Privacy Notice – RELEX Planning Solutions
Last updated on August 21, 2025In brief
RELEX’s platform offers a range of solutions that help companies worldwide with their activities within demand planning, merchandising, and supply chain operations.
In terms of processing personal data, RELEX’s planning solutions have the following central characteristics:
- The Solution is designed to process business data for planning and optimization purposes. Such business data includes, for example, inventory transactions and item master data.
- The related processing of identifiable personal data is primarily focused on authentication, use and monitoring the of RELEX solutions processing such business data.
- Some of the data processing activities in our solutions are decided upon by RELEX and some by our customers.
In full
This privacy notice (“privacy notice”) informs you about how Retail Logistics Excellence – RELEX Oy (“RELEX Oy”) and its affiliated companies globally (jointly “RELEX”) process the information it collects about the individuals interacting with its solutions in the areas of demand planning, merchandising, and supply chain operations.
In this privacy notice, “personal data” herein refers to data that we can connect to an identifiable individual. “You” refers to the contact person of a RELEX customer and prospective customer whose personal data is processed.
This privacy notice sets out the personal data processing in the context where you or your employer use RELEX’s solutions. For information on how RELEX processes your personal data in the context of corporate relations in general, please see the dedicated privacy notice on the RELEX customer register. For employees of RELEX whose personal data is processed in connection with the solutions, pertinent information is also provided in the internal privacy notices.
Roles and responsibilities
The responsibilities for controllership are split between RELEX and its customers (typically your employer). This means the following:
The customer is the controller responsible for personal data processing, and RELEX for processing personal data on its behalf in relation to the following activities:
- User authentication, and authorization. Making RELEX’s solutions available to you for the following purposes: To carry out work-related tasks, to access related solution authentication, and to inform RELEX when you are no longer eligible to use our solutions.
- User rights management. Adjusting the level of privileges a user has in the planning solutions,
- Processing your personal data in connection of service operations. Your personal data is processed in the services in relation to commands, comments and other service features and activities attributable to you. This also includes storing and accessing your personal data in the services as part of our support activities,
- Training. We provide services for your employer to keep track of your proficiency in using RELEX’s solutions.
RELEX is the controller responsible for personal data processing when undertaking the processing in its own name in relation to the following activities:
- Delivery project management. Tracking and sharing status information of ongoing activities, solution maintenance, meetings, development initiatives, and customer activities. This is done both in connection with the initial delivery and throughout the relationship, whenever necessary.
- Support ticketing. To operate global support and maintenance framework and services, information on persons who have reported a support issue or who are awaiting its resolution is processed in our support ticketing and communication systems.
- Solution analytics and monitoring. To provide our solutions with good operational quality and security RELEX collects logs and metrics on the use of its solutions. Data dependent improvement areas include the user interface and user experience, system performance, best practices for solution usage, load balancing, and license monitoring. Security activities include detecting, preventing, and investigating security incidents in RELEX Services.
- Communications and feedback. Informing you about issues related to our solutions and about collecting feedback.
Both RELEX and each of our customers operate as independent controllers over their respective areas of personal data processing. Typically, our customers may have their own purposes of processing for personal data handled especially in relation to delivery project management and solutions logs.
While the customer’s role is referred to in this privacy notice, such references are merely informational to provide the full picture, and do not bind the customer company in any way. The customer is ultimately responsible for the processing of your personal data which it does in the role of controller.
Personal data processed by RELEX on behalf of its customers
This section sets out the processing where RELEX undertakes personal data processing on behalf of the customer organization, where RELEX does not have an independent need for such processing activity and where it thus operates as a processor.
Where applicable, the processing described in this section is agreed in more detail in a data processing agreement agreed between RELEX and its customer.
What personal data is processed
RELEX processes information of individuals who use RELEX’s solutions. Such individuals are employees, contractors, and representatives of RELEX’s customers.
We may process the following personal data on behalf of our customers:
| Information collected when using RELEX’s solutions | – Contact details (name, business email address, phone number, employer name) – User credentials and identifiers – Business email address – Phone number (in select authentication practices, contingent on implementation) – Solution user roles based either on direct role allocation or derived from user attributes (such as territorial, regional or store location). – Employer’s name – Your device/network IP address, from which you use the solution – User profile metadata to establish default user authorization level – comments and other content provided by users (e.g. text, images or files) The solution may also track planning activities that you have executed in the solution. |
| Training | – Profile information provided by users for training offered by RELEX |
How do we handle personal data
RELEX receives personal data directly from its corporate customers and employees logging into the solution.
RELEX processes personal data with due care and protects it with the necessary information security measures as agreed with the customer. The personal data is deleted after the customer stops using RELEX’s solutions.
