Stonder Privacy Policy

Last update: June 19, 2018

At Luuva Oy (“Luuva”), we take data protection seriously. Safety of your data is of paramount importance to us.

This Privacy Policy has been put together to provide our users (“Users” or “you”) with transparent information about the privacy of our Stonder service (“Service”). This Privacy Policy aims to answer what data we collect and how we process, protect and distribute it as well as your legal rights and how to exercise them.


When registering an account on Stonder or during your use of it, we process the following general account data as inserted by you, the user:

  • E-mail address
  • IP address and high-level location
  • User Nickname
  • Metadata regarding Service usage


Purposes of processing

To provide you the Service

We process personal data in the first place to be able to offer Service to our Users in accordance with their user contract.

For communication

We may process personal data for the purpose of communicating with Users.

For analytics and Service improvements

We may process aggregated information regarding the use of Service to improve our service quality. When possible, we will do this using only aggregated, non-personally identifiable data.

For advertising

With your consent we may show or send you advertisements within Service.

Legal grounds for processing

We process personal data on the basis of a user contract, which is formed in connection with the creation of an account and acceptance of our terms and conditions. We may also process certain information to comply with legal obligations, such as consumer protection legislation.


We may share data with our group companies, subsidiaries and affiliates. Otherwise we do not share personal data with third parties outside of our organization unless one of the following circumstances applies:

It is necessary for the purposes set out in this Privacy Policy

To the extent that third parties need access to personal data to enable the offering of the Service, Luuva has taken appropriate contractual and organisational measures to ensure that personal data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations.

For legal reasons

We may share personal data with third parties outside Luuva's organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests or safety of Luuva or our Users in accordance with the law. Where possible, we will inform Users about such transfer and processing.

To our authorized service providers

We may share personal data to authorized service providers who perform services for us (including data storage, sales, marketing and other support function services). Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.

With your explicit consent

We may share personal data with third parties outside Luuva's organization for other reasons than the ones mentioned before, when we have the User’s explicit consent to do so. The User has the right to withdraw this consent at all times.


We do our best to keep your data safe and secure.

We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability restore the data. %p We regularly test our Service, systems, and other assets for security vulnerabilities.

We will take all reasonable precautions to ensure that our staff and employees who have been specifically granted access to information about you have received adequate training to ensure that they process that information only in accordance with this policy and with our obligations under applicable legislations.

Should despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you and relevant authorities as required by applicable data protection laws.


Service does not store personal data longer than is legally permitted and necessary for the purposes specified above. The storage period generally depends on the duration an account lifecycle unless data has been deleted upon request.


Right to access

You have the right to access your personal data processed by us. You may contact us and we will inform you what personal data we have collected and processed regarding you.

Right to withdraw consent

In case the processing is based on your consent, you may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use Service. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to correct

Users have the right to have incorrect or incomplete personal data we have stored about the User corrected or completed. You can correct or update some of your personal data through your user account in the Service.

Right to erasure

Users may also ask us to erase the User’s personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.

Right to object

Users may object to the processing of personal data if such data are processed for other purposes than purposes necessary for the performance of Service to the User or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.

Right to restriction of processing

Users may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use Service.

Right to data portability

Users have the right to receive their personal data from us in a structured and commonly used format and to independently transmit those data to a third party.

How to use the rights

The above-mentioned rights may be used by sending a letter or a secured e-mail to us on the addresses set out below, including the following information: the full name, company name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the User. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.


We do not knowingly process data of children under the age of 18.

Please note that according to our terms and conditions we reserve the right to delete accounts of children, in particular if no proof of parental consent is provided.


We may aggregate and anonymize data collected via the application. Such data will be anonymous and cannot be connected to an individual User, therefore no longer qualifying as personal data. We may use this type of anonymous data for analytics, statistics, research, communications and PR purposes as well as for trend detection and for benchmark data.


Luuva Oy
E-mail address: