Telema Privacy Policy

Effective date: 10 April 2026

This Privacy Policy explains how Telema (“we”, “us”) processes personal data when you:

  • visit our websites,

  • use our services (including our web portals and applications),

  • communicate or do business with us, or

  • apply for a job at Telema.

It also explains your rights and how to contact us about privacy.

Telema is:

data controller for personal data of website visitors, prospects, business clients and their representatives/users, and candidates; and

data processor for personal data that Telema processes on behalf of its business clients via Telema solutions (for example, data about a client’s end customers or trading partners and their representatives, contained in business documents). In those cases, the Telema client is the data controller, and our processing is governed by our agreement with the client and applicable law.

Where Telema processes personal data on behalf of a customer as a processor, any applicable Data Processing Agreement, agreement, or other documented terms governing that processing will take precedence over this Privacy Policy to the extent of any inconsistency.

1. When you visit our website or contact us online

1.1 What data we collect

When you visit our website or contact us through it, we may process:

  • Technical data – IP address, browser type and version, device type, operating system, language settings, date and time of access, pages visited, time spent on pages, and similar technical information (including log files).

  • Usage and interaction data – information about how you use our website (clicks, scrolls, navigation patterns), information you enter into forms, and your communications with us.

  • Contact details and enquiry content – name, e‑mail address, phone number, company name, job title and the content of your message or enquiry.

  • Cookies and similar technologies – see Section 5 below.

1.2 Why we use this data (purposes and legal bases)

We use this data to:

  • Run and secure the website
    To display our pages, maintain sessions, prevent abuse, detect and fix technical issues, and keep services secure.
    Legal basis: our legitimate interests in providing a secure, functional website.

  • Respond to your enquiries
    To answer questions, provide information about our services, or arrange demos.
    Legal basis: our legitimate interests in responding to enquiries and managing business relationships, and where relevant, performance of agreement or steps taken at your request before entering into a agreement.

  • Improve our website and services
    To analyse how visitors use the website, so we can improve content, navigation and performance.
    Legal basis: our legitimate interests in improving services and, where required for certain analytics tools, your consent (via cookies).

  • Market our services (B2B)
    To send relevant information about Telema services, events or updates to business contacts and measure the effectiveness of such communication.
    Legal basis: our legitimate interests in B2B marketing. You can object or unsubscribe at any time. For marketing cookies/trackers we rely on consent.

  • Comply with the law
    To meet legal and regulatory requirements (for example, accounting or responding to lawful requests from authorities).
    Legal basis: legal obligation.

1.3 How long we keep this data

  • Web server logs: normally up to 12 months, unless we need them longer for security or legal reasons.

  • Website forms and enquiries: generally up to 3 years after our last interaction with you, unless we need to keep them longer for legal claims or as required by law.

  • Cookies: for the period specified in our cookie banner or in the settings of each cookie (see Section 5).

2. When you are a client or client representative

2.1 What data we collect

Telema has only business clients (legal entities). If you represent a client (for example as a contact person or user of Telema services), we may process personal data about you, such as:

  • Identification and contact details – name, personal ID, business e‑mail, business phone number, employer, job title or role.

  • Contract and account data – contract details, service subscriptions, account IDs, billing and payment data, configuration details, support history.

  • Communication data – e‑mails, meeting notes and other correspondence related to our services.

  • Usage data – interactions with features and services in form of analytical data and screen recordings, client session data, log-in attempts, device type, browser and IP address.

2.2 Why we use this data

We use this data to:

  • Provide, manage, improve, and protect Telema services

Conclude and execute contracts, create and manage accounts, deliver and enhance services, handle support requests, and protect our services by monitoring for suspicious activity and preventing abuse (for example, blocking IP addresses).
Legal basis: performance of contract with the client and steps taken before entering into a contract.

  • Manage customer relationships
    To keep track of our relationships with clients and prospects, handle feedback and improve our services.
    Legal basis: our legitimate interests in running and developing our business.

  • Send service‑related information and B2B marketing
    To send important notices about the services you use and other information about Telema solutions that may be relevant for your business.
    Legal basis: our legitimate interests in B2B communication and marketing. You can opt out of marketing messages at any time.

  • Meet legal obligations
    To comply with accounting, tax and other legal requirements.
    Legal basis: legal obligation.

