• Suomi
  • English

    • Privacy Policy

    Who we are

    i4ware Software (“i4ware”) provides services and products for Application Lifecycle Management and Software Development.

    i4ware respects the privacy of individuals and thereby we want to give individuals using our services information concerning our data processing activities in a transparent manner. This Privacy Policy describes how i4ware collects, uses, stores, shares and protects your personal data under i4ware’s services and products and on our website https://www.i4ware.fi (collectively, the “Services”). i4ware is committed to comply with the obligations related to processing of personal data under the applicable data protection legislation.

    To achieve this goal, the information presented in this i4ware Privacy Policy is provided using as clean and plain language as possible. However, should you have inquiries or questions regarding our data processing activities or the information presented in this Privacy Policy, please feel free to contact us at the “Contact Us” page on our website or by sending an email to info@i4ware.fi.

    This Privacy Policy does not apply to third parties and their actions that i4ware does not own or control, including, but not limited to, any third-party websites, services and applications that you access through i4ware’s service or website.

    Legal basis for processing personal data

    In order to provide you certain features of the Services, i4ware processes your personal data. Depending on the circumstances, processing is necessary for the purposes of legitimate interests pursued by i4ware, or for the performance of a contract, or is based on your consent.

    You have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. You may withdraw your consent by informing i4ware thereof to address info@i4ware.fi.

    Purposes of processing personal data

    The personal data that you share with our Services may be used by i4ware for the following purposes:

    • To operate business and provide the Services to users, individuals and customers;
    • To deliver the Services and allow you access and right of use to the Services;
    • To operate, audit, analyze, develop, improve, manage and protect the Services;
    • For statistical and research purposes in accordance with applicable law;
    • To personalize experiences on the Services;
    • To communicate with you and respond to your requests.

    i4ware may also collect technical data and information related to your use of the Services. i4ware may also use personal data for offering of software updates, product support and possible other services related to the Services.

    Based on your separate consent, i4ware may use personal data also for marketing and promotional purposes.

    What personal data we process and why we process it

    Comments

    When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

    An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

    Media

    If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website are able to download and extract any location data from images on the website and i4ware does not have any control or responsibility over such activities of website visitors.

    Contact Forms and Recruitment Forms

    i4ware Software uses various contact forms, quotation request forms, and recruitment-related forms on its websites and services.

    These forms may include:

    • general contact forms
    • quotation and service request forms
    • customer support forms
    • i4ware Rekry AI ATS job application forms for applicants

    i4ware Software does not use contact forms for purposes unrelated to customer communication, service requests, recruitment, or business operations.

    If recruitment is active, applicants may submit job applications and upload resumes or curriculum vitae (CV) through the i4ware Rekry AI ATS system.

    The recruitment forms may collect and process information including, but not limited to:

    • full name and contact details
    • education history
    • qualifications and certifications
    • work experience
    • skills and competencies
    • portfolio or project information
    • uploaded resumes/CVs and attachments
    • other information voluntarily provided by the applicant relevant to the recruitment process

    Submitted recruitment information may be stored in i4ware Software databases, applicant tracking systems (ATS), secure cloud environments, and/or email systems, including the recruitment mailbox: rekry@i4ware.fi

    The collected information is used solely for recruitment, candidate evaluation, communication with applicants, legal compliance, and related hiring processes.

    i4ware Software implements reasonable technical and organizational security measures to protect submitted personal data against unauthorized access, disclosure, alteration, or destruction.

    Applicants should avoid including unnecessary sensitive personal data in their applications unless specifically requested or legally required.

    Cookies

    If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

    If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

    When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

    If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

    Embedded content from other websites

    Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

    These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

    Analytics

    i4ware uses Google Analytics and other systems to collect our web-sites visitor statistics.

    Sales data

    i4ware will collect your Atlassian Purchase history but this data comes via REST Client. This data is not stored on Virtual Private Servers owned by i4ware. Data can be seen publically here: https://atlassian-revenue.i4ware.fi/ to proof turnover of i4ware.

    Third-Party Cloud and AI Services

    Our services may integrate with or utilize third-party cloud platforms and artificial intelligence services to provide functionality such as project management, automation, search, analytics, and AI-assisted content generation.

