4. HOW DO WE OBTAIN YOUR PERSONAL DATA?
Most of the personal data we process is provided to us directly by you when you for example use our Services, visit our website, register for an event, participate in our research initiatives, submit an application form, or otherwise communicate with us.
We also receive personal information from other sources, such as in the following situations:
If you are employed by or represent one of our customers or suppliers they may provide us with certain information so that you can use our Services
If you are an end-user of one of our customers they may provide us with certain information in order to use our Services
If you participate in our market research, we may receive information from our third-party provider related to that research
If you visit our website or use our Services, we automatically collect certain information, such as your Internet protocol (IP) address, user settings, cookie identifiers, and other unique identifiers, browser or device information, and location information (including approximate location derived from IP address). For more information about how we collect data through cookies please visit our Cookie Policy
If you apply for a job, we may receive information from providers of background check services, or collect information from LinkedIn or other publicly available sources or from data enrichment providers (where permitted by local law)
If you are named as a referee by our job applicant, we may receive certain information so that we can connect with you as part of our recruitment process.
5. WHAT PERSONAL DATA DO WE COLLECT, WHY AND ON WHICH LEGAL BASIS, HOW DO WE USE IT AND FOR HOW LONG DO WE KEEP IT?
5.1 When we provide services to our customers
In this section, you will find information on the processing of personal data when we provide Services to our customers.
It provides details on how we are processing your data if you:
As an individual are our customer
Are working for or on behalf of our customer, in which case you are either:
An “account user” (an individual authorised by the customer to log into their account and utilise Rukuse Services)
A “business contact” (a customer’s representative or any other individual acting as a contact point between the customer and Rukuse )
Are our customer’s “end-user” (an individual that receives communications from or sends it to our customer).
5.1.1.To enter into an agreement, create the customer’s account, and provide the necessary support to enable the customer to use our Services.
5.1.2. To enable customers to exchange their communications through our Services, ensure the security of our network and Services, and handle billing and payments
What personal data do we collect?
Rukuse collects “communications-related data” that includes:
“Communications content”: message text, voice, video or audio media, documents, or images exchanged between the customer and their end-users via Rukuse Services
“Traffic data”: data that is processed for the transmission of a communication exchanged by using our Services or for billing related to that communication. It includes information on the communication itself (e.g. routing, type, duration and time of communication) and on the source and destination of the communication (including the customer’s end-users’ phone number or e-mail address depending on the Services provided).
We also collect “usage data”, which is information created during your use of our Services. This includes information communicated by the application to Rukuse (e.g. IP addresses, information on your usage, routing information), as well as logs of your activities on our platform.
How do we collect it?
Communications content is received from our customers or their end-users.
Customers’ end-users’ phone numbers or email addresses are received from our customers. Other traffic data is automatically generated or unveiled during the process of transmission of a communication.
Usage data is received directly from you or generated automatically when you use our Services
Why do we collect it, under which legal basis, and how do we use it?
Communications content is collected and processed solely on behalf of a given customer.
We act as a processor and in line with the customer’s instructions.
Traffic data is generally kept in the form of communication detail records, and we collect it and use it to:
Manage traffic with the purpose of transmitting customer’s communications toward or from telecom operators and other communications providers and handling customer’s enquiries.
If you, as our customer, are an individual, the processing of your personal data is necessary for the performance of our agreement for Services. If our customer is a legal person, we rely on our legitimate interest to provide Services to our customers.
Troubleshoot and detect problems with the network, prevent fraud and other illicit activities, and keep our Services secure. When conducting these activities, we might also leverage account and usage data. The latter is especially relevant for investigating fraudulent activities as it allows us to construct the timeframe of account user’s activities in the case of security-related incidents and be able to take adequate steps for mitigation.
The security of our Services is crucial for us, so for these activities we rely on our legitimate interest to maintain and improve the security of our network and Services.
Calculate charges and settle interconnection payments with telecom operators and other communications providers or resolve a billing dispute with our customer or our communications provider. In some cases we might also utilize account data as part of this activity.
