Data Protection Statement
A data protection statement and a privacy notice for services provided by AQVA.IO Oy
1. CONTROLLER
AQVA.IO Oy (‘’AQVA’’ or ‘’Controller’’) business ID 2804166-4
Yrjönkatu 10 C L2, 28100 Pori, Finland
2. Contact person in matters related to the register
Kalle Sandelin, CEO [email protected]
Yrjönkatu 10, 28100 Pori, Finland
3. NAME OF REGISTER
Customer register for water measurement services provided by AQVA.IO Oy
4. PURPOSE AND LEGAL BASIS OF PROCESSING PERSONAL DATA
AQVA processes the personal data (‘’Personal Data’’) of customers and potential customers (‘’Customer’’ or ‘’Data Subject’’) for the following purposes (legal bases for processing in parentheses):
For identifying the Customer (legal obligation)
For providing water security services (‘’Service’’) related to water consumption and water measurement (contractual relationship); • For developing services and products (legitimate interest)
For managing the orders of the Service and other customer transactions between the Customer and the Controller (legitimate interest)
For communication and customer service between the Customer and the Controller (legitimate interest)
For monitoring and managing the payment of the Customer’s Services (contractual relationship, legitimate interest)
For analyzing and compiling statistics on the use of services (legitimate interest)
For improving the user experience and monitoring user traffic on our website and other services (consent)
For marketing and direct marketing of services (legitimate interest, consent)
For handling warranty and defect liability issues, as well as managing complaints and legal and regulatory proceedings (compliance with legal obligation)
For preventing and investigating misuse and ensuring the security of data, individuals and property (legitimate interest); and
For managing other statutory obligations (e.g. accounting and tax-related actions) as well as fulfilling reporting obligations.
Customer or Data Subject refers to actual or potential users of the Service who have entered into an agreement directly with AQVA for the use of the Service or to whom AQVA has granted user credentials for the Service.
When personal data is processed based on legitimate interest, the benefits and potential harms to the Data Subject are assessed and it has been determined that the rights and interests of the Data Subjects do not override the legitimate interest. AQVA will provide additional information on the processing of personal data based on legitimate interest upon request.
5. DATA CONTENTS OF THE REGISTER
AQVA processes its Customers’ personal data for the purpose described in section 4. Customers and the Personal Data collected from them form the customer register of AQVA. The customer register contains the following Personal Data of Customers or part of them:
Information related to the identification and individualization of the Customer (Customer's or Customer's organization's name, customer contact person's contact details, customer number, if necessary, business ID, postal address, apartment number, phone number, email address, user role, billing information, and any number and usage location information)
Usage and history data of the water consumption
IP address information and data collected through AQVA’s website cookies
The start and end date of the customer relationship
Information regarding the ordering and payment of the Customer's Service
Information related to the management and communication of the customer relationship, as well as classification (e.g., purchase and cancellation information of Services, delivery information, feedback, complaints, emails, and support messages)
6. REGULAR SOURCES OF DATA
AQVA collects and stores in its customer register the Personal Data of its Customers, which the Customer has provided to AQVA or which has been provided to AQVA in connection with the newsletter subscription. Customer's Personal Data can also be collected and updated from public sources as well as from authorities and companies that provide personal data services. The processing of personal data collected from public sources for electronic direct marketing is subject to the provisions of the Act on Electronic Communications Services.
7. REGULAR DISCLOSURES OF DATA
Customer's Personal Data may be transferred or disclosed in accordance with the requirements of competent authorities or other parties, based on applicable legislation. Personal Data may be disclosed in connection with corporate arrangements to potential buyers and their advisors, if the Controller sells, transfers or otherwise arranges its business. Personal Data may be transferred to AQVA's selected partners who process Personal Data on behalf of AQVA, based on a written data processing agreement between AQVA and the data processor. In this case, the data processor does not have the right to process the transferred Personal Data for its own purposes, in its own personal data registers.
8. TRANSFER OF THE DATA OUTSIDE THE EU OR ETA
Service providers involved in the processing of Personal Data may be located outside the European Union or the European Economic Area or they may transfer personal data to so-called third countries. When data is transferred outside the European Union or the European Economic Area, the company ensures an adequate level of protection for personal data, among other things, by agreeing on matters related to the processing of personal data in accordance with data protection legislation, such as using the standard contractual clauses approved by the European Commission or based on the European Commission's decision on the adequacy of data protection.
9. DATA RETENTION PERIOD
AQVA retains the Personal Data of the Data Subjects in accordance with applicable legislation and only for as long as necessary to fulfill the purposes defined in this privacy policy. Due to the obligations of applicable legislation, the Personal Data of the Data Subjects may need to be retained for longer than the aforementioned periods. AQVA retains the Personal Data in the customer register for at least the duration of the Agreement between the Customer and the Controller, and unless otherwise required by applicable legislation, the Personal Data is planned to be deleted twelve (12) months after the customer relationship between the Customer and the Controller has ended or there is no other business or company liability-related reason to retain the data.
