This document is in effect since the beginning of September 2021.
This Privacy Notice details what information we collect about you, how we use it and what are your rights and choices.
In this document “Gravito” refers to Gravito Oy which is a Finnish limited company (company ID 2891268-5).
By “Service” we mean the Gravito service as detailed by our Terms and Conditions.
The key for interacting with the Gravito’s services (handshake API’s) is based on the users Gravito Profile and the collection of an observed profile. The key behind Gravito’s ideology is to give complete transparency to the user on the data that is been collected and used. The businesses users of Gravito can freely use any data about the user as long as there is a consent in place.
From business customers who sign-in to our Gravito Portal we collect the following information:
|Required in order to sign into the portal
|Billing and payment information
|Required for subscriptions
|Messages with our support and sales
|Required for customer support. We retain email messages between you and our staff
|User information from integrated tools
|Required if integrations enabled.
Cookies and tracking
Cookies are also used to store current session/login information for the Service.
Gravito and Data Processing
The way Gravito processes data is compliant with GDPR legislation. Gravito collects data to our Azure infrastructure. All data is encrypted on transfer and at rest.
Data collection is essential to solution to work. Every website, mobile application, email, redirected URL etc. will contribute to data collection. If the customer has given the consent to collect the data of his/her behavior, will that enrich the customer profile. In opposite case the data is not being collected from domains that don’t have the consent or not collected at all.
Everything in Gravito works around consents, meaning the permissions to use data and different channels to communicate with customer. Consents are given on domain and company level, allowing different setup for any party in Gravito network or all settings can be global and management of permissions is super-simple to end-user.
End-user can connect his/her data to various parties in Gravito network. In basic this means that one customer profile can be used by various companies and their subsidiaries and end-user controls whether data is shared between these parties. Each party has also their private data that is never shared so business critical and trade secret type of data is not shared to other parties.
Every user in Gravito is in full control of their own data and how it is used. Transparent system allows monitoring and reporting of how data is being used and settings for control can be changed any time and those are reflected immediately.
When customer data is being shared between multiple companies or subsidiaries it grows in value. Valuable data allows better customer experience and well targeted offers and service. Again, all consolidation is controlled by the end-user and without permission no data is combined with other domain ever.
Growing value of data means commercial interest. This benefits the end-user directly; they can commercialize the data that is being collected about them and decide the balance between sharing and the commercial value. Value can materialize as well-targeted offers where the price is reduced with the value of data.
Centralized customer data allows border-crossing loyalty programs, instead of registering to tens of those the customer can centralize their behavior as buying customer, decide how much different parties are able to target and consume that data. Consumer will see this as bundled offers and chained affiliation programs.
End-user is allowed to change his/hers mind anytime, change their profile data regarding the address, email, telephone etc. or change the permission settings and control e.g. how much newsletters and other type of communication is received.
Gravito and Privacy
We have been and are continually training all our employees in data protection awareness.
All of our vendors have been reviewed, evaluating their compliance status, and arranging similar GDPR-ready data processing agreements with them, or stopped using their tools if we don’t achieve a healthy level of compliance.
These are the details of what information Gravito collects about you, how we use it, and what are your rights and choices. Gravito rolls on consents, and all data we collect is consented by the end-user. Gravito classifies its consents into two different parts: 1) Channel Consents and 2) Data Consents
1) Channel Consents
Web: Personalized web content based on your behaviour and preferences.
Mobile: Permission to send you mobile push notifications.
Email: Permission to contact you via e-mail.
SMS: Permission to send you SMS’s.
Call: Permission to contact you via phone call.
Snail mail: Permission to send you direct postal mail.
2) Data Consents
Data Collection: Permission to observe your behavioral data, i.e. your actions on the web anonymously.
Analytics: Permission to analyze your behavioral data anonymously.
Targeting: Permission to allow personally targeted messages based on the analysis of your behavioral data on the web.
Cross Device: Permission to allow cross-device identification. You will be able to identify individual devices.
Sharing Data: General permission to allow sharing anonymous data with chosen 3rd parties to improve personalized messaging to you.
Reidentification: General permission to allow sharing anonymous data with chosen 3rd parties to improve personalized messaging to you.
