Privacy statement

Register and Privacy Statement – Gaming Platform User Register

This is the Register and Privacy Statement of SmoothTeam Ltd for EU General Data Privacy Regulation (GDPR). Created on May 25, 2018. Last change on May 25, 2018.

1. Registrar

SmoothTeam Ltd, Finnish Business ID 2679043-4, Nekalantie 28, 33100 Tampere, Finland

2. The contact person responsible for the register

Jaakko Heikkilä, Rekisterit [at-symbol] smoothteam.fi

3. The name of the registry

SmoothTeam Ltd’s user register

4. Legal basis and the purpose of processing personal data

The processing of personal data is based on the consent of the data subject.

The purpose of processing personal data is to manage and develop a customer relationship or to implement a service.

Information is not used for automated decision making or profiling.

5. Information content of the register

The information to be stored in the register is:

  • Personal information: first name and last name, e-mail address
  • The person’s answers to the game questions and the person’s choices in the game situation

This information will be retained for as long as SmoothTeam has a need for data retention based on a contract with the customer, but at least three years after gaming, such that we can produce the customer when requesting reports for the customer. By way of derogation, when requested by the customer, the data will be deleted from the register without delay.

The information in the register is reviewed every six months and data whose retention is no longer justified will be removed.

6. Regular sources of information

The data stored in the register is obtained from the registered persons (the data fields filled in the gaming system) and by means of cookies or other similar techniques.

7. Regular transfers of data and transfer of data outside the EU or EEA

The information is given to third parties as follows:

  • Service providers participating in the service who have a contract (data processor) with SmoothTeam Ltd.
  • Person’s first name and the choices made in the gaming system given to Google Inc. to provide graphical representation of the data. In this context, data is transferred outside the EU or the EEA. Google Inc. is a Privacy Shield Certified Service Provider who is committed to comply with the EU Privacy Policy by signing the Privacy Shield Agreement.

8. Principles of registry protection

Careful handling of the registry is ensured and data processed by the information systems is adequately protected. Electronic databases are protected by firewalls, passwords and other generally accepted technical means. Access to personal data is available only to persons specifically identified whose job requires handling of personal data stored in the register. These people will be able to access the system with their personal user IDs.

9. The right of inspection and the right to demand correction

Every registered person has the right to check his / her data stored in the register and to demand that any incorrect information be corrected or incomplete information supplemented. If a person wishes to check the data stored or to request correction, the request should be sent to the registrar. The registrar may, if necessary, request the applicant to verify his / her identity. The registrar responds within the time limit set by the EU Data Protection Regulation (usually within one month).

10. Other rights related to the processing of personal data

A registered person has the right to request the removal of his / her personal data from the register (“the right to be forgotten”). Also, those who are registered have other rights under the EU’s general data protection regulation such as restricting the processing of personal data in certain situations. Requests should be sent to the registrar. The registrar may, if necessary, request the applicant to verify his / her identity. The registrar responds within the time limit set by the EU Data Protection Regulation (usually within one month).

Note! This is an English translation of the original Finnish document.

 

Register and Privacy Statement – Customer Register

This is the Register and Privacy Statement of SmoothTeam Ltd for EU General Data Privacy Regulation (GDPR). Created on May 25, 2018. Last change on May 25, 2018.

1. Registrar

SmoothTeam Ltd, Finnish Business ID 2679043-4, Nekalantie 28, 33100 Tampere, Finland

2. The contact person responsible for the register

Jaakko Heikkilä, Rekisterit [at-symbol] smoothteam.fi

3. The name of the registry

A customer register based on SmoothTeam’s customer relationship and other relevant links (“SmoothTeam’s Customer Register”)

4. Legal basis and the purpose of processing personal data

The legal basis for the processing of personal data in accordance with the EU’s general data protection regulation is the legitimate interest of the registrar (customer relationship).

The purpose of the processing of personal data is to handle and analyze relationship with customer and other relevant relationships, service production and personalization, business development and design, marketing, distance selling, opinion and market research and customer communication, which can also be implemented electronically and targeted.

Personal data is handled by SmoothTeam, as permitted by applicable law, for the marketing purposes of the range of partners, including direct marketing, distance selling and opinion and market research. Disclosure of information to partners may, in principle, only take place for purposes that support the purpose of the register and where the purpose of the information is not incompatible with the purposes of SmoothTeam.

