1. Register controller
Jääkärinkatu 2 E 40
Tel. +358 44 5773477
Tel. +358 45 656 70 65
3. Name of the register
- User register of Superlaiffi application
- Superlaiffi’s email list
4. Purpose of processing personal data
The permission to process personal data is given by the user. The permission is given while registering to use the application. The application tracks the user’s activity, and therefore processes data related to user activity.
The user data can also be used for analysing and developing the application. Developing the application may mean such things as adding new features.
Upon subscribing to the email list user consents to receiving periodical emails, including marketing messages. Additionally the data may be used for analysing and improving the emails.
5. Register content
Data files may contain following information:
- First name
- Birth date
- Email address
- IP-address and device information
6. Regular sources of data
Personal data is given by user with forms developed for this purpose. The location and device information are collected automatically from information sent by the device. The application also collects data of user’s activity while application is used.
Email subscribers data can be modified based on behaviour (email opens, link clicks, etc.).
7. Data transfer
The data is not transferred to third parties unless required by law. The data can be published as agreed with the client.
8. Principles of protecting the register
All personal data will remain confidential. Data network and equipment where the file is are protected by the firewall and other required security systems. The data is transferred through secure connections. Using the system requires username and password. Only the administrators and developers authorized by Superlaiffi are allowed to use the application data.
Mailchimp uses high security measures to protect the email list data.
9. Right to verify your information
Every person in the register have the right to check what kind of personal data has been collected, and right to request for modification of any incorrect or outdated personal data. The request has to be made in written format and it must be sent to contact person mentioned on this policy. Register controller may require the person making the request to prove their identity. Register controller will respond in the time regulated by GDPR (mainly within a month).
10. Other rights
Every person in the register has a right to ask to be removed from the register (“right of erasure”). The person in register also has all the other rights according to GDPR, such as limiting the processing of data in certain situations. The request has to be made in written format and it must be sent to contact person mentioned on this policy. Register controller may require the person making the request to prove their identity. Register controller will respond in the time regulated by GDPR (mainly within a month).