We respect your privacy. We always process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and the Council (“GDPR”).
In this Policy, we describe what personal data about users of the Services (“User(s)” or “you”) and for what purposes this information is processed, as well as what rights you have with respect to your personal data processed under this Policy. Any service-specific additions can be found in the terms of service, data processing agreements or other similar service-specific information.
This Policy may be updated, and the current version is available on our website at www.positive.fi. You should not use our Services if you do not consent to the processing of personal data by us in accordance with the Policy.
WHOSE INFORMATION WE PROCESS
We process the personal data of Users and potential new customers who contact us through the Service or other channels.
We also process the personal data of the organizational users that our organizational customers manage based on an agreement between our organizational customers. The controllers of this data are our organizational customers, and we act as processors under a separate agreement on the processing of personal data. If you have not acquired or received access to our Service directly from us but, for example, from your employer, please contact that party in matters concerning your personal data.
PERSONAL DATA WE COLLECT
Personal data means information from which a person is identifiable or which enables identification. Some of the personal data we process is provided by the User, and some is obtained by collecting information about the User’s interactions and experiences on the Service.
When you register for or use the Service, we may require you to provide us with personally identifiable information that identifies you personally, such as your name, email address, telephone number, and billing information. In connection with the use of the Service, we process such personal data provided by the User or his / her authorized person, the processing of which is necessary for the provision of the Service. Such personal data includes:
- User identification information (for example, first and last name, e-mail address and group information);
- Payment information provided by the User when the User purchases the Service from us;
- User contact and customer service requests; and
- User Content (for example, communications between you and another user or text, media and other files you upload, share or store on the Service).
Personal data is collected from the User in connection with registration or in any other way at the beginning and during the customer relationship between Positive and the User. In addition to information, we collect directly from Users, we may collect and process technical information that is classified as personal data.
Such information includes, for example, the User’s IP address, browser type and version, sitelinks and their use (including navigating to our site, navigating elsewhere on our site, and navigating between different sections of our site) and information about using different sections of our Service. We may use such information to investigate potential problems with our Service, to develop our Service and to improve the quality of our Services.
It is also worth noting that some of the Services allow you to share personal data and messages with other users and other users may copy and further share that information.
PURPOSE OF USE
We process personal data only to provide and develop the Services provided to you, to identify the security of the Services, to prevent any security or technical issues or crimes, and to manage customer relationships, and we never sell or otherwise use your personal data for any other purpose. We delete or anonymize information that is no longer necessary for its intended use.
LEGAL BASIS FOR DATA PROCESSING
We will primarily process personal data only when: (a) we need that information to fulfil our contractual obligations to provide the Services, or (b) the processing is in our or a third party’s legitimate interest (and the User’s interests or rights are not compromised).
If we ask you to provide your personal data in order to comply with our legal obligations or to enter into an agreement with you, we will notify you clearly and in a timely manner. We will also provide guidance on whether the provision of personal data is mandatory in the situation and on the possible consequences of refusing to provide personal data. If we collect and use your personal data in a situation of legitimate interest to us or a third party that is not mentioned in this Policy, we will also clearly and appropriately disclose such legitimate interest in such a situation.
COOKIES AND OTHER TECHNICAL INFORMATION
We use both session-specific and tracking cookies on the Service. Session-specific cookies collected by our Service remain in memory while the browser is open but are destroyed when the browser is closed. Only the tracking cookies used to identify new visitors and returners to our website will be retained. The tracking cookie is valid for 13 months, unless you delete the cookie yourself or have automatically adjusted your browser settings to delete the cookie earlier.
We also use Google Analytics, a network usage analysis service provided by Google. This service monitors and reports online traffic on our website to improve the functionality of our website. For a more detailed description of that service, we recommend visiting the Google Analytics page. You can prevent Google Analytics from collecting and using information about you here.
According to data protection legislation, a child usually needs the consent or authorization of a guardian or other holder of parental responsibility with access to information society services, such as social media and various applications. “Child” in this Policy means anyone under the age of 13, except in jurisdictions where the privacy law specifies a different age.
If the User of the Service is a Child, the Child’s guardian or other holder of parental responsibility must give consent to the use of the Service and the processing of personal data. The giving of consent is verified so that the consent of the guardian or other holder of parental responsibility is a prerequisite for using the Service.