10. DATA PROTECTION PRINCIPLES
Customer's Personal Data is protected from unauthorized access and illegal processing through organizational measures and technical means. Such measures include, for example, instructions and passwords for AQVA's employees and data processors. Customer's Personal Data is stored in controlled and guarded premises by an external service provider chosen by AQVA. Data that needs to be processed and stored outside controlled and guarded premises is encrypted to prevent unauthorized use. Communication connections to the personal data register are protected by connection encryption. Access to Personal Data in the customer register is restricted within AQVA and data processors to only necessary individuals. Only those individuals who have been granted appropriate access rights have access to Personal Data. Electronically processed Personal Data in the customer register is protected by firewalls, passwords and other technical means generally accepted in the field of information security. Passwords must be changed at regular intervals.
11. RIGHT TO ACCESS AND ITS IMPLEMATION
The Data Subject has the right, in accordance with data protection legislation, to inspect what personal data concerning them has been stored in the customer register or to confirm that no personal data concerning them is stored in the customer register. The inspection request can be made as follows: A written and signed inspection request is sent to AQVA's representative at the provided address or by email to AQVA's representative. The inspection request is presented in person at the address specified in section 1. The Data Subject must prove their identity if necessary. If there are errors in the personal data of the register, the Data Subject can submit a written request to the people responsible for registry matters at AQVA to correct the error. The Data Subject has the right to request the deletion of their Personal Data from the register if there is no legal basis for the processing of Personal Data. If less than 12 months have passed since the previous inspection request, AQVA may charge a fee for the implementation of the measures.
12. RIGHT TO DATA PORTABILITY
The Data Subject has the right to have their Personal Data transferred to another controller in certain situations. The Data Subject has this right if the Data Subject has provided AQVA with their personal data in a structured, commonly used and machine-readable format, when the processing is based on the Data Subject's consent or an agreement between AQVA and the Data Subject; the processing is carried out automatically; and if the transfer is technically feasible.
13. RIGHT TO WITHDRAW CONSENT
If the processing of Personal Data is based on the consent given by the Data Subject, the Data Subject has the right to withdraw their consent at any time. The request to withdraw consent must be submitted by email to the person mentioned in section 2 of this privacy policy. However, the processing of the Data Subject's Personal Data that occurred before the withdrawal of consent does not become unlawful even if the consent is withdrawn. However, AQVA has the right to process the Data Subject's Personal Data despite the withdrawal of consent based on the agreement between the Data Subject and AQVA regarding the Services.
14. THE CORRECTION, DISPOSAL AND RESTRICTION OF PROSESSING DATA
At the request of the Data Subject, necessary corrections and additions are made to the Personal Data, or incorrect, unnecessary, incomplete or outdated data is disposed of for the purpose of processing. The Data Subject has the right to restrict the processing of their Personal Data by withdrawing the consent referred to in section 14 above.
15. DIRECT MARKETING PROHIBITION AND RIGHT TO OBJECT
Personal Data of the Data Subjects may be used for direct marketing if the data has been obtained from the Data Subject in connection with the use of the Service. In electronic direct marketing, the provisions of the Act on Electronic Communications Services apply, and Personal Data obtained from public sources is not used for electronic direct marketing to entities without consent if the personal data of the entity is related to an individual rather than the entity itself. If the data has been obtained from public sources or otherwise without the explicit consent of the Data Subject, AQVA will inform the Data Subject of their rights related to the processing of their Personal Data. The Data Subject has the right to prohibit AQVA from processing their Personal Data for direct advertising, distance selling and other direct marketing, as well as for market and opinion research. The Data Subject has the right to file a complaint regarding the personal data register with the data protection authority acting as the supervisory authority.
16. CONTACTS
The Data Subject must send requests concerning their rights in writing or by email to the contact person mentioned in section 2 of this privacy policy. AQVA may ask the data subject to clarify their request and verify their identity before processing the request. AQVA may refuse to fulfill the request on grounds specified in the applicable law.
17. RISK ASSESMENT
AQVA considers that the processing of personal data it performs does not pose a significant risk to the rights and freedoms of the Data Subjects.
18. AUTOMATED DECISION-MAKING AND PROFILING
The company does not engage in automated decision-making or profiling. However, the company may use third-party service providers to analyze the use of its services.
19. CHANGES TO THIS PRIVACY POLICY
AQVA reserves the right to amend this privacy policy by notifying, for example, on its website or in another manner, such as by email. Changes may be based on the development of AQVA's business or, for example, changes in legislation. AQVA recommends that Data Subjects regularly review the contents of the privacy policy. This privacy policy was last updated on April 15th 2024
Copyright 2025. All Rights Reserved.