    These third-party providers may process personal data and other customer content in accordance with their own privacy policies, security practices, and contractual terms.

    Atlassian Jira Cloud and Rovo AI

    We may use Atlassian Jira Cloud and Rovo AI for issue tracking, collaboration, documentation management, workflow automation, and AI-assisted productivity features.

    Data processed through Atlassian services may include:

    • project and ticket information
    • user account information
    • uploaded files and attachments
    • comments, documentation, and metadata
    • AI prompts and generated responses

    According to Atlassian, Rovo AI may utilize a combination of self-hosted, open-source, and third-party large language models. Atlassian states that customer inputs and outputs used through Rovo AI are not used to train third-party foundation models.

    However, certain analytics, telemetry, metadata, and AI improvement data may still be processed within Atlassian Cloud environments subject to Atlassian’s policies and customer configuration settings.

    You can review Atlassian privacy information here:

    OpenAI Services

    We may use OpenAI services for AI-powered assistance, text generation, summarization, coding assistance, automation, and conversational features.

    Data submitted to OpenAI services may include:

    • prompts and user inputs
    • generated outputs
    • technical metadata
    • limited diagnostic and usage information

    OpenAI may retain and process submitted data in accordance with its applicable privacy policy and service terms. Depending on the service configuration and subscription type, customer content may or may not be used for model improvement and training purposes. Users should avoid submitting highly sensitive, confidential, regulated, or special category personal data to AI systems unless explicitly authorized and contractually protected.

    More information:

    Google Search AI Features (“Tekoälytila” / AI Mode)

    We may utilize Google Search AI features, including AI-assisted search experiences (“AI Mode” / “Tekoälytila”), to improve information retrieval and research functionality.

    When these services are used:

    • search queries may be transmitted to Google
    • contextual information may be processed by Google systems
    • AI-generated summaries or responses may be produced
    • Google may collect telemetry and usage information under its own policies

    Google acts as an independent data controller for data processed through its services.

    More information:

    International Data Transfers

    Third-party cloud and AI providers may process data outside the European Economic Area (EEA), including in the United States and other jurisdictions. Where required, such transfers are protected using applicable safeguards such as Standard Contractual Clauses (SCCs) or equivalent legal transfer mechanisms.

    User Responsibility

    Users should avoid submitting:

    • confidential legal material
    • passwords or authentication credentials
    • health records
    • payment card information
    • trade secrets
    • regulated or highly sensitive personal data

    to third-party AI services unless explicitly permitted and appropriately secured.

    Data subject rights

    Under the applicable data protection legislation, you have certain rights as a data subject. You have the right to request from i4ware access to and rectification or erasure of your personal data or restriction of processing or to object to processing as well as the right to data portability. If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Furthermore, you have the right to lodge a complaint with a data protection supervisory authority.

    You may request to exercise your rights by sending i4ware a message to address info@i4ware.fi.

    Transfers of personal data

    i4ware processes and stores your personal data primarily within the European Union. However, personal data may be transferred, in compliance with applicable regulations, to the United States and/or other third countries that do not have similar laws providing specific protection for personal data or that have different legal rules on data protection. Should i4ware transfer your personal data to such third countries, personal data will be protected as described in this Privacy Policy and in accordance with the applicable law.

    Recipients and providers of personal data

    i4ware will not sell your personal data to third parties, nor make personal data available to them for other purposes than to enable your use of the Services. i4ware may utilize third party processors to perform data processing on i4ware’s behalf. i4ware is liable towards you for acts and omissions of such third party as for its own. Should i4ware transfer any personal data collected or processed via the Services to any third party, i4ware will ensure at all times that the third party service provider will be bound by appropriate contractual guarantees with respect to such third party’s obligations in accordance with applicable data protection law, and ensuring all times that your data will remain protected in accordance with at least the same standards as under this Privacy Policy.

    i4ware shares personal data to Atlassian which provides the purchase platform for certain Services. Atlassian has access to your and our usage statistics data only.

    i4ware receives data from Atlassian (https://www.atlassian.com/) on site: https://marketplace.atlassian.com/.

