Privacy Policy

Last updated 14 November 2023

This Privacy Policy (the "Policy") details how and why Realm Technologies Oy (hereinafter "Realm", "we", "us" or "our") collects, processes and discloses information associated with an identified or identifiable individual (“Personal Data”).

1. Applicability of this Policy, definitions

This Policy applies to anyone accessing Realm’s online workplace search engine (the “Product”), including by visiting app.withrealm.com or its subpages or using any other means in which it may be accessible from time to time; visiting our website at withrealm.com (the ”Website”); or engaging in any other interactions with Realm. The aforementioned are jointly referred to as “Services” and anyone accessing them as a “User.

If you do not agree with this Policy, then do not access or use the Services or interact with any other aspect of our business.

Users who have access to the Product are referred to as “Subscribers” (however, the umbrella term User also includes Subscribers). Subscribers are able to access the Product because an entity that Realm has a business relationship with (such entities are referred to as a ”Customer”) has granted them access. Realm may have entered into a separate agreement with the Customer, such as a terms of service agreement, service-level agreement and/or a data-processing agreement (separately and together referred to as a “Customer Agreement”), which governs delivery, access and use of the Services. A Customer’s own instance of the product, meaning a specific version of the product that a Customer and its Subscribers are able to access, is referred to as an “Instance”. The time period during which a Customer Agreement is in effect, or a Customer has otherwise expressed that it wishes for Realm to prepare, make available or otherwise maintain its Instance, is referred to as the “Customer Relationship”.

Realm has developed integrations (”Integrations”) with a number of third-party services (“Third-Party Services”), such as those offered by Slack, Google, and Atlassian. These Integrations are vital for the delivery of the Product and allow a Customer or a person assigned by a Customer as an administrator of its Instance to grant Realm continuous access to data from a Third-Party Service (all such data will be referred to as “Customer Data”), such as messages, documents, and files that the Customer wishes to make searchable from its Instance.

The Customer is the controller of all Customer Data and Realm is a processor. Therefore, except for where Customer Data is explicitly discussed, this Policy does not apply to Customer Data. Instead, Customer Data will be processed by Realm in accordance with the Customer’s instructions and any applicable terms in the Customer Agreement, and as required by applicable law. Regarding Customer Data, Subscribers should direct their data privacy questions to the Customer whose Instance they are subscribed to. We are not responsible for the privacy or security practices of Customers, which may be different than this policy.

In general, this Policy does not apply to Third-Party Services or any other third-party products, services or businesses who will provide their services under their own terms of service and privacy policy.

2. Data controller

Unless otherwise specified in this Policy or in an at the time applicable Customer Agreement, Realm Technologies Oy (ID: 3358260-9) is the data controller and is responsible for ensuring that Personal Data is processed in compliance with this Policy and applicable data protection laws.

For any questions about this Policy, reach out to contact@withrealm.com.

3. Personal Data that we collect

Through operating the Services, Realm will collect and process the following information:

3.1. Data on Customers and Subscribers

  • Subscriber information, such as name, email address, job title, and company name.
  • Customer relationship details, such as contract, start and end date of Customer Relationship, and services ordered.
  • Customer billing information, such as bank account information, payments made, and outstanding invoices, and invoices delivered.
  • Services metadata. When Subscribers interact with the Services, Realm collects metadata that provides additional context about the way that a Subscriber uses the Services. For example, Realm logs searches Subscribers make and links and features they view or interact with.
  • Customer interaction information, such as Customer contacts, feedback, complaints, call notes, meeting recordings, and feature requests.
  • Other business-related information which is not itself Personal Data but which, together with other information, may be Personal Data, such as number of employees in the company and Third-Party Services or other business applications that the company uses.

3.2. Data on all Users (including Subscribers)

  • Log data. When Subscribers interacts with the Services, Realm may automatically collect information and records it in log files. This log data may include Internet Protocol (IP) address, browser type and settings, when the Services were used, information about browser configuration, and language preferences.
  • Device information (any computer, tablet, phone or similar piece of equipment will be referred to as a “Device”). Realm may collect information about Devices accessing the Services, including type of Device, operating system, Device settings, application IDs, unique Device identifiers, and crash data.
  • Marketing information. Information related to marketing communications through email, meetings, website and social media platforms.
  • Cookie information. We may place a cookie or similar technology in our Services, including on our Website, to help us collect information. For more details on how we use these services, see 11. Cookie Policy.

3.3. Data on persons who are not Users

Persons who are not Users will be referred to as “Persons of Interest”.

  • Prospect information. From time to time, Realm will contact Persons of Interest at potential customer companies to provide them relevant information about our Services. For this purpose, Realm will process Personal Data such as company names, email addresses, employee names, and job titles. Realm may, from time to time, receive such information from third parties (any entity that is not a Third-Party Service, as defined above, will hereafter be referred to as “Other Third Party”), such as social media platforms or sales intelligence tools.
  • Marketing information. Information related to marketing communications through email, meetings, website and social media platforms.
  • Other business-related information which is not itself Personal Data but which, together with other information, may be Personal Data, such as number of employees in the company and Third-Party Services or other business applications that the company uses.

4. Purpose and legal basis for processing Personal Data

We process Personal Data for the following purposes:

1) Providing the Service and managing the Customer Relationship

The primary purpose of processing Personal Data is to provide the Services to Customers and Users and to manage and maintain the Customer Relationship.

2) Marketing

We may, from time to time, send Users or Persons of Interest emails or other electronic communication about the Services. In this respect, processing of Personal Data is based on our legitimate interest to provide Users or Persons of Interest with relevant and tailored information of the Services, to promote the Service or to personalize the User experience. Users and Persons of Interest have the right to object to processing that is based on our legitimate interest, as indicated in 8. Data subject rights.