Data movement
RELEX delivers its solutions based on regional architecture:
- EMEA customers are serviced from EU-based cloud platforms
- NA and LATAM customers are serviced from US-based cloud platforms
- APAC customers are serviced either from EU, US, or APAC-based cloud platforms
RELEX’s affiliates globally may take part in provisioning the solution. RELEX maintains a global pool of technical and solution consultants to support, operate, deliver, and maintain services. While doing so, RELEX support personnel may process, store, or otherwise access customer employees’ personal data when handling support issues. Such access is subject to RELEX policies. We may also use external service providers in provisioning both our solutions and support services. External service providers may process limited amounts of personal data from international locations.
You can read more about our processors and locations of personal data processing here.
Exercising your rights
You should contact our customer (typically your employer) who appointed you as the user of RELEX’s solutions. Please note that RELEX is not able to answer your requests in relation to the personal data processed by RELEX on behalf of the customers.
Personal data processed by RELEX in its own name
This section elaborates on the data processing for which RELEX has defined the purposes and means itself and operates as the controller of personal data.
What personal data is processed
RELEX processes information of individuals who use our solutions, support them, or have a role in related activities. Such individuals are employees, contractors, and representatives of RELEX and its customers.
The personal data that is processed as part of this privacy notice includes the following:
| Information handled in the context of initial and subsequent service delivery operations | – Name – Business email address – Position – Employer’s name |
| Solution analytics and monitoring | – User identifier and/or business email address – Employer’s name – Your device’s IP address – Information about solution usage and communications sent via the solutions such as error tracking, information of visited solution spaces and utilized features – User activity inside the solution (such as permission and setting changes, load rules), device set-up, and crash reports |
| Optional solution analytics and monitoring | – Pseudonymized user ID – User type and role – Employer’s name, city and country – UI language Information about user interactions, such as log-in/log-out information, clicks, navigation paths, time spent on pages, and device, browser, and operating system information. A dedicated notice explaining the optional analytics data collection in RELEX solutions is here. |
| Global support operations (Support tickets, support calls and RELEX Knowledge Hub) | – Business contact information for employees entering support tickets – Information in the support ticketing system, including IP addresses and related log information – Phone numbers of users who call RELEX support. Phone calls may be recorded for quality assurance and training purposes. When a user first accesses the Knowledge Hub via a RELEX solution, the user identity and access information are transferred thereto. A dedicated privacy notice for RELEX Knowledge Hub is available here. |
| Communications and feedback | – Business email address – Employer’s name – Position There is a dedicated notice explaining personal data processing when providing feedback. |
Legal basis
If the data processed by RELEX solutions is identifiable to an individual, RELEX has the following legitimate interests in processing data in relation to the activities described in this privacy notice:
- Enabling RELEX to monitor its service provisioning, and to secure its solutions from a variety of threats, as well as adjusting and correcting faults based on such information.
- Enabling RELEX to run a global support organization to react to and resolve issues arising from its solutions.
- Enabling RELEX to run smooth delivery projects, monitor progress, request customer resource allocations, organize meetings, and inform customer representatives of relevant matters in furtherance of successful continuous delivery of its solutions and supporting services.
The personal data processing undertaken by RELEX for solution and project delivery is mandatory for the efficient delivery and maintenance of its solutions. The usage monitoring and related product communications are typical and mandatory activities when providing software-based services and delivering projects. These cannot be done without processing limited amounts of personal data.
Some of our solutions utilize solution analytics and employ cookies and similar technologies that track which areas and features of the solutions are used and how they are used. If such activities are not mandatory for providing the solution’s features, or if such activities are otherwise not directly justified by law, the legal basis for collecting and processing the data from your device is by user consent. More information on such processing is made available in the respective privacy notice, which can be accessed from the user interface of the solution.
Data movement
Source of personal data
RELEX receives personal data directly from you (for example; when contacting RELEX support) or from customers of RELEX (typically your employer). Information, such as logs, is also generated indirectly by user activities when using RELEX’s solutions.
Exchanges of personal data with customers and partners
We exchange some of your personal data with our customers who have procured our solutions when conducting the abovementioned activities related to our service provisioning. Our Solutions are collaborative tools. Hence, both customer users with higher privileges as well as authorized RELEX employees may obtain visibility to solution usage metrics and reports incurred by any person who has been using the solution.
Where we utilize intermediary partners to deliver our solutions, we may also exchange personal data with such companies for the same purpose. We provide these companies with access to the personal data that they may need for their agreed activities.
Transfers of personal data to processors
Your personal data may be made accessible to RELEX’s service providers or other vendors that RELEX uses to support, operate, deliver, and maintain its solutions. While doing so, such third-party service provider personnel may process, store, or incidentally access your personal data when undertaking their contracted activities. You can read more about our processors here.