The carrying out of these activities is our legitimate interest in the sense of handling payments and resolving financial disputes.
Please note that in order to comply with our legal obligations, we may be obliged to retain records containing communications-related data as stipulated in the relevant national data retention provisions regulating law enforcement matters, and to share them upon government request.
How long do we keep it?
Communications content is retained on behalf of the customer and according to the customer’s instructions.
Traffic data containing end-users’ personal data (such as phone number or email address) is deleted from communication detail records twelve (12) months after the end of the month in which the communication took place.
Other traffic data (such as time, type, duration of communication, routing details) which do not contain end-users’ personal information is retained in communication detail records for up to ten (10) years following the year of communication.
Usage data may be retained for up to three (3) years.
Communications-related and usage data will be generally kept as per the stated deadlines. However, we might be required to retain this data for a different time period in certain circumstances if prescribed by specific local laws, when requested by authorities, or if needed to defend our legal rights.
5.1.3. To improve our products and services
What personal data do we collect?
Rukuse collects “behaviour analytics data”, which is data you generate as our customer’s account user during your activity on our website and our platform (e.g. your behaviour records inside our web interface, such as time spent, pages visited, history of your visits and features used as well as your IP address and information about your browser).
How do we collect it?
Behaviour analytics data is received directly from you or generated automatically when you use our Services by placing cookies and trusted tracking technologies on your browser. For more information on how we collect your data through cookies on our website, please visit our Cookie Policy.
Why do we collect it, under which legal basis, and how do we use it?
We collect and use behaviour analytics data to:
Gain insight into the way our current customers are using our platform and Services. Specifically, we take partially automated measurements that include human intervention in order to analyse the way you use the features and tools available on our platform to give you recommendations to improve your performance (e.g. how to better access some feature) and to better satisfy the business needs of our customers
Create statistics on the use of our tools to understand which tools have a user-friendly design and which should be enhanced.
The general goal of such activities is to enhance your and your organisation’s messaging execution when communicating with your end-users, and we rely on our legitimate interest when conducting them.
How long do we keep it?
Behaviour analytics data is retained for up to twenty-five (25) months after it was generated.
5.2 When you provide your products and services to us
What personal data do we collect?
If you as our supplier (also known as vendor or service provider) are an individual, we may collect:
Your name and surname, (business) address, phone number, email address, company’s name and industry, business role, as well as your billing information (e.g. billing address, your VAT number, bank account details, and further information if we are legally required to and in accordance with applicable national legislation).
When doing business with our suppliers, we may also collect:
Personal data related to “business contacts” (supplier’s representatives and other individuals acting as a contact point between the supplier and Rukuse) such as name and surname, (business) address, phone number, email, company name and industry, and business role.
How do we collect it?
Directly from you, if you as an individual are our supplier.
Directly from you or via your organisation, if your organisation is our supplier.
Why do we collect it, under which legal basis, and how do we use it?
We collect and will use this data to:
Sign and administer an agreement with you or your organisation
Get relevant information about your product or services or share relevant information about our business and services with you
Maintain and improve our business relationship with you or your organisation as well as exercise our rights and fulfill our obligations arising from the business relationship.
Conducting these activities is our legitimate interest in the sense of purchasing products or services from or collaborating with a supplier that is a legal person. However, if you personally are our contractual counterpart, we process your personal data because it is necessary for the performance of an agreement or for entering into an agreement.
How long do we keep it?
Personal data about business contacts will be deleted twelve (12) months after the end of our business relationship with the supplier.
Personal data of individuals who are our suppliers will be deleted seven (7) years after the end of our business relationship.
If prescribed by specific local laws, when requested by authorities, or if needed to defend our legal rights, we might be required to retain this data for a different time period than listed above.
5.3 When you contact us with a question about our products and services and when we are looking at new business opportunities.
What personal data do we collect?
We may collect your name and surname, contact details (e.g. email address, phone number, country), and business details (e.g. company’s name and industry and your business role). We will also collect any other information you choose to provide to us, depending on the nature of our communication.
