Privacy policy

This Privacy Policy has been updated on 24 October 2023.

1 Purpose

1.1 At Aila (hereinafter "Aila" or "us" or "we" or “our”), we are committed to your privacy. We know that earning your trust is utmost important to us when you use our Services. Our users' privacy is of high priority to us at Aila and underscores our technology and business decisions.

1.2 Our service is an online platform through which companies can calculate their carbon footprint, make product and service purchases with clear environmental impact, as well as communicate and report on their climate responsibility to relevant stakeholders (“Service”). Additionally, our platform offers the unique feature of connecting companies with Third Party Service Providers who can provide specialized solutions and offers to further enhance your sustainability efforts. We go to the best possible extent to protect your data and keep it private and secure. Data we may collect within the scope of our Service are with the purpose of providing best results and personalized experience and to improve our Services.

1.3 This privacy policy applies to the collection, use, and disclosure of personal data for marketing and sales of services, customer agreements and when you use our services, and visit our website.

2 What Information Do We Collect?

2.1 We collect data to calculate the carbon footprint of your company based on the information provided by you. Additionally, we may utilize our own data to assist you in understanding how to reduce CO2 emissions, provide insights, and extend offers from our third-party service providers.

2.2 We collect personal data from you when you utilize our services:

(i) basic information, such as name, title, and your relation to a company you represent and contact details (email address, phone number);

(ii) information relating to our relationship, such as services and order details, contract information, payment details, billing information;

(iii) marketing and communication data e.g., your interests and preferences, selections, marketing permissions and prohibitions;

(iv) your interaction and related records such as correspondence, your comments, or responses to our surveys; (v) personal data generated while visiting our website through cookies or otherwise, and how you use the website;

(vi) service-related information, e.g., user IDs, authentication credentials as well as data generated in connection with service provision e.g., login information, and how services are used; and

(vii) other data, which is based on your consent and defined in detail on a case-by-case basis.

2.3 We may collect and use aggregated data for any purpose, where individual person is not identified from e.g., statistical data collected in connection with the provision of services.

3 Marketing and Analytics

3.1 We may market and inform you about our services. We may combine the personal data collected about you from publicly available sources, and from our different interactions with you. Further, your personal data may also be used for market research and customer surveys. Processing of personal data is based on our legitimate interest to collect and analyse relevant information to better understand our customers and develop relevant services.

3.2 Based on your consent we may store and access information, including personal data, on your device in order to create personalized ads profile and deliver relevant content at the website (e.g., information and ads about the Services) as well as to measure the effectiveness of the advertising. Respectively, your personal data may also be processed to develop and improve the website, or for developing our own or our partners’ services.

4 Purpose and Legal Basis for Processing of Personal Data

4.1 We process your personal data for the performance of an agreement to provide our Services to you, improve our Services, and comply with legal obligations or our processing is based on legitimate interest in providing quality services to our customers. The purposes for which we process your data are:

(i) Marketing and Sales of Services to contact you regarding your interest in our Services;

(ii) Keeping our Services running - Providing Services to you and ensuring the functioning and maintenance of Services;

(iii) Verifying your identity for the purposes of signing into the Service;

(iv) Managing the customer relationship with you, including customer communication, user account management and processing payments;

(v) Improving our Services;

(vi) Interacting with you for feedback on our Services;

(vii) Improving and personalizing Services and to develop new services and providing notifications on new features, changes, and improvements;

(viii) Managing, pursuing, analysing, and improving the customer relationship with you;

(ix) Customer Support, corresponding with users, solving issues, and providing customer support through phone or email; and

(x) Informing you of new services, features, and content we may offer.

4.2 We may process your personal data also for specific purposes if you have consented to such processing.

5 Use of Cookies

5.1 When you visit our website, cookies, and other similar technologies (“Cookies”) may be used to automatically collect information about your visit. It is possible for you to accept or refuse the use of the Cookies.

5.2 If the Cookies are collected you can always disable Cookies from the cookie banner or clear your Cookie history for all visited websites from your browser settings.

5.3 Accepting Cookies will enable you to get the best from our website. If you refuse Cookies, some aspects of the website may not work on your device, and you may not be able to access all areas thereof.

6 Data Sharing and Disclosures of Personal Data

6.1 We may share your personal data with third-party service providers who assist us in providing our Services. We may also disclose your personal data to comply with legal obligations or protect our legal interests.

