Privacy Policy
Last updated February 24, 2025
We appreciate your visit to our websites and your interest in our company and services. Protecting your privacy when processing personal data as part of our business activities is a priority for us, and we place great importance on this commitment.
We treat the personal data collected during your visit to our website, or otherwise
obtained, always in compliance with legal requirements. We adhere to Regulation (EU) 2016/679, commonly known as the General Data Protection Regulation (GDPR).
1. Data Controller
We are the entity responsible for processing your personal data, referred to as the Data Controller, unless stated otherwise in this Privacy Policy.
Homie Labs Oy
Business ID: 3489764-5
Radiokatu 10 C 6
FI-00240 Helsinki
Finland
We have appointed a Data Protection Officer (DPO), who independently oversees our compliance with data protection laws, ensures that our data processing practices align with legal requirements, and addresses concerns related to the handling of personal data. The DPO serves as a point of contact for the supervisory authority and provides guidance within the Data Controller organization on data protection matters.
We act as the sole data controller for your personal data in connection with our
business operations. However, when our customers utilise the Homie platform, they act as independent data controllers. In such cases, Homie serves as a data processor, managing personal data on behalf of our customers.
If your enquiry relates to data processing by one of our customers, we recommend that you contact the respective customer organisation directly for further information.
2. Data Collection and Purpose
Personal data means any information that relates to an identified or identifiable natural person. This includes names, addresses, phone numbers, email addresses, contractual data, social media identifiers, and other data that can help identify a natural person.
We collect, process, and use personal data only when there is a legal basis for doing so or when you have provided us your explicit and informed consent.
As part of our business activity we process the following categories of data:
Social media data (e.g. your connections and social media identifiers)
Communication data (e.g. name, phone number, email and IP address)
Business connections data (e.g. your board and executive office positions)
Customer network data (e.g. connections to other businesses)
Homie, along with service providers engaged by us, process your personal data for the following purposes:
Online Services: Fulfilment of our contract for the services you have ordered,
along with our legitimate interest in conducting direct marketing.
Customer Support and Contact Forms: Our legitimate interest in replying to your requests regarding our products and services, as well as engaging in direct
marketing and improving our products and services, provided it complies withdata protection regulations, contractual obligations, or consent.
Platform Security and Error Identification: Compliance with our legal obligations
in data security and our legitimate interest in resolving errors and ensuring the
data security.
Advertising and Market Analysis: Your consent or our legitimate interest in
conducting direct marketing.
Defending and Protecting Legal Rights: Our legitimate interest in safeguarding
our legal rights, for example, in connection with legal disputes
3. Children
We do not offer any of its services to minors under 18 years of age. If we become aware of the processing of personal data concerning minors, we will promptly remove such information. If you notice any information about minors, we kindly ask you to inform us.
4. Data Sharing
We share your personal data with other data controllers when it is necessary for the fulfilment of a contract, when we or a third party have a legitimate interest in the data transfer, or when you have provided your consent for the transfer to another controller.
For more details about the legal basis, please refer to the section above. Additionally, data may be shared when required by law, a regulatory authority, or a court order.
We want to be transparent, and we want to emphasise that Homie never sells or shares your personal data for marketing purposes without your explicit consent..
5. Service Providers
We engage service providers for tasks such as marketing, programming and data
hosting. These providers are carefully selected by us and monitored regularly,
particularly regarding their processing of personal data on behalf of us.
All service providers are contractually obligated to maintain confidentiality and comply with the legal requirements, including the GDPR. When engaging service providers outside of the EU/EEA, we ensure that relevant safeguards are in place.
6. Data Transfers Outside the EU/EEA
We may transfer personal data to third countries outside the EU/EEA. Before initiating any such transfer, we ensure that a valid legal basis is established and verify that the recipient provides an adequate level of data protection. Alternatively, we obtain your explicit consent for the transfer of data to the third country.
For transfers to the United States, we currently rely on the EU-US Data Privacy
Framework (DPF) and, where necessary, on Standard Contractual Clauses (SCCs).
Some third countries, such as the United Kingdom and Canada, have adequacy
decisions provided by the European Commission pursuant to Article 45 of the GDPR, in which case we rely on the applicable adequacy decision for the data transfers.
You may request a detailed overview of transfers to third countries and the specific
measures implemented to ensure adequate data protection by contacting us.
7. Data Retention and Storage Period
We retain personal data only for as long as necessary to fulfil the purposes for which it was initially collected, such as providing services under the contract we have with you or where we have a legitimate and balanced interest in retaining the personal data.
In some cases, we may be required to retain personal data to comply with legal
obligations, such as bookkeeping requirements under the Accounting Act (1336/1997).In all other instances, we delete your personal data through either automated or manual means.
When feasible, we use automated methods to erase personal information. For example, if you withdraw your consent for third-party service integration, any personal data connected to the integration will be automatically removed from our systems.
8. Cookies
As part of our online services, we use cookies and tracking mechanisms. Cookies are small text files stored on your device when you visit our website or use the platform. In addition to cookies, technologies such as tracking pixels may also be employed.
Cookies serve various purposes, including ensuring the functionality of our online
services, resolving technical issues, providing marketing, enhancing your user
experience, and offering personalised services.
