Privacy Policy

This privacy policy explains how Windora Ab processes personal data in relation to its Windora™ application and observes requirements under EU’s General Data Protection Regulation and applicable national laws. Personal data means information that allows a person to be directly or indirectly identified as an individual person.

Controller and controller representative

Windora Ab

  • Address: Saukonpaadenranta 4 D 97, FI-00180 Helsinki, Finland
  • Representative: Thorbjorn Warin
  • Email:
  • Phone: +358 447833885

Data subjects

Data subjects are persons who use Windora™ application (“Application”).

Personal data will be processed for the purpose of the operation of the Application and analyzing the use of and developing the Application and its contents, in accordance with the legitimate interests of the controller.

Personal data processing may involve profiling to the extent permitted by law. Profiling means such processing where certain aspects relating to a person are evaluated by utilizing the personal data.

Personal data categories and sources

Only personal data that is relevant for the Application will be collected and processed, such as the following categories of personal data:

  • User ID and password
  • Email address
  • Parent's name/nickname
  • Child's name/nickname
  • Child's age
  • Language spoken and language to be taught
  • Tracking movements of individual users within the app
  • User’s operating system

Personal data will be collected through the Application and included 3rd party SDK’s.

Personal data retention periods

Personal data will be stored and processed during the term of the customer contract and after the termination of the customer contract as long as there are fair grounds for the processing. In a normal case personal data will be deleted after six months from the termination of the customer contract unless necessary for handling a customer complaint. In addition, such personal data that is required to be stored for bookkeeping and documentation purposes will be stored as long as required under the Accounting Act or other applicable law.

The deletion of personal data will be performed following the controller’s data erasure procedures.

Recipients of personal data

External hosting service providers Google Firebase and Unity Analytics will be used for the purpose of data processing.

Personal data may be processed both within and outside the European Union or European Economic Area but strictly in accordance with applicable laws and applying necessary safeguards.

Protection measures

Personal data will be protected by appropriate technical and organizational measures, such as access control and rights, event logging, protection of hardware and files, physical access restrictions, encryption of sensitive data, pseudonymization, user guidelines and supervision.

All personnel and processors are obliged to keep personal data in strict confidence. Only authorized personnel and processors may access personal data.


The Application does not make use of cookies.

Rights of data subjects

Each person shall be entitled to review personal data collected on them and have incorrect personal data rectified or erased. The persons shall be entitled to withdraw at any time the consents that they have given regarding the processing of personal data.

Each person shall be entitled to request restriction of personal data processing, to object to processing of personal data, and to data portability of personal data, in accordance with EU’s General Data Protection Regulation. The persons are also entitled to lodge a complaint with a supervisory authority.

If the persons wish to exercise the above-mentioned rights, they should send a request to the controller using the contact details above.

Privacy notice date

This privacy policy has been published on 30th of June 2020.