Effective Date: 1 January 2020
Last Updated: 1 June 2025

This Privacy Policy (hereinafter “Policy”) explains how A-Wave Oy (“A-Wave”, “we”, “us”, or “our”) collects, uses, discloses, and protects your personal data when you use our website www.awave.fi, our mobile applications (“Apps”), and our services, including consulting, design, development, and maintenance of digital tools (“Services”).

1. DATA CONTROLLER

The data controller in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Contact details of the data controller:

A-Wave Oy
Business ID: 1931114-0
Address: Suotie 10 A, 02230 Espoo, Finland

Contact details of the privacy manager:

Teemu Piirainen, CEO
Address: Suotie 10 A, 02230 Espoo, Finland
Phone: +358 44 222 6666
Email: teemu.piirainen[at]awave.fi

2. Scope and Applicability

This Policy applies to:

  • Visitors to our website
  • Users of our mobile applications
  • Customers using our digital services
  • Any interaction with us that involves personal data, whether through online or offline means.

If you are located in the United States, this Policy is intended to comply with applicable state laws, including the California Consumer Privacy Act (CCPA), where relevant.

3. Personal Data We Collect

We collect personal data directly from you and from your use of our Services. Depending on the context, we may collect:

From website/app users:

  • Device information (e.g. operating system, device model, browser type, IP address)
  • Usage data and analytics (e.g. pages visited, in-app behavior, crash logs)
  • Cookies and similar tracking technologies

From clients or partners:

  • Name, company, title
  • Contact details (email, phone)
  • Billing and invoicing data
  • Client communications, contracts, and history

From mobile app users (where applicable):

  • Language preference
  • Time zone, device settings
  • Optional user preferences and settings
  • Location data (if explicitly allowed by user)
  • Account data (only if login-based features are used)

We do not collect sensitive personal data unless explicitly required and with your consent.

4. Legal Basis and Purpose for Processing

We process personal data based on the following grounds:

4.1 Contractual Obligation

To provide and maintain the Services, including technical support, customer service, and billing.

4.2 Legitimate Interest

When required by law, such as for marketing, analytics cookies, or optional features in the app (e.g. notifications, location), we ask for your explicit consent.

4.4 Legal Obligation

To comply with regulatory requirements and respond to lawful requests.

5. Data Sharing and Disclosure

We may share your personal data with:

  • Trusted service providers (e.g. hosting, analytics, customer support) acting on our behalf
  • Regulatory authorities if legally required
  • Legal successors in connection with a business transaction (e.g. merger, acquisition)
  • App platforms (Apple App Store, Google Play) where required for app functionality or distribution

All such sharing is limited to the extent necessary and based on proper safeguards.

6. International Data Transfers

If we transfer personal data outside the EU/EEA, we ensure adequate protection via:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other valid transfer mechanisms under GDPR

For U.S. services, we ensure contractual safeguards aligned with the CCPA and other state-specific requirements.

7. Cookies and App Analytics

We use cookies and similar tracking technologies on our website and analytics SDKs in our mobile apps to:

  • Measure usage and engagement
  • Fix bugs and optimize performance
  • Improve app and web experience

You can manage cookie settings in your browser and adjust permissions in your mobile device (e.g. analytics, notifications, location).

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy or as required by law. This may include:

  • Active client relationship: full retention
  • Legal obligations (e.g. tax records): extended retention
  • Inactive users or former clients: deleted or anonymized after a defined period

In mobile apps, locally stored data can be cleared by uninstalling the app.

9. Your Rights

You have the following rights under GDPR and, where applicable, U.S. privacy laws:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Delete your data (“right to be forgotten”)
  • Restrict or object to processing under certain circumstances
  • Withdraw consent at any time (where applicable)
  • Data portability (receive your data in a machine-readable format)
  • Non-discrimination (under CCPA, if applicable)

To exercise your rights, contact us at: reachout [at] awave . fi

If you think there is a problem with the way we are handling your personal data, you have a right to file in a complaint to your national data protection authority in the EU/EEA. In Finland, that is Tietosuojavaltuutetun toimisto. You can find contact details of Tietosuojavaltuutetun toimisto here: http://www.tietosuoja.fi/fi/index/yhteystiedot.html.

10. Children’s Privacy

Our website and apps are not directed to individuals under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If we become aware of such data being collected, we will delete it promptly.

11. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption (where applicable)
  • Secure storage and restricted access
  • Regular security reviews and updates
  • Data minimization

Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure.

12. Changes to This Policy

We may update this Policy from time to time. Changes will be posted on our website and within our apps. We encourage you to review this Policy periodically.

If significant changes are made, we will notify you via the app or email (if we have your contact details).