The European Union’s General Data Protection Regulation (GDPR) is one of the most important
international legislative changes in data protection in decades. The purpose of the
regulation is to increase the individual’s rights to manage and process their personal data
and to harmonise legislation within the European Union.
Valohai is firmly committed to the GDPR Data Protection Regulation.In addition to complying
with the regulation ourselves, it is important for us to help our customers with their
compliance efforts. This goal is achieved through training, instruction, and technical
development of our software.
Valohai’s updated GDPR compliant terms come to force on the 1st of January 2020. Here you can
find the most important documents regarding the use of Valohai:
Obligations as a Valohai customer
Valohai’s clients generally act as controllers for the personal data registers and data they
are processing in Valohai. The aim of the controller (client) is to define the purpose of
the register, and the processor (Valohai) is responsible for helping the client in the
processing of information in an intended manner. Simply put, this means that the customer
uses Valohai for their intended purpose and Valohai assists the customer in implementing
this purpose. This means that we are also doing updates to the software so that this is
going to be fast and easy.
The controller (customer) is responsible for ensuring that data is processed technically and
administratively in accordance with the requirements of the regulation. The regulation
includes significant changes to how and when registers can be maintained. In addition, the
controller must ensure that their own activities are transparent towards the data subject,
the data is valid, and correct restrictions are applied to the use of personal data. It is
particularly important to remove unnecessary information and to safeguard the data subject’s
legislative rights. According to the regulation, the data subject has the right to ask for
their registered data, to update it and, in certain circumstances, to demand it’s deleted.
If you are a controller, we encourage you to review the content of the regulation. The
European Data Protection Supervisor provides vast resources and up-to-date information on
own data printed out straight from the Valohai dashboard.
We also encourage you to analyse your situation with the assistance of a lawyer, as the
services or training they provide may give you instructions directed specifically at your
organisation. The responsibility to take care of this is on the controller (client) so we
strongly advise to put some effort in.
Valohai compliance with GDPR
We are proud to say that we have put a tremendous amount of work to make sure that
everything is in order in respect to the European Union’s General Data Protection Regulation
(GDPR). We have put in enterprise-level effort to look after our data protection and privacy
as we understand the importance of this matter. This way also our enterprise customers can
rely on us to do our part in the data protection chain.
We have trained our staff as data protection experts and specialists. Valohai’s data
protection mechanisms have been entrusted to the management of the entire company, as well
as to a DPO (Otso Rasimus) who is responsible for operations as part of the management team.
The tech team has set up and implemented the changes required by the regulation. Their task
is to implement the data protection processes and changes and make them part of the
company’s overall functions and services.
GDPR in the Valohai software
Valohai software will provide even better tools for building the necessary kind of policy a
customer needs to ensure they’re doing data collection by the book also for your
Automatic expiration of personal data
In order to avoid storing old and unnecessary data, Valohai will set an expiration date for
personal data by default. Our customers can change the expiration date by request according
to their business needs and regulatory requirements.
Stricter requirements for consent
The GDPR enforces even stricter requirements for consent when collecting the data. By using
Valohai and strictly required fields, everyone can be sure that the data that enters the
system is collected with proper permissions.
Ability to manage personal data
The GDPR gives more rights to individuals over their personal data. We at Valohai provide
possibility for our customers to find out what personal data is stored in their account and
therefore fulfill requests coming from individuals. This includes the ability to by request
print out a report on personal data by the individual, delete all related personal data etc.
Access to customer data
While we have always accessed customer data only purposefully and with the agreement of our
customers, we have developed stricter controls on who can access the data inside the
Storing relevant backups is crucial to us for disaster recovery purposes. However, backups
tend to hold information even after it is deleted from production systems. This is why we
periodically run our backups through certain filters to ensure they contain only information
we and our customers have permissions to store.
Data processing and subcontractors
Our objective is to provide the safest and highest quality service to our customers. Like
many other SaaS services, we also use subcontractors and partners to provide our service.
This means that our subcontractors also take part in the processing of personal data on a
case-by-case basis. All our subcontractors go through an audit process, which ensures that
they share our own tight security and privacy requirements. All companies we work with need
to obey the new EU data regulations if applicable.
- Amazon Web Services
- Google Cloud Platform
- Google Tag Manager
- Google Analytics
- Microsoft Azure
As part of a data processing agreement, our customers must accept our subcontractors’ use of
Data processing agreements
We fully understand our important role as a processor of valuable and confidential personal
data and are serious about the responsibility that our customers give us. We have built a
processing agreement with our customers in accordance with the Data Protection Regulation,
which identifies the customer’s processing instructions for the registry. These guidelines
are the foundation for all our processing operations.
We require all our customers to accept our data processing agreement so that we can ensure
safe and lawful processing of personal data. We will process personal information you
provide to Valohai only and solely in accordance with the regulation. These terms you can
find at the upper part of this page.
Valohai employees undertake to participate in data protection and processing training to
ensure that your data is reliably managed. All our employees are also subject to duty of
confidentiality with respect to our customers’ data when they start working at Valohai.
Retrieving and removing data
Valohai provides a possibility for retrieving and removing individual data subject’s items.
Also, if your customer relationship with us will nevertheless end, or if you want to
retrieve or remove any personal information, we will provide you with the possibility to do
this. Retrieving events, data subject, and other personal information is done by request.
You can submit a request for this to support(at)valohai.com. In addition, on request, we can
ensure that your personal data is removed on our own and on our subcontractors’ data bases
upon termination of your customer relationship. We will permanently remove your information
within the stated deadline unless we have a legitimate reason in public interest to maintain
Data transmission internationally
Valohai reserves the right to process information covered by its own registers in countries
outside the European Union or the European Economic Area, provided that adequate security
and data protection of these services is appropriately undertaken. We also try to minimise
the amount of data that is being processed outside the EU, but because of the open nature of
the Internet, we cannot completely restrict the processing.
Our support to you
Valohai’s team provides assistance in questions to do with the data protection regulation.
In addition, our customer success managers and customer service personnel provide user
support and help with Valohai’s data protection features.