Treon App Privacy Policy

Treon App Treon Connect

Effective Date: 25.09.2025

 

  1. Introduction
    This Privacy Policy describes how Treon Oy (“Treon”, “we”, “us”, or “our”) processes personal data in connection with the use of our mobile application (“App”), which connects to Treon’s industrial IoT and SaaS solutions. The App is intended exclusively for business-to-business use by authorized users of customer organizations under a valid license agreement and Data Processing Agreement (DPA).

 

  1. Scope of Data Processing
    Treon processes only the personal data necessary for the operation and support of the App on behalf of the customer. This includes:
    Name
    Email address
    Phone number
     

    This data is typically provided by the licensed customer organisation during onboarding or account setup.

 

  1. Data Origin and Responsibility
    Treon does not define or control the configuration of IoT devices or the data collected by them. For IoT data and any additional personal data collected through the App or connected hardware (e.g., location, log data), the customer organization acts as the data controller and determines the purposes and means of processing. For such data, Treon acts solely as a data processor under the DPA.
     

    For IoT data and customer-configured data collection, Treon acts solely as a data processor on behalf of its customers.

 

  1. Purpose of Processing
    Personal data is processed by Treon as a data processor on behalf of customers for the following purposes as instructed by the customer organization under the Data Processing Agreement:
    • Provision of the services subject to valid license agreement

 

  1. Legal Basis
    Processing is based on:
    • Instructions from the customer organization as data controller under the Data Processing Agreement

 

  1. Data Sharing
    Treon does not sell or share personal data with third parties for marketing purposes. To provide and support our services, we may engage certain third-party service providers (“subprocessors”) who process data on our behalf. These subprocessors are bound by contractual obligations. Subprocessors may include:

    • Cloud service providers (e.g., for hosting, infrastructure, storage)
    • Support tools and analytics providers (e.g., error tracking, performance monitoring, customer support systems)
       

    A list of current subprocessors is available upon request.

 

  1. International Transfers
    Treon offers cloud infrastructure primarily located in the European Union. However, customers may request hosting in other geographical regions based on their specific requirements. When hosting is provided in the EU, data is stored and processed within the EU region through a US-based service provider that provides EU-based hosting services. When customers choose hosting outside the EU, data transfers are governed by the applicable safeguards described below.
     

    Treon relies on the adequacy decision under the EU–US Data Privacy Framework, where applicable, for data transfers to certified US entities, if any. In addition, Treon ensures that appropriate safeguards are in place, including:

    • Hosting in EU-based data centres
    • Use of mechanisms subject to the General Data Protection Regulation (GDPR)
    • Supplementary technical and organisational measures to prevent unauthorised access  

    Treon regularly reviews its data transfer mechanisms to ensure compliance with applicable data protection laws, including the GDPR and relevant European Data Protection Board (EDPB) guidance.

 

  1. Data Retention
    Personal data is retained only as long as necessary for the purposes described above or as required by law. Data may be deleted upon termination of the license agreement or upon request.

 

  1. Data Subject Rights
    Data subject rights requests must be directed to the customer organization as the data controller. Users may contact their organization regarding:

    • Access their personal data
    • Request correction or deletion
    • Object to processing (where applicable, noting that objection to essential processing may affect App functionality)
    • Lodge a complaint with a supervisory authority

    If users contact Treon directly at contact@treon.fi, we will redirect such requests to the appropriate customer organization.

 

  1. Security
    Treon implements industry-standard technical and organisational measures to protect personal data, including:
    • Data encryption at rest and in transit
    • Role-based access control
    • Logging and monitoring of access

 

  1. Children’s Data
    The App is not intended for use by children under the age of 16. Treon does not knowingly collect data from minors.

 

  1. Changes to This Policy
    We may update this Privacy Policy from time to time. Changes will be posted within the App and/or on our website.

 

  1. Controller and Processor Roles
    Treon acts solely as a data processor for all personal data on behalf of its business customers, who act as data controllers.
     

    The customer organisation determines:

    • Which users are granted access to the App
    • What personal data is collected and processed
    • The configuration of connected IoT devices and data flows
       

    Treon does not independently determine the purposes or means of processing personal data, including basic user account management, authentication, and technical support activities. All processing is governed by a Data Processing Agreement (DPA) between Treon and the customer.

 

Treon Oy

Business ID: FI27847551

Visiokatu 3, 33720 Tampere

Finland

 

privacy policy

Treon Support

You still have questions? Our dedicated team of experts is happy to help you! Please contact our Treon Support experts directly by e-mail.

   

Last updated on Sep 30, 2025