How do we collect it?
Directly from you when you register on our website to learn more about our business and services (e.g. through “Contact Sales” form), start chatting with us via our chat channel, take steps to enter into a business relationship with us, submit Startup Tribe application form and when you provide to us your contact details when requesting further information.
Indirectly through business and professional networks and databases (such as LinkedIn) or third parties we might employ that supply us with information collected from publicly available sources and data enrichment providers. We only retain the information that will help us reach potential customers or suppliers that could benefit from our services and products, or if we are interested in their products and services.
Why do we collect it, under which legal basis, and how do we use it?
We collect and use this data to:
Communicate with you, answer your questions, and find out if you or your organisation are interested in further cooperation with us, either by using our products and services or by providing your products or services to us
Ensure adequate support within the presales and purchasing process if there is a mutual interest in entering into an agreement.
Such activities represent our legitimate interest to conduct our business. If you personally are our contractual counterpart, we process your data because it is necessary for the performance of a contract or for entering into a contract.
How long do we keep it?
Personal data collected for this purpose will be deleted six (6) months after our last communication unless we enter into a business agreement with you or your organisation.
5.4 When we send you our email and other marketing communication
What personal data do we collect?
We collect your name and surname, and contact details (e.g. email address or phone number). We also gather simple statistics around email openings and clicks.
How do we collect it?
Directly from you if you subscribe to receive our newsletters, blogs or our other marketing communications through the webforms available on our website
Directly from you or via your organisation as part of business-to-business (B2B) marketing if we have an existing business relationship with your organisation
Simple statistics around email openings and clicks are generated automatically via industry standard technologies such as clear gifs when you engage with our emails.
Why do we collect it, under which legal basis, and how do we use it?
Our purpose for collecting this data is to:
Inform you about our Services, company news, webinars and upcoming events
Gather statistics (email opening and clicks) to help us improve our direct marketing initiatives.
If you subscribe to our email marketing communications, we rely on your consent provided to us when submitting such webforms. For B2B (business-to-business) marketing, we rely on our legitimate interest to maintain and improve our business relationships by informing our existing business partners (e.g. customers and suppliers) about our Services, company news, webinars, and upcoming events via email or other forms of communications.
In any case, you may proactively manage your preferences or opt-out of communications (unsubscribe) with Rukuse at any time using the unsubscribe link provided in all Rukuse’s marketing communications. When you unsubscribe from our marketing communications (i.e. withdraw your consent or object to the processing), we will stop sending you any marketing materials. However, we maintain a so-called “suppression list” that contains only your email address or phone number just to be sure that we do not contact you with unwanted content in the future. We retain this information relying on our legitimate interest to respect the choices of our newsletter recipients.
How long do we keep it?
Your personal data (name and surname, contact details) are kept for our marketing activities during your or your organisation’s business relationship with us unless you object (B2B).
If you have subscribed directly, then your personal data will be kept for our marketing activities until you unsubscribe.
If you unsubscribe or object, we will only keep a suppression list that includes your contact details (e.g. email address or phone number) to ensure you do not receive any further marketing communication.
5.5 When you visit our website
What personal data do we collect?
When visiting our website, by placing cookies, we may collect your IP address, your browser type and associated information, the pages you have visited and the order you visited them, as well as whether you are a new or returning visitor.
How do we collect it?
Directly from you when you browse our website by placing cookies on your browser. The cookies are either placed automatically (necessary cookies) or only once you have consented to them (functional, analytical, and advertising cookies). Please review our Cookie Policy for more information.
Why do we collect it, under which legal basis, and how do we use it?
We collect and use this data to:
Maintain and improve our website and overall business.
When doing so, we rely either on our legitimate interest to ensure the functioning of the website (for necessary cookies) or on your consent (for functional, analytical, and advertising cookies). Please review our Cookie Policy for more information on how you can manage (including to withdraw) your cookie consent.
How long do we keep it?