2.3 How long we keep this data

  • Contracts, billing and related records: at least 7 years from the end of the relevant financial year or as required by accounting and tax laws.

  • CRM and support data: normally up to 3 years after the end of the client relationship, unless we need it longer to protect our rights or comply with the law.

3. When you apply for a job at Telema (candidates)

3.1 What data we collect

For recruitment, we may process:

  • name and contact details;

  • CV and other information about your education, skills, qualifications and work experience;

  • information from interviews and tests;

  • references you provide;

  • publicly available professional information (for example, LinkedIn profile).

We receive this data:

  • from you directly (applications, CVs, cover letters, interviews);

  • from recruitment or professional networking platforms;

  • from recruitment service providers;

  • from references you have indicated or otherwise authorised us to contact.

3.2 Why we use this data

We use candidate data to:

  • Run recruitment processes – review applications, interview candidates and make hiring decisions.
    Legal basis: our legitimate interests in recruiting and selecting employees.

  • Keep promising candidates in mind for future roles – if you agree, we may keep your data for future opportunities.
    Legal basis: your consent (where required).

We may use automated tools (for example, filters in LinkedIn or other platforms based on criteria like education or work‑permit status) to pre‑screen candidates. Final decisions are not made solely by automated means – there is always human review.

3.3 How long we keep candidate data

If you are not selected:

  • we keep your data for up to one (1) year after the end of the recruitment process to protect our legitimate interests (for example in case of disputes);

  • if we wish to keep your data longer to contact you about future positions, we will ask for your explicit consent.

You can withdraw consent at any time. After withdrawal, we will delete your data unless we must keep it to comply with the law or to establish, exercise or defend legal claims.

Access to candidate data is restricted to people involved in recruitment (e.g. hiring managers, HR, relevant management), all bound by confidentiality.

4. When Telema acts as data processor for clients

When a client uses Telema solutions to process personal data (for example, data about its customers or trading partners), Telema acts as a data processor and the client is the data controller.

In such cases:

  • the client decides why and how the personal data is processed;

processing terms are governed by our agreement with the client and applicable law;

  • Telema processes personal data only on the client’s documented instructions and in compliance with GDPR.

If there is any difference between this Privacy Policy and the client-specific terms for such processing, our agreement with the client and applicable law will prevail.

As a processor, Telema:

  • applies suitable technical and organisational security measures;

  • ensures people handling data are under confidentiality obligations;

  • uses sub‑processors only as allowed by our agreement with the client and applicable law;

  • assists the client in responding to data subject requests and in meeting its legal obligations (for example, data breach notifications), as set out in our agreement with the client and applicable law;

  • deletes or returns personal data at the end of the services, including handling of backups and logs as described in our agreement with the client and applicable law.

If data is transferred outside the European Economic Area (EEA) on behalf of a client, Telema applies the transfer mechanisms agreed with the client (for example EU Standard Contractual Clauses and any necessary supplementary measures).

5. Cookies and similar technologies

Our website uses cookies and similar technologies to:

  • make the site work properly,

  • remember your preferences,

  • understand how the site is used, and

  • support marketing activities.

5.1 What are cookies?

Cookies are small text files that are placed on your device when you visit a website. They help the site remember your actions and preferences.

Some cookies are strictly necessary for the website and our web portals to work and do not require your consent. Other cookies (such as preference, analytics and marketing cookies) are used only if you consent through our cookie banner or settings.

You can change or withdraw your consent at any time in the cookie settings on our website.

5.2 Types of cookies we use

  1. Strictly necessary cookies
    These cookies are needed for the website to function. They enable basic features such as page navigation, security and access to secure areas.
    Examples: cookies that store your cookie preferences, maintain sessions, ensure proper display of content, or protect forms from bots (such as CookieConsent, PHPSESSID, rc::a, rc::c, wpEmojiSettingsSupports, test_cookie).
    These cookies are always active and do not require consent.

  2. Preference cookies
    These cookies remember your choices, such as language or region, and may help us understand how visitors arrive at the website.
    They are used only if you consent.

  3. Statistics (analytics) cookies
    These cookies help us understand how visitors use our site so we can improve it.
    They may collect information such as which pages are visited, how long visitors stay, and how they move around the site.
    We use tools such as Google Analytics and internal analytics.
    Analytics cookies are used only if you consent.

