Marketing and Customer Privacy Statement
Updated 31.1.2025.

General Data Protection Regulation (GDPR) (EU) 2016/679

1. Controller

Vertex Systems Oy (“Vertex”, “we”, “our” or “us”)
Business ID 0289214-5
Vaajakatu 9, FI-33720 Tampere, Finland
Telephone: +358 3 313411
Contact person
Name: Pekka Moilanen
Address: Vaajakatu 9, FI-33720 Tampere, Finland
Telephone: +3583313411
Email: pekka.moilanen@vertex.fi

2. The purpose and legal basis for processing of personal data

We process the personal data of our customers, potential customers, partners and their representatives, for the purposes of managing and developing customer relationships. We also process your personal data for analyzing, planning and developing our business and services including performing targeted customer communication to provide you with content corresponding to your interests.

In addition, the data is used for marketing purposes. Based on your consent, you will also be sent our newsletter or electronic direct marketing messages. Based on your consent, we might process your personal data to maintain business relationships and to communicate about and market our products, services and events to the data subjects.

If you are using our Help Center support service (service produced with Jira Service Desk software) we process personal data for proving you efficient and comprehensive service such as solving problems using the software,
collecting, analyzing, and reporting suspected software bugs.

In some cases the legal basis for processing this information is legitimate interest of customer relationship or a separate agreement.

We shall process personal data necessary only as long as it is necessary for the purposes it was collected or to fulfill our legal obligations. In the case where the personal data is collected on the basis of your consent, it may be processed until you withdraw your consent.

The Vertex software suite may send user data to Vertex during the use of the software. The purpose of this data is to verify the credentials of the user for accessing the software and to improve the quality of the software user experience. If you are using our services and software products the Vertex Services Privacy Policy can be found at [https://vertexcad.com/privacy-policy].

3. Personal data processed

The data processed includes the following information retrieved directly from you:
• contact persons’ (commercial, technical and invoicing) name, email address, telephone number (work), title/area of responsibility, language of the contact persons;
• name, email address, telephone number and invoicing information and credit details in the case of private individuals;
• data related to marketing and sales promotions, such as the data subject’s participation in competitions, webinars and training events;
• IP addresses, operating system, browser name and other unique system data;
• support requests including attached files;
• history of created proposals, purchases, projects and the related communications and other information you have provided.

4. Regular sources of data

The information processed is primarily obtained from you through messages sent via web forms, e-mail, telephone, via social media services, contracts, order forms of material downloads, customer meetings and other situations in which you disclose your information. Personal data may also be collected using services provided by third parties such as publicly available business information services. Details can also be checked using public administration sources.

You shall be informed about the possible use of your contact information for marketing purposes whenever the said information is collected for such purposes.

We use cookies. When visiting our website, we collect and process your IP address information. Personal data can also be collected and updated via companies that provide services concerning personal data.

5. Cookies

When visiting our website (www.vertex.fi; www.vertexcad.com) data may also be collected for marketing purposes using Google Analytics, Google tag manager Microsoft Ads, Leadoo, Facebook pixel, Linkedin insight tag.

For more information on the use of cookies is provided in our Cookie Policy [https://vertexcad.com/cookies/].

6. Regular disclosure of data

We shall not disclose your personal data to third parties, except in cases described below.

Service providers: We are assigning certain reliable third parties to conduct certain functions and services on behalf of Vertex. We disclose your personal data to our accounting firm for the purpose of invoicing and fee collection. We shall disclose your personal data to third parties, only to the extent necessary for the purposes of performing these operations and provide services according to binding contractual obligations that require these third parties to maintain the level of privacy and data security required by the law.

Public authorities such as law enforcement agencies: if necessary, Vertex shall co-operate with the Government and law enforcement agencies or private operators in order to comply with the law, for judicial proceedings for the purpose of protecting the property and rights of Vertex Systems Oy or a third party or for other legal purpose.

7. Joint Controller

Our services may use so-called community plugins or embeds which make us joint controllers with the social media service providers, this is covered by the controller addendum entered into with the respective social media service provider. The social media service providers can collect information about our website visitors in accordance with its privacy protection conditions in force at any given time. Please see the Privacy Policy of the respective social media service provider for their contact details as well as more information on how they process personal data including the legal basis on which the social media platform relies to collect your personal data and how you can exercise your rights.

LinkedIn Ireland Controller Addendum (https://legal.linkedin.com/pages-joint-controller-addendum) LinkedIn Ireland Privacy Policy https://www.linkedin.com/legal/privacy-policy.

