Who are we?
Benemen is a leading innovator in cloud-based communications solutions. Benemen’s communications service works alongside Office 365 and Skype for Business and provides a solution for your fixed, mobile, unified communication and multi-channel needs. Our headquarters is in Helsinki, Finland, and our subsidiary companies are based in Sweden, Denmark, Poland and the United Kingdom. The headquarters’ registered office address is Valimotie 13 A, 00380 Helsinki, Finland.
Benemen has a Data Protection Officer who can be contacted by email firstname.lastname@example.org.
What do we mean by these fancy words?
This is what we mean when we make certain references within this notice.
"Client", "you", refers to a private or corporate user or any other data subject who buys, registers for use, or uses our services and who may have submitted personally identifiable information to us. This information may have been submitted using our services, web sites, telephone, email, registration forms, or other similar channels.
"Personal data" refers to any information on private individuals and their personal characteristics or circumstances, which are identifiable to them. This information may include names, email and mailing addresses, telephone numbers, and other information incidental to the services and their provisioning.
"Services" refer to any services or products that are manufactured or distributed by Benemen, including software, web solutions, tools, and related support services.
"Web site" refers to the www.benemen.com, www.benedesk.com web site or any other web site that Benemen hosts or controls, including sub-sites and browser-based service portals.
“Data Controller” is a party or entity that determines the purposes and means of the processing of personal data. A company functions as a data controller when it decides how such information is to be used, and then uses that information accordingly.
“Data Processor” is a party or entity that processes Personal Information on behalf of a Data Controller. A company functions as a Data Processor when it acts as an agent of another company, following its instructions as to how that information should be handled and processed.
“Third Party” is an entity or person other than you, Benemen or its customers who may act as controllers to the personal data. Third party data recipients with whom personal data may be shared include service providers, accountants and auditors, and external legal counsels.
“Sensitive personal data” is personal data treated in European data protection laws as posing special risks to an individual, such as information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, or sex life.
When do we collect personal data about you?
When you are using our services, provided to you by your employer.
When you interact with us in person, by mail, by phone, by social media, or through our websites.
When we collect personal information from other legitimate sources, such as third-party data aggregators, Benemen partners, public sources or social networks. We only use this data if you have given your consent to them to share your personal data with others.
We may collect personal data if it is of legitimate interest, and if this interest is not overridden by your privacy interests. Before data is collected we make sure an assessment is made, ensuring that there is an established mutual interest between you and Benemen.
Why do we collect and use personal data?
We process our customer controlled personal data mainly to provide and enhance communication services to you, according to the controllers’ instructions.
We also process personal data that we control, to perform direct sales, direct marketing and customer service. We also collect data about suppliers, partners and persons seeking a job or working in our company.
We may use your information for the following purposes:
To personalize your experience and to allow us to deliver the type of content service and products as agreed based on contract.
To deliver our services to you, maintain and develop our services and web sites, and to provide help and support for the services
Send you marketing communications which you have requested. These may include information about our products and services, events, activities, and promotions of our associated partners’ products and services. This communication is subscription based and requires your consent.
Send you information about the products and services that you are using.
Perform direct sales activities in cases where legitimate and mutual interest is established.
Provide you content and venue details on a webinar or event you signed up for.
Reply to a ‘Contact me’ or other web forms you have completed on benemen.com (e.g. to download a whitepaper).
Follow up on incoming requests (customer support, emails, chats, or phone calls).
Provide access to our Customer Support portal.
Perform contractual obligations such as order confirmation, license details, invoice, reminders, and similar.
Notify you about any disruptions to our services (system messages).
Contact you to conduct surveys about your opinion on our products and services.
Process a job application.
To prevent fraudulent activities, remove or stop sharing of illegal or infringing material, and comply with legal or regulatory requirements.
However, we seek to give you as much control as possible. For example, we may ask you for your separate consent for some data collected or provide a possibility to opt out from non-critical data collection.
What type of personal data is collected?
We may, as a controller, or when you are using our services we provide to our corporate customers, as a processor on behalf of the controller, collect the following data:
Email address, name, phone number, login credentials, company name, company address, call history, call recordings, location, presence, chat messages, SMS messages and email messages
Calendar data, such as: Subject, Body, Status, Location, Event time, Event date
Computer and operation network related data, such as: Network name, Network quality and Computer name
We may also collect feedback, comments and questions received from you in service-related communication and activities, such as meetings, phone calls, documents, and emails. From our websites we may collect IP-address and actions taken on the site.
If you apply for a job at Benemen, we collect the data you provide during the application process.
Benemen does not collect or process any special categories of personal data, such as public unique identifiers or sensitive personal data unless specifically required by legislation (e.g. related to employment).
How do we protect your information?
To ensure the security and confidentiality of personal data that we collect, we use data networks protected, inter alia, by industry standard firewall and password protection. In the course of handling your personal data, we take measures reasonably designed to protect that information from loss, misuse, unauthorized access, disclosure, alteration or destruction. Your personal information is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user or a system enters, submits, or accesses user information to maintain the safety of your personal information.
Our legal basis for collecting personal data
Collecting personal data based on consents
We use “Consent Forms” when we collect personal data based on your consent. They will store documentation related to the consent given by you. Individual consents will always be stored and documented in our systems.
Collecting personal data based on contracts
We use personal information for fulfilling our obligations related to contracts and agreements with customers, partners and suppliers.
Collecting personal data based on legitimate interest
We may use personal data if it is of legitimate interest, and if the privacy interests of the data subjects do not override this interest. Normally, to establish the legal basis for data collection, an assessment has been made during which a mutual interest between Benemen and the individual person has been identified. This legal basis is primarily related to our sales and marketing purposes. We will always inform individuals about their privacy rights and the purpose for collecting personal data.
