Updated 6 July 2023
The Policy covers how IPRally handles personal information, meaning information relating to an identified or identifiable individual, i.e. a natural person (“Data Subject”). This Policy applies to personal data ("Personal Data") collected in connection with the products and services offered by IPRally, www.iprally.com website and interactions related to our service or website such as customer support, customer events, or promotions and campaigns and usage information from such interactions, products, services, events, promotions and campaigns.
Contacting us on the website. You can contact us on the www.iprally.com website by providing your e-mail address. The e-mail address is used for allowing us to contact you for offering or negotiating about the services requested and can be added to a mailing list and/or used for subsequent marketing purposes.
Registering to services and providing products and services. When you register to our services, we may ask you to provide us with certain information such as your name, email address, passwords and other such credentials that are used to authenticate users and to validate their actions or that may be needed to provide you with the products and services you have requested or to communicate with you.
Newsletter and other marketing materials requiring subscription. When you sign up for our regular newsletter or another service requiring giving your e-mail address, we shall send you newsletter(s) (based on your consent) or communications regarding products which may be of interest to you. If you no longer wish to receive these communications, you can follow the unsubscribe instructions contained in each of the email communications you receive.
For the purposes stated in this Policy, the Personal Data may be disclosed, or the access may be granted, when necessary, to selected third parties, such as third-party service providers.
Planhat. We may use the Planhat AB ("Planhat") technology to proactively support our customers when it comes to usage, feedback and any other feature and/or product related feedback. This enables us to optimize product features, measure user behaviour and better understand how users interact with the product. Through Planhat, IPRally might conduct customer focused surveys during the duration of the agreement.
Intercom. We use Intercom, Inc. ("Intercom") technology to provide support and information for website visitors and product users. This enables us to serve customers quickly and to maintain up-to-date product documentation.
Calendly. We may use the Calendly LLC ("Calendly") technology to allow website visitors to book meetings with us..
Pipedrive. We may use Pipedrive, Inc. (“Pipedrive”) to manage our marketing and sales process.
Mailgun. We may use Mailgun Technologies, Inc., a Delaware corporation (“Mailgun”) to communicate with our users.
Hubspot. We may use Hubspot, Inc. (“Hubspot”) to communicate with our newsletter subscribers and users.
Slack. We may use Slack Technologies, LLC (“Slack”) to get notifications from some of the above-mentioned services to improve customer journeys and our service and support level. The notifications may include Personal Data, which are stored by Slack and are subject to their technical and organizational data security measures.
Zapier. We may use Zapier, Inc (“Zapier”) technology to connect some of the above mentioned services together in automated fashion.
Auth0. We may use Auth0 by Okta, Inc. (“Auth0”) to add authenticate and authorize users and services to our application and services.
Google reCAPTCHA. We may use Google reCAPTCHA by Google Inc. (“reCAPTCHA”) technology to detect abusive traffic on our website and to protect the website from spam.
Provision of products and services. We may process and use Personal Data to provide you the product or service you have requested, fulfill your other requests, process your order or as otherwise may be necessary to perform or enforce the contract between you and IPRally. We may also process and use your Personal Data to ensure the functionality and security of our products and services, to identify you, and to prevent and detect fraud and other misuses. The legal basis for the above-mentioned processing is contract or its preparation, or our legitimate interest.
Development of products and services. We may process and use your Personal Data to develop our products and/or services. However, for the most part we only use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. We may also process and use your Personal Data to personalize our offerings and to provide you with service more relevant to you, for example, to make recommendations and to display customized content. The legal basis for the above-mentioned processing is our legitimate interest.
Communicating with you and marketing. We may process and use your Personal Data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your Personal Data for marketing. Marketing purposes may include using your Personal Data for personalized marketing or research purposes in accordance with applicable laws. The legal basis for the above-mentioned processing is our legitimate interest or your consent.
Complying and fulfilling our legal duties and obligations. We may process and use your Personal Data to fulfill our legal obligations, such as tax law and accounting related obligations based on statutory obligation.
Establishing, exercising, or defending against legal claims. We may process and use your Personal Data to establish, exercise or defend against legal claims. The legal basis for the above-mentioned processing is our legitimate interest.
For processing activities that are based on a legitimate interest, we have carefully balanced such legitimate interest with your right to privacy and concluded that our interest outweighs your Data Subjects’ rights and freedoms.
Where the processing is such that a consent is required by the applicable legislation, we will state so and obtain the consent, and this will be the legal basis for the processing. However, you have the right to withdraw that consent any time, without affecting the lawfulness of processing based on consent before its withdrawal. If such withdrawal means that we are no longer able to provide our services, we may cease to provide the services.
We will retain your Personal Data for as long as needed to provide services to you. After such reason no longer exists, we shall retain the Personal Data for maximum of twelve months plus ordinary backup storage period, unless otherwise explicitly agreed.
In general, we retain Personal Data only for a period that is necessary to achieve the purposes for which Personal Data is processed, unless there is a legal obligation to retain Personal Data for a longer period of time (for example, responsibilities and obligations under specific legislation, accounting or reporting obligations). We may retain Personal Data for a longer period of time if it is required, for example, to exercise a legal claim, to defend a legal claim, or to settle a similar dispute or in order to enforce our agreements.
