Sievo Trust Center

We strive for the highest standards in security, compliance and governance.

Updated: Sep 22, 2023

Introduction

Sievo Oy and its subsidiaries Sievo, Inc. and Sievo Procurement Analytics SRL provides procurement analytics solutions that help enterprise businesses analyze and control procurement spending. When we refer to “Sievo” or use the terms “we”, “us” or “our” in this Privacy Policy (“Policy”), we may mean either one or all of the Sievo entities identified above. Each of the sections below begins with an identification of the relevant Sievo entity or entities to which the contents of the section apply.

Sievo is committed to complying with the European Union’s General Data Protection Regulation “GDPR” and other applicable data privacy legislation across our products and solutions and in any other contexts in which we process personal data.

This Policy describes how Sievo as a controller collects, uses, shares, and otherwise processes your personal data on our website, online platforms, and our digital communications as well as in relation to our sales and marketing activities.

This Policy applies when you engage in the following activities:

  • visit our website sievo.com and our online social media pages,

  • register and/or attend events hosted by Sievo,

  • do business with us or communicate with us on behalf of a business,

  • explore and engage in career opportunities at Sievo.

Sievo’s solutions are designed primarily for businesses and are not intended for personal or household use. The information we provide on our website sievo.com is aimed for professionals in a business context, so we view information about any visitors to this website as individuals acting on behalf of businesses.

If you have questions, complaints, or concerns about how your personal data is processed you can reach out to Sievo's Data Privacy Officer Jussi Latola over email privacy@sievo.com or via the post: Attention of Jussi Latola, Data Privacy Officer, Sievo Oy, Mikonkatu 15A, 00100, Helsinki, Finland.

 

Use of Cookies on our website and in marketing

Sievo uses cookies and other similar technologies (all referred to as “cookies” in this Policy) on its website sievo.com. A ”cookie” is a small text file that is placed on a web browser or internet-enabled device to record information related to how a website is used.

We use cookies firstly to improve the visitor experience on our website sievo.com. The cookies provide information about your computer or mobile device to inform us what web pages you visit, and if you are a repeat visitor. Website tracking cookies we use are from the following service providers: Google, Hubspot, Vimeo, and ZoomInfo.

In addition, we use cookies to improve the relevance of our marketing communications. Our marketing communications partners Facebook, Google, Hubspot, Twitter, and LinkedIn use non-personally identifiable cookies to serve relevant advertisements. We only partner with online advertising networks that comply with the strictest common online advertising standards.

All visitors to sievo.com are provided the ability to opt-out of website tracking cookies through a cookie banner highly visible when you first visit our website.

A list of cookies we use is available at the end of this page: List of cookies used on the website

HELPFUL ADVICE ABOUT COOKIES

Most web browsers let you remove or reject cookies, including the cookies we use for tracking website visits. In addition, online advertising platforms like Facebook, Google, and LinkedIn provide the ability to opt-out use of your information in advertising. For more information about cookies, visit: https://www.allaboutcookies.org/

 

Email Marketing Lists and Opt-Out

Sievo sends email communications to customers, relevant business decision-makers, and contacts who have shown interest in Sievo’s software and solutions on our website.

We only send emails to contacts in relation to whom we have a legitimate interest in processing personal data. These are common ways you may get an email from Sievo:

  • you are a customer or work in a partner organization of Sievo and we communicate to you product and service updates,

  • you have opted into receiving information from Sievo on our website or through marketing content we have provided in partner services (online or in-person events, social media.)

  • you have shared your professional contact details and opted-in to being contacted in business matters through business-to-business databases services such as Zoom-Info or LinkedIn. You can remove your contact details from these services following these guidelines: ZoomInfo, LinkedIn.

We only use your contact details to provide you with information on us and our products. You can unsubscribe at any point through a link provided in all of our email communications. We never sell your personal data to any third party.

We treat your personal data as confidential and apply best practice information security practices to protect it. We adhere to applicable laws regarding personal data protection.

If you have any comments regarding our email communications, you can contact privacy@sievo.com.

 

Processing of Personal Data on our website

Sievo Oy operates the website sievo.com on which you are able to share personal data with Sievo in order to engage in business conversations and opt-in to learn about our solutions. The controller for personal data collected through our website is Sievo Oy.

