Privacy policy

This Privacy Policy explains how Valossa Labs Oy (“Valossa”, “we”, “us”, “our”) collects, uses and shares information we receive and collect about you.

We receive such information on you especially through our services and websites (collectively “Services”). In addition to describing how we process data, this Privacy Policy also describes your rights related to the processing. It will notify you of the following:

1. What Personal and Technical Data Do We Collect?
2. How We May Use Your Personal Data and The Lawful Basis For Doing So?
3. From Where Do We Receive Data?
4. How Do We Share and Transfer Data on You?
5. Do We Transfer Personal Data Outside EU or EEA?
6. How Do We Protect the Data and How Long Do We Store Them?
7. Third Party Activities
8. Children’s privacy
9. Changes to this Privacy Policy
10. What are Your Rights as a Data Subject?
11. How to use your rights?

This Privacy Policy is governed by Finnish law, excluding its choice of law provisions.

We reserve the right to change this Privacy Policy from time to time. Please check the Privacy Policy regularly for updates.

For clarity we state here that when performing content analysis such as video analysis and your Personal Data is involved, the role of Valossa under the GDPR is Processor and the role of our customer under the GDPR is Controller. Face recognition data for unique identification of a person is Special-Category Data under the GDPR, and thus any face data may only be used for unique identification when the Controller has ensured the legal basis for doing so. Typically this happens by obtaining the necessary consent from you or by applying the Member-State exemptions defined in the GDPR article 85. For clarity, we also acknowledge that the EU AI Act provides several protections for you as the user and these protections are in force. Furthermore, Valossa commits to the principles of the EU AI Act. We do not use personal data to infer psychological emotions of private individuals in educational or workplace contexts, nor do we perform biometric categorization that infers sensitive attributes (e.g., race, politics) without strict lawful basis and legal safeguards.

1. What Personal and Technical Data Do We Collect?

With “personal data” we mean any information that may identify you as an individual.

The personal data we collect can be grouped into the following categories:

• Identification information such as name and username
• Contact information such as e-mail address, telephone number and address
• Payment information such as bank details
• Information of the customership and the contract such as correspondence, emails and information on you relating to the use and provision of the Services, and/or your customer relationship or other business with us.
• Technical data, such as log data including information such as your computer’s Internet Protocol (“IP”) address, URL of the site from which you came, browser type and version, the pages of our site that you visit, the time and date of your visit, the time spent on those pages, the devices used to access the Service, and other traffic data. Please review the full Cookies Policy to learn how we use cookies.
• Special categories of personal data, when we use biometric data for the purpose of uniquely identifying a natural person
  
  

2. How We May Use Your Personal Data and The Lawful Basis For Doing So?

Personal data is used for:

• Identifying a person as a user
• Separating access to different parts of the service based on the user identity
• Enabling the contacting of a user, possibly as the designated contact person of the legal person (such as a company) that is the actual customer of the service
• Enabling the processing of payments and payment-related information
• Identifying a person as a specific person, possibly with a set of personal attributes such as age and gender, in the analysis services
• Targeting and segmenting users for marketing or statistical purposes
• Technical maintenance, logging, repair and development purposes such as debugging the service, for example, in cases where some parts of the personal information are related to an error situation
• Sending service related information and messages to the users
• Preventing fraud, abuse, and misuse of the Services, and ensuring compliance with our Terms and Conditions (including acceptable use policies).

The Lawful Basis for processing personal data:

• Performance of a contract: processes is needed for enabling you to use our service, customer service during contract period
• Legitimate interest: personal data processed in the context of marketing, product- and customer analyses. This processing forms the basis for marketing, process-, business- and system- development, including testing. This is to improve our product range and optimize our customer offerings. This may also involve profiling.
• Consent: there are situations when we will ask for your consent to process your personal data. Examples of such situations are processing of special categories of data. The consent will contain information on that specific processing activity. If you have given consent to a processing of your personal data you can always withdraw the consent.
• Processing relates to personal data which are manifestly made public by the data subject

3. From Where Do We Receive Data?

We collect or receive personal information through, among others, valossa.com, our Valossa AI Portal video analysis dashboard, our software applications, social pages, as well as email and other communication channels. We may also update and supplement personal data with information provided by third parties in order to improve the Services.

