Effective Date: October 10, 2025
Operating Solutions Oy, together with its subsidiary Operating Solutions Inc. (together later “Operating Solutions”), is a software-as-a-service business providing a professional services automation platform. Operating Solutions is headquartered in Helsinki, Finland.
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Policy describes Operating Solutions’ policies and practices regarding its collection and use of your personal data and sets forth your privacy rights.
We recognize that information privacy is an ongoing responsibility, and we will update this Privacy Policy as we undertake new personal data practices or adopt new privacy measures.
Depending on the context, Operating Solutions may act as:
When we process personal data on behalf of our customers inside the Operating Services, Operating Solutions Oy acts as the data processor.
Our U.S. subsidiary, Operating Solutions Inc., may assist in providing the services or billing activities. Where Operating Solutions Inc. processes personal data on behalf of Operating Solutions Oy in this context, it acts as a subprocessor or supports controller-side processing as part of the Operating Solutions corporate group.”
Where individuals or customers are located outside the EU/EEA, Operating Solutions may process personal data in accordance with additional local privacy requirements. These include, where applicable, the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Operating Solutions aligns these obligations with the protections provided under the GDPR, which generally reflect a higher standard of data protection.
Operating Solutions has appointed an internal Data Protection Officer (DPO) who oversees compliance with the General Data Protection Regulation (GDPR) and related data protection laws.
If you have any questions or would like to exercise your privacy rights, please contact:
Mikko Karjalainen
Operating Solutions Oy
Käenkuja 3aA, 00500 Helsinki, Finland
Email: privacy@operating.app
We collect limited personal information necessary to provide and support our services, such as:
We use this information to:
We do not sell or rent personal data. We share it only with third parties that are necessary to deliver our services and are bound by contractual confidentiality and data protection obligations.
Depending on how our services are used, Operating Solutions may process personal data relating to:
The personal data processed typically includes:
Operating Solutions does not require or intentionally collect special categories of personal data (as defined in Article 9 of the GDPR), such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health data, or data concerning a natural person’s sex life or sexual orientation. Customers are responsible for ensuring that no such data is uploaded to the platform unless all conditions and safeguards required by the GDPR are met.
In providing our SaaS services, Operating Solutions may process personal data on behalf of its business customers. In such cases, Operating Solutions acts as a data processor, and the customer acts as the data controller.
These processing activities, including their subject matter and duration, are governed by a written Data Processing Agreement (DPA) between Operating Solutions and each customer. The DPA defines the purpose of processing, the categories of personal data and data subjects, and the applicable technical and organizational measures.
As with most websites, Operating Solutions’ website collects certain information automatically and stores it in log files. This may include IP addresses, the region or general location where your device is accessing the internet, browser type, operating system, and other usage information.
We use this information to improve our website, diagnose issues, and understand visitor preferences. We have a legitimate interest in understanding how members, customers, and potential customers use our website to improve usability and performance.
Operating Solutions uses cookies and similar technologies to enhance your experience.
Google Analytics
We use Google Analytics to help us understand how visitors interact with our website. Google Analytics uses cookies to collect information such as your IP address, device type, and browsing activity. This information may be transmitted to and stored by Google on servers located outside the EU/EEA. Google acts as our data processor for website analytics.
Operating Solutions’ Cookie Notice:
This website utilises technologies such as cookies to enable essential site functionality, as well as for analytics, personalisation, and targeted advertising. You may change your settings at any time or accept the default settings. You may close this banner to continue with only essential cookies.
When customers and their authorized users use our SaaS services, Operating Solutions processes personal data entered into the system solely for providing, maintaining, and improving the service. We do not access or use customer data except as necessary to provide technical support or meet legal obligations.
The personal information Operating Solutions collects from you is stored in databases hosted by third parties located in Europe. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval.
A list of our third-party subprocessors can be found in our Trust Center: https://trust.operating.app/subprocessors
We do not otherwise disclose your personal data to non–Operating Solutions persons or businesses unless:
Operating Solutions is headquartered in Finland, and we primarily store and process personal data within the European Union (EU) and European Economic Area (EEA).
We do not routinely transfer personal data outside the EU/EEA. However, in certain cases, we may engage subprocessors or service providers located in countries outside the EU/EEA.
When such transfers occur, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR. These include:
Some of our operational activities may involve limited access by our U.S. subsidiary, Operating Solutions Inc., for support or administrative purposes. Where such access constitutes processing of personal data, Operating Solutions Inc. acts as a subprocessor under the Data Processing Agreement. These transfers are safeguarded in accordance with Chapter V of the GDPR, typically through the use of the European Commission’s Standard Contractual Clauses (SCCs).
Where the Controller or relevant individuals are subject to the Australian Privacy Act, Operating Solutions takes reasonable steps to ensure that any overseas recipient of personal data does not breach the Australian Privacy Principles (APPs), in accordance with APP 8. These steps include the use of written agreements requiring appropriate safeguards and technical and organisational measures. Operating Solutions provides these protections in a manner consistent with GDPR-level safeguards.
A current list of subprocessors and their transfer mechanisms is available at: https://trust.operating.app/subprocessors
For more information, please contact us at privacy@operating.app.
Under the GDPR, individuals have the right to:
Individuals located in Australia may also have rights under the Australian Privacy Act, including the right to access and correct their personal information.
When Operating Solutions acts as a processor on behalf of a customer, individuals should direct any data-related requests to the relevant customer (controller).
When Operating Solutions acts as a controller, individuals may exercise their rights directly by contacting us at privacy@operating.app.
Operating Solutions implements appropriate technical and organizational measures (TOMs) to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
These measures include:
All personal data is hosted within the EU on reputable cloud infrastructure providers certified under ISO 27001 and SOC 2.
Personal data is stored on secure servers located within the EU. We retain personal data for as long as necessary to fulfill its purpose, comply with legal obligations, resolve disputes, and enforce agreements.
Upon termination of a customer relationship or at the customer’s written request, we delete or return all personal data in accordance with our DPA and applicable law.
If you wish to confirm that Operating Solutions is processing your personal data, or to request access, rectification, or erasure, please contact us at privacy@operating.app.
We do not knowingly attempt to solicit or receive information from children under 16 years of age.
If you have questions, concerns, or complaints about this Privacy Policy or our practices, please contact:
Operating Solutions Oy
Käenkuja 3aA, 00500 Helsinki, Finland
Email: privacy@operating.app
If you are located in the EU, you may also contact your national Data Protection Authority for additional assistance.
If you are located in Australia and your complaint remains unresolved, you may also contact the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au.