Privacy Policy for the KINDFULL mobile app
Last date of modification Aug 20 2019
The appropriate and careful processing of your personal data is very important to Huoleti Ltd. When processing your personal data, we follow the data protection legislation as well as good practices for data management and processing.
We follow the principles of the General Data Protection Regulation (GDPR) that require us to
- process your personal data in a lawful, fair, and transparent manner in relation to you as data subject;
- process your personal data in a confidential and secure manner;
- collect and process your personal data only for specified, explicit, and legitimate purposes;
- limit the personal data we collect to what is necessary in relation to the purposes for which they are processed;
- update or provide you with an user interface to update your personal data when necessary, and rectify without delay any personal data that is inaccurate;
- keep your personal data in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed.
The data we process can be divided into data provided by the user and data acquired by observing the user’s use of the mobile application. Our Privacy Policy may be modified slightly as a result of our product development activities or when the respective legislation changes. In such cases, we will update this Privacy Policy according to the current conditions. The Kindfull mobile app may also be updated from time to time without further notice. The objective of these updates is to improve the service.
This Privacy Policy explains in detail what personal data we keep on our users and how we use the data. It also contains information on your rights as a data subject and how you can access your information, for example.
You can always find up-to-date information on our privacy policies on this site.
Why and on what basis do we process your personal data?
We collect your personal data for the following purposes:
- Performance of the service via the Kindfull mobile app;
- Development of the Kindfull mobile app and the services performed via the app, as well as the improvement of the quality of the service;
- Customer satisfaction measurements;
- Implementation of marketing, sales, and communication as required by law; and
- Performance of customer communications and customer service in case of problems and as a part of regular customer communication, for example.
- The legal basis for processing your personal data is customer relations and the customer’s consent.
You can try out Kindfull mobile app for a limited period without a use code. After the trial period at the latest, you will need a code to use the Kindfull app. You can acquire the code from either Huoleti Ltd or one of its customers or partners. From time to time, Huoleti Ltd also organizes campaigns that you can ask about by contacting info@huoleti.fi or on the Huoleti Facebook page.
While the user code differentiates the user groups in the app, it does not differentiate users or identify their information or behavior. However, the codes can be used for acquiring statistical data about, for example, the kind of help a user needs and the related worry. Statistical data do not contain any personal data. The statistical data that we collect may be used in the development of partner services or products and the improvement of their targeting.
Profiling and automated data processing
At the moment, the Kindfull mobile app does not profile its users or process any of their data by automated means. You will be informed explicitly of any changes to these practices.
How do we process your personal data?
We process your personal data in accordance with the requirements of the General Data Protection Regulation. Only the Huoleti Ltd employees that are authorized to process personal data will participate in the processing of your personal data. We have ensured our personnel’s awareness of and skills regarding data security with training and up-to-date instructions.
Your personal data may be processed in various data systems that are managed by either Huoleti Ltd or one of its partners. We make sure that the data protection principles are followed in all phases of processing personal data.
Huoleti Ltd has valid agreements in place with all of our partners that meet the requirements set out in the Data Protection Regulation. The agreements provide us with sufficient guarantees that the data processors adhere to the requirements of the General Data Protection Regulation when processing personal data.
By using the Huoleti mobile app you accept that we collect data related to you as described in this policy.
What data do we collect?
The following data provided by the user will be recorded in the personal data filing system formed as a result of users registering to the Kindfull mobile app:
- Email address (your email address is also your username in the service);
- Nickname;
- Password;
- Address, city and state;
- Phone number;
- Location with latitude and longitude;
- Device id.
If you register as a person with a worry, the high-level category of your worry (such as an illness or other challenging life situation) will be also recorded.
In addition to the above information, the following optional information that you can enter when you set up the mobile app will be recorded in the filing system:
- Short free-text description of yourself;
- Profile picture that you provide;
- Your name and contact information;
- Year of birth;
- Other information related to your life (hobbies, pets, etc.), if any.
The collection and processing of the following information requires your specific consent:
- You own description of your life situation, worry or possible illness. Please note that if you disallow using this data, you cannot use the peer support services in the mobile app;
- Location and positioning data; other users will see your approximate location with an accuracy of a few hundred meters of your actual location. Please note that if you disable location data, location-based services cannot be offered to you.
Data collected regarding the use of the services:
- Information on the use of different features and functions of the service;
- Location and positioning data as well as times when you use the service;
- Other information that may enhance the user experience of the service, such as observations on the use of targeted services offered by service providers;
- The times and manner of starting and ending your customer relationship and/or relevant connection;
- The location data of the initial mobile app installation.
How do we collect your personal data?
Personal data is mainly collected directly from the data subject, and you as a data subject can also modify or delete your own personal data with the mobile app.
Using the app with a code provided by a service provider allows you to use the app either Huoleti Ltd’s or its partner’s expense. You have received the code because your life situation or that of one of your relatives or friends can be allocated to a certain life situation or health status. For this reason, we ask for your specific consent for processing this data. You can withdraw your consent in the same way you granted it. Please note, however, that due to the nature of the app, using it as a person with a worry is not possible without granting the required consent. You can still use the app as a supporter even if you decide not to grant your consent.
We will also acquire information from the location and positioning data collected using the Kindfull mobile app if you have given your consent for collecting and disclosing such data.
Other uses of the data
If you register for the Service using your Facebook credentials, an identifier that associates you with your Facebook account will be collected in addition to the above-mentioned data. The Facebook identifier will only be used for signing in to the app. This identifier does not allow Huoleti Ltd to read or write any information related to your Facebook account.
On the basis of the legitimate interest of the data controller, we may send messages regarding the use of the service to the users’ email addresses. These messages may concern the activation of the app, user surveys, user roles or events related to their worries, for example. In addition, email is used for resetting a forgotten password. For this reason, the email address you enter when registering has to be valid and owned by you.
Minors who use the service
The services provided by Huoleti Ltd are intended for users who are at least 16 years old. We do not collect any data regarding minors under 16 years of age, and if we detect any data of a user who is under 16 in our files or on our servers, we will delete the data from all of our files and servers.
If you are the parent or guardian of a minor under 16 and find out that they have shared data with us, please contact us to delete the data.
A parent of guardian pf a minor under 16 years of age can use the service to look for peer support and help to oneself by selecting that the worry concerns an underaged children you are responsible for.
Who do we disclose your personal data to?
We have only partnered with personal data processors that follow good practices in processing personal data and who fulfil the requirements of the General Data Protection Regulation. We have signed written agreements with all of our partners that ensure that they abide by the data protection legislation currently in force.
Authorities or legislation may require us to disclose personal data under a court order. The disclosure or processing of data may also be necessary if Huoleti Ltd must defend its rights in a civil, commercial, or criminal process.
All Huoleti Ltd employees and its agents are obliged to keeping all customer information confidential. The access to the data filing system is protected by user-specific credentials, passwords, and limited access rights.
We have ensured that all of our service providers abide by the data protection legislation. We use the following service providers on a regular basis:
- Contabo (database and backend server)
- SendGrid (email transmission)
- Google Firebase (app notifications management)
- Twilio (sms notifications)
- MailChimp (newsletter and customer communications)
We never relay, sell or trade your personal data to third parties for marketing purposes.
We may disclose unspecified statistical data or use data (such as the number of invitations or requests for help) to third parties for use in reports, analyses, and research for both scientific and commercial purposes. We may also use this type of statistical data for improving our own products and services and for supporting our sales and marketing activities.
We may disclose or transfer the data we have collected in connection with the sale of Huoleti Ltd or its shares, a merger with another company, other corporate transaction, or bankruptcy.
Data transfer outside the EU
In some cases, data may be transferred or disclosed to countries outside the EU or European Economic Area as permitted in the General Data Protection Regulation:
- If personal data is transferred, it is transferred to a country where, according to the European Commission’s decision, the level of data protection is adequate; or
- the level of data security can be guaranteed contractually; or
- you have explicitly granted your consent for us to do so.
We use the secure virtual private servers managed by Diske and maintained by Contabo. Servers are located in Munich for storing your personal data and service provider does not have any access to the data. More info about service provider at https://contabo.com/
All personal data transfers will be carried out in accordance with applicable laws. Huoleti Ltd applies the Privacy Shield framework to transfers to non-EEA countries in the case of countries that do not have an adequacy decision made by the European Commission on data protection. The objective of the Privacy Shield program is to ensure the data security of European data processed in the United States.
How long do we keep your personal data for?
We will keep your personal data for no longer than is necessary for you to remain our customer or for any other reasonable purpose in accordance with the legislation currently in force.
If you request the deletion of your user account from the service or delete it yourself, all of your personal data and other data that can be used to identify you will also be deleted . The data cannot be restored after it has been deleted. Please note that removing the app from your mobile device does not delete your personal data from the Huoleti Ltd servers. If you haven’t logged in the service during the last six (6) months, your user profile will be automatically archived, after which it cannot be seen by the other mobile app users. Your archived user profile is restored whenever you log in to the service next time.
The unspecified statistical data collected from your mobile app usage will not be removed even in the case your user account is deleted.
Principles of protecting the filing system
Protecting your personal data is very important to us. To ensure the security of your data, Huoleti Ltd has taken the following measures:
- To access the system, each user must enter their personal username and password. The system is also protected using firewalls and other appropriate technical means.
- Access to the data stored in the filing system and the right to use the data is restricted to appointed employees of the controller.
- The access to the data filing system is protected by user-specific credentials, passwords, and access rights.
- The filing system is located on a computer that is on a server in a server room that cannot be accessed by unauthorized persons.
- The data included in the filing system is stored in locked and guarded premises.
- The filing system is backed up regularly.
Kindfull mobile app user’s rights
In your role as our customer, you have the right to your personal data that Huoleti Ltd processes.
You have the right to check what data related to you the personal data filing system contains. The request to check your data must be sent to the Huoleti Ltd data protection contact email address: (privacy@huoleti.fi). If necessary, Huoleti Ltd may ask the data subject to further specify their request in writing.
You have the right to request the rectification of any inaccurate data in the filing system. The incorrect data that needs to be rectified and the correct data must be included in the request for rectification. The request for rectification must be directed to the controller at the above-mentioned Huoleti Ltd data protection contact email in a personally signed document or document that has been verified in a similar manner.
As a data subject, you also have the right to prohibit Huoleti Ltd from processing your personal data or request Huoleti Ltd to restrict the processing of your personal data within the limits set by the legislation. You can inform Huoleti Ltd of such a prohibition at any time by sending a message to the above-mentioned data protection contact email address.
Right to lodge a complaint
The data subject has the right to lodge a complaint about the processing of their personal data with a competent supervisory authority.
Who can I contact?
Person responsible for the personal data filing system and contact person:
Carita Savin
Email: privacy@huoleti.fi
Controller:
HUOLETI Ltd
Business ID: 2808780-6
Address: Rautatienkatu 21 B, 33100 Tampere, Finland
Registered office: Tampere, Finland