c1.fi - Privacy Policy

Date: 2021-Jan-05

In this Privacy Policy document terms “we”, “us”, “our”, “c1.fi” and “Fennosys” will all refer to Fennosys Oy (European Vat ID: FI20461066). Terms “Customer”, “your” and “you” refer to you.

Term “Services” refers to any service or product which Fennosys Oy is producing and you as a Customer or as a potential Customer are using.

We divide Customer Related Data into three main categories:

Fennoys Oy acts as a Data Controller.

Customer Account Data

Your email address will serve as a username in our Services. The password you provide will be converted to encrypted format (salted hash) which is then recorded to our database. We can not read your password.

Currently we do not store your credit card information as part of the Customer Account Data. Credit Card data will be transmitted, processed and stored by stripe.com.

How do we collect Customer Account Data?

We collect, process and store Customer Account Data when you register to our Services or when you update your personal data in our Services.

We also may update your personal information when you contact our support.

For what will we use Customer Account Data?

We use Customer Account Data to:

We do not sell your Customer Account Data to third parties.

In order to process user verification and electric payments we will share the phone number you provided us during registration with related affiliates.

In order to process payments we pass required details to the payment processor in question.

All data exchange between us and our affiliates is done over TLS encrypted connection.

How do we store Customer Account Data?

All Customer Account Data is stored on our servers on encrypted block devices.

In case your account is closed (by your own request or by non-payment condition or by end of trial period) all your Customer Account Data will be permanently erased from our system after thirty one (31) days from the closing of your account.

Customer Usage Data

How do we collect Customer Usage Data?

Our public facing web servers will collect and store the public IP address and cookie information each time your browser connects to our public facing web servers.

Our public facing email servers will collect the public IP address and username when your email client connects to our email servers (via related protocols like ActiveSync, smtp and imaps).

For what will we use Customer Usage Data

We use Customer Usage Data to:

How do we store Customer Usage Data

Our Customer Usage Data retention policy limits the maximum storage time of not anonymised data to 12 months. After this time period the data will be either permanently erased or anonymised. All data is held on our servers on encrypted block devices.

We do not sell or market Customer Usage Data to third parties in any shape or form.

The only situation we may hand over Customer Usage data to a third party is when we are forced to comply with court subpoena or law enforcement authorities.

Customer Content

Customer Content refers to:

How does c1.fi email service store and handle Customer Content?

Customer content (the messages and possible attachments) are stored on c1.fi email service servers when the server receives a message addressed to you.

Customer content may also be saved to c1.fi email servers when you send a message addressed to someone else under the context of your own accont (Outbox) if your email client software or the webmail application is set to do so (default practice in many cases).

In case one (or more) recipients have their email account on c1.fi email servers then the content of the message you sent will be saved under the context of the receivers account.

In case all the recipient accounts of the message you send via c1.fi email service recide on c1.fi email service all data (and related metadata) is held within c1.fi email service network.

All Customer Content is stored on out servers into a block device which is fully encrypted. In addition all messages are stored in encrypted format on the servers file system.

None of our personal is allowd to read or access your Customer Content unless some serious violation has been reported or is suspected.

Your personal Customer Content in erased permanently after thirty one (31) days from deletion of your account (by your own request or by non-payment condition or by end of trial period).

Messages originating from or directed to third party email service providers

It’s important for you to understand that if the message was sent from a email service other than c1.fi the message has traversed over internet and there’s no way for us to control how the message treated on it’s way to our system or how it’s stored or handled by the senders software (or application) and their email service provider.

In case one (or more) recipients have their email account on some other service provider the content of the message you sent to them will travel over internet and one (or possibly more) smtp servers or filtering systems before the message is finally delivered to the recipients Inbox. We do not have any control of the message and how it is dealth with once it exits c1.fi servers. The message may be copied or changes on it’s route to the receiver.

I’m an EU Citizen - What are my data protection related rights?

You may contact our Data Protection Officer (contact information below) with questions, requests or complaints. We will address your concerns and provide you with requested information witin a resanoble time.

If you make a request we have 31 days to respond to you. Please note: In order to prevent malicious requests by unauthorized parties we will require you to prove your identity while you confirm that the given request is actually from you.

As an EU citizen you (The Data Subject) are entitled to following:

Right to access

We will provide you with copies of your personal data. We may charge you a fee for this service.

Right to rectification

If your data turns out to be incorrect, we will rectify the personal data without undue delay. Incomplete personal data shall be completed.

Right to erasure

Customer Usage Data will be automatically deleted or anonymised as previously described (according to our data retention policy). Customer Data and Customer Content will be automatically deleted as previsoyly descbied.

You are entitled to request the erasure of your personal data without undue delay under certain conditions. Please refer to Art. 17 GDPR.

Right to restrict processing

You may optain a resriction of processing from us under certain conditions. Please refer to Art. 18 GDPR.

Right to data protability

Upon request we will provide you with the personal data that has been processed based on consent or in the context of a contract with you.

The data will be provided in electonic format to you or to anohter Controller pointed by you.

Changes to Privacy Policy

We keep this Privacy Policy under regular review and make it publicly available at https://c1.fi/privacy/en.

Warrant Canary

A Warrant Canary refers to a statment in which we declear our company has not received any calssified requests (subpoenas, warrants, gag orders) by government or court of justice for user information.

Our Warrant Canary will be publicly available all times at https://c1.fi/canary/en. Plase make special notice if this document has been removed.

The canary document is always digitally signed so that you can confirm that it’s content has not been tampered with.

If the warranty document has not been updated in 3 months time it’s safe to assume that c1.fi has been breached.

Contact information

Back to policies & legal