Personal data collected: first name, last name, company, email address, phone number, and any other data you include in the message or website form submission you post.

Purpose of processing: your data is collected, used, stored, and processed for the purpose of contacting the customers and prospective customers of Sievo, as well as analyzing and managing relationships with customers and prospective customers of Sievo. The information you provide may be used for direct marketing, including email and telephone communications.

Legal basis for data processing: your data is processed based on our legitimate interest. Sievo has the legitimate interest to process your data to be able to communicate with you in the way specified above and to promote our solutions to our customers and prospective customers.

Sources of data: electronic forms available on our website sievo.com. We may combine this data with other data available to Sievo based on a business relationship with your company or with data from public sources.

Retention policy: your data will be processed as long as is necessary for the purpose specified above and as long as Sievo has a legitimate need to keep the data. You can ask us to remove your data at any time.
For information on how we may share your personal data as well as information on your rights, please refer to the relevant sections below in this Policy.

 

Processing of Personal Data for business relation management 

Each Sievo entity collects personal data of representatives of its customers, suppliers, and other business partners from different sources in order to run its business. Each Sievo entity is the controller for the personal data of the representatives of such customers, suppliers, and other business partners with which it has concluded an agreement.

The need for the provision of personal data in the manner described below is partially based on the contract between us and the organization you represent, and Sievo needs this data in order to enter into and to manage the business relation. The non-delivery of personal data may prevent us from performing our contractual or other obligations or commitments towards the organization you represent, which may lead to impediments to our business relation with the organization.

Personal data collected: the personal data collected and processed by us include your name, address, email address, phone number, details related to any meetings or communications through different channels between you as a representative of the organization and us, including meeting recordings if you have consented to have the meeting recorded and any other information you choose to provide to us as a representative of an organization. The data also includes information related to the business relation between us and the organization you represent, such as the name of the organization, information related to the contract between us and the organization, and your association with the contract, invoicing, and payment details, as well as your title.

Purpose of processing: we mainly use your personal data for the purposes directly arising from the contractual or business relation between us and the organization you represent. These purposes include entering into a contract and performing our obligations based on the contract we have concluded with the organization you represent; taking care of, managing, and developing our business or other relation with the organization; and invoicing and keeping track of the accuracy of invoicing.

Legal basis for data processing: the legal basis for processing is our legitimate interest to conduct our business and your relation to the organization with whom we conduct our business. The legitimate interest to process your data may also be other legitimate business interest, such as ensuring and improving data security or the security of our premises and data network; protecting our property; preventing and investigating suspected malpractices; analyzing and compiling statistics for business purposes and to develop our business, products, and solutions. We may also process your personal data to comply with a legal obligation based on e.g. tax or accounting-related legislation or based on other legal obligations to which we are subject.

Sources of data: we primarily obtain your personal data directly from you. You may provide us personal data for instance by sending us emails, through phone conversations or meetings with us, or through documents you provide to us. We may obtain personal data relating to you also from other representatives of your organization. We may collect and update personal data also from publicly available sources, or registers of authorities and companies providing services related to personal data.
Retention policy: your data will be processed as long as is necessary for the purpose specified above and as long as Sievo has a legitimate need to keep the data. The retention period of your personal data is ultimately tied to the term of the business relation between us and the organization you represent. We may however continue to store your personal data after the end of the business relation to the extent necessary for certain legitimate business interests or if the data is necessary for purposes of protecting our rights.

For information on how we may share your personal data as well as information on your rights, please refer to the relevant sections below in this Policy.

 

Processing of Personal Data for Recruitment

On our website sievo.com you are able to share personally identifiable data with Sievo in order to apply for career opportunities and share your interest in working for Sievo. Each Sievo entity is the controller for the personal data of its own job applicants.

Personal data collected: first name, last name, email address, and phone number. The collected data may include also information relating to your suitability for the open position, such as information on work experience, qualification data, and information relating to education, results of personal and aptitude assessment, or other suitability assessment data (those candidates that are, on the basis of the first interview, suitable for the position, may be required to participate to a personal and aptitude assessment). The data may also contain other information obtained from you, such as job application and possible appendices of the application, other information accumulated during the recruitment process, such as notes made by the interviewers, communications between you and us, and to the extent permitted by applicable law, drug test certificate or data included in it in order to establish your performance and ability to work, or your personal credit information in order to establish your reliability. If you are a job applicant for Sievo, Inc., we may perform a background check in the context of which we may process data relating to criminal convictions and offenses.