How are we collecting the data?
Gravito operates on different levels of profile types. The profile types capture different amount of data based on their business purpose:
|Purpose/feature for data collection
|Gravito and TCF CMP, Micro profiling API, Cross Domain Profile sharing using matchOnId
|Observed Profile/Anonymous profiles
|Device, Browser, Domains visited, consent matrix,
|Gravito and TCF CMP, Observe API, Cross Domains Profile sharing using OpUid, streaming connector
|Email, Phone no*, devices, domains per devices, consents, segments
|Gravito and TCF CMP, Gravito Profile API, Omnichannel Marketing, Cross Domains Profile sharing using GravitoId
We use the collected user data to provide the Gravito services in delivery, maintenance, and enhancement of the Service, to provide support and to prevent or address technical or security issues.
To communicate with you
We may send you service-related messages and notifications. These include notifications that are part of the service. We also send administrative messages regarding your Gravito subscriptions, technical status updates and other related notifications.
We may also send you messages or call you regarding new product features and helpful tips on using the product and to offer training and support. You can opt-out from such messages and calls at any time.
For payments and billing
We collect payment and billing data from Gravito customers for fulfilment of payments for the Service.
For improvement of the Service and analytics
To help improve the Service, our website and Gravito Portal and to develop new features and functionality we collect and analyze usage information. Processing User Data for analytics purposes is done in aggregated or anonymized form.
We process User Data only where:
- Processing User Data is necessary for providing the Service.
- Processing is necessary to comply with a legal obligation.
- Processing is in legitimate interests of Gravito, but not in conflict of our users’ rights.
If you no longer wish to receive our newsletter or other promotional messages, you can opt-out of receiving them by following the instructions included on such messages.
You can request a copy, correction or deletion of your personal data by emailing firstname.lastname@example.org. We will respond to your request within 30 days.
You can object to our processing of your personal data at any time. For any requests or concerns, please contact our Data Protection Officer at email@example.com.
At Gravito, we take privacy and security seriously, and implement a variety of security measures to maintain the safety of your data. Gravito portal has been audited from security perspective by a third party in 2020.
We store our data in Microsoft Azure data centers in Europe (Ireland and Germany). The data is not transferred outside the EU.
Sharing and Disclosure
We do not share or disclose information to third parties except in the following situations:
User instructions or consent
Information may be disclosed to third parties if we are explicitly instructed to do so by the user, or by user consent.
Third-party service providers
We may engage third-party companies service providers or business partners to process our data and to support our business. These include for example server and hosting providers, payment processors and customer service and management tools. We ensure that these third parties process your data with utmost care and in accordance with the privacy legislation.
An up-to-date list of our processors is available on request from firstname.lastname@example.org
Change of ownership
We may disclose User Data to allow a change of ownership of Gravito (including, but not limited to, an acquisition by or merger with another company) and related transfer of all such information to the new owner, in which case any information remains protected in accordance with this Privacy Notice.
We may disclose personal data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process.
Enforcement of our rights, prevention of fraud, and for safety
We also may disclose personal information to:
- protect Gravito from fraud, abuse or other criminal activity
- protect Gravito rights and property against third-party allegations and claims
- enforce our contracts and policies
- protect rights and safety of others
We keep your data as long as you remain as a Gravito User. You can request your user account to be removed by contacting our support at email@example.com. For legal reasons we have to retain certain information for a longer period. This includes such information as billing and payments data.
EU General Data Protection Regulation (GDPR)
As an EU based company with customers in the EU, we are committed to EU General Data Protection Regulation. You can read about our GDPR compliance in a separate section in the end of this document.
Information Regarding Children and Youth
We do not collect any information from anyone under 18 years of age. Our website, products and services are all directed to people who are at least 18 years old or older.
Changes to this Privacy Notice
We will notify Gravito users of any non-trivial changes to this Privacy Notice via email.
Data Protection Authority
Finnish Data Protection Authority:
Office of the Data Protection Ombudsman
Please feel free to contact us if you have questions regarding our privacy, this notice or practices. You can email us at firstname.lastname@example.org
Our mailing address is: