Privacy Policy for Optivian Solutions Oy

In the following, we provide information about the collection and processing of personal data in the context of the AI-powered sales recommendation platform and related cloud-based services provided by Optivian Solutions Oy ("Optivian", "we", "us").

Depending on the processing activity, Optivian acts either as a Processor or a Controller:

As a Processor (see Section II), we process your personal data on behalf of your employer (our Customer), who in this case is the Controller. Please contact your employer directly for any questions regarding such processing.

As a Controller (see Section III), we process personal data for our own business purposes, such as account administration, billing, support, marketing, and website operation.

The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal data from children.

II. Optivian as a Processor

Our platform is provided to companies as a AI-powered sales recommendation tool. If the Service is made available to you by your employer, your employer is the Controller of your personal data and Optivian is the Processor. Optivian processes your personal data only under the instructions of your employer and is not responsible for your employer's independent privacy practices.

1. Types of Personal Data Processed as a Processor

a) Profile Data

Name, work email address, login credentials.

Additional profile attributes may be added by you or your employer.

b) Customer Data

CRM records such as contacts, opportunities, deal stages.

Business communications related to sales (e.g., work emails, meeting notes).

c) Access and Technical Data

IP address, browser type, operating system, device identifiers, date and time of access, error logs, and usage metrics (for stability and security).

d) Metadata

Pseudonymized or anonymized statistics about how the Service is used.

2. Use of AI and Profiling as a Processor

The Service uses artificial intelligence models to analyze Customer Data and generate sales recommendations and insights.

This constitutes profiling under GDPR, as it involves automated analysis of personal data to evaluate or predict aspects such as sales performance, customer interactions, or likely outcomes.

The AI outputs are advisory only. They do not have legal or similarly significant effects on individuals. All business decisions remain the responsibility of human users at the Customer.

Data subjects have the right to object to profiling under GDPR Art. 21. If Optivian were ever to introduce fully automated decision-making with legal or significant effects, data subjects would also have the right to request human intervention, express their views, and contest the decision (Art. 22 GDPR).

All AI-related data transfers occur over encrypted connections. Our AI providers are contractually prohibited from using Customer Data to train or optimize their general AI models.

3. Storage Duration as a Processor

Customer Data: Deleted within 120 days after contract termination, unless required longer for legal claims.

User Account Data: Deleted within 120 days after termination of the Customer's contract.

Technical Logs: Deleted within 120 days.

III. Optivian as a Controller

Optivian is the Controller for personal data processed for our own business purposes, including account management, billing, communications, support, marketing, and website operation.

1. Categories of Data Processed as a Controller

a) Account and Contact Data

Names, job titles, business email addresses, Customer billing information.

b) Support and Communication Data

Data from support requests, administrative correspondence, or other communications with Optivian.

c) Website and Marketing Data

Cookies and analytics information (where applicable).

Newsletter or product update subscription information.

2. Legal Bases for Processing as a Controller

Optivian processes personal data under the following GDPR legal bases (Art. 6):

Contract (Art. 6(1)(b)) – To provide and administer the Service, manage user accounts, and fulfill agreements.

Legitimate Interest (Art. 6(1)(f)) – To secure, improve, and operate the Service, support Customers, and communicate relevant updates.

Legal Obligation (Art. 6(1)(c)) – To comply with statutory obligations (e.g., tax, accounting).

Consent (Art. 6(1)(a)) – For optional activities such as marketing or participation in product feedback programs. Consent can be withdrawn at any time.

3. How we share your information

We do not sell personal data. We only share personal data with trusted service providers who help us operate the Service:

Google Cloud Platform (GCP) – hosting and AI processing.

Amazon Web Services (AWS) – authentication.

Sentry – error tracking.

All sub-processors are bound by Data Processing Agreements. A current list is available in our DPA.

Data may also be disclosed if required by law or in connection with mergers, acquisitions, or other corporate transactions.

4. How We Use Your Information

We use the information we process for a few key purposes:

To Provide and Improve the Service: This is our primary goal. We analyze Customer Data to provide your company with sales recommendations and use technical data to improve performance.

For Security and Troubleshooting: We monitor our systems to prevent security incidents and fix bugs.

To Communicate With You: We use your contact information to send service updates and support messages.

To Create Anonymized Insights: We may anonymize and aggregate data to analyze usage trends and improve our product. This Anonymized Data cannot be used to identify any individual or company.

5. International Transfers

Optivian is based in Finland and primarily uses EU-based infrastructure. Where personal data is transferred to third countries (e.g., the U.S.), we rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-U.S. Data Privacy Framework (DPF).

6. Storage Duration as a Controller Role

Account and billing data: Stored for the duration of the contractual relationship and thereafter as required by law (e.g., Finnish Accounting Act).

Marketing data: Retained until you withdraw consent or opt out.

Support/communications data: Retained as long as necessary to resolve the issue and for legitimate record-keeping.

IV. Contact

If you have any questions, please reach out.

V. Your Rights

As a data subject, you have the following rights under the GDPR (depending on the processing context and legal basis):

Right of access – to obtain confirmation as to whether your personal data is processed and to receive a copy (Art. 15 GDPR).

Right to rectification – to correct inaccurate or incomplete personal data (Art. 16 GDPR).

Right to erasure ("right to be forgotten") – to request deletion of personal data under certain conditions (Art. 17 GDPR).

Right to restriction of processing – to request limitation of processing under certain conditions (Art. 18 GDPR).

Right to data portability – to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another Controller (Art. 20 GDPR).

Right to object – to processing of personal data, including profiling, where the legal basis is legitimate interest (Art. 21 GDPR).

Right to withdraw consent – if processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal (Art. 7(3) GDPR).

We will respond to rights requests without undue delay and at the latest within 30 days. If the request is complex or numerous, we may extend this period by up to two further months, but we will inform you of the extension and the reasons for it.

For Customer Data (e.g., CRM records, work emails) processed by Optivian as a Processor, please contact your employer (the Controller).

For User Account, billing, or website data processed by Optivian as a Controller, please contact us at security@optivian.ai.

You also have the right to lodge a complaint with your local data protection authority.

VI. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify Customers' designated administrators by email or through the Service. The updated version will always be available at optivian.ai/privacy.