7 Transfer of Personal Data Outside of the EU or EEA

7.1 The data we collect is processed by us within the European Union (EU)/European Economic Area (EEA) and in third party data processing facilities within the EU/EEA.

7.2 Some of our service providers may have access or are located outside the EU/ EEA and their processing of your personal data will involve a transfer of data outside of EU/EEA. We will take necessary steps to provide appropriate safeguards for international data transfers and to the extent necessary implement supplementary measures for protection of personal data as required by applicable laws. Personal data is transferred only to countries that have been deemed to provide an adequate level of protection of personal data, and where not we will implement the standard contractual clauses and implement necessary technical, organisational, or contractual supplementary measures to ensure that personal data has the same protection as in EU/EEA.

8 Retention of Personal Data

8.1 We will retain your personal data only for as long as necessary to provide Services to you, and for two (2) years after that, or as long as required by law (different data categories have different retention periods). After that, we will securely dispose of your personal data.

9 Your Rights

9.1 You have certain rights regarding your personal data:

9.2 Right to Access: You have the right to access your personal data that we hold.

9.3 Right to Rectify Personal Data: You have the right to request that we correct any inaccurate or incomplete personal data that we hold.

9.4 The Right to Object to the Processing: You have the right to object to the processing of your personal data for certain purposes.

9.5 The Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

9.6 The Right to Be Forgotten: You have the right to request that we erase your personal data under certain circumstances.

9.7 The Right to Restriction of the Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.

9.8 The Right to Give and Withdraw Your Consent: You have the right to give or withdraw your consent for the processing of your personal data.

10 Data Security

10.1 We use the stringent technical measures and best practices within the Aila platform to ensure the confidentiality, integrity, and availability of all data stored within our Service.

10.2 Hosting and Data Transmission Security: The Aila Platform is hosted on the Google Cloud Platform and utilizes its container-based service, Google Cloud Run. To safeguard data transmission, all interactions between administrators, business clients, and other users are encrypted end-to-end through Transport Layer Security (TLS). Google Cloud Run offers a built-in feature for TLS termination, thereby enhancing the security of data in transit.

10.3 Data Storage and Encryption: Data within the Aila Platform is stored on Google Cloud Platform, specifically using the fully managed database service Cloud SQL for PostgreSQL and the managed file storage service known as Google Cloud Storage. By default, all data stored in Google Cloud SQL for PostgreSQL is encrypted. Additionally, files stored in Google Cloud Storage are encrypted at rest. To further ensure data integrity and availability, Google Cloud SQL offers automated backup services. Application logs are securely stored in Google Cloud Logging, and is employed to monitor and collect data concerning any potential errors or system vulnerabilities.

10.4 Authentication and Authorization Protocols

10.4.1 User Dashboard Access: User authentication for access to the dashboard is facilitated through the NextAuth.js library, which offers support for multiple login providers. Initially, email-based login is utilized to mitigate the risks associated with password storage and usage. The authentication data managed by NextAuth.js is securely stored in the Cloud SQL database, along with other application-specific data. NextAuth.js is configured to handle cookies securely and offers protection against Cross-Site Request Forgery (CSRF) attacks.

10.4.2 Administrative Access: Administrative access to the Strapi Content Management System (CMS) is managed directly by Strapi, utilizing its Role-Based Access Control (RBAC) feature. The Aila Platform's frontend interacts with the Strapi CMS via an API token, which serves as an additional layer of authentication.

10.5 Although our good faith efforts to store your data in a secure operating environment that is not available to the public, please remember that unfortunately no data transmission or storage is 100% risk free. You provide your personal data at your own risk, and we cannot guarantee the absolute security of your data. In the unfortunate case of a security breach that that endangers your privacy or data we will inform you as well as the relevant authorities, as required by law. We may also temporarily shut down services to protect the personal data.

11 Changes to the Privacy Policy

11.1 We may update this privacy policy from time to time. We will notify you of any significant changes by posting a notice on our website or by sending you an email.

12 Contact Us

12.1 If you have any concerns or questions about this privacy policy or our use of your personal data, please feel free to get in touch with our Data Protection Officer: Aila.Earth Oy, business ID: 3340395-7, Hallakuja 6, 33960 Pirkkala.