Auntie End User Privacy policy

Auntie Solutions Ltd. Privacy Policy

Privacy Policy
Auntie Solutions Ltd.

Last update: This privacy policy was published on 24.03.2023.
This policy replaces all previous versions of this privacy policy.
Please read this policy carefully before using our services.

1 GENERAL

Auntie Solutions Ltd., business ID 2734094-5, and its group companies
(hereinafter ”Auntie”, “we” or “us”) respect your privacy and are dedicated to
protecting the privacy of persons using Auntie’s services. This privacy policy
describes how we process personal data, what kinds of personal data we collect,
what we use it for and to whom we may disclose it to.

This privacy policy applies to the use of Auntie’s service where we are the
controller, e.g. when an end user (hereinafter “user” or “you”) is consuming an
Auntie package or when you sign up to and/or use other Auntie services. This
privacy policy applies to all processing of personal data relating to your use of
the service. You are responsible for ensuring that the information you submit or
share on our service does not violate others’ privacy nor our Terms of Service.

2 DEFINITIONS

Auntie complies with the General Data Protection Regulation (2016/679, “GDPR”)
in all processing of personal data, in conjunction with other applicable national
data protection legislation (“data protection legislation”).

Personal data (“personal data”) refers to any information relating to a natural
person (“data subject”) that can identify them directly or indirectly.

“Customer” means the company or organisation who refers the user to Auntie
services. This may be, for example, the user’s employer.

“Controller” means the natural or legal person, public authority, agency or other
body which, alone or jointly with others, determines the purposes and means of
the processing of personal data processing.

Other key terms are defined in the GDPR.

3 CONTROLLER

We are the controller for all the personal data handled in our services:

Auntie Solutions Oy,
Business ID 2734094-5,
Firdonkatu 2T 151,
00520 Helsinki, Finland.

4 DATA PROTECTION OFFICER

Our Data Protection Officer is Saku Vainikainen. He can be reached via DPO email:
dpo@auntie.fi

5 PURPOSE AND GROUNDS FOR THE PROCESSING OF PERSONAL DATA

We will only collect and process relevant and necessary personal data from you for the purposes described in this privacy policy.

Your personal data may be processed for the following purposes based on the defined legal bases:

● Providing you with the service (contract or its preparation, legitimate interest)
○ Matching you with a professional. For this we profile you. The profiling details are in section 12 of this privacy policy.
○ Enable video sessions between you and your Auntie professional
○ Providing you with a platform to see and manage relevant data in regards to using Auntie services
○ Offering materials and exercises relating to the service.

● User relationship management management (contract, legitimate interest
○ Customer service and related communications.
○ Developing and maintaining user relationships.
○ Analyzing, grouping, reporting and other purposes related to overall customer relationship management and developing better ways to serve you.
○ Use non-identifiable statistical data to enhance and further develop our services.

● Develop our products and business (consent)
○ Conduct surveys and opinion polls.
○ Conduct scientific impact research
○ Collect and process customer feedback and other satisfaction information.

In case we process any special categories of personal data (such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health or data concerning a natural person's sex life or sexual orientation) in connection with providing you with the service, we will ask your consent for such processing in advance.

For the personal data that we process based on your consent, you can withdraw your consent at any time regarding further processing of your personal data. We will comply with such request unless there is another legitimate ground to process the data. You can withdraw your consent by contacting us at dpo@auntie.io or at the address specified in section 18.

Processing of personal data may be outsourced to third party service providers, with Auntie ensuring, through adequate contractual obligations, that the- processing of personal data is done in accordance with, and within the limits set by, data protection legislation.

6 CONTENTS OF THE REGISTER

We only collect such personal data from you that is relevant and necessary for the purposes described in this privacy policy.

The provision of personal data is primarily necessary to provide you with the service and to fulfill the contractual and legal obligations between Auntie and you, and for producing and delivering our services and managing customer and business relationships.

If you do not provide the necessary personal information, for example, the providing of the service may become impossible, the conclusion or performance of a contract or the fulfillment of legal obligations may be hindered.

Personal data may include any of the following:

● Account information
○ Contact information such as name, telephone number, email address, customer number.
○ Services requested and used.
○ Purchase and payment information.
○ Consent and preferences.
○ Time zone and language settings, as well as selected Auntie package(s).

● Meeting information
○ Video and audio transfer during Auntie sessions. However, Auntie does not, nor does any third party, record any audio or video of the sessions held by you and an Auntie professional.

o    Personal data processed during sessions may include special categories of personal data (such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health or data concerning a natural person's sex life or sexual orientation).
○ Information on persons who have had dealings with the data subject, such as your Auntie professional or coach.