Purpose of processing: your data is collected, used, stored, and processed for the purpose of contacting you in relation to career opportunities at Sievo and for other purposes related to the recruitment process.

Legal basis for data processing: the processing is necessary in order to take steps at your request prior to entering into an employment contract between you and us. The processing may also be based on our legitimate interest, such as maintaining a CV database, or other legitimate interests, such as ensuring and improving data security or the security of our premises and data network; protecting our property; preventing and investigating suspected malpractices; analyzing and compiling statistics for business purposes and to develop our business. To the extent you provide us with sensitive personal data during the recruitment process, the processing of such data is based on your explicit consent.

Sources of data: electronic forms available on our website sievo.com and/or within job profiles published on data processor website jobylon.com, as well as possible communications and meetings between you and us.

Retention policy: your data will be processed as long as is necessary for the purpose specified above and as long as Sievo has a legitimate need to keep the data. Our standard policy is to remove personal data of candidates in our recruitment register after a recruitment process has been concluded, or after one year has passed from the relevant recruitment decision.

For information on how we may share your personal data as well as information on your rights, please refer to the relevant sections below in this Policy.

 

Sharing of personal data and transfers outside the EU

Each Sievo entity may share personal data as described below in this section.

We may transfer your personal data to our service providers, including but not limited to suppliers and sub-contractors working on our behalf for the purposes of completing tasks and providing services to us.

When transferred to an entity processing personal data on behalf of us (i.e. processors), we have, including by contractual arrangements ensured that personal data is processed only under the instructions provided by us and for the purposes specified in this Policy. The processing carried out by processors may include in particular the provision of data systems and other such services to us.

Sievo entities may disclose personal data to other Sievo entities for purposes that are consistent with this Policy. For example, we may disclose your contact information to facilitate communication between you and another Sievo entity or to facilitate the provision of services to or contract negotiations between the organization you represent and another Sievo entity.

We may disclose your personal data within the limits permitted or required by the applicable laws, for example to authorities, external advisors, or other third parties. We may disclose personal data to law enforcement authorities including where such disclosure is necessary for compliance with a legal obligation to which we are subject, or for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative procedure. We may also disclose personal data to data analytics providers to compile and analyze statistics relating to the usage of our services, to marketing partners, including advertisement networks and social media service providers, as well as to other service providers such as a debt collection agency for purposes of debt collection, but only to the extent that the fulfillment of their tasks requires the disclosure of personal data. If we are involved in a merger, sale of assets or other business transaction or reorganization, we may disclose limited amounts of personal data to the purchaser candidates and their representatives in accordance with the applicable law.

Sievo Oy and Sievo Procurement Analytics SRL are EU-based companies, but Sievo, Inc. is based in the United States. In addition, some of our service providers to whom we transfer personal data are located or may store personal data outside the EU or the European Economic Area (EEA), and therefore to the extent necessary, personal data may be transferred to countries outside the EU or the EEA. In such cases, we will ensure an adequate level of data protection. Information on transfers of personal data outside the EU or EEA area and on the appropriate safeguards, such as EU Standard Contractual Clauses, applied thereto from time to time is available from the contact person mentioned in the beginning of this Policy.

 

Your rights

In this section, we have summarized the rights that you as a data subject have under the GDPR. Some of the rights are complex and are subject to certain exceptions, and to keep this Policy concise, not all of the details have been included in the below summaries.

If you have declared your consent regarding certain types of processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.

You have the following rights:

  • Right of access: You have the right to obtain from us confirmation as to whether personal data related to you is processed, and, where that is the case, to access such personal data as well as certain information about our processing of it and your rights in relation to it.

  • Right to rectification: You have the right to obtain from us rectification of any inaccurate personal data we hold about you.

  • Right to be forgotten: In certain circumstances, you have the right to obtain the erasure of the personal data we hold about you, subject to certain exceptions.

  • Right to restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of our processing of your personal data or to object to us processing your personal data. If you object, we will stop processing your personal data unless certain exceptions apply.