This depends on the specific types of cookies that were either placed automatically (necessary cookies) or that you have consented to be placed (other categories). Please review our Cookie Policy for more details on the retention periods for specific types of cookies.
We may engage suppliers (also known as vendors or service providers) to help us in the processing of your personal data for the activities that we conduct as a controller and that we describe in this Privacy Notice. We may also share your personal data with our subsidiaries and affiliates as part of our daily operations. Any such sharing within our group is regulated by intercompany agreements on personal data processing and transfer.
6. HOW AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
7. HOW DO WE SECURE YOUR PERSONAL DATA?
At Rukuse, we believe that security and privacy go hand in hand. In order to protect personal data collected and processed by us, we have therefore invested in the development, implementation, and constant improvement of a wide range of technical and organisational security measures.
We take care to train all our staff in the field of privacy and security, starting from their first day in Rukuse through the onboarding process and continuously throughout their stay at Rukuse.
Before we engage a supplier, we check their security practices and alignment with the applicable privacy law. Once engaged, we continue to assess them on a regular basis.
8. WHAT ARE YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA?
Depending on the applicable privacy law, you may have certain rights with respect to your personal data.
Where granted by the applicable privacy law, you have the right to:
Withdraw your consent to our processing of your personal data (to the extent such processing is based on your consent and consent is the only permissible basis for processing), without affecting the lawfulness of processing based on consent before its withdrawal
Request from us to access your personal data, which means requesting a copy of the personal data we hold about you
Ask us to rectify (correct) your personal data that you think is inaccurate and to complete your personal data that you think is incomplete
Ask us to erase your personal data in certain circumstances
Ask us to restrict the processing of your personal data in certain circumstances
If we process your personal data by automated means based on your consent or upon a contractual relation with you, you can exercise the right of data portability
If we process your personal data upon our legitimate interest, you have the right to object to the processing
If you want to object to the processing of your data for marketing purposes, you can do it at any time by using the unsubscribe link provided in our marketing communications
You may also have specific rights in exceptional cases when we may carry out automated decision-making operations, including profiling.
If you have any questions on how we use your personal data or if you wish to exercise a certain right or resolve a complaint regarding the processing of your personal data, you can contact us by sending an email to the following email address: helpdesk@rukusetechnology.com
9. DO WE CONDUCT AUTOMATED DECISION-MAKING THAT SIGNIFICANTLY AFFECTS YOU?
We take partially automated measurements that include human intervention in order to analyse the way users of our platform use the features and tools available (e.g. by tracking usage behavior inside our web interface) in order to give you recommendations to improve your performance (e.g. how to better access certain features).
10. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your personal data that has been collected based on your consent will be kept for a period specified in the consent. If you wish to withdraw your consent for the processing of your personal data for any purpose and to delete your data, you can do that at any time by sending an email to helpdesk@rukuseechnology.com . Regarding your personal data that is not subject to your consent, we will only keep it for as long as necessary to fulfill the purposes for which it was collected before making it non-identifiable (anonymous) or deleting it, as required by law.
Specific retention periods are listed under the respective activities in section 5 of this Privacy Notice. The retention periods listed are the standard default periods. In some cases, exceptions apply due to local laws related to law enforcement, tax, or other purposes. Additionally, if legal matters such as litigation, law enforcement requests, or government investigations require us to preserve records, including those containing personal information, for longer periods than listed in section 5, then we will delete the records in question when we are no longer legally obligated to retain them.
11. INFORMATION FROM CHILDREN
Children under 16 cannot use our products and services as our customers. If we learn or are notified that it is the case, we will immediately take reasonable steps to delete that information from our records as quickly as possible. If you think a child under 16 is using our products or services as a customer, please contact us at helpdesk@rukusetechnology.com
12. HOW OFTEN DO WE UPDATE THIS PRIVACY POLICY?
The most current version of this Privacy Notice will govern our practices for collecting, processing, and disclosing personal data. We will provide notice of any modifications on this page. You can always check the date of the last update at the beginning of this Privacy Notice.