    Duration of personal data processing

    i4ware retains your personal data for a period not exceeding the period required for the purposes for which it was collected and processed. However, personal data under your account will be removed once you have deleted your account in accordance with our deletion policies. i4ware then will either delete your personal data permanently or irreversibly anonymize the data so you can no longer be linked to such anonymized data.

    If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

    For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

    Data Security

    i4ware ensures the confidentiality, integrity and availability of personal data processed via the Services. i4ware implements appropriate technical and organizational measures and procedures in such a way that ensures the protection of your rights, and always in accordance with applicable data protection law, as well as to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, access and other unlawful forms of processing.

    Data is hosted on our Virtual Private Servers at Amsterdam, Netherlands. Servers are located in secure environment which only authorized employees of our Internet Service Provider LeaseWeb (https://www.leaseweb.com) can enter. Our domain i4ware.fi is secured by official SSL Certificate if applicable and our servers contain a Firewall and Anti-Virus and/or Anti-Malware protection. All our local computers in our offices are secured behind password protection and Firewall and Anti-Virus, etc. appropriate security measures.

    In case of a data security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data, i4ware will inform you of the breach without undue delay, including a summary description of the potential impact and a recommendation on measures to mitigate the possible adverse effects of the breach.

    i4ware ensures that the data has been pseudonymized or anonymized wherever possible. The Services contain appropriate authorization mechanisms to avoid unlawful access, as well as effective encryption has been used to mitigate the risk of data security breaches. You will be informed when an updated version of the Service is available, and if the update is security critical, you will be prevented from using the old version of the Service.

    Furthermore, i4ware recommends that you take additional measures to protect yourself and your information, keeping confidential your account information and passwords and regularly updating your software and devices to ensure you have enabled the latest security features.

    How to contact i4ware

    Should you have any questions concerning this Privacy Policy or wish to know more about i4ware’s data processing activities, please feel free to contact us at the “Contact Us” page on our website or by sending an email to info@i4ware.fi.

    Data Processing Agreement (DPA)

    1. Parties

    This Data Processing Agreement (“DPA”) is an appendix to the Privacy Policy (“Agreement”) between i4ware Software (“Processor”) and the Customer and is subject to the terms and conditions of the Agreement unless otherwise stated herein.

    Hereinafter, the Processor and the Customer may individually be referred to as a “Party” and jointly as the “Parties”.

    2. Background and Purpose

    2.1.

    Processor is the owner and licensor of certain software products and related services (“Services”) licensed to the Customer under the Agreement.

    2.2.

    In connection with providing the Services, Processor may process personal data on behalf of the Customer.

    2.3.

    This DPA sets forth the terms and conditions governing the processing of personal data by Processor on behalf of the Customer.

    2.4.

    For the purposes of this DPA, “Applicable Law” means all applicable laws and regulations relating to the processing of personal data, including but not limited to the Finnish Data Protection Act (1050/2018), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), and any binding decisions or orders issued by competent supervisory authorities.

    3. Description of Processing

    3.1.

    The subject matter, nature, and purpose of the processing, as well as the types of personal data and categories of data subjects, shall be described in documentation created during the Agreement period or in other written instructions issued by the Customer.

    The Customer is responsible for the legality, maintenance, and availability of such documentation and instructions.

    3.2.

    As of the effective date of this DPA, the Customer instructs Processor to process personal data for the purposes defined in the Agreement and in accordance with this DPA.

    4. Obligations of the Customer

    4.1.

    The Customer acts as the data controller and agrees to comply with all obligations applicable to data controllers under Applicable Law.

    In particular, the Customer shall ensure that:

    • the Customer has the right to disclose and transfer personal data to Processor for the purposes of the Agreement;
    • there is a valid legal basis for the processing, such as contractual necessity, legitimate interest, or consent;
    • the purposes of the processing are defined before processing activities begin;
    • personal data collected is accurate, relevant, and limited to what is necessary;
    • the Customer is responsible for granting and removing access rights;
    • the Customer properly trains its personnel regarding data protection and data security;
    • personal data is protected against unauthorized access, destruction, alteration, disclosure, or unlawful processing;
    • inaccurate personal data is corrected or deleted without undue delay;
    • outdated or unnecessary personal data is not processed unnecessarily;
    • data subjects are provided with transparent and understandable information regarding the processing of their personal data.

