Privacy Policy

1. Introduction and Legal Basis

Welcome to CivicWork. We are committed to protecting your privacy and ensuring the security of your personal information in accordance with the European Union's General Data Protection Regulation (GDPR) (EU Regulation 2016/679) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our geolocation intelligence platform and services. As a data controller, we process your personal data in compliance with applicable European and Finnish data protection laws.

Data Controller: CivicWork is the data controller responsible for the processing of your personal data. Our registered office is located in Finland, and we operate in compliance with Finnish and EU data protection legislation.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Account Information: Name, email address, phone number, company name, and contact details
• Profile Information: User profile data, preferences, and settings
• Company Information: Business details, location data, and company profile information
• Payment Information: Billing details and transaction history (processed securely through third-party payment processors)

2.2 Location Data

As a geolocation platform, we collect and process location-related data:

• Geographic coordinates (latitude and longitude)
• Address information and location markers
• Infrastructure mapping data
• Location history and tracking information

2.3 Technical Information

We automatically collect certain technical information:

• IP address and device information
• Browser type and version
• Operating system
• Usage data and analytics
• Cookies and similar tracking technologies

3. Legal Basis and Purpose of Processing

Under GDPR Article 6, we process your personal data based on the following legal bases:

3.1 Contractual Necessity (Article 6(1)(b) GDPR)

We process your data to:

• Provide, maintain, and improve our geolocation services
• Process registrations, transactions, and manage your account
• Enable location mapping, tracking, and infrastructure management features
• Fulfill our contractual obligations to you

3.2 Legitimate Interests (Article 6(1)(f) GDPR)

We process your data for our legitimate interests to:

• Detect, prevent, and address technical issues and security threats
• Analyze usage patterns and improve user experience
• Ensure platform security and prevent fraud

3.3 Consent (Article 6(1)(a) GDPR)

We process your data with your explicit consent for:

• Marketing communications and newsletters
• Non-essential cookies and tracking technologies
• Optional profile features and data sharing

You may withdraw your consent at any time by contacting us or adjusting your account settings.

3.4 Legal Obligations (Article 6(1)(c) GDPR)

We process your data to comply with legal obligations under Finnish and EU law, including:

• Tax and accounting requirements
• Data retention obligations
• Compliance with court orders or regulatory requests

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Public Profiles

If you choose to create a public company profile, certain information (company name, location, tagline, and public profile data) may be visible to other users of the platform.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our platform, conducting business, or serving our users, provided they agree to keep this information confidential.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users or others.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Limited access to personal information on a need-to-know basis
• Secure hosting infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Rights Under GDPR and Finnish Data Protection Act

As a data subject under GDPR and the Finnish Data Protection Act, you have the following rights:

• Right of Access (Article 15 GDPR): Request access to your personal data and information about how it is processed
• Right to Rectification (Article 16 GDPR): Request correction of inaccurate or incomplete personal data
• Right to Erasure ("Right to be Forgotten") (Article 17 GDPR): Request deletion of your personal data under certain circumstances
• Right to Restrict Processing (Article 18 GDPR): Request restriction of processing in specific situations
• Right to Data Portability (Article 20 GDPR): Receive your data in a structured, commonly used, and machine-readable format
• Right to Object (Article 21 GDPR): Object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu)

To exercise these rights, please contact us at privacy@civicwork.com. We will respond to your request within one month (as required by GDPR Article 12(3)), though this may be extended by two additional months for complex requests.

Finnish Data Protection Ombudsman: If you are not satisfied with our response, you have the right to lodge a complaint with the Finnish supervisory authority:

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our platform and store certain information. Cookies are small data files stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

We use cookies for:

• Authentication and session management
• Remembering your preferences and settings
• Analyzing usage patterns and improving our services
• Providing personalized content and features

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, in accordance with GDPR Article 5(1)(e) (storage limitation principle) and Finnish data protection legislation.

Retention Periods:

• Account Data: Retained for the duration of your account and up to 3 years after account deletion, unless longer retention is required by Finnish accounting or tax law (typically 7 years for business records)
• Location Data: Retained for as long as necessary to provide the service, typically until you delete the location or your account
• Marketing Data: Retained until you withdraw consent or opt-out, after which we delete your data within 30 days
• Legal Obligations: Some data may be retained longer if required by Finnish law, such as tax records (7 years) or court orders

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as fraud prevention). Anonymized data may be retained indefinitely for statistical purposes.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V:

• Transfers to countries with an adequacy decision by the European Commission
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Other appropriate safeguards as required by GDPR Article 46

We will inform you of any international transfers and the safeguards in place to protect your data.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy, your data protection rights, or our data practices, please contact us:

Data Protection Officer (DPO): If you have specific questions about data protection or wish to exercise your rights, you may contact our Data Protection Officer at the email address above.