Terms of Service and Privacy Policy for the Steerpath Smart Office solution

Terms of Service

1. General

These terms of service (“Terms of Service”) govern the relationship between you and Steerpath Ltd and its affiliates (hereinafter “Steerpath” or “Us” or “We”) regarding your use of our application (“Steerpath Smart Office”) referred to as “Service”.

Before accessing or using the Service you must agree to these Terms of Service and the accompanying Privacy Policy. 

Steerpath reserves the right, at our discretion, to change, modify, add or remove portions of these Terms of Service and our Privacy Policy at any time by posting the amended terms on the Service. You will be deemed to have accepted such changes by continuing to use the Service. If at any point you do not agree to any portion of the then-current version of our Terms of Service, the Steerpath Smart Office Privacy Policy, or any other Service policy, rules or codes of conduct relating to your use of the Service, your license to use the Service shall immediately terminate, and you must immediately stop using the Service.

You must be at least 18 years of age to use the Service.

2. The Service

The Service is used for planning weekly work location and schedule, sharing plans with coworkers, booking desks and meeting rooms, viewing indoor maps, locating users and coworkers and helping users to navigate within the work space and other tasks related to work. 

The Service can either use your corporate login or your organisation may have opted to use separate email+password login. In both cases the use of the Service requires the following information to operate:

  • Your name

  • Your corporate e-mail address

  • The information of which company you belong to

 

Your failure to maintain accurate, complete, and up-to-date account information may result in your inability to access or use the Services. You are responsible for all activity that occurs under your account, and you agree to maintain the security and secrecy of your account username and password at all times. You may not authorize any third party to access or use your account. You may not assign or otherwise transfer your account to anyone else.

3. Ownership

The Service is provided utilizing equipment, hardware, software and intellectual property owned by Steerpath.

4. Data Protection

Steerpath will follow the policies set forth in its Privacy Policy.

5. Updates to the Service

You understand that the Service is an evolving one. Steerpath may require that you accept updates to the Service you have installed on devices. You acknowledge and agree that Steerpath may update the Service, with or without notifying you. You may need to update operating system software from time to time in order to receive the Service.

6. Disclaimer of Warranties

Without limiting Steerpath’s liability under Section 8 below, the Service is provided on an “as is” and “as available” basis for your use, without warranties of any kind, express or implied, including without limitation the warranties of merchantability, fitness for a particular purpose, title, non-infringement, and those arising from course of dealing or usage of trade. Steerpath does not warrant that you will be able to access or use the service at the times or locations of your choosing; that the Service will be uninterrupted or error-free; that defects will be corrected; or that the service is free of viruses or other harmful components.

7. Damages & Liability

You agree to indemnify, defend and hold Steerpath harmless from any claim, demand, damages or other losses, including reasonable attorneys’ fees, asserted by any third-party resulting from or arising out of your use of the Service, or any breach by you of these Terms of Service, however the foregoing does not apply if the infringement of rights is not attributable to your intentional or negligent behaviour. 

8. Assignment

The Parties may not assign or delegate any rights or obligations under these Terms of Service without the other Party’s prior written consent.

9. Force majeure

The Parties shall not be liable for any delay or failure to perform resulting from causes outside the reasonable control of the Parties, such as acts of God, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, strikes, or shortages of transportation facilities, fuel, energy, labour or materials.

10. Severability

The Parties agree that if any portion of these Terms of Service is found illegal or unenforceable, in whole or in part by any court of competent jurisdiction, such provision shall, as to such jurisdiction, be ineffective solely to the extent of such determination of invalidity or unenforceability without affecting the validity or enforceability thereof in any other manner or jurisdiction and without affecting the remaining provisions of the terms, which shall continue to be in full force and effect.

11. Arbitration

This Agreement shall be governed and construed in accordance with the laws of Finland. Any controversy or claim arising out of or relating to this Agreement, or the breach thereof, shall be finally settled by binding arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce by one arbitrator. The place of arbitration shall be Helsinki, Finland and the arbitration proceedings shall be conducted in the English language unless otherwise agreed by the respective Parties to the dispute.

Privacy Policy

1. Controller

Our contact person for data protection

Steerpath Oy

Läkkisepänkuja 4 A 3, 

02650 Espoo

+358 9 23161155

support@steerpath.com

2. Purpose and legal basis for processing personal data

We process your personal data in order to provide the Steerpath Smart Office Service (“Service”). For further information on the Service, please see the accompanying Terms Of Service.