    5. Obligations of Processor

    5.1.

    Processor acts as a data processor under Applicable Law.

    Processor processes the Customer’s personal data solely on behalf of the Customer and only for the purposes of the Agreement, this DPA, and documented instructions provided by the Customer.

    Processor shall implement appropriate technical and organizational measures to ensure secure processing and maintain appropriate documentation of such measures.

    5.2.

    Processor shall ensure that all persons authorized to process personal data are bound by confidentiality obligations or appropriate statutory duties of confidentiality.

    5.3.

    Processor shall assist the Customer, where reasonably possible, in responding to requests from data subjects exercising their legal rights and shall inform the Customer of such requests received by Processor.

    5.4.

    Upon request, Processor shall provide the Customer with information necessary to demonstrate compliance with this DPA.

    The Customer may conduct audits either independently or through a third-party auditor approved in advance by Processor. Such auditor may not be a competitor of Processor.

    The Customer must provide at least thirty (30) days’ written notice before an audit. Audits shall be conducted during normal business hours and must not interfere with Processor’s business operations or compromise security or confidentiality obligations.

    The Customer shall bear all costs associated with audits.

    5.5.

    Processor shall assist the Customer with data protection impact assessments, breach notifications, and prior consultations where reasonably required and related to the Services provided by Processor.

    5.6.

    Upon termination of the Services, Processor shall, at the Customer’s choice, delete or return all personal data unless retention is required by applicable law.

    5.7.

    Processor shall respond to Customer notifications, complaints, and inquiries without undue delay.

    5.8.

    Processor reserves the right to invoice the Customer for assistance measures performed under this DPA according to Processor’s current price list.

    6. Subprocessors

    6.1.

    Any subcontractors or subprocessors used by Processor that participate in the processing of personal data shall act as data processors on behalf of the Customer.

    By accepting this DPA, the Customer grants Processor general written authorization to use subprocessors.

    Processor remains fully liable for the acts and omissions of its subprocessors and shall ensure that they comply with data protection obligations equivalent to those set forth in this DPA.

    6.2.

    Processor shall inform the Customer in writing of any intended changes concerning the addition or replacement of subprocessors as soon as reasonably possible.

    The Customer may object to such changes within fourteen (14) days after receiving notification by terminating this DPA and the Agreement.

    If the Customer does not object within the specified period, the Customer shall be deemed to have accepted the changes.

    7. Transfers of Personal Data

    7.1.

    Processor shall not transfer personal data to third parties other than approved subprocessors.

    Processor may transfer personal data outside the European Union or the European Economic Area provided that such transfers are carried out in compliance with Applicable Law.

    8. Personal Data Breach Notifications

    8.1.

    In the event of a personal data breach, Processor shall notify the Customer in writing without undue delay after becoming aware of the breach.

    To the extent available, the notification shall include:

    a) a description of the nature of the breach;

    b) contact details of the person responsible for data protection matters;

    c) a description of the likely or actual consequences of the breach;

    d) a description of the measures taken or proposed to mitigate the breach.

    8.2.

    Where all information cannot be provided simultaneously, information may be provided in phases without undue further delay.

    9. Limitation of Liability

    9.1.

    The liability of the Parties regarding administrative fines or compensation claims by data subjects shall be determined in accordance with Applicable Law.

    9.2.

    Processor shall not be liable for indirect or consequential damages.

    Processor’s total liability under this DPA shall not exceed the amount paid by the Customer to Processor under the Agreement during the six (6) months preceding the event giving rise to the claim.

    10. Other Terms

    This DPA replaces all previous agreements and terms between the Parties relating to personal data processing and information security.

    11. Governing Law and Dispute Resolution

    11.1.

    This DPA shall be governed by and construed in accordance with the laws of Finland, excluding its conflict of law principles.

    11.2.

    The dispute resolution clause of the Agreement shall also apply to this DPA.

    12. Term and Termination

    This DPA enters into force when the Customer begins using the software and remains valid for as long as Processor processes personal data on behalf of the Customer.