● Company information
○ Company name and when applicable, any other information, such as operational units or cost centers, required by the customer.

● Technical Information
○ Metadata, such as timestamps, internet addresses and data source identifiers.

● Your own words and other user generated information
○ Content produced by you such as answers to surveys, exercises, assignments and customer feedback.

○ Personal data provided by you may include special categories of personal data (such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health or data concerning a natural person's sex life or sexual orientation).


We may also use your anonymized personal data, i.e. data that is de-identified and no longer can be associated with any individual user and is not regarded as personal data, for internal purposes such as data analysis to further develop our products and services.

7 REGULAR SOURCES OF INFORMATION

Your personal data is mainly collected directly from you, for example, at the time of registration or use of our service.

Some personal data may also be collected when a customer company signs an agreement with Auntie, or automatically when the data subject uses our online services.

8 COOKIES

We use cookies on our service, for example, to improve the service and its use. Cookies are small text files that we store on your device (phone, computer, tablet or such) and are commonly used on the Internet. Some cookies are required for the service to work, while other cookies improve your experience and make navigating the service easier.

You may also block all cookies in your browser settings but this may render our service defunct or cause it to not function as intended.
By using the service and accepting the use of cookies you give us permission, in accordance with this privacy policy, to store cookies on your device. If you refuse to accept cookies, it is possible that digital services may not function as intended.

9 REGULAR DISCLOSURE

Your personal data will not be disclosed to our employees or any other party unless as expressly provided in this policy, and/or any specific legislation requiring us to do so.

Personal data may be shared with:

● Our employees or subcontractors
Some Auntie employees may access and process your personal data to process service orders, provide you service, and solve any issues relating to providing the service to you.


● Our service providers and professionals
We may share your personal data to third parties for providing you with the service. We limit their access to your personal data strictly to what is required to provide the service.

Additionally, we require non-disclosure agreements with all our contractors, who process personal data. We also contractually bind them to this privacy policy.

Please note that your Auntie professional or coach has access to the answers you give to our surveys, exercises and assignments.

● Our service maintenance and development personnel
We may share your personal data with our technical staff so that they can identify security risks and technical errors.

● Authorities, law enforcement and courts
By way of exception, personal data may be disclosed to authorities in situations required by law and justified situations. In the event of emergencies or other unexpected circumstances, Auntie may be required to disclose the personal data of registered persons in order to protect human life, health and property. In addition, Auntie may be required to disclose the personal data if the company is involved in legal or other dispute resolution proceedings. In these cases, however, Auntie will first contest the disclosure.

We may share your personal data with our group companies, such as Auntie subsidiaries. Additionally, if Auntie is acquired by another company or merges with another company, your personal data may be transferred. However, if personal data is shared, we make sure that it is used in a way that is compliant with the relevant data protection legislation.

10 DATA TRANSFERS OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA

We do our best to ensure that no personal data is transferred outside the European Union (“EU”) or the European Economic Area (“EEA”).
However, when service delivery requires it, some personal data may be transferred outside the EU/EEA area. This may be the case, for example, when you or the Auntie professional or coach resides outside of the EU or EEA. If personal data is transferred outside the EU or the EEA, the transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission, or the transfers are carried out by using appropriate legal safeguards such as standard data protection clauses (SCC) adopted, including any supplementary measures, where assessed to be necessary, or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.

11 DESCRIPTION OF PRINCIPLES FOR REGISTER PROTECTION

We take personal data security seriously. We take steps to continually improve our data security and data protection practices. Our efforts are continuously audited.

We have been awarded with an ISO27001 certificate for our efforts. It goes to prove our security governance is on par with international standards.

We process personal data in a manner that ensures appropriate security and protection at all times, including protection against unauthorized processing and against accidental loss, destruction or damage. We use appropriate technical and organizational safeguards to ensure this.

Personal data is always processed confidentially, with diligence and in accordance with our data protection policies.

12 AUTOMATIC DECISION MAKING AND PROFILING

We may utilize automated decision making to deliver our services. For example, when finding you an Auntie professional or coach or creating suggestions of Auntie-materials. We do not use this information for marketing purposes.

13 LINKS TO OTHER WEBSITES AND THIRD PARTY MATERIALS

We may share links to third party websites. They are not subject to Auntie’s policies nor terms. Please read through their policies and terms before you use their services.

