Privacy Policy

General information

This privacy statement describes how Fuxia Oy (“company”, or “we”) processes personal data when you use our services, including the Fuxia Web Service and the Fuxia Word Add-in (collectively referred to as the “Fuxia Service”). The Fuxia Service is intended for automated reviewing, commenting, and redlining of contracts. The Fuxia Word Add-in is an application available on the Microsoft Store that integrates with Microsoft Word.

Users retain responsibility regarding how they utilize the Fuxia Service. We provide the Fuxia Service “as is,” and users are solely responsible for their use of the Service, including any data, content, and information they upload, transmit, or process using the Service.

Processing on Behalf of Customers

When we process personal data on behalf of our customers as part of providing the Fuxia Service, such processing is governed by our agreements with those customers. In these cases, the customer acts as the data controller, determining the purposes and means of processing personal data, and we act as a data processor, processing the data according to their instructions and in compliance with applicable data protection laws.

Personal data

Personal data refers to any information relating to a natural person (“data subject”) that can identify him/her directly or indirectly. Personal data, data subject, controller and other key terms are defined in the General Data Protection Regulation (2016/679, “GDPR”). The company complies with the GDPR in all processing of personal data in conjunction with other applicable national data protection legislation (data protection legislation).

Controller

  • Controller: Fuxia Oy
  • Address: c/o Lexia Asianajotoimisto, Lönnrotinkatu 11, 00120 HELSINKI
  • Telephone: +358 50 353 0029
  • Email: privacy@fuxia.ai

Purposes and legal basis for processing personal data

Personal data will be processed for the following purposes:

  • Registration to use our products and services and user account management based on contract or its preparation.
  • Delivery of our products and services based on contract or its preparation.
  • Invoicing (including debt collection), customer service, feedback and related communications based on contract or its preparation or company’s legitimate interest.
  • Management and administration of our relationship with our business partners based on company’s legitimate interest.
  • Provision of information and materials related to our products and services, for example by newsletters and direct marketing based on company’s legitimate interest or consent.
  • Identifying potential customers who are using our services for the purposes of targeting relevant marketing to such persons based on company’s legitimate interest.
  • Registrations for our events, trainings and webinars based on company’s legitimate interest.
  • Market and customer analysis and surveys based on company’s legitimate interest.
  • Business planning and product development based on company’s legitimate interest.
  • Monitoring the use of our website and to improve the site functionality and user experience and to present the content of our website in a manner ideal for the visitor’s device based on consent.
  • Providing marketing on our website using cookies based on consent.
  • Enabling social media services such as videos and sharing buttons based on consent.
  • Fulfilment of statutory obligations, such as obligations under tax and accounting legislation based on statutory obligation.
  • Ensuring security of our products and services and preventing abuses based on statutory obligation or legitimate interest.
  • Ensuring security of our IT environments and protection of data based on statutory obligation or company’s legitimate interest.
  • Establishing, exercising, or defending against legal claims based on statutory obligation, or our legitimate interest.

For processing activities that are based on a legitimate interest, we have carefully balanced such legitimate interest with the data subjects right to privacy and concluded that our interest outweighs the data subjects’ rights and freedoms.

Automated decision making and profiling

The company does not profile or make automated decisions.

What personal data is collected, stored and processed?

The company collects only such personal data from the data subject that is relevant and necessary for the purposes described in this privacy statement.

The following personal data from the data subjects will be processed:

  • Name and contact information, such as email address, phone number, and job title / position.
  • Information related to service accounts such as usernames and passwords.
  • Consents and objections related to direct marketing.
  • Other information necessary for maintaining the business partner relationship, such as billing information, feedback, other message history and marketing preferences.
  • Information about the use of our services and products.
  • Electronic identification and behavior data such as IP address, log data and usage information.

Data sources

The personal data is mainly collected directly from the data subjects themselves, for example, in connection with preparing or signing of a contract or during a customer relationship.  

The personal data may also be collected automatically when the data subject uses our products and services.

In addition, data may be collected in other ways in a marketing context. Personal data may be updated and supplemented by collecting data from private and public sources.

Retention of personal data

Personal data collected in connection with our services shall be retained as long as need for the purposes defined in this privacy policy and as required by the law, unless such data is replaced through regular updates or otherwise. The periods vary greatly from one type of processing to another.

We retain your personal data for the duration of your active customership. When your customership expires or you are inactive for two years, we delete or anonymize your data. For accounting purposes, we store the necessary data for the current year and six years after that.

Detailed retention times can be provided upon requests.

We evaluate the necessity and accuracy of the personal data on a regular basis and endeavor to ensure that the incorrect and unnecessary personal data are corrected or deleted.

Who has access to the personal data?

