Privacy Policy

This Privacy Policy describes how Apila Manage Oy ("Company," "we," "us," or "our"), collects, uses, processes, and discloses your information in connection with your use of our services. We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy is designed to comply with the General Data Protection Regulation (GDPR) for users in the European Union (EU).

1. Introduction and Scope

Apila Manage Oy specializes in IT Device Lifecycle services, both providing service and software. We provide our services with multiple Cloud Platforms like Amazon AWS, Microsoft Azure, and Google GCP.

This Privacy Policy applies to all information collected through our application, website, and any related services, sales, marketing, or events. By using our services, you agree to the collection and use of information in accordance with this policy.

For EU Users: The GDPR applies to websites, applications, and businesses operating in or serving the EU. We are committed to upholding the data protection principles and rights enshrined in the GDPR for all our EU users.

2. Our Legal Name and Contact Information

For any questions or concerns regarding this Privacy Policy or your data, please contact us at the details provided above.

3. Data Collection and Use

We collect personal information that you voluntarily provide to us when you register for Apila Manage Oy's services, express an interest in obtaining information about us or our products and services, when you participate in activities on the service, or otherwise when you contact us. The personal information that we collect depends on the context of your interactions with us and the service, the choices you make, and the products and features you use.

3.1. Categories of Personal Data Collected

We may collect the following categories of personal data:

• Identification Data: First name, last name, email address, phone number, company name, job title, and other similar contact data.
• Account Data: Usernames, passwords, and other security information for authentication and access. Authentication is always done using the best security practices.
• Billing and Payment Data: Information necessary to process payments, such as billing address and payment method details. (Note: We do not store full payment card details; these are processed by secure third-party payment processors).
• Service Usage Data: Information about how you use Apila Asset, including features used, time spent, IT assets managed, configurations, and other operational data.
• Technical Data: IP address, browser type and version, operating system, device information, and other technical identifiers collected automatically when you access our services.
• Communication Data: Content of communications with us, such as customer support inquiries, feedback, and survey responses.
• Marketing Data: Your preferences in receiving marketing from us and our third parties, and your communication preferences.

3.2. Purposes of Data Processing

We process your personal data for the following purposes:

• To Provide and Maintain Our Service: To operate and deliver the Apila Asset application, including managing your account, providing customer support, and fulfilling our contractual obligations.
• To Improve and Develop Our Service: To understand how our service is used, identify areas for improvement, develop new features, and enhance user experience.
• For Billing and Financial Management: To process payments, issue invoices, and manage our financial records.
• For Communication: To send you service-related notifications, updates, security alerts, and administrative messages. To respond to your inquiries and provide support.
• For Marketing and Promotion: To send you marketing and promotional communications about our products and services that may be of interest to you, where you have consented or where we have a legitimate interest to do so. You can opt-out of marketing communications at any time.
• For Security and Fraud Prevention: To protect the security and integrity of our services, detect and prevent fraudulent activities, and ensure compliance with legal obligations.
• For Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.

3.3. Legal Basis for Processing (GDPR)

For users in the EU, we rely on the following legal bases for processing your personal data:

• Performance of a Contract: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (e.g., providing the Apila Asset service).
• Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (e.g., improving our services, marketing, fraud prevention).
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax and accounting obligations).
• Consent: Where you have given consent for the processing of your personal data for one or more specific purposes (e.g., for certain marketing activities or non-essential cookies). You have the right to withdraw your consent at any time.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to access or store information.

Cookies are small text files that are stored on the user's device when they visit a website. We utilize the following types of cookies in our web services:

• Essential cookies: These cookies are necessary for the website to function properly.
• Functional cookies: These cookies enable certain site functionalities and remember personal preferences.
• Analytics cookies: These cookies collect information about how users interact with the site so that we can improve its performance.
• Marketing cookies: These cookies track the user's activity across different websites and enable targeted advertising.

We use cookies to enhance the user's browsing experience, analyze website traffic, and tailor content.

Users are asked to consent to the use of cookies via a cookie banner that appears on their first visit to the site. Users can manage cookie settings through their browser. Blocking cookies may affect the site's functionality.

5. Data Sharing and Disclosure

We may share your personal information with third parties in the following situations:

• Service Providers: We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include payment processing, data analysis, email delivery, hosting services, customer service, and marketing efforts.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
• Legal Obligations and Rights: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
• Vital Interests and Legal Rights: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
• With Your Consent: We may disclose your personal information for any other purpose with your consent.

6. Your Data Protection Rights

We respect your data protection rights and provide you with mechanisms to exercise them. Depending on your location, you may have the following rights:

6.1. GDPR Data Subject Rights (for EU Users)

As a data subject in the EU, you have the following rights:

• The Right to be Informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal data and your rights.
• The Right of Access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information regarding its processing.
• The Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• The Right to Erasure (Right to be Forgotten): You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
• The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances (e.g., if you contest the accuracy of the data).
• The Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us.
• The Right to Object: You have the right to object to the processing of your personal data in certain situations, particularly where the processing is based on legitimate interests or for direct marketing purposes.
• Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

6.2. How to Exercise Your Rights

To exercise any of these rights, please submit a verifiable consumer request to us by:

• Email: [email protected]
• Postal Mail: Apila Manage Oy, Data Protection Matters, Sepontie 1 U, 02130 Espoo, Finland

We may need to verify your identity before responding to your request. We will respond to your request within the timeframes required by applicable law.

7. Data Security

We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our services is at your own risk. You should only access the services within a secure environment.

8. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. We will not keep personal data for more than 24 months after the contract has ended with us.

9. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside Finland and choose to provide information to us, please note that we transfer the data, including personal data, to Finland and process it there.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information. For transfers of personal data outside the EU/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized mechanisms.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Last updated: July 25, 2025