The data subject is the user or the Service. The basis of processing is the performance of a contract

The purposes of the processing are the following:

  • Identification

  • Communications

  • Provision of the Service

  • Monitoring and improving service

3. Regular sources of information

We receive information about you when you provide it through using Steerpath Smart Office or through the information that the corporate registration and login provides. We do not  buy data from 3rd party vendors nor do we provide your data to anyone except your organisation for the purposes stated in the Terms Of Service and in this Privacy policy. The data we collect are for example your name, email and any other data you have provided us through the Service, or that the phone provides the Service, as you use it. 

The application and operating system may request certain permissions to access information, such as the “GPS” location, and by granting the application permission, the application may relay this information to servers to carry out the purposes outlined in section 2. 

The Service may use occupancy sensors for monitoring room or seat occupancy. The sensor does not identify the user, but the occupancy data may be combined with booking data. If the user is part of a booking, the occupancy sensor data may be combined with the booking information. If there is no booking the data will be handled anonymously.

Bluetooth beacon hardware does not collect any data.

4. Duration of processing

We will receive your personal data when you start using the Service and we will retain your information to carry out the functions as outlined in section 2, unless you request us to delete it (see section 5).

5. Your rights

You have the following rights: 

Access, rectification and portability

You have the right to access and correct your personal data retained in our register. You can view, correct, transmit and delete your customer data by sending us a request to support@steerpath.com. 

Deletion of personal data / “Right to be forgotten”

If you feel that the processing of some of your personal data is not necessary for our processing purposes, you have the right to ask us to delete that data. If you wish to delete information, we will process your request as soon as possible, after which we will either delete your information or provide you with a valid reason why the information cannot be deleted.

Objection to processing

You have the right to object to the processing of your personal data in full or in part at any time if you feel that we have processed your personal data unlawfully or that we do not have the lawful basis to process your personal data. We will process your request as soon as possible.

Complaint

You have the right to file a complaint with the Data Protection Ombudsman if you feel that we are in breach of applicable data protection laws when processing your personal data.

6. Disclosure of Information

This is a complete list of parties that may at times process your personal data on our behalf as part of the Smart Office service: 

  • AWS - Steerpath services are hosted by AWS. 

  • AWS Cognito - Login information

  • Google - Login and Calendar provider

  • Microsoft - Login and Calendar provider

  • Timeworks - Calendar provider

  • SendGrid - Mailing lists

  • Sentry - Crash and error reporting

  • Google analytics - Anonymous usage analytics

  • Lock operator - Unlock requests

These service providers do not have the right to view your information unless necessary to ensure the functionality of the service.

We may use subcontractors to develop our services. These subcontractors do not process your information, but in order to perform their job functions, they may have access to our databases containing your data. All our subcontractors and their personnel are bound by strict professional secrecy and confidentiality. 

We do not disclose your personal data to others.

7. Personal data stored in Steerpath backend

Steerpath Smart Office supports SSO sign on from Microsoft and Google. Steerpath does not duplicate a person's calendar or booking information or data associated with their Microsoft or Google accounts in the Steerpath backend. Beyond name and email address, Steerpath primarily stores only data that is not available or otherwise exists in Microsoft or Google platforms.

Personal data stored in Steerpath backend:

  • Name

  • Email address

  • Profile picture if set by user

  • App settings (language selection etc. from profile page)

  • Weekly planner input (at office, remote, other)

If the user shares their location:

  • Only the last location is stored on the Steerpath server, and it is only stored in memory and it disappears after 15 minutes.

  • For clarity: Steerpath does not collect the history of shared locations and the current location is only stored temporarily and only stored in memory.

If Steerpath Indoor Positioning is used in the organisation, the following diagnostic information is collected unless the organization explicitly opts out:

  • Bluetooth beacons the user’s device has seen and the signal strengths. 

  • Calculated position where the beacons were seen.

  • Device id

Examples of personal data NOT stored in Steerpath backend when using Azure or G-Suite calendars:

  • Calendar entries

  • Bookings

  • Contacts

  • Phone number, physical address or other personal details

  • Any past location data tied to the user profile

8. Data transfers outside the EU

The information is not stored outside the European Union or the EEA. No data transfers are made from the service user register outside the EU or the European Economic Area. 

However, regardless of the data centers we choose in Europe, it is possible that we or the service providers used by us may, in some circumstances, transfer your information outside the EU / EEA. This can happen, for example, if data is duplicated outside the EU / EEA to the United States so that your data is secure even in the event of a failure of the main servers. We will ensure that the necessary measures are taken to prevent the transfer of your personal data to a party outside the EU or the EEA who does not comply with the legal requirements for the processing of personal data. 

If we are required to disclose personal data under applicable mandatory law, personal data may be transferred outside the European Union and the European Economic Area.