  • Right to data portability: Where the legal basis for processing your personal data is your consent or an agreement directly entered between you and us, and we process your data by automated means, you may have the right to be provided with the personal data we hold about you in structured, commonly used and machine-readable format and to transmit the data to another controller.

  • Right to object and opt-out from marketing: If you wish us to stop processing your personal data for marketing purposes, we will stop processing your personal data for this purpose. When we collect your data, you may be provided the possibility to choose whether or not you wish to receive marketing communications from us. If you wish to stop receiving marketing communications, you can opt-out at any time by clicking the unsubscribe link at the bottom of one of our emails or by contacting us by other means.

To exercise any of these rights, reach out to the contact person mentioned in the beginning of this Policy.

If you consider that our processing of your personal data infringes the data protection laws, you have the right to lodge a complaint with a data protection supervisory authority. You may do this in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement. The website of the Finnish competent authority, the Office of the Data Protection Ombudsman, is available here.

 

Updates to the Policy

Each time you visit our website or use our products you will have access to the latest version of our Policy. We encourage you to review this Policy regularly if you use our services or otherwise interact with us. You can see the last date updated at the top of this Policy.

 

Sievo as a processor

The GDPR and data protection laws of some other countries differentiate between “controllers” and “processors” of personal data. A “controller” determines the purposes and means (or the why and the how) of processing personal data. A “processor”, which is sometimes referred to as a “service provider,” processes personal data on behalf of a controller under contract concluded between the two and subject to restrictions set out in such contract.

Our customers rely on our services to help them manage and process large amounts of data, which may include also personal data. We refer to this type of data and personal data as “Customer Data.” When we process Customer Data, we generally act as a processor and our customers as controllers. This means we process Customer Data on behalf of our customers subject to restrictions set forth in our contracts with them.

This Policy does not cover or address how we or our customers process Customer Data. In addition, we are generally not permitted to respond to individual data subject requests relating to Customer Data. As a result, we recommend referring to the privacy notice of the customer with which you have a relationship for information on how they process personal data as a controller and on how they engage processors, like us, to process Customer Data on their behalf.

 

List of cookies used on the website

The specific types of first and third-party cookies served through our website and the purposes they perform are described in the table below (please note that the specific cookies served may vary depending on the specific Online Properties you visit)

Essential website cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features, such as access to secure areas.

Name: __cfruid
Purpose: Required to manage incoming traffic, rate limiting
Provider: CloudFlare
Country: US
Type: Cookie
Expires In: Session

Name: __cf_bm
Purpose: Required to mitigate automated traffic to protect the site from bad bots
Provider: CloudFlare
Country: US
Type: Cookie
Expires In: 30 min

Name: hs_ab_test
Purpose: This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before.
Provider: HubSpot
Country: US
Type: Cookie
Expires In: Session

Name: embed/v3/counters.gif
Purpose: Used to implement forms on the website
Provider: HubSpot
Country: US
Type: Pixel
Expires In: Session

Performance and functionality cookies

These cookies are used to enhance the performance and functionality of our Websites but are non-essential to their use. However, without these cookies, certain functionality (like videos) may become unavailable.

Name: VISITOR_INFO1_LIVE
Purpose: Tries to estimate the users' bandwidth on pages with integrated YouTube videos
Provider: YouTube
Country: US
Type: Cookie
Expires In: 6 months

Name: events/1/#
Purpose: Used to monitor website performance for statistical purposes
Provider: New Relic
Country: US
Type: Pixel
Expires In: Session

Name: __hs_initial_opt_in
Purpose: Used to prevent the banner from always displaying when visitors are browsing in strict mode
Provider: HubSpot
Country: US
Type: Cookie
Expires In: 1 week

Name:__hs_opt_out
Purpose: Used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again
Provider: HubSpot
Country: US
Type: Cookie
Expires In: 6 months

Analytics and customization cookies

These cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or how effective our marketing campaigns are, or to help us customize our Websites for you.

