Last update: June 19, 2018
At Luuva Oy (“Luuva”), we take data protection seriously. Safety of your data is of paramount importance to us.
1. WHAT PERSONAL DATA DO WE PROCESS?
When registering an account on Stonder or during your use of it, we process the following general account data as inserted by you, the user:
- E-mail address
- IP address and high-level location
- User Nickname
- Metadata regarding Service usage
PURPOSES AND LEGITIMATE GROUNDS FOR PROCESSING OF PERSONAL DATA
Purposes of processing
To provide you the Service
We process personal data in the first place to be able to offer Service to our Users in accordance with their user contract.
We may process personal data for the purpose of communicating with Users.
For analytics and Service improvements
We may process aggregated information regarding the use of Service to improve our service quality. When possible, we will do this using only aggregated, non-personally identifiable data.
With your consent we may show or send you advertisements within Service.
Legal grounds for processing
We process personal data on the basis of a user contract, which is formed in connection with the creation of an account and acceptance of our terms and conditions. We may also process certain information to comply with legal obligations, such as consumer protection legislation.
3. SHARING YOUR PERSONAL DATA
We may share data with our group companies, subsidiaries and affiliates. Otherwise we do not share personal data with third parties outside of our organization unless one of the following circumstances applies:
For legal reasons
We may share personal data with third parties outside Luuva's organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests or safety of Luuva or our Users in accordance with the law. Where possible, we will inform Users about such transfer and processing.
To our authorized service providers
With your explicit consent
We may share personal data with third parties outside Luuva's organization for other reasons than the ones mentioned before, when we have the User’s explicit consent to do so. The User has the right to withdraw this consent at all times.
4. SAFEGUARDING YOUR DATA
We do our best to keep your data safe and secure.
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability restore the data. %p We regularly test our Service, systems, and other assets for security vulnerabilities.
We will take all reasonable precautions to ensure that our staff and employees who have been specifically granted access to information about you have received adequate training to ensure that they process that information only in accordance with this policy and with our obligations under applicable legislations.
Should despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you and relevant authorities as required by applicable data protection laws.
5. HOW LONG DO WE KEEP YOUR DATA?
Service does not store personal data longer than is legally permitted and necessary for the purposes specified above. The storage period generally depends on the duration an account lifecycle unless data has been deleted upon request.
6. YOUR RIGHTS
Right to access
You have the right to access your personal data processed by us. You may contact us and we will inform you what personal data we have collected and processed regarding you.
Right to withdraw consent
In case the processing is based on your consent, you may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use Service. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to correct
Users have the right to have incorrect or incomplete personal data we have stored about the User corrected or completed. You can correct or update some of your personal data through your user account in the Service.
Right to erasure
Users may also ask us to erase the User’s personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.
Right to object
Users may object to the processing of personal data if such data are processed for other purposes than purposes necessary for the performance of Service to the User or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.
Right to restriction of processing
Users may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use Service.
Right to data portability
Users have the right to receive their personal data from us in a structured and commonly used format and to independently transmit those data to a third party.
How to use the rights
The above-mentioned rights may be used by sending a letter or a secured e-mail to us on the addresses set out below, including the following information: the full name, company name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the User. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
7. DATA OF CHILDREN
We do not knowingly process data of children under the age of 18.
Please note that according to our terms and conditions we reserve the right to delete accounts of children, in particular if no proof of parental consent is provided.
8. ANONYMIZED DATA
We may aggregate and anonymize data collected via the application. Such data will be anonymous and cannot be connected to an individual User, therefore no longer qualifying as personal data. We may use this type of anonymous data for analytics, statistics, research, communications and PR purposes as well as for trend detection and for benchmark data.
9. OUR CONTACT INFORMATION
E-mail address: firstname.lastname@example.org