  4. Marketing cookies
    These cookies help us and our partners show relevant ads and measure their effectiveness.
    They may be set by our website or by third‑party services, such as Google, YouTube, Meta (Facebook) and Giphy.
    Marketing cookies are used only if you consent.

5.3 Third‑party cookies and international transfers

Some cookies are set by third‑party services embedded on our site (for example, videos, social media, analytics or advertising tools). These third parties may process your data, and in some cases this may involve transfers outside the EEA.

Where data is transferred outside the EEA, we rely on appropriate safeguards such as adequacy decisions or EU Standard Contractual Clauses and, where needed, additional protective measures, in accordance with GDPR.

5.4 Managing cookies

You can manage your cookie preferences or withdraw consent at any time via the cookie settings on our website.
You can also block or delete cookies via your browser settings. If you disable strictly necessary cookies, some parts of the website may not work properly.

6. Data sharing and disclosure

We may share personal data with:

  • Service providers (processors and sub‑processors)
    These are companies that provide services to us, including:

    • hosting and infrastructure providers;

    • EDI and e‑invoicing network and integration partners;

    • security and monitoring providers;

    • CRM, ticketing and communication tools;

    • analytics and marketing service providers;

    • recruitment platforms and HR service providers;

    • professional advisers (lawyers, auditors, accountants).

    They only process data based on our instructions and under contracts that require appropriate security and confidentiality.

  • Public authorities and other third parties
    When required by law or a binding request (for example courts or law enforcement), or when necessary to establish, exercise or defend legal claims, we may disclose personal data.

When Telema processes data as processor for clients, we share data with sub‑processors only under the conditions set out in our agreement with the client and applicable law. Information about sub‑processors is available to clients as described in our agreement with the client and applicable law [or via a separate sub‑processor list, if applicable].

7. Data security

We take security seriously. Telema applies appropriate technical, physical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure or destruction.

These include, but are not limited to:

  • access control and the principle of least privilege;

  • encryption in transit and at rest where appropriate;

  • secure development and change management processes;

  • logging and monitoring;

  • backup and recovery procedures;

  • locked storage for confidential documents;

  • confidentiality obligations and training for staff.

Security measures are regularly reviewed and updated.

8. Personal data breaches

If a personal data breach occurs, we:

  • assess the risk to individuals;

  • take steps to contain and remedy the breach; and

  • notify the relevant parties as required by law.

If Telema is the controller, we will notify the supervisory authority and affected individuals when required and provide information and guidance on what they can do.

If Telema is acting as processor for a client, we will notify the client (controller) without undue delay in accordance with the DPA where one exists, otherwise the relevant service agreement/contract or other documented instructions/terms, so that the client can meet its own obligations, including any notifications to individuals or authorities.

9. Your rights

Under data protection law, you have various rights regarding your personal data, subject to certain conditions:

  • Right of access – to know whether we process your personal data and, if so, to receive a copy and related information.

  • Right to rectification – to have inaccurate or incomplete data corrected.

  • Right to erasure (“right to be forgotten”) – to request deletion of your data in certain cases (for example, if it is no longer needed and there is no legal basis to keep it).

  • Right to restriction of processing – to request we limit the processing of your data in certain situations (for example, while a complaint is investigated).

  • Right to data portability – where processing is based on consent or contract and carried out by automated means, to receive your data in a structured, commonly used, machine‑readable format and to have it transmitted to another controller where technically feasible.

  • Right to object

    • to processing based on our legitimate interests, on grounds relating to your particular situation;

    • to direct marketing at any time (including related profiling).

  • Right to withdraw consent – if we rely on consent, you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

If we cannot fulfil your request (for example because it affects the rights of others, is technically not feasible or we have a legal obligation to keep the data), we will explain why, where we are allowed to do so.

How to exercise your rights

For processing where Telema is controller, you can contact us via:

For processing where Telema acts as processor for a client, please contact the relevant client (controller) directly. We will assist the client in handling your request, in line with our agreement with the client and applicable law.

10. Children and automated decisions

Telema’s services are not directed at children under 16, and we do not knowingly collect or process personal data about children. Clients and users should not provide personal data of children when using our services.

Telema does not use personal data for profiling or for making decisions based solely on automated processing that produce legal effects or similarly significant effects for individuals.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example if our services or laws change.

The latest version is always available at:
https://telema.com/privacy-policy

If we make important changes, we may also inform you through other channels (for example, by e‑mail to clients).