DATA PROTECTION POLICY

Last modified 22 April 2020

This data protection policy explains what kind of information we, Superoperator Oy, collect about the users of our services and website as well as our client’s representatives (“users”), how we use this information and how the user can influence this.

1. WHAT PERSONAL DATA DO WE COLLECT?

1.1. Data provided by the user, e.g.

1.2. Data received from the use of web services

2. FOR WHAT PURPOSES AND ON WHICH GROUNDS IS THIS PERSONAL DATA USED?

We use personal data only for predefined purposes:

We process personal data to be able to offer our services to our users and to run and maintain our business. Personal data may be processed in order to carry out our contractual obligations towards the user or towards our clients. We may use the data for example to offer essential functionalities of the services and to provide access to the services.

We process personal data to enable us to administer and fulfil our obligations under law. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities, such as tax authorities.

We may process personal data in relation to claims handling, debt collection and legal processes. We may also process data for the prevention of fraud, misuse of our services and for data, system and network security.

We may process personal data for the purpose of contacting our users regarding our services and for informing users of changes in our service. We may also process personal data to market our services, for example in the form of sending newsletters.

We collect information on how our services and website is used, enabling us to improve and develop our services.

Processing grounds:

We process personal data on a contractual basis when the personal data is processed based on a contract between us and the user. Further, with respect to users acting as representatives of our clients, their personal data is primarily processed based on our legitimate interest whilst fulfilling our contractual obligations towards the customer.

We may also process personal data based on our other legitimate interests, for example in connection with quality improvement, analytics, marketing, claims handling and legal processes.

When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy.

In certain cases, you may be requested to grant your consent for the processing of your personal data (e.g. when signing up for a newsletter). In this event, the legal ground for such processing is your consent. You may withdraw your consent at any time. 

3. INTERNATIONAL TRANSFER

Superoperator stores personal data primarily within the European Economic Area. However, we have service providers in several geographical locations. As such, we and our service providers may transfer personal data to, or access it in, jurisdictions outside the European Economic Area or outside of your domicile.

We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which it is processed. We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards, such as the Privacy Shield Framework.

4. THIRD PARTIES

We use some third-party services. We select these parties carefully to ensure their compliance with the EU data protection law.

We may share personal data with third parties outside of our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Superoperator, our users or the public in accordance with the law. When possible, we will inform you about such transfer and processing.

We may share personal data to authorized service providers who perform services for us (including data storage, sales, marketing and support services). Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data only for the purposes set out in this Privacy Policy and to meet legal requirements on privacy and security.

If Superoperator is involved in a merger, acquisition or asset sale, we may transfer personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to those concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.

In the following, we have listed the third-party processors used for data processing of data collected by our website. Please note that the list does not include all of our data processors.

These parties are located in the US and are in compliance with an EU data protection law -abiding EU-U.S Privacy Shield. The service may also include cookies from measuring and tracking services, advertising networks and other third parties. You can read more about our cookie policy here.

4.1. WP Engine

This website’s hosting services are offered by WP Engine. WP Engine is committed to observing the EU data protection law. The website is secured in the following ways, among others: 24 h surveillance, HTTPS protection, regular updates, and storing collected information in databases protected by fire-walls, encryption techniques and limited access control and network access.

More information on WP Engine’s terms can be found here.

4.2. Google Analytics

We use Google Analytics to measure the use of our web services. Google Analytics may place cookies on the user’s device to collect data for example on website’s visitor numbers. This data can also be used for showing visitors advertisement that is likely to interest them. Cookie is a small text file the browser downloads to the user’s device. Cookies usually have an unnamed, user-specific identifier, that allows us to recognise and count the browsers visiting our website.

You can read our detailed cookie policy here.

More information on Google Analytics’ terms are found here.

4.3. Mailchimp

If you join our mailing list/subscribe to our newsletter, your email address will be forwarded to MailChimp, where our newsletter mailings are administered. Your email address will be stored on MailChimp database as long as you wish to receive our newsletter. If you want your data removed from our mailing list, do get in touch. On each of our newsletters there is a link (unsubscribe) you can click to report us you no longer want your information stored on our mailing list.

