1. Data Controller
Contact details of the data controller: Maarit Rossi, Suolakivenkatu 1, 00810, Helsinki, FI, firstname.lastname@example.org
2. Data Collection
Service Provider may collect personal data through different means, which are explained below. As a rule, the personal data processed by Service Provider is provided by the users themselves upon registration and/or in the context of usage of Service, such as:
- Name and date of birth
- Contact details, such as email address, address and phone number
- Language preferences
- Information relating to customer relationship, such as date of registration and billing information
- Customer interaction, customer contacts and replies
Service Provider may collect technical data on the use of Services, which may be personal data, such as:
- Time stamps and log data relating to the use of Services; and
- Device ID, device type, operating system used and application settings.
3. Legal basis and purpose of processing personal data
Service Provider collects personal data for the following purposes:
(1) To provide the Services and manage customer relationship
- The primary purpose of collecting personal data is to provide the Service and to manage and maintain the customer relationship. This processing of personal data is based on the contract between the user and Service Provider. This concern, for example, the data collected upon registration, during the use of the Service and the technical data needed to run the Service and communication with the user.
- Service Provider may send users emails to inform them about new features, solicit feedback, or provide information on operations and services. In this respect, processing may be based on consent or on our legitimate interest to provide users with relevant information as part of the Service and to promote the Service to users. Users may object to marketing communications at any time in accordance with section 7 below.
(3) Service development and information security
- Service Provider pursues to offer a good quality and secure Service. Therefore, Service Provider may use the data to analyze the market, users and Service for the purpose developing and improving the quality of the Services. This processing is based on our legitimate interest to grow and develop.
4. Disclosure of personal data
We may disclose users' personal data to third parties in the following cases:
(1) We may disclose personal data to trusted subcontractors who act on our behalf and do not have an independent right to use the personal data we disclose to them. We may use subcontractors when providing the Service;
(2) When required by law such as response to a subpoena, comply with requests by competent authorities or related to legal proceedings;
(3) If Service Provider is involved in a merger, acquisition, or sale of all or a portion of its assets; and
(4) When we believe in good faith that disclosure is necessary in order to protect Service Provider's or users' rights or safety or to respond to a government request.
5. Transfer of personal data outside of EU/EEA
Service Provider (or its subcontractors) may process personal data outside of European Economic Area. In this case we will use the required established mechanisms that allow the transfer to subcontractors in those thirds countries, such as the Standard Contractual Clauses approved by the European Commission. We will rely on the so-called Privacy Shield for those subcontractors located in the U.S that are Privacy Shield-certified. For more information about the Privacy Shield framework developed by the U.S. Department of Commerce and the EU Commission and the related principles concerning processing of personal data, please see here.
6. Data retention
7. Privacy Rights
Each individual user ("data subject" in accordance with applicable data protection law) has following privacy rights under applicable data protection law:
- - A user has a right to access personal data that Service Provider holds about him or her and right to request to correct or delete his or her personal data to the extent required by applicable data protection law. A user may review his or her personal data by signing into Service by using his or her User ID and password;
- - A user has a right to request restriction of processing and object to processing for the purpose of direct marketing to the extent required by applicable data protection law;
- - A user has a right to data portability, i.e. the right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable data protection law;
- - If a user thinks there is a problem with the way Service Provider is processing user's personal data, user has a right to file in a complaint to the national data protection authority in the EU/EEA. In Finland the competent authority is the Data Protection Ombudsman. The user may contact Finnish Data Protection Ombudsman through this link.
Please send above mentioned requests to , email@example.com or firstname.lastname@example.org.
Service Provider has carried out the technical and organizational measures necessary for securing personal data against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. Service Provider limits the access to personal data to authorized employees and subcontractors who need to know that information in the course of their job description, for example, for the purposes of responding to requests or development of the Service. Please be aware that, although Service Provider endeavors to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.