Privacy Notice (Marketplace)

Last updated June 1, 2023.

Fonoa Technologies Limited (“Fonoa”, “we”) is committed to protecting your personal data in accordance with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

This privacy notice outlines how Fonoa handles the personal data of the representatives and personnel (employees, contractors or other) of customers subscribing to our services via the Marketplace (“you”).

When providing its services, Fonoa may also process personal data on behalf of customers. In such cases, Fonoa acts as a data processor and processes personal data only based on documented instructions from its customers. These processing activities are not governed by this privacy notice. Our obligations towards our customers when processing personal data on their behalf are set out in the relevant agreement. In accordance with applicable privacy and data protection laws, customers are responsible for obtaining all necessary consents from individuals whose personal data may be processed. These may include customers’ contacts, partners, distributors, or end users. Additionally, we have implemented appropriate technical and organisational measures ensuring the security of personal data. These measures include restricting access to authorised personnel only and encrypting personal data.

Data Controller

The data controller for the processing of your personal data is: Fonoa Technologies Limited, with its registered address at 6th Floor, South Bank House, Barrow Street, Dublin 4, Ireland, D04 TR29.

What data do we collect?

To the extent permitted by applicable law, the types of personal information collected from you may include, without limitation:

  • information used to communicate with you, such as name, title, company name, email address, telephone number, postal address and other contact details;
  • information that Fonoa maintains in association with your user account (if any) such as your username and password;
  • other information you may provide to us or obtained from you in using our services.

The personal data may also include any other personal data reasonably necessary to achieve the purposes set out in this privacy notice.

Why do we collect and process your data?

We collect and process your personal data for the following purposes:

  • Ensuring the proper and efficient performance of the contract: We process your personal data to enable our customers’ personnel to access the Fonoa services (e.g., through a dashboard or other tools we may make available), resolve any requests for customer support and generally to provide the Fonoa services to customers, including customer relationship management;
  • Entering into and keeping records of a contractual relationship: We process your personal data to execute contracts and maintain records of the contractual relationship between Fonoa and our customer;
  • Maintaining, evaluating, developing, and improving our services: We process your personal data to maintain, evaluate, develop and improve our services and offerings, including through data analytics and research;

Business communication: We also process your personal data for general business communication purposes such as responding to your inquiries and providing you with updates about our services.

What is the legal basis for processing your data?

Our legal bases for collecting and processing your personal data is:

  • Contractual obligation: We require personal data of our customers’ representatives and personnel to fulfil our contractual obligations, including to provide access to our services and to maintain records of the contractual relationship;
  • Legitimate interest: We have a legitimate interest in processing the personal data for maintaining and improving our services, and for business communication purposes.

In limited circumstances, we may also rely on the following legal bases:

  • Legal obligations: Where required, we may also process your data to comply with applicable law or requests of authorities.
  • Consent: Consent is not normally required to process personal data as set out in this privacy notice. However, should we wish to engage in additional processing activities, we may ask for your consent where needed under applicable law.

Who has access to your personal data?

We may share your personal data with the following categories of recipients:

  • IT service providers: We may engage third-party IT service providers who perform services on our behalf, such as cloud storage providers, email server providers, and providers of other IT tools. These providers may process your personal data strictly on our behalf to provide the necessary services and support;
  • Business communication service providers: We may use business communication tools, such as email and video conferencing tools, to communicate with you or provide you with updates about our services. The providers of these tools may process your personal data on our behalf for the purposes of providing the necessary services and support;
  • Analytics service providers: We may use analytics tools to evaluate and improve our services and offerings. These providers may process your personal data on our behalf for the purposes of providing the necessary services and support;
  • Compelled disclosure: In situations where legally required, in legal proceedings, or to protect our rights, we may disclose personal data to the law enforcement authorities and/or investigative organisations.

We will only share your personal data with these third parties to the extent necessary. We take reasonable steps to ensure that the third parties comply with applicable data protection laws and protect your personal data in a manner consistent with this privacy notice.

We may also share information with third parties in an aggregate form and/or other form that does not allow the recipient to identify you.

International data transfers

The transmission of personal data mentioned in this privacy notice may involve the transfer of data overseas. This transfer may be made to countries whose data protection laws are less comprehensive compared to the European Union. In these circumstances, we will safeguard your personal data as follows.

When the GDPR requires us, we will put in place appropriate measures to ensure that such transfers comply with relevant data standards. When transferring personal data to third-party service providers, we establish and implement the necessary contractual, organisational and technical measures with them, most commonly by relying on Standard Contractual Clauses authorised by the European Commission.

Security

We take the security of personal data seriously and have implemented procedures to prevent unauthorised access and misuse.

To protect and safeguard information, including personal data, we use appropriate business systems and procedures in addition to security protocols. We have put in place restrictions to regulate access and use of personal data. Only authorised personnel are granted access to personal data as part of their job responsibilities.

Our security measures include encryption of personal data, ongoing monitoring of our systems for vulnerabilities, and limiting access on a need-to-know basis. In addition, we provide regular training to our employees on data protection and information security practices to ensure the utmost security of your personal data.

Please note that despite our rigorous security measures, no system can guarantee complete security of personal data. However, we have implemented robust procedures for identifying, reporting, and managing any data breaches or incidents of unauthorised access to personal data. If you become aware of any such issue, please contact us immediately using the contact details provided below.

How long do we keep your data?

We will only keep your personal data for as long as necessary to fulfil the purposes for which information was collected; in principle, this will be for the duration of the relevant contractual relationship. However, retention periods may be adjusted on a case-by-case basis, taking into account the specific circumstances of the processing. When determining how long we retain personal data, we consider factors such as the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process it, and whether we can achieve those purposes by other means.

We may keep your personal data for a longer period where required by law.

When we no longer need your personal data, we will securely delete or destroy it in accordance with applicable laws and regulations.

Please note that we may retain certain aggregated or anonymized data for analytics purposes even after personal data has been deleted. Such data sets do not identify you personally and cannot be linked back to you.

Your Data Subject Rights

As a data subject under GDPR, you have the following rights with respect to our processing of your personal data:

  • Right of Access: you have the right to request access to your personal data that we hold and obtain a copy of it;
  • Right to Rectification: you have the right to request that we rectify inaccurate personal data about you, and you can also ask us to complete incomplete personal data;
  • Right to Erasure (Right to be Forgotten): you have the right to request the deletion of your personal data in certain circumstances;
  • Right to Restriction of Processing: you have the right to request that we limit the processing of your personal data;
  • Right to Data Portability: you have the right to request a copy of your personal data in a structured, commonly used, machine-readable format, and also the right to request that we transmit your personal data directly to another data controller if technically feasible;
  • Right to Object: you have the right to object to certain types of processing of your personal data, including processing based on our legitimate interests. You can exercise this right by contacting us at the address provided below;

Right not to be subject to automated decision-making: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How can you exercise your rights?

You can contact us at any time to exercise your rights or for any questions or concerns about how we handle your personal data.

Please contact us at: gpdr@fonoa.com.

We will respond to your request within one month. If we cannot respond within that time, we will let you know and may require more time to respond.

Complaints

If you believe that we have not handled your personal data in accordance with this privacy notice or applicable data protection laws.

Changes to this privacy notice

Fonoa reserves the right to modify, amend, or correct this privacy notice at any time. The updated version of the privacy notice will be published on the Marketplace, and the "last updated" date at the top will be modified accordingly. We recommend that you periodically review this privacy notice for any updates or changes.