5. Information content of the register

The information to be stored in the register is:

  • first and last name
  • position
  • company / organization
  • a person’s photo
  • contact information (postal address, phone number, e-mail address)
  • web site addresses
  • profiles / profiles for social media services
  • the date and method of commencement and termination of the relationship and / or the proper connection
  • direct marketing permits and prohibitions
  • information on the use of electronic services and content (eg ordering newsletters)
  • marketing and promotion information, such as registered marketing measures and participation (eg marketing, participation in events)
  • purchase and cancellation information of paid products and services, ordering information, delivery information, feedbacks, complaints, and payment of free products and services, customer service events such as calls, emails, chat and text messages)
  • the interests indicated by the registered person
  • gender
  • date of birth
  • language
  • changes in the details specified above
  • the use of a service or other information provided by the customer itself through data obtained through analytics, such as potential interests or belonging to a particular category of users.

6. Regular sources of information

The information stored in the register is obtained from the customer, among others, via email, phone, social media services (including Facebook, LinkedIn, Twitter, Google, Youtube, Instagram), contracts, customer meetings and other situations where the customer disclose their information. This includes various marketing activities such as newsletter marketing and competitions and events such as fairs.

Personal data can also be collected and updated from other registers of SmoothTeam Ltd, from registered partners’ registers and from authorities and companies providing services for personal data.

7. Cookies and other similar techniques

Cookie is a small text file that a browser stores on a user’s terminal. Cookies contain a unique tag that allows users to be identified.

Cookies and data collected through them are also used to analyze the usability and usage of the web service, improve security, monitor usage, and develop the service.

Cookies and information from them can also be used to generate targeted communications, advertising and content on a web site, site development, and marketing measurements and optimization.

8. Regular deliveries of data and transfer of data outside the EU or EEA

At the discretion of the registrar, the information may be disclosed, within the limits permitted and mandated by the law in force, for example to SmoothTeam’s partners unless the data subject has denied disclosure. Disclosure may in principle only be made for purposes that support the concept of the SmoothTeam customer database and where the purpose of the data is not incompatible with SmoothTeam’s intended use.

The information may also be disclosed in the manner required by the competent authorities or other bodies required by law, in the light of existing legislation, for historical or scientific research, provided that the information has been altered in a non-recognizable form.

Information may be disclosed to buyers in the course of a business arrangement if SmoothTeam sells or otherwise organizes its business.

Information may be transferred to the registrar’s assortments to partners who deal with information on behalf of the registrar on the basis of a cooperation agreement between the parties. In this case, the data processor is not entitled to process the transferred data for his own account, in his own personal registers.

In principle, the information is not transmitted outside the territory of the Member States of the European Union or the European Economic Area unless it is necessary for the purposes of the processing of personal data or for the technical implementation of processing of data, whereby the data transmission is subject to the requirements of the Personal Data legislation.

SmoothTeam may transfer the information contained in the register to its own direct marketing registers after the end of the relationship and the proper connection.

9. Principles of registry protection

The records are only kept in an electronic form. Pipeprive OÜ is responsible for the technical protection of the register. When transferred over the network, data is protected by SSL technology. The registrar shall ensure that stored data, server access privileges and other critical data related to the security of personal data are processed confidentially and only by employees whose job description they belong to.

10. Right of inspection and the right to demand correction

Every registered person has the right to check his / her data stored in the register and to demand that any incorrect information be corrected or incomplete information supplemented. If a person wishes to check the data stored or to request correction, the request should be sent to the registrar. The registrar may, if necessary, request the applicant to verify his identity. The registrar is in charge of the data subject within the time limit set by the EU Data Protection Regulation (usually within one month).

11. Other rights related to the processing of personal data

A registered person in the register has the right to request the removal of his / her personal data from the register (“the right to be forgotten”). Also, those who are registered have other rights under the EU’s general data protection regulation such as restricting the processing of personal data in certain situations. Requests should be sent to the registrar. The registrar may, if necessary, request the applicant to verify his identity. The registrar is in charge of the data subject within the time limit set by the EU Data Protection Regulation (usually within one month).

12. Changing the Privacy Statement

SmoothTeam continually develops its business and therefore reserves the right to change this Privacy Statement by notifying its customers. Changes may also be based on changes in legislation.

Note! This is an English translation of the original Finnish document.