14 RETENTION PERIOD FOR PERSONAL DATA

Unless you specifically ask for us to delete your personal data, we will keep it for the duration of the customer and/or contract relationship, and for the necessary period after the end of the customer and contract relationship. We shall, however, reserve the right to make additions or amendments to and delete your personal data. It may do so, for example, but not limited to, in a situation when it is no longer needed.

We will retain personal data for as long as is necessary for the purposes defined in this privacy policy. We might keep it longer, if some legal requirements force us to do so (for example, responsibilities and obligations under specific legislation, accounting or reporting obligations).
However, even if you request a deletion, we may retain information for a longer period of time, if it is necessary, for example, to exercise a legal claim, to defend a legal claim, or to settle a similar dispute.

We will remove or anonymize the personal data 24 months after the last customer activity from you and/or the end of the contractual relationship with the customer company, unless you specifically request that the information be kept for the purpose of monitoring the performance of the service. We will, however, delete all personal data when it is no longer needed.

If you have granted us permission to use your personal data for marketing purposes, we will keep your data as long as our customer, your employer for example, is targeted for marketing activities. Once the retention period has expired, personal data will be deleted or anonymized. After deletion or anonymization, your rights to access, rectify, erase and port data can not be enforced.

15 YOUR RIGHTS AS THE DATA SUBJECT

● The Right of Access

You shall have the right of access to the personal data stored concerning you and, upon request, the right to receive information in writing or in electronic form. The request for inspection must be made in accordance with section 16 of this privacy policy. The right to inspection may be denied on the grounds provided by law. The use of the right to inspection is, in principle, free of charge.

● The Right to Rectification
You agree to provide us information that is correct and up-to-date. If you notice incorrect data, you can usually correct it yourself. If you are unable to do so, you can request for rectification to be made in accordance with section 16 of this privacy policy. You also have the right to demand correction of incorrect or inaccurate information.

● The Right of Erasure or Restriction of Processing
You always have the right, under the applicable data protection law, to request your personal data to be erased. Subject to the conditions of data protection law, you shall have the right to request a restriction on the processing of personal data. In addition, in a situation where personal information that is suspected to be incorrect cannot be rectified or erased, or there is confusion about the request for erasure, Auntie may restrict access to the data.

You shall always have the right to require us to restrict the processing of your personal data, for example when you are waiting for Auntie to respond to a request for rectification or erasure of their personal data. We also take initiative to erase, rectify and complete any unnecessary, incomplete or outdated personal data we detect.

● The Right to Data Portability
You have the right under the applicable data protection law to request the transfer of your personal data to another controller.

● The Right to Object
You have the right to object to profiling and other processing. You may lodge an objection in accordance with section 16 of this privacy policy. At the time of the claim, you must identify the specific situation on the basis of which they object to the processing. We may refuse to comply with a request on the grounds provided by law.

You have the right to object to the use of personal data for certain processing, such as direct marketing. You may grant consent to or prohibit us from doing direct marketing on a per-channel basis, including profiling for direct marketing purposes.

● Other rights
If the processing of personal data is based on your consent, you have the right to withdraw your consent by notifying us in accordance with section 16 of this privacy policy. This withdrawal does not affect any processing that took place before the withdrawal. If your request cannot be granted, you shall be informed in writing. We may refuse your request (such as erasure of data), due to the statutory obligation or the statutory right of a
company, such as a service obligation or claim.

You have the right to object to the processing of personal data carried out on the basis of our legitimate interest on the basis of a specific personal situation.

16 THE RIGHT TO LODGE A COMPLAINT

You shall have the right to lodge a complaint to the Finnish data protection authority (https://tietosuoja.fi/en/home) if you consider that we have not complied with applicable data protection legislation.

17 YOUR OBLIGATIONS

You are responsible for the information you provide us, and for ensuring this information is accurate. You are also responsible for ensuring that you use the service in accordance with our Terms of Service and relevant legislation, and that any information you share with us does not violate any other persons’ rights.

18 CONTACT

You should contact Auntie Solutions Oy, Firdonkatu 2T 151, 00520 Helsinki, or dpo@auntie.fi for any queries related to the processing of personal data and the exercise of their rights. Where appropriate, we may ask you to specify your request in writing and, if necessary, your identity can be verified before taking any further action.

19 CHANGES TO THIS PRIVACY POLICY

We are constantly improving our services and as a result, this privacy policy may need to be amended and updated. Changes may also be based on changes in legislation. We recommend that you regularly review the contents of this privacy policy. Changes will be announced on our website and substantial changes will be communicated to data subjects before changes when necessary. If you do not agree to the new changes, stop using the service.