A User or Person of Interest may unsubscribe from all communications at any time by contacting us at contact@withrealm.com.

3) Service development and information security

We also process Personal Data to improve the quality of the Services, including to monitor and analyse the use of the Services, and to ensure its security. In these cases, the legal basis for data processing is our legitimate interest to ensure that our Services have an adequate level of data security, and that we have sufficient and relevant information at hand to develop our Services.

5. Disclosures of personal data

We may disclose Personal Data to third parties:

  • when permitted or required by law, e.g. to comply with requests by competent authorities or related to legal proceedings;
  • when trusted Other Third Parties, such as cloud service providers, provide services to us (such trusted Other Third Parties who provide services to us will be referred to as “Service Providers”). Some of the Service Providers are acting on our behalf as data processors and act under our instructions. However, we may also use Service Providers acting as controllers (e.g., lawyers, accountants, etc.). In any case, the Service Providers are engaged for the purposes of pursuing the activities outlined in this Policy;
  • if we are involved in a merger, acquisition, or sale of all or a portion of our assets; and
  • when we believe in good faith that disclosure is necessary to protect our rights, protect safety of our Users or the safety of others or to investigate fraud.

6. Transfers of Personal Data outside of the EU/EEA

We store Personal Data on servers located in the European Economic Area ("EEA") provided by Google and Amazon Web Services.

We may transfer Personal Data outside the European Economic Area ("EEA") when Service Providers are located or otherwise process data there. To the extent Personal Data is transferred to a country outside of the EU/EEA, Realm will use appropriate legal mechanisms to safeguard the transfer.

7. Retention of Personal Data

Realm will only retain Personal Data for as long as necessary to fulfill the purposes defined in this Policy. As a rule, the data will be processed during the Customer Relationship. After that Personal Data will be retained for a short period before deleted to ensure that all contractual rights or obligations by either party are fulfilled, for example bills are paid, and shortly returning Customers can retain their data. Some Personal Data may be retained longer when required by law, such as invoices and orders in accordance with accounting laws.

When Realm processes Personal Data for marketing purposes, the data will be deleted after 2 years from the last contact between Realm and the User or Person of Interest or when the User or Person of Interest asks Realm to stop marketing and for a short period after this, allowing us to implement the request.

8. Data subject rights

Users and Persons of Interest have the following rights:

  • The right to request access to Personal Data about himself/herself;
  • The right to request rectification, restriction or erasure of Personal Data. However, certain information is strictly necessary in order to fulfil the purposes defined in this Policy and may also be required by law. Thus, it may not be possible to remove such Personal Data;
  • The right to object for processing that is based on legitimate interest;
  • The right to object to processing for marketing purposes and prevent from receiving future direct marketing;
  • If processing of Personal Data is based on consent, the User has the right to withdraw consent at any time. The withdrawal will not affect the lawfulness of the processing carried out before the withdrawal; and
  • The right to data portability, i.e. the right to receive the Personal Data in a structured, commonly used machine-readable format and transmit the Personal Data to another data controller, to the extent required by applicable law. This applies to Personal Data processed based on a Customer Relationship or the User's consent.

Please send above-mentioned requests to us at contact@withrealm.com.

If you think there is a problem with the way we are handling your Personal Data, you have a right to file in a complaint to your national data protection authority in the EU/EEA. You may also file in a complaint to the data protection authority in any other EU country where you live, work, or where you think the alleged violation has occurred.

9. Security

We maintain reasonable security measures (including physical, electronic, and administrative) to protect Personal Data from loss, destruction, misuse, and unauthorized access or disclosure.

Please be aware that, although we endeavour to provide reasonable security measures for Personal Data, no security system can prevent all potential security breaches.

10. Changes to this policy

We may change this Policy from time to time. We will bring such changes to the attention of Users by using the available communication channels.

11. Cookie Policy

A "cookie" (hereinafter “Cookie”) is a piece of information that is stored on a person’s Device when they visit a website or use a service. Other technologies classified here as Cookies may be used for the same purpose. Cookies can help in identifying a person’s Device when they use a mobile application or visit a website and remember helpful details about the use and the choices made by the person to improve the experience.

Cookies cannot be used alone to identify an individual, but they may be linked directly or indirectly to an identifiable individual when combined with other information. In these cases, Cookies may be treated as Personal Data. If we identify a User based on Cookies, we make sure that all Cookie information is processed as Personal Data in accordance with applicable data protection laws.

Where Users give us their consent to place Cookies and to use similar technologies, Users have the right to withdraw their consent at any time. Users can do so by emailing us at contact@withream.com. Users may also prohibit the use of Cookies by changing the browser settings. Users may also limit the use of Cookies or remove Cookies from the browser. However, cookies are an important part of how our Services work, so limiting the use of Cookies may affect a User’s ability to make use of the Services.

We may, from time to time, use both sessions and persistent Cookies for various purposes:

  • Session Cookies are stored in memory for the duration of the session and removed once the User closes the browser.
  • Persistent Cookies are placed on hard drive of the User's Device and stored until they expire or the User deletes the Cookies. We will retain information collected via persistent Cookies no longer than 2 years.

We may, from time to time, use both first and third party Cookies for various purposes.

  • First party Cookies refer to both session and persistent Cookies placed by us on our Website.
  • Third party Cookies are Cookies that Other Third Parties, such as Google Analytics, Facebook, Twitter, and LinkedIn, place on our Website.

More detailed information on the type of Cookies, their purposes and duration can be requested by emailing us at contact@withrealm.com.