Data processing locations and transfers of personal data outside the European Economic Area (EEA)
RELEX delivers its solutions based on regional architecture:
- EMEA customers are serviced from EU-based cloud platforms.
- NA and LATAM customers are serviced from US-based cloud platforms.
- APAC customers are serviced either from EU, US, or APAC-based cloud platforms.
Even when the customer is based in the European Union or the EEA, RELEX may use service providers that are located outside the European Union or the EEA. Also, some of the RELEX affiliates are located outside the European Union or the EEA, and the employees of such affiliates may process the personal data for the purposes specified in this privacy notice.
We only do global or cross-border personal data transfers for a reason and after assessing the resulting privacy risk.
You can read more about our processors and locations of personal data processing here.
When transferring your personal data outside the European Union or the EEA and to such countries that the European Commission has decided as having an adequate level of data protection, we ensure that the transfer is legal and safe by concluding an agreement based on the EU Commission’s standard contractual clauses (the fixed content of such clauses is available here) or by taking other measures that are required under applicable legislation.
You can ask for additional details relating to the transfer and the appropriate safeguards that we have put in place, or you can ask for a copy of the related documents from the RELEX contact mentioned below.
Other use or disclosure of your personal data
M&A activities: Where RELEX takes steps to sell, buy, merge, or otherwise reorganize its businesses in certain countries, this may involve disclosing personal data to prospective or actual purchasers, sellers, or partners and their advisors. In such circumstances, RELEX takes all reasonable steps to ensure that the appropriate measures to protect personal data are taken by such prospective or actual purchasers, sellers, or partners and their advisors.
There may also be circumstances not covered by this notice where processing or disclosure of your personal data may be justified or permitted. One such example includes complying with a court order, or a warrant issued by the authorities, where we are compelled to produce the information.
Other circumstances in which there may be a justifiable legitimate interest to disclose your personal data to a third party are where such disclosure is necessary to address an ongoing problem, or where we need to meet the legitimate information requirements of our third parties. In any such action, we act according to the applicable laws.
Retention
Your personal data is processed by default for the duration of our contractual relationship with your customer or as long as it is necessary for its intended purposes. Examples of shorter need-based retention periods are, for example, change history (a few months) and security logs (typically from twelve months to a few years). Examples of longer need-based retention periods are support tickets, which are retained for as long as the respective solution is under active maintenance.
In all cases, we delete or anonymize your personally identifiable data once we no longer need to keep it.
Also, RELEX removes your personal data if an objection to us processing your personal data is successful and/or you ask for a removal of the personal data based on applicable legislation.
Security
RELEX has implemented appropriate technical and organizational measures to ensure sufficient data security. Sufficient security measures are put in place to prevent unauthorized access to your personal data and any unauthorized manipulation of it. This includes restricting access to your personal data and hosting it with service providers that can demonstrate an adequate level of data security.
We take appropriate steps to address online security, physical security, risk of data loss, and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, we limit access to our databases containing personal data to authorized persons having a justified need to access such information.
Exercising your rights
You have the following rights to your personal data that we have gathered:
- You have the right to access and get a copy of the personal data that we can identify pertaining to you.
- Should you find any errors in your personal data, you can ask for these errors to be corrected.
- You have a right to object to our collection and the use of your personal data, where our use of your personal data infringes on your rights more extensively than what can objectively be deemed as permissible.
- You may request us to cease storing your personal data when we no longer have a defensible need to store it or as otherwise allowed by applicable data protection law.
- If you establish that the personal data we have on you is incorrect or we have no legal right to use it, you may request us to cease any further processing of your personal data, or only store it, until the issue is resolved.
- Where our collection of personal data is based on user consent, you may also withdraw your consent via the appropriate settings.
If you have questions on the data processing that RELEX performs for our own purposes or if you want to exercise your rights relating to applicable laws such as the General Data Protection Regulation in the EU, our contact information can be found below. If you feel that RELEX is not fulfilling your statutory rights, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman.
Profiling
RELEX does not engage in the profiling of individuals in the context of providing its solutions.
RELEX contact information
RELEX Oy acts as the data controller for personal data covered by this privacy notice:
Retail Logistics Excellence – RELEX Oy
Business ID FI 1963444-1
Address: Postintaival 7, FI-00230 Helsinki, Finland
Email: Info@relex.fi
Website: www.relexsolutions.com
The contact person in matters relating to this privacy notice at RELEX is:
RELEX Privacy Director: Hannes Saarinen, privacy@relexsolutions.com
Other RELEX affiliates may process personal data on RELEX Oy’s behalf, for the purposes specified in this privacy notice.
Changes
To keep this notice up to date, we make changes and additions to this from time to time. We publish the changed notice on our website or on any other channel where this privacy notice has previously been made available. If the changes are significant, we may also notify you by other means. Any changes apply from the date that we publish the revised notice.