For the purposes stated in this privacy statement, the personal data may be disclosed, when necessary, to authorities, and to other third parties, such as third-party service providers (such as our IT vendors and marketing agencies conducting marketing on our behalf etc.). In such case, the personal data will only be disclosed for purposes defined above.

In addition, the company may share the personal data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements.

The personal data is also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety of the products and services.

Is data transferred outside the European Union or the European Economic Area

The servers and data related to our services are hosted within the European Union (EU). In case personal data is exceptionally transferred outside EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.

Data can be transferred to the following recipients located outside the EU/EEA.

  • Microsoft (transfer under the EU-U.S. Data Privacy Framework)
  • SendGrid (transfer under the EU-U.S. Data Privacy Framework)
  • Google LLC (transfer under the EU-U.S. Data Privacy Framework)
  • Hubspot Inc. (transfer under the EU-U.S. Data Privacy Framework)

How is the data protected?

Securing the integrity and confidentiality of personal data is important to us. We have taken adequate technical and organizational measures in order to keep personal data safe and to secure it against unauthorized access, loss, misuse or alteration by third parties.

Rights of data subjects

The data subject has a number of rights under applicable data protection laws.

Right of access and right of inspection

The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her is being processed.

The data subject has the right to inspect and view data concerning him or her and, upon a request, the right to obtain the data in a written or electric form. This applies to information that the data subject has provided to the company insofar the processing is based on a contract/consent. Exercising this right is generally free of charge.

Right to rectification and right to erasure

The data subject has the right to require us to delete or stop processing the data subject’s personal data, for example where the data is no longer necessary for the purposes of processing. However, please note that certain personal data is strictly necessary in order to achieve the purposes defined in this privacy statement and may also be required to be retained by applicable laws.

Right to data portability

The data subject has the right to receive the personal data that he or she has provided to us in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller. This right applies when the processing of the personal data is based on consent or a contract.

Right to restriction of processing

The data subject has the right, under conditions defined by data protection legislation, to request the restriction of processing of his/ her personal data. In situations where personal data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, the company will limit the access to such data.

Right to object to processing

The data subject has the right to object to the processing of data where we are relying on its legitimate interests as the legal ground for processing. For example, the data subject may object to his/her personal data being used for marketing purposes.

Right to withdraw consent

In cases where the processing is based on the data subjects’ consent, he/she has the right to withdraw his/her consent to such processing at any time.

Exercising rights

Requests regarding the rights of data subjects shall be made in written or in electronic form, and the request shall be addressed to the controller mentioned on this privacy policy.

If the data subject’s request cannot be met, the refusal shall be communicated to the data subject in writing. The company may refuse a request (for example erasure of data) due to a statutory obligation or a statutory right of the company, such as an obligation or a claim relating to our services.

The data subject may exercise the aforementioned rights by sending a written request to privacy@fuxia.ai.

If you have any questions relating to our data protection policies or wish to exercise your rights, please do not hesitate to contact us.

Right to complain with a supervisory authority

The data subject has the right to lodge a complaint with a competent data protection authority if the data subject considers that the processing of personal data relating to him or her infringes current legislation.

However, we request that the matter be dealt with the company in the first instance.

The relevant authority in Finland is the Data Protection Ombudsman (www.tietosuoja.fi).

Cookies

Our website uses cookies to enhance user experience, provide personalized content, and analyze our site traffic. Cookies are small data files stored on your device. You can control cookie settings through your browser preferences, but disabling cookies may affect your experience on our website. For more information, please review our Cookie Policy.

Google Analytics

We use Google Analytics to collect and analyze data about how visitors interact with our website. This information helps us improve our site functionality and user experience. Google Analytics collects data such as your IP address, browser type, and pages visited. For more details, refer to Google’s Privacy Policy. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Google Tag Manager

Our website uses Google Tag Manager to manage and deploy marketing tags. This tool does not collect any personal data but may activate other tags that do, such as Google Analytics. These tags may collect data according to their respective privacy policies. For more information, visit the Google Tag Manager Use Policy.

Microsoft Clarity

We employ Microsoft Clarity to understand how users interact with our website through session replays and heatmaps. Clarity collects data such as mouse movements, clicks, and scrolls, helping us improve user experience. No personal data is stored. For more information, see Microsoft Clarity’s Privacy Statement.

Changes to the privacy statement

Fuxia Oy may make changes to this privacy policy at any time by giving a notice on the website and/or by other applicable means. The data subjects are highly recommended to review the privacy policy on our website every now and then. If the data subject objects to any of the changes to this privacy policy, the data subject should cease using the services, where applicable, and he/she can request that we remove the personal data, unless applicable laws require us to retain such personal data. Unless stated otherwise, the then-current privacy policy applies to all personal data we process at the time.

This privacy statement has been published on the fifth of August.2024, version 1.0