We evaluate the necessity and accuracy of the Personal Data on a regular basis and endeavor to ensure that the incorrect and unnecessary Personal Data are corrected or deleted.
Detailed data retention times can be provided upon requests.
IPRally implements appropriate technical and organizational security measures to prevent and minimize risks associated with providing and processing your Personal Data.
Such security measures include, where appropriate, the use of firewalls, secure server facilities, encryption, implementing proper access rights management systems and processes, careful selection of processors, sufficient training of personnel involved in the processing, and other necessary measures to provide appropriate protection for your Personal Data against unauthorized use or disclosure. Where appropriate, we may also take back-up copies and use other such means to prevent accidental damage or destruction of your Personal Data.
All traffic is encrypted using Secure Socket Layer technology (SSL) or other encrypted tunnels.
We restrict access to Personal Data only to authorized personnel, contractors and agents who need to know that information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
We may disclose your Personal Data to third parties solely as stated below in this Policy, or as obligated by mandatory law.
International transfers. Our main principle is that your Personal Data is processed within the European Union (EU) or the European Economic Area (EEA). However, some of the service providers used by us may operate outside the territory of the EU/EEA and thus, your Personal Data can be transferred outside the EU/EEA.
In case Personal Data is transferred outside the EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as Standard Contractual Clauses (SCC) adopted, including any supplementary measures, where assessed to be necessary, or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.
The servers directly used by IPRally are located in the European Union. However, some service providers may use servers located outside the EU/EEA.
Service Providers. From time to time, IPRally may contract with third parties to perform functions necessary for its research operations and, under the terms of those contracts, may transfer Personal Data to those third parties. IPRally requires any such third party to maintain confidentiality of such Personal Data. We use other third parties such as an email service provider to send out emails on our behalf. When you sign up for our services, we will share your Personal Data only as necessary for the third party to provide that service. We also use third parties to assist us in selling our services.Other disclosures. We may disclose and otherwise process your Personal Data in accordance with applicable laws to defend IPRally’s legitimate interests, for example, in civil or criminal legal proceedings.
The Personal Data may also be disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety and usability of the products and services. In the event of emergencies or other unexpected circumstances, we may be required to disclose the Personal Data in order to protect human life, health and property.
Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise reorganize our business, this may involve us disclosing Personal Data to prospective or actual purchasers and their advisers, or receiving Personal Data from sellers and their advisers, for the purposes of such transactions.
If you wish to disable cookies, or want to be notified before they are placed, you may do this in the cookie settings in the cookie banner. However, we may not be able to provide certain services or you may not be able to view certain parts of this website if you have disabled cookies.
You, as a Data Subject, have several rights under applicable data protection laws.
Right of access and right of inspection
You have the right to obtain confirmation as to whether or not Personal Data concerning you is being processed.
You have the right to inspect and view Personal Data concerning you and, upon a request, the right to obtain data in a written or electric form. This applies to information that you have provided to us insofar the processing is based on a contract/consent.
Right to rectification and right to erasure
You have the right to demand the rectification of incorrect Personal Data concerning you and to have incomplete Personal Data completed.
You have the right to require us to delete or stop processing your Personal Data, for example where the Personal Data is no longer necessary for the purposes of processing.
However, please note that certain Personal Data is strictly necessary in order to achieve the purposes defined in this Policy and may also be required to be retained by applicable laws.
Right to data portability
You have the right to receive the Personal Data that you have provided to us in a structured, commonly used, and machine-readable format and, if desired, transmit that data to another controller. The right to data portability applies on the processing of the personal data based on consent or a contract.
Right to restriction of processing
You have the right, under conditions defined by data protection legislation, to request the restriction of processing of your Personal Data. In situations where Personal Data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, we will limit the access to such data.
Right to object to processing
You have the right to object to the processing of your Personal Data where we are relying on our legitimate interests as the legal ground for processing. For example, you may object to your Personal Data being used for marketing purposes.
Right to withdraw consent
In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time.
In case you wish to make use of your rights mentioned above, you may, as appropriate and in accordance with applicable laws, exercise such rights by contacting us through the contact points referred in the marketing materials or below in this Policy. In some cases, especially if you wish us to delete or cease the processing of your Personal Data, this may also mean that we may not be able to continue to provide the services to you.
In the event you consider our processing activities of your Personal Data to be inconsistent with the applicable data protection laws or that IPRally has not sufficiently ensured the realization of your rights, you may lodge a complaint with the local supervisory authority responsible for data protection matters.
The relevant authority in Finland is the Data Protection Ombudsman (http://www.tietosuoja.fi).
If we decide to change our Policy, we will post these changes to the IPRally website. We reserve the right to modify this Policy at any time, so please review it frequently. If we make material changes to this Policy, we will notify you here, by e-mail, or by means of a notice on our website prior to the change becoming effective.
If you have any questions or comments about this Policy or the practices of this website, or unresolved privacy and data use concerns, please contact IPRally by e-mailing firstname.lastname@example.org.
The data controller responsible for the purposes of the applicable data protection laws is:
IPRally Technologies Oy (registered in Finland, business ID: 2901197-7)
Mikonkatu 15 A