How long do we keep your personal data?
We store personal data for as long as we find it necessary to fulfill the purpose for which the personal data was collected, while also considering our need to answer your queries or resolve possible problems, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes. The same applies also when the data is controlled by our customer, not Benemen. The decision in such cases is made by the controller.
This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we have collected is no longer required, we will delete it in a secure manner. We may process data for statistical purposes, but in such cases, data will be anonymized.
Your rights to your personal data
You have the following rights with respect to your personal data:
- The right to request a copy of your personal data that the Controller holds about you.
The right to request that the Controller corrects your personal data if inaccurate or out of date.
- If you are a customer and using BeneDesk, you may update your user directory information yourself in BeneDesk > Directory.
- The right to request that your personal data is deleted when it is no longer necessary for the Controller to retain such data.
- The right to withdraw any consent to personal data processing at any time. For example, your consent to receive e-marketing communications:
- If you want to withdraw your consent to e-marketing, please make use of the link to manage your subscriptions included in our communication. Please note that you may still receive system messages and administrative communications from Benemen, such as order confirmations, system messages and notifications.
- The right to request that the Controller provides you with your personal data and, if possible, to pass on this information directly (in a portable format) to another data controller when the processing is based on consent or contract.
- The right to request a restriction on further data processing, in case there is a dispute in relation to the accuracy or processing of your personal data.
- The right to object to the processing of personal data, in case data processing has been based on legitimate interest and/or direct marketing.
Any query about your Privacy Rights should be sent to email@example.com or directly to the controller in question if the query relates to a situation where Benemen is processing data on behalf of a separate controller (the company who has bought Benemen’s services).
When you visit our web sites, our system automatically collects information about your visit, such as your browser type, your IP address, and the referring website.
This collection may be done in conjunction with our vendors and partners. We may receive from them general demographic or usage data of our site visitors. We do not use automatically collected information to identify you personally without collecting additional consent.
Such information is typically collected using web cookies, web or email pixels (also known as beacons), embedded hyperlinks, and similar tools. Popular browsers can generally be set to disable or delete individual cookies. See below for the types of cookies we use and their respective purposes.
Required Cookies: enable the navigation and basic functionality of the websites, e.g., access to protected areas of the websites.
Functional Cookies: allow us to analyze your website usage and your selections on the website (e.g. your login name, language, or region), so we can save these settings and offer you a more personalized experience.
Advertising Cookies: allow us to better assess the effectiveness of our content marketing and advertising efforts. These cookies are provided by our third-party partners to analyze and track site visit and signups stemming from advertising. We do not share your personal information (such as name or email) to third-party providers outside of site visit data collected directly by such Advertising Cookies, though your site visit data may be linked with other personal information collected elsewhere by such third-party providers. Such external data processing is governed by the privacy policies of these third-party providers.
See below for descriptions about the cookies used on our websites and how you can opt out from them.
- Benemen web sites (Required Cookies)
Our web sites store various cookies that are required for the navigation and usage of the web sites.
Opt-out: You can configure your browser to disable these Required Cookies. This may reduce site functionality.
Google Analytics (Functional Cookies)
Opt-out: Download the browser plugin “Google Analytics Opt-out Browser Add-on” here.
Google AdWords (Advertising Cookies)
Opt-out: Visiting Google’s Ads Settings.
Do we share your data with anyone?
We do not share, sell, rent, or trade your information with any third parties without your consent, except from what is described below:
If required by law
We will disclose your personal information if required by law or if we, as a company, reasonably believe that disclosure is necessary to protect our company’s rights and/or to comply with a judicial proceeding, court order or legal process. However, we will do what we can to ensure that your privacy rights continue to be protected.
Use of subcontractors (processors and sub-processors)
We may use subcontractors to process personal data on our behalf. We require, in our contracts with them, that they use such information solely for providing their agreed services (for example, to solve a support case). We require such subcontractors to act in a manner consistent with this privacy notice and applicable laws. Whenever possible, we anonymize the data sent.
If the subcontractor processes Personal Data outside the EU/EEA area, such processing is in accordance with requirements of the law. We do this by imposing appropriate technical and contractual safeguards on relevant subcontractors and Benemen Group companies, for example by using data transfer clauses that are approved by the European Union. We only do global or cross-border data transfers for a good reason and after assessing the resulting privacy risk
If a new subcontractor is signed or a change of sub-contractor is performed related to our BeneCloud service, the customers will be notified in line with our agreements.
Our services and websites may embed or interoperate with third-party services. Where the third-party service is a visible, separately branded part of your user experience, such third-party services' privacy policies apply in lieu of this notice.
There are circumstances not covered by this privacy notice where the use or disclosure of personal data may be justified or permitted, or where we may be obligated by applicable laws to disclose information without acquiring your consent or independent of service provisioning.
One example includes complying with a court order or a warrant issued by the authorities in the relevant jurisdiction to compel the production of information. We weigh each disclosure requirement carefully and take the possibility of such disclosure requests into account when deciding where and how we store your personal data.
Disclosing your personal data may also be justified to protect ourselves against liability or to prevent fraudulent activity, or where it is necessary to solve or contain an ongoing problem. In any such action, we will act according to the applicable laws.
Changes to this Privacy Notice
Benemen reserves the right to amend this Privacy Notice at any time. The applicable version will always be found on our websites. We encourage you to check this Privacy Notice occasionally to ensure that you are happy with any changes.
If we make changes that significantly alter our privacy practices, we will notify you by email or post a notice on our websites prior to the change taking effect.
Your right to complain to a supervisory authority
If you remain dissatisfied, then you have the right to apply directly to your national supervisory authority for a decision. The supervisory authority contact information can be found at: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm