c1.fi - Privacy Policy

Date: 2022-Apr-30


In this Privacy Policy document terms “we”, “us”, “our”, “c1.fi” and “Fennosys” will all refer to Fennosys Oy (European Vat ID: FI20461066). Terms “Customer”, “your” and “you” refer to you.

Term “Services” refers to any service or product which Fennosys Oy is producing and you as a Customer or as a potential Customer are using.

We divide Customer Related Data into three main categories:

  • Customer Account Data
  • Customer Usage Data
  • Customer Content

Fennoys Oy acts as a Data Controller.

Customer Account Data

  • Personal identification information:
    • name
    • email address
    • phone number

Your email address will serve as a username in our Services. The password you provide will be converted to encrypted format (salted hash) which is then recorded to our database. We can not read your password.

Currently we do not store your credit card information as part of the Customer Account Data. Credit Card data will be transmitted, processed and stored by stripe.com.

How do we collect Customer Account Data?

We collect, process and store Customer Account Data when you register to our Services or when you update your personal data in our Services.

We also may update your personal information when you contact our support.

For what will we use Customer Account Data?

We use Customer Account Data to:

  • Take care of our business related tasks like accounting, billing, filing taxes and providing support.
  • Inform you about events or changes related to Services, payments or accounts.
  • Prevent, detect or investigate suspected or witnessed abuse or miss-use of the Services.
  • Understand our Customers and their needs and to develop the Service accordingly.

We do not sell your Customer Account Data to third parties.

In order to process text messages (SMS) we will share the phone number you provided us during registration with related affiliates.

In order to process payments we pass required details to the payment processor in question.

All data exchange between us and our affiliates is done over TLS encrypted connection.

How do we store Customer Account Data?

All Customer Account Data is stored on our servers on encrypted block devices.

In case your account is terminated (by your own request or by non-payment condition or by end of trial period) all your Customer Account Data will be permanently erased from our system after thirty one (31) days from the closing of your account.

Customer Usage Data

  • Communication metadata
    • IPv4 and IPv6 addresses
    • Time of the https request with browser type and the identification (URL) of the page that was requested
    • Cookie ID’s for cookies set by our Services. We do not use cookies set by third parties.
    • Email message delivery data (logs)
How do we collect Customer Usage Data?

Our public facing web servers will collect and store the public IP address and cookie information each time your browser connects to our public facing web servers.

Our public facing email servers will collect the public IP address and username when your email client connects to our email servers (via related protocols like ActiveSync, smtp and imaps).

For what will we use Customer Usage Data

We use Customer Usage Data to:

  • Operate the Services.
    • Email delivery requires our servers to process recipient addresses in “To:“, “Cc:” or “Bcc” message headers in order to be able to deliver your message to correct destinations.
  • Learn how to further develop the Services.
  • Prevent, detect or investigate suspected or witnessed abuse or miss-use of the Services.
How do we store Customer Usage Data

Our Customer Usage Data retention policy limits the maximum storage time of not anonymised data to 12 months. After this time period the data will be either permanently erased or anonymised. All data is held on our servers on encrypted block devices.

We do not sell or market Customer Usage Data to third parties in any shape or form.

The only situation we may hand over Customer Usage data to a third party is when we are forced to comply with court subpoena or law enforcement authorities.

Customer Content

Customer Content refers to:

  • Data of the communications (message and it’s possible attachemnts) you are sending or receiving via the Services. This also includes message drafts and their possible attachments.
  • In case you use our webmail application (https://wm.c1.fi) and it’s calendar, tasks, notes, address book, file manager or bookmarks features all data stored to mentioned submodules will belong to Customer Content category as well.
How do we store and handle Customer Content?

When receiving email messages the messages and it’s possible attachments are stored on c1.fi servers.

Message content may also be saved to c1.fi email servers when you send an email message if your email client software or the webmail application is set to do so (default practice in many cases). Many email client applications also store message drafts into servers.

All Customer Content is stored on our servers into block devices which are fully encrypted. In addition all email messages are encrypted against users public key before stored on the block devices.

None of our personal is allowed to read or access your Customer Content unless some serious violation has been reported or is suspected.

Your personal Customer Content in erased permanently after thirty one (31) days from termination of your account (by your own request or by non-payment condition or by end of trial period).

I’m an EU Citizen - What are my data protection related rights?

You may contact our Data Protection Officer (contact information below) with questions, requests or complaints. We will address your concerns and provide you with requested information witin a resanoble time.

If you make a request we have 31 days to respond to you. Please note: In order to prevent malicious requests by unauthorized parties we will require you to prove your identity while you confirm that the given request is actually from you.

As an EU citizen you (The Data Subject) are entitled to following:

Right to access

We will provide you with copies of your personal data. We may charge you a fee for this service.

Right to rectification

If your data turns out to be incorrect, we will rectify the personal data without undue delay. Incomplete personal data shall be completed.

Right to erasure

Customer Usage Data will be automatically deleted or anonymised as previously described (according to our data retention policy). Customer Data and Customer Content will be automatically deleted as previsoyly descbied.

You are entitled to request the erasure of your personal data without undue delay under certain conditions. Please refer to Art. 17 GDPR.

Right to restrict processing

You may optain a resriction of processing from us under certain conditions. Please refer to Art. 18 GDPR.

Right to data portability

Upon request we will provide you with the personal data that has been processed based on consent or in the context of a contract with you.

The data will be provided in digital format over network to you or to anohter Controller pointed by you.

Changes to Privacy Policy

We keep this Privacy Policy under regular review and make it publicly available at https://c1.fi/privacy/?lang=en.

Warrant Canary

A Warrant Canary refers to a statment in which we declear our company has not received any calssified requests (subpoenas, warrants, gag orders) by government or court of justice for user information.

Our Warrant Canary will be publicly available all times at https://c1.fi/canary. Plase make special notice if this document has been removed.

The canary document is always digitally signed so that you can confirm that it’s content has not been tampered with.

Contact information

  • Email address: datasecurity@c1.fi


Warning: can't display the error message!

Warning: can't display path text

Warning: can't display wait text