Company Valosan (Registered auxiliary of San Francisco Oy) Eerikinkatu 28 00180 Helsinki		Who processes your data	Contact person Ruslan Gainutdinov ruslan@valosan.com tel. +358 50 339 2586
Whose information we process This privacy statement applies to you in case you Order our service		Data we process Client contact and invoicing information	Why we process your data To provide our service Communication Marketing
How we receive your data We collect data While you are using our app When you contact us		Cookies We only use strictly necessary cookies to ensure the functionality of our app	Who else processes your information Amazon (AWS) Google MongoDB Mailchimp Plausible Intercom See privacy Shield and model clauses below
How long we store your data We delete your data: When you stop using the service and your user account is deleted If you request deletion, and we are not legally bound to store the data		Your rights Inspection Object processing Deletion / right to be forgotten Complaint	How we protect your data SSL/TLS-protection Records available only to administrative personnel via username and a strong password Records available to personnel who have the obligation to secrecy and confidentiality Firewall The database containing the data is not accessible through the internet The database uses encryption at rest

About the Valosan App

Valosan is a media relationship management app. Valosan was created to simplify connecting with journalists for growth companies and startups.

This Privacy Policy applies to our services at app.valosan.com, dev.valosan.com, valosan.com, GMail Chrome extension and GMail Firefox extension.

Controller

In order to keep our service running smoothly, we need some information about you. This information is called ‘personal data’ and in order to run our service, we need to collect at least some data from you and this is partly personal data. It is data directly linked to you or data that makes you identifiable from combined with other collected data. Because we collect, use and store your personal data we are a so-called controller of your information. In this privacy statement, we aim to express as openly and transparently as possible, how we process your data.
Controller	Our contact person for data protection
Valosan Eerikinkatu 28 00180 Helsinki	Ruslan Gainutdinov ruslan@valosan.com tel. +358 50 339 2586

Processing personal data and the purpose of processing

Data subjects	Purpose of processing	Basis of processing
User	Identification and client information management	Performance of contract
	Communications	Performance of contract
	Marketing	Consent
	Payment information	Performance of contract
	Provision of service	Performance of contract

What does ‘legitimate interest’ mean?

The collection and processing of all personal data require a so-called basis on which the processing is lawful. A ‘legitimate interest’ is one such basis. Other processing criteria include, for example, consent and performance of a contract

Processing in the legitimate interest is lawful if, and only if, the fundamental rights and freedoms of the person and their protection are not more important than the legitimate interest of the party conducting the processing (in this case us).

What does ‘performance of a contract’ mean?
Contractual processing is lawful if the data subject is a party to a contract for the performance of which the processing of his or her personal data is necessary. The processing is limited to the personal data necessary for the performance of the contract.

What does ‘consent’ mean?
Consent-based processing is lawful if the data subject has given his or her consent to the processing of his or her personal data for one or more purposes. For example, the data subject may give his or her consent by ticking the box on a website or an application. It must be possible to withdraw consent as easily as it could have been given. Consent must be explicit and freely given.

What does a ‘legal obligation’ mean?
Compliance with the controller’s legal obligations may require the controller to process personal data.

Changes

We might from time to time update the data processing terms. We will always inform you of any notable changes or we are going to use your data for some other purpose than disclosed in these terms.

Regular sources of information

We receive information about you from you. Information is given to us by yourself (information you have provided) or data that we have collected through observation (observed information). We do not collect information about you from other parties or other sources.

We collect data and process data when you:

• Register online or place an order for any of our products or services.
• Voluntarily complete a customer survey or provide feedback on our website.
• Use or view our website
• Use our GMail extension

Our Company may also receive your data indirectly from the following sources:

• Via e-mail or direct communication with our support representative

Valosan offers the option of entering personal data.

Personal data in the register

In the register the following information or personal data is collected:

Client information (information you provide)	Purpose of processing
Name	Provision of the service
Title	Provision of the service
Phone number	Provision of the service
Email address	Provision of the service
Payment information	Provision of the service
Contact information	Provision of the service
Usage of the web app result in the collection of the following information (observed information):
Browser in use	Optimization of the service
Ip-address	Optimization of the service
Location data (location accuracy: part of town)	Optimization of the service
We also access, use and store following information from your Google account:
Google Spreadsheets	We access spreadsheets on your behalf to read and store in Valosan contact information you have stored in them. We also update contact status when you change it in Valosan or Gmail extension.
Google Docs	We read pitch, follow-up and press-release templates you have in Google Docs, when you add a link to that document in Valosan. We never store it in our system, but read it when you open Valosan or write email to journalist int he Gmail extension.
Gmail	We send e-mail using Gmail API to the contacts you have in Valosan and your spreadsheet (media list) added to the Valosan by you. We never send e-mail to any other persons except as specified by you.

Data collection for marketing

We use the information received from you for marketing. This means that you might see an Valosan advertisement while browsing Facebook or on other websites after visiting our service. For the targeting of this content, we also use cookies (see more below about cookies)

We do not disclose your phone number, email address, or other information to other parties so that they could use it for their direct marketing towards you.