More information on MailChimp’s terms can be found here.

4.4. Community plug-ins

Our web service uses community plug-ins, such as the Like or Share buttons for Facebook, Twitter, LinkedIn or Instagram. These community plug-in buttons are visible on our service, but their content comes directly from the button’s source. The community plug-in identifies a user as logged in to the service in question, allowing the site to show custom content on the plug-in. If the user is not logged in on the service in question, the community plug-in will not show custom content. Community plug-in services can collect data on the user’s visits in compliance with their privacy policy. The services in question do not cede the data collected to Superoperator Oy, unless they have a separate approval from the user.

4.5. Privacy on mobile applications

We offer mobile and tablet applications to our users. Mobile applications that are available through third parties such as Apple’s App Store, Google Play or Microsoft Store are, in addition to this data protection statement, in compliance with each service provider’s terms. You can click on these links to find out more about  Apple’s terms, Google’s terms and Microsoft’s terms.

5. HOW LONG IS MY DATA STORED FOR?

Superoperator does not store your personal data longer than is legally permitted and necessary for the purposes of providing the services or the relevant parts thereof, or for another individual purpose for which your personal data is being processed. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use.

Most personal data relating to a user’s user account with the services will be deleted or anonymized soon after the user’s account has been deleted. We delete or anonymize most data relating to the visitors of our website within 18 months.

However, we may store some of the personal data longer if such processing is required by law or is reasonably necessary for our legal obligations or legitimate interests such as claims handling, legal proceedings or bookkeeping.

Information regarding direct marketing is stored until further notice if you have given us your consent for direct marketing. If you later opt out from the direct marketing, we delete other information regarding the direct marketing, but will retain the information that you have opted out of the direct marketing to ensure compliance with your opt-out request. 

6. HOW IS MY PERSONAL DATA PROTECTED?

We take all the necessary technical privacy measures to secure our users’ personal data. These measures are for instance the use of fire-walls, encryption techniques and safe physical collocations, appropriate access control, controlled access rights and access supervising, and guidance for the personnel involved in handling the personal data. We also take measures to ensure that all our subcontractors observe the EU data protection law.

7. LINKS TO OTHER WEBSITES

We do not account for the privacy policies or contents of sites that are linked to our website and administered by external parties, nor do we account for their legitimacy or administration. In case you notice illegal or offensive content on websites linked by us, we appreciate any feedback.

8. HOW CAN I INFLUENCE?

We are committed to offering our users choices and administrative options when it comes to privacy.

8.1. Direct marketing restriction

The user has the right to forbid the use of their data for direct advertising, distance sales and other direct marketing by contacting us via email at info@superoperator.com

8.2. Right to access, right to rectify

The user has the right to check any personal data collected on them. From the user’s request we can delete or complete any personal data that is inaccurate or outdated with respect to the aim of handling the personal data. The user can update and/or check their personal data by contacting us.

8.3 Right to erasure

You may also ask us to erase your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.

8.4 Right to object

You have the right to object to certain use of your personal data if such data are processed for other purposes than necessary for the performance of the services or for compliance with a legal obligation. If you object to the further processing of your personal data, this may lead to fewer possibilities to use our services.

8.5 Right to restriction of processing

You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our services.

8.6 Right to data portability

You may have the right to receive certain personal data from us in a structured and commonly used format and to independently transmit those data to a third party.

8.7. Blocking cookies

The user can clear all cookies saved on their browser from the browser’s settings. Blocking the use of cookies may affect the functionality of our services.

You can read our detailed cookie policy here.

9. LODGING A COMPLAINT

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.

In Finland, the local supervisory authority is the Data Protection Ombudsman (https://www.tietosuoja.fi).

The controller of the personal data processing described in this Privacy Policy is Superoperator Oy. The user can at any time contact the controller at the following addresses:

Contact information:

Superoperator Oy (FI22693290)
Itkonniemenkatu 11, 70500 Kuopio, Finland
info@superoperator.com

Contact person for privacy matters

Riku Uotinen
riku.uotinen@superoperator.com
+358 40 864 1354