Controller and controller representative
- Address: Saukonpaadenranta 4 D 97, FI-00180 Helsinki, Finland
- Representative: Thorbjorn Warin
- Email: firstname.lastname@example.org
- Phone: +358 447833885
Data subjects are persons who use Windora™ application (“Application”).
Purpose and legal basis of personal data processing
Personal data will be processed for the purpose of the operation of the Application and analyzing the use of and developing the Application and its contents, in accordance with the legitimate interests of the controller.
Personal data processing may involve profiling to the extent permitted by law. Profiling means such processing where certain aspects relating to a person are evaluated by utilizing the personal data.
Personal data categories and sources
Only personal data that is relevant for the Application will be collected and processed, such as the following categories of personal data:
Personal data will be collected through the Application and included 3rd party SDK’s.
Personal data retention periods
Personal data will be stored and processed during the term of the customer contract and after the termination of the customer contract as long as there are fair grounds for the processing. In a normal case personal data will be deleted after six months from the termination of the customer contract unless necessary for handling a customer complaint. In addition, such personal data that is required to be stored for bookkeeping and documentation purposes will be stored as long as required under the Accounting Act or other applicable law.
The deletion of personal data will be performed following the controller’s data erasure procedures.
Recipients of personal data
External hosting service providers Google Firebase and Unity Analytics will be used for the purpose of data processing.
Personal data may be processed both within and outside the European Union or European Economic Area but strictly in accordance with applicable laws and applying necessary safeguards.
Personal data will be protected by appropriate technical and organizational measures, such as access control and rights, event logging, protection of hardware and files, physical access restrictions, encryption of sensitive data, pseudonymization, user guidelines and supervision.
All personnel and processors are obliged to keep personal data in strict confidence. Only authorized personnel and processors may access personal data.
Rights of data subjects
Each person shall be entitled to review personal data collected on them and have incorrect personal data rectified or erased. The persons shall be entitled to withdraw at any time the consents that they have given regarding the processing of personal data.
Each person shall be entitled to request restriction of personal data processing, to object to processing of personal data, and to data portability of personal data, in accordance with EU’s General Data Protection Regulation. The persons are also entitled to lodge a complaint with a supervisory authority.
If the persons wish to exercise the above-mentioned rights, they should send a request to the controller using the contact details above.
Privacy notice date