Effective starting: Dec 2022

At Ellisticity we are committed to ensuring that when you use our services or enter into a business relationship with us, your personal data is processed carefully in accordance with all applicable data protection legislation. We take responsibility for the personal data we collect about you, and we aim to be transparent about how we handle it, and give you control over it.

Note: In matters related to processing of your personal data, you can always contact our data protection officer at

Ellisticity, DPO
6218 Georgia Avenue NW Suite #1 PMB 3005, Washington, DC, 20011, United States
dpo@ellisticity.com.

Types of personal data we process

We process the following categories of personal data:

Customer information: We process personal data related to our current and potential customers' contact persons, such as name, email address, phone number, address and information related to the company the person is representing, such as company name, company business ID number, contact details and invoicing information. We also process customer's access credentials related to our SaaS offering. We receive this information directly from you or the company you represent.

Partner information: We process personal data related to the contact persons of our business partners, such as subcontractors, service providers and freelancers. Personal data may include name, email address, phone number, address and information related to the company the person is representing, such as company name, company business ID number, contact details and invoicing or payment information. We receive this information directly from you or the company you represent.

The purpose of use and legal basis of processing

Personal data is used for the following purposes:

• to manage the business relationship with you or the company you represent, including providing services, managing orders, responding to service requests, carry out invoicing or making payments, communication;
• to authenticate users and grant them access to their SaaS account;
• to improve your browsing experience and analyze traffic;
• to send information or potentially marketing communication, by email or other means, which we think may be of interest to you;
• to customize advertisements;
• to develop our business operations; and
• to ensure data security.

 

Processing of personal data is based on:

• contract (e.g. managing a contract made directly with the data subject, such as a freelancer)
• consent (e.g. newsletters, cookie-based marketing and advertising, personalisation and website development)
• legitimate interest (e.g. marketing, business development, data security and user authentication, fulfilling or negotiating a contract with the company you represent)
• legal obligation (e.g. accounting obligations or other legal obligations stemming from applicable legislation)
• Given the categories of data subjects, the types of data, the nature of processing and the choices available to you, we have assessed that your interests or fundamental rights or freedoms do not override the legitimate interest described above.

Note: You can object processing based on legitimate interest at any time as described below.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We aim to update contact information, and delete outdated information, on a semi-annual basis at the minimum. You may also request us to delete your personal data as described below.

Your rights

Right of access, rectification and erasure. You have the right to request access to your personal data we process. At your request we will also rectify any inaccurate, incomplete or outdated personal data relating to you. You also have the right to request your personal data to be erased (right to be forgotten) in accordance with applicable law. Right to object to direct marketing (including related profiling). In case you do not want to receive further marketing or other updates from us or wish to opt-out of profiling we do in order to offer you tailored marketing, you have the right to object to processing of your personal data for those purposes. Should you use your right to object, you will no longer receive direct marketing from us. You can use your right to object either by contacting us or through the unsubscribe link on electronic messages we send you. Right to object to data processing and right of restriction. You have the right to object to processing we carry out based on legitimate interest on grounds relating to your particular situation, unless we have compelling legitimate interests for the processing which override those interests. You also have the right to request the restriction of the processing of your personal data, for example, in case you object to processing as described above or contest the accuracy of your personal data. Withdrawal of consent. You may withdraw consent you have given at any time by contacting us. Please note that withdrawing your consent does not affect the legality of the processing we have carried out prior to withdrawal. Data portability. You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller when we process your data automatically and based on contract with your or your consent. Right to lodge a complaint. You have the right to lodge a complaint with the relevant supervisory authority in case you feel that we have processed your personal data contrary to this privacy policy or the applicable legislation. Contact details of the Finnish supervisory authority can be found at www.tietosuoja.fi. Email your request to our data protection officer at dpo(at)nordcloud.com. Please note that we ask you to verify your identity when using your rights.

Data security

The personal data we process will be kept confidential. We have employed necessary technical and organisational security measures to protect your personal data against unlawful or unauthorised access, disclosure, loss and other unauthorised processing. These measures include, for example, use of firewalls, encryption technologies and secure facilities, appropriate access control, controlled grant of access rights and supervision of use of systems and properly instructing our personnel participating in the processing of personal data.

Disclosure and transfer of personal data

Ellisticity may disclose your personal data to third parties in the following circumstances:

• Authorities. We may disclose personal data to authorities when we have a legal obligation to do so under applicable law.
• Consent. Based on your consent we may disclose your personal data within the limits of the specific consent you have given.
• Our legitimate interests. We may disclose your personal data if it is necessary in order to protect or defend our legitimate rights and interests, or those of our other customers, employees, directors or shareholders, and/or to ensure the safety and security of our services.

Personal data may only be transferred outside the territory of the Member States of the European Union or to the European Economic Area if the country concerned provides sufficient level of data protection and there are other applicable safeguards in place, such as Standard Contractual Clauses approved by the European Commission.