DATA PROTECTION POLICY
Last modified 22 April 2020
This data protection policy explains what kind of information we, Superoperator Oy, collect about the users of our services and website as well as our client’s representatives (“users”), how we use this information and how the user can influence this.
1. WHAT PERSONAL DATA DO WE COLLECT?
1.1. Data provided by the user, e.g.
- name, email address, address, phone number and other contact details
- payment information
- approval for direct marketing via email, SMS and other automated systems, for instance newsletter subscription
- feedback, correspondence and contacts from the clients
1.2. Data received from the use of web services
- the web service’s browser data
- the web service’s user data (for instance user’s method of entry to the service, IP address, browser and device data, cookie identifier, time spent on service, geographical location)
2. FOR WHAT PURPOSES AND ON WHICH GROUNDS IS THIS PERSONAL DATA USED?
We use personal data only for predefined purposes:
We process personal data to be able to offer our services to our users and to run and maintain our business. Personal data may be processed in order to carry out our contractual obligations towards the user or towards our clients. We may use the data for example to offer essential functionalities of the services and to provide access to the services.
We process personal data to enable us to administer and fulfil our obligations under law. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities, such as tax authorities.
We may process personal data in relation to claims handling, debt collection and legal processes. We may also process data for the prevention of fraud, misuse of our services and for data, system and network security.
We may process personal data for the purpose of contacting our users regarding our services and for informing users of changes in our service. We may also process personal data to market our services, for example in the form of sending newsletters.
We collect information on how our services and website is used, enabling us to improve and develop our services.
We process personal data on a contractual basis when the personal data is processed based on a contract between us and the user. Further, with respect to users acting as representatives of our clients, their personal data is primarily processed based on our legitimate interest whilst fulfilling our contractual obligations towards the customer.
We may also process personal data based on our other legitimate interests, for example in connection with quality improvement, analytics, marketing, claims handling and legal processes.
When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy.
In certain cases, you may be requested to grant your consent for the processing of your personal data (e.g. when signing up for a newsletter). In this event, the legal ground for such processing is your consent. You may withdraw your consent at any time.
3. INTERNATIONAL TRANSFER
Superoperator stores personal data primarily within the European Economic Area. However, we have service providers in several geographical locations. As such, we and our service providers may transfer personal data to, or access it in, jurisdictions outside the European Economic Area or outside of your domicile.
We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which it is processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards, such as the Privacy Shield Framework.
4. THIRD PARTIES
We use some third-party services. We select these parties carefully to ensure their compliance with the EU data protection law.
We may share personal data with third parties outside of our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Superoperator, our users or the public in accordance with the law. When possible, we will inform you about such transfer and processing.
In the following, we have listed the third-party processors used for data processing of data collected by our website. Please note that the list does not include all of our data processors.
4.1. WP Engine
This website’s hosting services are offered by WP Engine. WP Engine is committed to observing the EU data protection law. The website is secured in the following ways, among others: 24 h surveillance, HTTPS protection, regular updates, and storing collected information in databases protected by fire-walls, encryption techniques and limited access control and network access.
More information on WP Engine’s terms can be found here.
4.2. Google Analytics
We use Google Analytics to measure the use of our web services. Google Analytics may place cookies on the user’s device to collect data for example on website’s visitor numbers. This data can also be used for showing visitors advertisement that is likely to interest them. Cookie is a small text file the browser downloads to the user’s device. Cookies usually have an unnamed, user-specific identifier, that allows us to recognise and count the browsers visiting our website.
More information on Google Analytics’ terms are found here.
If you join our mailing list/subscribe to our newsletter, your email address will be forwarded to MailChimp, where our newsletter mailings are administered. Your email address will be stored on MailChimp database as long as you wish to receive our newsletter. If you want your data removed from our mailing list, do get in touch. On each of our newsletters there is a link (unsubscribe) you can click to report us you no longer want your information stored on our mailing list.
More information on MailChimp’s terms can be found here.
4.4. Community plug-ins
4.5. Privacy on mobile applications
We offer mobile and tablet applications to our users. Mobile applications that are available through third parties such as Apple’s App Store, Google Play or Microsoft Store are, in addition to this data protection statement, in compliance with each service provider’s terms. You can click on these links to find out more about Apple’s terms, Google’s terms and Microsoft’s terms.
5. HOW LONG IS MY DATA STORED FOR?
Superoperator does not store your personal data longer than is legally permitted and necessary for the purposes of providing the services or the relevant parts thereof, or for another individual purpose for which your personal data is being processed. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use.
Most personal data relating to a user’s user account with the services will be deleted or anonymized soon after the user’s account has been deleted. We delete or anonymize most data relating to the visitors of our website within 18 months.
However, we may store some of the personal data longer if such processing is required by law or is reasonably necessary for our legal obligations or legitimate interests such as claims handling, legal proceedings or bookkeeping.
Information regarding direct marketing is stored until further notice if you have given us your consent for direct marketing. If you later opt out from the direct marketing, we delete other information regarding the direct marketing, but will retain the information that you have opted out of the direct marketing to ensure compliance with your opt-out request.
6. HOW IS MY PERSONAL DATA PROTECTED?
We take all the necessary technical privacy measures to secure our users’ personal data. These measures are for instance the use of fire-walls, encryption techniques and safe physical collocations, appropriate access control, controlled access rights and access supervising, and guidance for the personnel involved in handling the personal data. We also take measures to ensure that all our subcontractors observe the EU data protection law.
7. LINKS TO OTHER WEBSITES
We do not account for the privacy policies or contents of sites that are linked to our website and administered by external parties, nor do we account for their legitimacy or administration. In case you notice illegal or offensive content on websites linked by us, we appreciate any feedback.
8. HOW CAN I INFLUENCE?
We are committed to offering our users choices and administrative options when it comes to privacy.
8.1. Direct marketing restriction
The user has the right to forbid the use of their data for direct advertising, distance sales and other direct marketing by contacting us via email at firstname.lastname@example.org
8.2. Right to access, right to rectify
The user has the right to check any personal data collected on them. From the user’s request we can delete or complete any personal data that is inaccurate or outdated with respect to the aim of handling the personal data. The user can update and/or check their personal data by contacting us.
8.3 Right to erasure
You may also ask us to erase your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.
8.4 Right to object
You have the right to object to certain use of your personal data if such data are processed for other purposes than necessary for the performance of the services or for compliance with a legal obligation. If you object to the further processing of your personal data, this may lead to fewer possibilities to use our services.
8.5 Right to restriction of processing
You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our services.
8.6 Right to data portability
You may have the right to receive certain personal data from us in a structured and commonly used format and to independently transmit those data to a third party.
8.7. Blocking cookies
9. LODGING A COMPLAINT
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.
In Finland, the local supervisory authority is the Data Protection Ombudsman (https://www.tietosuoja.fi).
Superoperator Oy (FI22693290)
Itkonniemenkatu 11, 70500 Kuopio, Finland
Contact person for privacy matters
+358 40 864 1354