We take special care when processing a Child’s personal data and will never process information that is not necessary to provide the Service. However, a Child may create and share content on the Service that contains personal data. It is also worth noting that some of the Services allow you to share personal data and messages with other users and other users may copy and further share that information.
In accordance with our policy, data will be deleted no later than 6 months after the termination of the user account as described in more detail below.
We do not share any personal data with third parties, except for those authorized service providers who provide services to us (such as infrastructure and IT service providers). We have legally binding agreements with those service providers to ensure their commitment to at least the same standards of privacy and security as we do.
However, we may share your personal data with third parties if it is necessary to comply with applicable law or to detect and prevent any security or technical issues or crimes that may occur on our Service. In such cases, we will strive to inform Users of data transfers where possible.
Personal data may also be shared with other users and groups with whom you post on the service. Such personal data includes your name and / or username and other information and content you share.
TRANSFERS TO NON-EU COUNTRIES
We store the personal data we process within the European Union and the European Economic Area (meaning, in addition to the EU Member States, Norway, Iceland and Liechtenstein, hereinafter the “EEA”) as fully as possible. However, we may also use service providers established outside the EEA, which means that we may transfer the personal data we process to service providers established outside the EEA.
We strive to ensure that when our personal data is transferred outside the EEA by our service providers, there are adequate and appropriate methods of data protection and that these methods are compatible with the applicable data protection regulations. In all situations, transfers will be made in accordance with the provisions of the GDPR and, for example, on the basis of the European Commission’s standard clauses on the transfer of personal data outside the EEA.
We have administrative, structural, technical and physical safeguards in place to protect the personal data we process from unauthorized access and alteration, disclosure and destruction. Such mechanisms include firewalls, data encryption, and secure modes. We also regularly inspect our websites, data rooms, systems and other tools for security breaches.
If, despite our protection mechanisms, a security breach occurs that would have a negative impact on the privacy of Users, we will notify all parties concerned, Users and other parties affected by the breach. We will also notify the relevant authority of the breach as soon as possible, as required by data protection legislation.
We will only retain personal data for as long as is necessary for the purposes set forth in this Policy, unless we have a legal obligation to retain such information for an extended period of time or we have a reasonable and lawful purpose to retain it.
Once the need for the processing of personal data has disappeared, we will destroy all such data in our possession within a reasonable time and no later than six (6) months after there are no longer grounds for processing such personal data. Personal data concerning users may also be destroyed on the basis of a request submitted by the User, provided that the legislation in force at the time of the request does not prevent the destruction of the data. In some of the Services, the User may also delete his or her personal data by himself or herself.
The right to access your data. You have the right to see the personal data we process about you. To the extent that information is not available on the Service, please email us using the contact information below.
The right to rectification. If your personal data changes or you find an error in it, you may correct, update or delete your information primarily on the Service and secondarily by contacting us.
Right to withdraw consent. The guardian or other holder of parental responsibility has the right to withdraw his or her consent to the processing of personal data of a child under the age of 13 and the right to ask us to delete the data we have processed on the basis of his or her prior consent. We will only store and use such information if we have a justified and legitimate reason to do so, such as complying with our legal obligations or resolving any disputes.
Right to erasure. You may delete your information on the Service. To the extent that deletion cannot be made on the Service, you may request us to delete personal data about you if (a) such information is no longer relevant to the purposes for which it was collected and processed, (b) we have no reasonable cause to process your personal data, or (c) your personal data has been unlawfully processed for any other reason. You can make a request using the contact information below.
Right to restriction. You have the right to ask us to restrict the processing of your personal data, for example if you have disputed the accuracy of the personal data or are waiting for us to respond to your request to delete personal data concerning you.
Right to data portability. You have the right to receive the personal data you provide to us in a structured, commonly used and machine-readable form, and if you wish, the information may also be transferred to another controller if technically possible.
Right to lodge a complaint. If you believe that we have processed your personal data in a manner that violates data protection legislation, or for any other reason you are not satisfied with the processing of your information, you may send us an email at the address below. You also have the right to lodge a complaint with the local supervisory authority.
Positive Learning Oy
Date of compilation: 10.9.2021