Duration of processing

We retain your data for one year from the date you were last using the app. After this, the data will be deleted unless required.

Your rights

You have the following rights, the requests for the exercise of which must be made to hello@valosan.com

Right	User information
Inspection	You have the right to access and correct your personal data retained in our register.
Deletion of personal data / “Right to be forgotten”	If you feel that the processing of some of your personal data is not necessary for our processing purposes, you have the right to ask us to delete that data. However, if you wish to delete any other information, we will process your request as soon as possible, after which we will either delete your information or provide you with a valid reason why the information cannot be deleted. If you disagree, you have the right to lodge a complaint with the Data Protection Ombudsman(instructions for making a complaint).
Objection to processing	You have the right to object to the processing of your personal data at any time if you feel that we have processed your personal data unlawfully or that we do not have the lawful basis to process your personal data. We will process your request as soon as possible.
Complaint	You have the right to file a complaint with the Data Protection Ombudsman if you feel that we are in breach of applicable data protection laws when processing your personal data (instructions for making a complaint).

Disclosure of information

We do not disclose your data to any third parties.

These parties process your personal data (for example record and store) on our behalf:

• Amazon (AWS)
  
• Google
• Mailchimp
• MongoDB
• Plausible
  
• Intercom

These service providers do not have the right to view your information unless necessary to ensure the functionality of the service.

In addition, we use subcontractors to develop our service. These subcontractors do not process your information, but they do have access to our databases. These subcontractors or their employees may therefore see the information we collect about you. All our subcontractors and their personnel are bound by strict professional secrecy and confidentiality.

Data transfer outside the EU

We have chosen secure data centers located in Ireland as the storage location for your data. The information in the register will not be stored outside the European Union or the EEA. No data transfers are made from the service user register outside the EU or the European Economic Area.

If we are required to disclose personal data under applicable mandatory law, personal data may be transferred outside the European Union and the European Economic Area.

Privacy Shield and Sample Clauses

However, regardless of the data centers we choose in Europe, it is possible that we or the service providers used by us may, in some circumstances, transfer your information outside the EU / EEA. This can happen, for example, if data is duplicated outside the EU / EEA to the United States so that your data is secure even in the event of a failure of the main servers. Transmission Volumes must always be carried out safely and in accordance with the law. We will ensure that the necessary measures are taken to prevent the transfer of your personal data to a party outside the EU or the EEA that does not comply with the legal requirements for the processing of personal data.

The European Commission has accepted the use of model contract clauses to ensure adequate protection of data transferred outside the EEA. When these are added between the parties to the data transfer standard contract clauses agreement the personal data will be considered protected when transferred outside the EEA or the United Kingdom to countries where the adequacy decision does not apply. We use these model contract clauses in data transfer.

In addition, we adhere to the principles of the EU-US and Switzerland-US Privacy Shield Frameworks, without relying on these principles as a legal basis for transfers of personal data, taking into account the ruling of the European Court of Justice in Schrems II case C-311/18. Learn more From the U.S Department of Commerce Privacy Shield Website

Registry protection principles

The secure processing of your personal data is important to us. The information stored in the service is stored in the system of the controller, which is protected by security software.

• Our employees have access to personal data only to the extent required for relevant work tasks.
• Access to the system requires the entry of a username and password. The system is also protected by firewalls and other technical means.
• Only certain designated employees of the controller have access to and are entitled to use the data contained in the register stored in the system.
• The use of the register is protected by user-specific IDs, passwords, and access rights.
• The registry resides on a computer located in a computer room on a server to which unauthorized access is denied.
• The information contained in the register is located in locked and guarded premises.
• The register is regularly backed up.

Cookies

Our service uses so-called cookies. A cookie is a small text file that is sent to and stored on a user’s computer, enabling the webmaster to identify visitors who visit the site frequently, to make it easier for visitors to log in to the site, and to compile aggregate information about visitors. With the help of this feedback, we are able to continuously improve the content of the service’s pages. Cookies do not harm users’ computers or files. We use them in such a way that it can provide its customers with information and services tailored to their individual needs.

We use cookies for the following purposes:

• Targeted marketing (Google Ads, Microsoft Ads)
• Analysis and monitoring of the webpages (Plausible, Leadfeeder)

If you do not want us to receive any of the above information through cookies, most browser programs allow you to disable the cookie function. However, it is good to keep in mind that cookies may be necessary for the proper functioning of some of the services maintained by us.

Turning off cookies on most browsers
Chrome	From the main menu, select Preferences. Click Advanced at the bottom of the page. In the Privacy and Security section, click Content Options. Select Cookies.
Firefox	From the main menu, select Settings. Click Privacy and Security. Under History, select Selected History from the drop-down menu.
Safari	From the Safari menu, select Settings. Click Privacy. Click Block All Cookies or Manage Website Data.
Microsoft Edge	From the main menu, select Settings. Click Show advanced settings. Select the security level from the Cookies section at the bottom of the menu.
Internet Explorer	On the Tools menu, click Internet Options. Click the Privacy tab. Under Settings, click Details.