Meta Platforms Ireland Controller Addendum https://www.facebook.com/legal/controller_addendum Meta Platforms Ireland Privacy Policy https://www.facebook.com/about/privacy . Meta Platforms Ireland policies apply to services and products offered by Meta, including Facebook, Messenger and Instagram.

Twitter International Unlimited Company Ireland Controller Addendum https://gdpr.x.com/en/controller-to-controller-transfers.html International Unlimited Company Ireland X Privacy Policy.

Google Ireland Limited Controller Addendum https://support.google.com/analytics/answer/9012600?hl=en Google Ireland Limited Privacy Statement Privacy Policy – Privacy & Terms – Google. Google Ireland Limited policies apply to services and products offered by Google including YouTube.

We and Bright Market, LLC, d/b/a FastSpring are joint controllers in relation to data collection and processing related to the payment of Vertex Sync. We have entered into the Data Processing Agreement with FastSpring (https://fastspring.com/terms-use/data-processing-agreement) to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the joint processing. The contact details of FastSpring as well as information on the processing of personal data carried out by FastSpring including your rights towards FastSpring can be found in FastSpring Privacy Policy at https://fastspring.com/privacy.

8. Transfer of data outside the EU or EEA

Designated Vertex Group employees located in the UK, have limited access to some of your personal data: first name, last name, title, telephone number (work), email address, user ID.

We use Google Analytics and Google tag manager, Microsoft Ads and Leadoo tools, therefore your data may be stored on data servers located outside the EU.

FastSpring as our reseller sells Vertex Sync licenses. Your data will be stored on the servers located in the United States of America in case you have purchased a license from FastSpring.

Otherwise, we do not transfer your personal information outside the EU/EEA.

9. Your rights as a data subject

Right of access

You have the right to obtain from us a confirmation as to whether we process personal data concerning you. You also have the right to access personal data concerning you as well as information on the processing of your personal data as set out in the General Data Protection Regulation.

If you exercise your right to access the information, we will provide you with a copy of the personal data we process. If you request multiple copies, we may charge a reasonable fee for them based on administrative costs.

Right to rectification

You have the right to request us to rectify any incorrect data without undue delay. You also have the right to have incomplete personal data completed by providing a supplementary statement.

Right to erasure

You have the right to obtain from us the erasure of personal data concerning you without undue delay if:
• your personal data are no longer needed for the purposes for which they were collected or otherwise processed;
• you withdraw consent on which the processing is based and there are no other legal grounds for the processing of such data;
• you object to the processing of your personal data on ground relating to your particular situation and there are no legitimate grounds for processing, or you oppose the processing of your personal data for direct marketing purposes;
• we have processed personal data unlawfully; or
• personal data have to be erased for compliance with a legal obligation we are subject to.

Right to restriction of processing

You have the right to obtain from us restriction of processing so that your personal data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another person if:
• you contest the accuracy of your personal data, in which case we will restrict processing for a period enabling us to verify the accuracy of your personal data;
• we process your personal data unlawfully and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need your personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims; or
• you have objected to the processing of your personal data on grounds relating to your particular situation and you wait for the verification whether our legitimate grounds override the grounds of your objection.

Right to data portability

You have the right to receive the personal data provided to us by you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller if:
• our processing is carried out by automated means; and
• the processing is based on your consent or is necessary for the performance of our agreement or for the implementation of pre-contractual measures upon your request.

The right to data portability is limited to conduct which does not adversely affect the rights and freedoms of others.

Right to object to processing of personal data

You have the right to object to the processing of your personal data on grounds relating to your particular situation if there are no legitimate grounds for the processing.

Furthermore, you have the right to object to the processing of your personal data for direct marketing purposes and to cancel ordered [newsletter]. You can prevent the sending of electronic direct marketing or [newsletter] by clicking the adjacent link cancel subscription.

Right to withdraw consent

To the extent that the processing of personal data is based on your consent, you have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing we have carried out prior to withdrawal.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the Data Protection Ombudsman if you think that your rights under the General Data Protection Regulation have been infringed in the processing of the personal data. The supervising authority in Finland is Data Protection Ombudsman (www.tietosuoja.fi).

10. Principles of data security and data retention

Vertex takes the matter of protecting your personal data very seriously. We use administrative, physical and electronic measures to secure your data from unauthorized access. We collect the data in databases that are protected by firewalls, passwords and other technical measures. The databases and their back-up copies are located in locked premises and they can only be accessed by certain designated persons.

Obsolete and unnecessary data is erased in an appropriate manner. We shall retain personal data only as long as is necessary for the purposes described in this privacy statement.

11. Validity
We may change this policy from time to time, and if we do, we will post any changes on this page.