We use the following types of cookies on our website and the Homie platform:
Strictly Necessary Cookies: These cookies are essential for ensuring the
functionality and secure use of the website and platform.
Statistical Cookies: These cookies help us measure key metrics, such as page
views and audience data, to improve our services.
Marketing Cookies: These cookies allow us to tailor communications and
advertisements to better match your preferences.
Conversion Tracking: These cookies, provided by our conversion tracking
partners, generate statistics, demographic data, and records of website visitors
who clicked on ads and were redirected to conversion-tracking tagged pages.
The use of cookies is voluntary, and you can control which categories of cookies are used by managing your preferences in the cookie consent settings on our website and platform.
Strictly necessary cookies, which are essential for supporting core functionalities and ensuring the security of our services, are always enabled. However, you may choose to disable all cookies through your browser settings. Instructions on how to do so are available for Chrome, Safari and Firefox.
Cookies have pre-determined lifecycles, which are specified further in our website
cookie settings. However, you can also choose to clear your browser’s cookie history at any time through your browser settings. For further details on clearing your browser’s cookie history, please consult the instructions for Chrome, Safari and Firefox.
9. Content Delivery Networks
To optimize the loading times of both our website and platform, and to balance traffic effectively, we utilize the Amazon CloudFront Content Delivery Network (CDN). This service is provided by Amazon Web Services EMEA SARL.
The CDN enhances the delivery of our online content, particularly large media files such as graphics, text, or scripts, by leveraging a network of geographically distributed servers. This significantly reduces latency, improving loading times for website visitors and platform users.
The use of CDN services is based on our legitimate interest under Article 6(1)(f) of the GDPR, ensuring the efficient and reliable provision of both our website and platform.
As part of this processing, data may be transferred to the United States. Amazon is certified under the EU-US Data Privacy Framework (DPF), which serves as a basis for these transfers. However, we may also rely on Standard Contractual Clauses (SCCs) where feasible.
10. External Links
Our website or platform may include links to third-party services that are not affiliated with us. Once you click on such a link, we have no control over the collection, processing, or use of personal data transmitted to the third party (e.g., your IP address or the URL of the page containing the link), as we cannot influence the processing activities of these third parties.
Please keep this in mind when opening any links leading to external sites. We do not assume any responsibility for the processing of personal data by these third parties.
11. Security
We have implemented the necessary technical and organisational measures to ensure the secure and safe processing of personal data. These measures include among others the use of encryption where feasible, as well as administrative safeguards to protect against accidental or unlawful destruction, disclosure, access, or alteration of data.
We continuously enhance the security of our systems in line with technological
advancements and deploy relevant updates to our system infrastructure as needed.
All of our staff members and any service providers authorised by us are required to maintain confidentiality and comply with applicable data protection laws.
12. Your Rights
You have several rights in connection to the personal data we process about you as adata controller. In order to use the rights please contact us using the contact details specified in the section Data Controller.
Right of access: You have the right to request access to the personal data we
hold about you and obtain a copy of the data, along with details on how it is
processed.
Right to be informed: As a data controller, we are obligated to provide you with
clear and transparent information about how we process your personal data.
This privacy policy serves as our official statement detailing our data processing
practices.
Right to rectification: If any personal data we hold about you is inaccurate or
incomplete, you have the right to request its correction or completion.
Right to be forgotten: You can request the deletion of your personal data under
certain conditions, such as when the data is no longer necessary for the
purposes for which it was collected, or if you withdraw your consent.
Right to restrict processing: Under specific circumstances, you can request that
we limit the processing of your personal data, meaning we can store it but not
process it further.
Right to data portability: You have the right to receive your personal data in a
structured, commonly used, and machine-readable format and request that it be transferred to another data controller where technically feasible.
Right to object: You have the right to object to the processing of your personal
data for certain purposes, such as direct marketing or processing based on
legitimate interests.
Rights related to automated decision making and profiling: You have the right not to be subject to decisions based solely on automated processing, including
profiling, that have legal or significant effects on you. You may also request
human intervention in such decisions.
Please remember that when requesting the exercise of your rights, we need to be able to identify you. Identification can be performed using a variety of methods, ranging from email verification to bank credential authentication, depending on the type of data involved. You are always welcome to suggest a suitable means of identification.
As a data subject, you also have the right to lodge a complaint with the competent
supervisory authority. You may appeal our decisions to the supervisory authority in your place of residence, the authority in a state with which you have a relevant connection, or the supervisory authority in the jurisdiction where we are established.
In Finland, where we are established, the supervisory authority is the Office of the Data Protection Ombudsman, with contact details available at www.tietosuoja.fi.
For contact details of other European supervisory authorities, please visit the European Data Protection Board’s website at www.edpb.europa.eu.
Before lodging a complaint with the supervisory authority, we always suggest contacting us first. This ensures that our data privacy team is aware of your concern and can address it directly, even before any proceedings with the supervisory authority.
13. Changes to the policy
We may update this policy from time to time to ensure it accurately reflects how we process personal information as part of our operations. We always suggest consulting this policy regularly. The policy will always indicate the latest date of amendment.
14. Contact us
You have questions regarding the processing of your personal data and wish to contact us, please refer to the contact details provided in the Data Controller-section. This also applies when exercising your rights referred to in the Your Rights-section.