Name: vuid
Purpose: Used by Vimeo to store unique identifiers of videos that you have viewed
Provider: Vimeo
Country: US
Type: Cookie
Expires In: 2 years

Name: player
Purpose: Used to save your preferred settings before you play an embedded Vimeo video 
Provider: Vimeo
Country: US
Type: Cookie
Expires In: 2 years

Name: sync_active
Purpose: Contains data on visitor's video-content preferences
Provider: Vimeo
Country: US
Type: Local Storage
Expires In: Persistent

Name: __hmpl
Purpose: Collects information on user preferences and/or interaction with web-campaign video content
Provider: play.hubspotvideo.com
Country: US
Type: Local Storage
Expires In: Persistent

Name: loglevel
Purpose: Retains the settings and outputs when the Developer Tools Console is used in the current session
Provider: play.hubspotvideo.com
Country: US
Type: Local Storage
Expires In: Persistent

Name: yt-remote-device-id
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Local Storage
Expires In: Persistent

Name: ytidb::LAST_RESULT_ENTRY_KEY
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Local Storage
Expires In: Persistent

Name: yt-html5-player-modules::subtitlesModuleData::module-enabled
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Local Storage
Expires In: Persistent

Name: yt-player-headers-readable
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Local Storage
Expires In: Persistent

Name: yt-player-bandwidth
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Local Storage
Expires In: Persistent

Name: yt-player-volume
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Local Storage
Expires In: Persistent

Name: yt-remote-connected-devices
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Local Storage
Expires In: Persistent

Name: yt-remote-session-app
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Session Storage
Expires In: Session

Name: yt-remote-cast-installed
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Session Storage
Expires In: Session

Name: yt-remote-session-name
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Session Storage
Expires In: Session

Name: yt-remote-cast-available
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Session Storage
Expires In: Session

Name: yt-remote-fast-check-period
Purpose: Stores the user's video player preferences using embedded YouTube video
Provider: YouTube
Country: US
Type: Session Storage
Expires In: Session

Name: YSC
Purpose: Registers a unique ID to keep statistics of what videos from YouTube the user has seen
Provider: YouTube
Country: US
Type: Cookie
Expires In: Session

Name: __ptq.gif
Purpose: Used to record anonymous page view data
Provider: HubSpot
Country: US
Type: Pixel
Expires In: Session

Name: _gcl_au
Purpose: Used by Google AdSense for experimenting with advertisement efficiency across websites using their services
Provider: Google Adsense
Country: US
Type: Cookie
Expires In: 3 months

Name:_gac_UA-XXXXXXXX-X
Purpose: Used for click tracking when using auto-tagging in Goggle Ads using their services
Provider: Google Adsense
Country: US
Type: Cookie
Expires In: 1 minute

Name: __hstc
Purpose: Contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session)
Provider: HubSpot
Country: US
Type: Cookie
Expires In: 6 months

Name:__hssc
Purpose: Used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie
Provider: HubSpot
Country: US
Type: Cookie
Expires In: 30 minutes

Name: __hssrc
Purpose: Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser
Provider: HubSpot
Country: US
Type: Cookie
Expires In: 

Name: hubspotutk
Purpose: Keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
Provider: HubSpot
Country: US
Type: Cookie
Expires In: 6 months 

Name: _ga
Purpose: Used to distinguish users
Provider: Google Analytics
Country: US
Type: Cookie
Expires In: 2 years

Name: _gid
Purpose: Used to distinguish users
Provider: Google Analytics
Country: US
Type: Cookie
Expires In: 1 day

Social networking cookies

These cookies are used to enable you to share pages and content that you find interesting on our Websites through third-party social networking and other websites. These cookies may also be used for advertising purposes.

Name: _fbp
Purpose: Used to personalize content (including ads), measure ads, produce analytics, and provide a safer experience
Provider: Facebook
Country: US
Type: Cookie
Expires In: 3 months

Name: _fbc
Purpose: Used to personalize content (including ads), measure ads, produce analytics, and provide a safer experience, when a user lands on the site from an ad
Provider: Facebook
Country: US
Type: Cookie
Expires In: 2 years

Unclassified cookies

These are cookies that have not yet been categorized. We are in the process of classifying these cookies with the help of their providers.

Name: jserrors/1/#
Purpose: To collect error data and AJAX request metrics
Provider: New Relic
Country: US
Type: Pixel
Expires In: Session

Name: ziwsSession
Purpose: Unclassified
Provider: ZoomInfo
Country: US
Type: Session Storage
Expires In: Session

Name: ziwsSessionId
Purpose: Unclassified
Provider: ZoomInfo
Country: US
Type: Session Storage
Expires In: Session