Description of Private Data processing in accordance to Finnish Data Protection Act (1050/2018) and EU General Data Protection Regulation (2016/679)
Helsinki, 6th of May 2016
Helsinki, 15th of February 2018 – Clarifications regarding mobile applications
Helsinki, 24th of May 2020 – Clarifications to the purposes of handling private data
Cuckoo Networks Oy
Ilmalankatu 2 C, 00240 Helsinki, Finland
firstname.lastname@example.org, +358 44 9923744
Contact person in registry matters
Ilmalankatu 2 C, 00240 Helsinki, Finland
email@example.com, +358 44 9923744
Customer and user registry
Purpose of handling private data
Information of the customer and user registry is used for following purposes:
- Implementation of Cuckoo Workout service
- Administration and implementation of the security of Cuckoo Workout service
- Development and usage statistics of Cuckoo Workout service
- Announcements and communication related to Cuckoo Workout service
- Customer service
For the above purposes the processing of Personal Data legal basis is implementation of our legimate interests accoring to EU General Data Processing Regulation article 6 (1) (f).
Personal Data processing can also be performed to fulfill our legal obligations according to EU General Data Processing Regulation article 6 (1) (C).
We store the gathered information only as long as it is necessary for implementing the services, or as long as defined in current legislation. After the information is no longer necessary to be kept, your information will be deleted, unless otherwise obligated by privacy legislation or other legal obligations.
Information we collect
From companies we collect the following information:
Company name, logo and cover picture, description.
From our users we collect the following information:
Personal information, like name, age, gender and email
Person’s motto, company, profile picture and cover picture, team and activity in the service
Person’s estimated location, like city or town and country
Person’s browser information
Mobile application also collects following information
Person’s device’s operating system name and version, mobile app version number
How do we collect this information
Information is collected at the time user registers to the service, uses the service or willingly fills in the information in the service.
Information we transfer to third party services
Personal information is stored and handled in third party service, intercom.io, where this information is used for customer service, communication and statistics. People who handle and access this information are employees of Cuckoo Networks Oy. Information that we transfer contains user activity, name, age, gender, email, city, company name and browser information.
Mobile application also transfers following information: operating system name and version, mobile application version.
We give usage statistics of customer company’s registered users on written requests. The information consists of usage statistics and identity information.
We will never sell or give our customer, or user information to third parties for marketing or advertising purposes. We can outsource personal information handling partially to third party, when we will bind the third party by contract to handle the information according to our instructions and by current legislation.
Data transfer outside of EU or ETA
Cuckoo Workout uses a third party communication tool, intercom.io, which operates in United States and stores information outside of EU and ETA. Intercom complies with the EU/Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries/Switzerland. More information at https://www.intercom.com/security
We transfer customer company and user information only in the purpose and extent, which is necessary to implement the service. Information we transfer is defined in section “Information we transfer to third party services”.
We comply to current legislation in all our transfers. We ensure an adequate level of data protection, for instance by agreeing on the confidentiality and processing of personal data as required by law.
Registry security policies
We use all the necessary technical and organizational security measures to prevent unauthorized access to user information. Access to user information in the service is limited. People outside of the organization cannot access the information. We handle information security by using firewall, encryption and by information security practices.
Cuckoo Workout employees cannot access user information without extended permissions. Information in third party services, like Intercom.io, access is forbidden from people outside the organization. Within the organization, access to Intercom requires extended permissions.
Within Cuckoo Workout service some information, like user’s name, company name, team name, activity and any uploaded pictures are publicly available. Access to this information requires access to the service.
Users can limit the visibility of this information to other users of the service by modifying personal settings.
Inaccurate location data, like country and city, can be used and gathered for offering and implementing location based services.
Location data is gathered with available location methods and by user filled information. Users can opt-out of location based data gathering at any time by terminating the use of the service.
We also set third party cookies, which enable the use of third party extensions in the service. These cookies are set by Google Analytics, Intercom and YouTube. You can block third party cookies with your browser settings, if you don’t want third parties to gather information about yourself. Blocking third party cookies might make parts of the service completely or partially unavailable.
Right of inspection
Customer companies and users have the right to inspect the data we have gathered about them. Requests for inspection must be done via email to firstname.lastname@example.org.
Right to demand correction
Customer companies and users have the right to demand corrections to be done to the information we have gathered about them. Requests for correction must be done via email to email@example.com.
Customer companies and users can also request to be forgotten, if the information we have gathered about them are inaccurate, unused or incomplete, and there is no legal obligation for storing the data.
Other rights regarding personal data
We inform our users about service messages, competitions, rewards and surveys using email. Service also sends reminders and incentive messages to users. User provided contact details can be used to previously mentioned purposes, unless user has forbidden the use of contact details in this manner.
Users have the right to opt-out of these messages. Requests must be addressed to firstname.lastname@example.org or send this request via the communication tool available via the service. Users can also unsubscribe themselves from emails sent via the communication tool, by clicking “Unsubscribe from emails” on the bottom of a received email message. Emails sent by the service can be declined by modifying the user settings inside the service.
Users have the right to deny the transfer or processing of their information for directed marketing or other marketing purposes by contacting on the email address previously mentioned.
Users have the right to be forgotten. This right can be exercised by asking for account and information removal by email to email@example.com or requesting the removal via the communication tool inside the service. User data is removed from the service and third party services in use within a reasonable time, usually within few office days. Data stored for technical reasons, like ip addresses in service logs and database backups will be automatically removed within six months.