4. How Do We Share and Transfer Data on You

We may share your personal data with others to for the purposes described in this Privacy Policy:

A) Our affiliates

B) To Provide Our Services

When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide our services. For example, we use an outside credit card processing company to bill users for services. This company do not retain, share, store or use personally identifiable information for any secondary purposes beyond filling your purchase.

AI Model Training: Valossa does not use Customer User Submissions (uploaded media content) or associated biometric data to train or fine-tune our public AI models by default. Such use occurs only if you have explicitly opted-in or provided consent. We may, however, use anonymized and aggregated technical usage data (not content) to improve the performance and stability of our systems.

5. Do We Transfer Personal Data Outside the EU or EEA?

Valossa applies a strict data residency policy for the content you upload for analysis:

User Submissions (uploaded content data that may contain personal data and biometrics) are stored and processed exclusively within the European Economic Area (EEA) or jurisdictions with a valid EU adequacy decision. We do not transfer this data outside of the aforementioned jurisdictions unless you explicitly request a custom deployment or feature that requires it.

Account and Business Data: To provide the Service (e.g., processing payments via Stripe, sending service emails, or managing support tickets), we may transfer administrative data (such as your name, email, and billing details) to service providers located outside the EEA, such as the United States.

Whenever we transfer Account Data outside the EEA, we ensure compliance with applicable regulations by implementing safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or relying on the Data Privacy Framework (DPF) certification of our vendors.

6. How Do We Protect the Data and How Long Do We Store Them?

We take precautions to protect your information. When you submit personal data via the Services, your information is protected both online and offline.

Wherever we collect more sensitive personal data, such as credit card data, information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.

While we use encryption to protect personal data transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (e.g. billing or customer service) are granted access to personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment.

We store the data as long as it is necessary for the purpose of processing the data. For example, personal data in the customer and marketing register is erased period related to a specific customer relationship or service has elapsed or the data related to marketing activities has been identified as outdated or unresponsive.

7. Third Party Activities

This Privacy Policy applies only to personal data processing carried out by Valossa. The Privacy Policy does not address and we are not responsible for, the privacy, data or other practices of any third parties, including our clients, or any other third party operating any site or service that you may encounter in connection to the Services.

Our websites contain links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information. If our Services (or a link to our Services) are included on a third party website it does not mean that we have given an endorsement of such site or service.

8. Children’s privacy

Valossa understands the special need to provide privacy protections for children. Therefore, our Services are not intended for and Valossa does not knowingly process data on children younger than thirteen (13) years of age. We request that children under thirteen do not provide personal data through any of the Services. If we become aware of unintentionally processing information on children under thirteen, we will take reasonable measures to delete such data as soon as possible.

9. Changes to this Privacy Policy

From time to time we may change this Privacy Policy. You can tell when changes have been made to the Privacy Policy by referring to the Last Updated legend on top of this page.

10. What are Your Rights as a Data Subject?

• Request access to your personal data.
• Request correction of incorrect or incomplete data.
• Request erasure.
• Limitation of processing of personal data.
• Object to processing based on our legitimate interest.
• Data portability.
• Withdraw consent at any time (where processing is based on consent, such as for specific biometric identification scenarios with lawful basis of processing according to the GDPR)

Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

11. How to use your rights?

For your account, registration, and billing data, the Data Controller is Valossa. (Note: For personal data contained within User Submissions and video content, Valossa acts as the Data Processor; please refer to the Introduction). If you have any questions or concerns regarding our privacy policy and how we process your personal data, you can always contact us via email at support@valossa.com or via mail:

Valossa Labs Oy
Paavo Havaksen tie 5E
90570 Oulu
FINLAND

Also, Valossa has appointed a Data Protection Officer that you can contact by contact form via Valossa Portal.

You can also lodge a complaint or contact the local data protection authority. For more information, see for example http://www.tietosuoja.fi.