Last updated: 16th of September 2020
Your privacy is important to us. This privacy notice explains the personal data M-Files processes, how M-Files processes it, and for what purposes.
References to M-Files products in this notice include M-Files services, websites, apps, software, and servers.
M-Files Oy (primary responsible party)
Hermia 12, Hermiankatu 1 B
33720 Tampere, Finland
and our group companies
(hereafter ”we” or “M-Files”)
[email protected] or
Hermiankatu 1 B,
33720 Tampere, Finland
Customer, Marketing and Partner register
The purposes of processing personal data are:
We use profiling to identify personal profiles, behavior and customer habits. We use this information e.g. to target marketing and to develop our services.
The basis of processing personal data is (i) our legitimate interest (e.g. marketing and customer relationship management); (ii) to perform a contract; (iii) to fulfil our legal obligation and/or (iv) consent.
We process the following personal data in connection with the customer register:
Like many websites, we use “cookie” technology to collect additional website usage data and to improve the websites and our services. We also utilize the data for marketing purposes. A cookie is a small data file that we transfer to your device’s hard disk. M-Files may use both session cookies and persistent cookies to better understand how you interact with the website, to monitor aggregate usage by our users and web traffic on the site, and to improve the site and related services. A session cookie enables certain features of the site and is deleted from your device when you disconnect from or leave the site. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser help file directions. Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
Google Analytics and Other Third Party Analytics Providers
We use Google Analytics for web usage tracking. Google Analytics collects and stores data on your use of the services, including but not limited to; time of visit, site pages visited or opened and for how long are they used, the Internet Protocol (IP) address and information on the device used to access the site.
We also use the following Google Analytics Advertising Features:
For reasons of transparency, we would like to inform you that we use Google Tag Manager on our websites. Google Tag Manager does not itself collect any personal data, but it makes it easier for us to incorporate and manage our tags. Tags are small elements of code that serve to measure traffic and user behavior, record the effects of online advertising and social channels, establish remarketing and focus on target groups, and test and optimize websites, among other things. If you have deactivated Google Analytics, this will be taken into account by Google Tag Manager.
Social media channels and targeted advertisement
Using these cookies allows us to make the content of the website as individually customized as possible, and thereby show e.g. targeted advertisement and content based on the user’s prior behavior. M-Files uses advertisement cookies managed by third parties in order to present its products both on its own website and on the sites of third parties. You can disable some of the third party advertisement cookies from their site settings.
The M-Files website may include links and connections to third party websites, products and services as well as so-called community plug-ins of third parties (such as Facebook, Instagram, LinkedIn, YouTube, Twitter and TrustRadius). Third party plug-ins integrated into the M-Files website are loaded from third party servers and thus the third party may install their own cookies on the user’s device. The third party services and applications offered on the M-Files website are subject to the privacy policies or notices of such third parties. We recommend that you familiarize yourself with those third party privacy policies or notices.
We use different technologies to gather usage and performance data from your M-Files products and services. We use technologies for storing and honoring your preferences and settings, enabling you to sign in, analyzing how our products perform, and fulfilling other legitimate purposes.
If your organization provides you with access to M-Files products, your use of the M-Files products is subject to your organization’s policies, if any. You should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s administrator. When you use features in M-Files products, other users in your network may see some of your activity. To learn more about the features and other functionality, please review documentation or help content specific to the M-Files product. M-Files is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.
Personal data is processed for the following purposes and using the following services:
M-Files for Google G Suite
M-Files for Google G Suite is an add-on that is separately sold and installed to customers. It integrates M-Files service and Google G Suite seamlessly together and allows users to save copies of e-mail and attachments from Gmail and files from Google Drive to M-Files for long-term preservation. The add-on is configured and used by the M-Files’ customers. Only the person(s) defined by the customer/user have access to the e-mails and documents that users save to M-Files.
This integration requires read and write access to Gmail and read rights to Google Drive. When a user saves an e-mail to M-Files service, the add-on uses write access to add a label to the e-mail in Gmail. Otherwise, the add-on uses only read access to save e-mails and documents from Gmail and Google Drive to M-Files service.
Regarding all the data content in the Google G Suite and M-Files service, M-Files’ customer is data controller and M-Files is data processor. Information about personal data processing are shown in the privacy policies or notices of each M-Files’ customer. If the M-Files’ customer decides to integrate Google G Suite to M-Files service, M-Files needs to process Customer’s contact persons’ (e.g. main user) contact information (such as e-mail address and name) as a data controller. This personal data is processed only for the purpose to operate M-Files to Google G Suite service.
We receive information primarily from the following sources: yourself, population register, authorities, credit information companies, channel partners, contact information service providers and other similar reliable sources.
For the purposes described in this Privacy Notice, personal data may also be collected and updated from publicly available sources and based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.
We don’t disclose data from the register to external parties except we may disclose it to our subsidiaries and affiliates, or a subsequent owner, co-owner or operator of the Services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization. M-Files may sell, transfer or otherwise share some or all of its assets, including your personal data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.
We use subcontractors that process personal data on our behalf. We share your personal data as necessary to complete any transaction or provide any service you have requested. We share data within M-Files group to our subsidiaries and affiliates; with trusted third parties to process personal data and provide services on behalf of M-Files, including hosting and maintenance, customer relationship, customer support, database storage and management, and sales and marketing of M-Files products and services.
We transfer personal data outside the EU/EEA. When personal data is processed outside the EU/EEA, we make sure that the subcontractor has committed to use the EU Commission’s standard contractual clauses and/or is covered by the Privacy Shield -system or provide other appropriate safeguards as described in Article 46 of the GDPR.
Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the system containing personal data. Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and their backup copies are in locked premises and can be accessed only by certain pre-designated persons.
The personal data we collect are retained for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required by law, or we need it to protect our legal rights. Thereafter, the personal data will be deleted within a reasonable timeframe or rendered anonymous.
We estimate the need for data storage regularly, taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the inaccurate, outdated, unnecessary and unlawful data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.
You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.
On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
Our services are not directed to children and we do not intend to collect personal data from children. We ask you not to use the services and not to provide any information about yourself to us if you are below the age, defined in your jurisdiction, requiring parental consent or authorization for processing of personal data.
All contacts and requests concerning this Privacy Notice should be submitted in writing to the address mentioned in section two (2) “Contact information for register matters”.