. You have the right to bring your case to the supervisory authority if you consider that the processing of personal data concerning you is in violation of applicable law.
Amending the privacy policies
The controller is continuously developing its activities and may therefore be required to amend and update its privacy policies when necessary. The amendments may also be based on changes in the legislation concerning data protection.
If the amendments include new purposes for the processing of personal data or otherwise introduce substantial changes, the controller will provide an advance notification of them and, if necessary, request consent.
Google User Data
Maire.ai respects and values the privacy of its users and is committed to protecting their personal information. This section of our Privacy Statement specifically addresses our practices regarding the access, use, storage, and sharing of Google user data, in particular, from Google Ads, Google Analytics and Google Search Console.
Maire.ai integrates with Google Ads, Google Analytics and Google Search Console to improve our services and provide better user experience. The Google user data we collect is strictly limited to the scope necessary for these purposes.
Use: The Google user data we access is used to enhance our services and to optimize our customers' marketing efforts. Google Ads data helps us understand customers’ keyword opportunities, Google Analytics data to understand onsite navigation while Google Search Console data assists us in improving customers website's visibility and performance.
Storage: The collected data is stored securely on Google Cloud. We maintain strict security measures to prevent unauthorized access and ensure data confidentiality.
Sharing: We do not share Google user data we access with any third parties, unless required by law or in the event of a business transfer like a merger or acquisition. Any such sharing will be in compliance with this Privacy Policy and applicable laws.
Users have the right to access, modify, or delete their personal data at any time. To exercise these rights, or if you have any questions or concerns about this Privacy Policy, please contact us at terho@maire.ai.
Google API Services User Data Policy
Maire's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Google Data Shared with Third Party Tools
Keyword data coming from Google Ads API (Keywordplanner) is shared and further analysed with OpenAI API.