My Auntie Privacy Policy

Auntie Solutions Ltd. Privacy Policy

Last update: This privacy policy was published on 24.05.2022.
This policy replaces all previous versions of this privacy policy.
Please read this policy carefully before using our services.

1 GENERAL

Auntie Solutions Ltd., business ID 2734094-5, and its group companies
(hereinafter ”Auntie”, “we” or “us”) respect your privacy and are dedicated to
protecting the privacy of persons using Auntie’s services. This privacy policy
describes how we process personal data, what kinds of personal data we collect,
what we use it for and to whom we may disclose it to.

This privacy policy applies to the use of Auntie’s service where we are the
controller, e.g. when an end user (hereinafter “user” or “you”) is consuming an
Auntie package or when you sign up to and/or use other Auntie services. This
privacy policy applies to all processing of personal data relating to your use of
the service. You are responsible for ensuring that the information you submit or
share on our service does not violate others’ privacy nor our Terms of Service.

2 DEFINITIONS

Auntie complies with the General Data Protection Regulation (2016/679, “GDPR”)
in all processing of personal data, in conjunction with other applicable national
data protection legislation (“data protection legislation”).


Personal data (“personal data”) refers to any information relating to a natural
person (“data subject”) that can identify them directly or indirectly.

Customer” means the company or organisation who refers the user to Auntie
services. This may be, for example, the user’s employer.

Controller” means the natural or legal person, public authority, agency or other
body which, alone or jointly with others, determines the purposes and means of
the processing of personal data processing.

Other key terms are defined in the GDPR.

 

3 CONTROLLER

We are the controller for all the personal data handled in our services:


Auntie Solutions Oy,
Business ID 2734094-5,
Siltasaarenkatu 12 C
00530 Helsinki, Finland

4 DATA PROTECTION OFFICER

Our Data Protection Officer is Saku Vainikainen. He can be reached via DPO email:
dpo@auntie.fi

5 PURPOSE AND GROUNDS FOR THE PROCESSING OF PERSONAL DATA

We will only collect and process relevant and necessary personal data from you for the purposes described in this privacy policy.


The primary basis for the processing of personal data is the customer relationship between you and us, your consent, or any other appropriate connection.

Your personal data may be processed for the following purposes:


Providing you with the service

  • Matching you with a professional. For this we profile you. The profiling details are in section 12 of this privacy policy.
  • Enable video sessions between you and your Auntie professional
  • Providing you with a platform to see and manage relevant data in regards to using Auntie services
  • Offering materials and exercises relating to the service.

● User relationship management

      ○ Customer service and related communications.
      ○ Developing and maintaining user relationships.
      ○ Analyzing, grouping, reporting and other purposes related to overall customer relationship management
         and developing better ways to serve you.
      ○ Use non-identifiable statistical data to enhance and further develop our services.

● Develop our products and business
      ○ Conduct surveys and opinion polls.
      ○ Conduct scientific impact research
      ○ Collect and process customer feedback and other satisfaction information.

Processing of personal data may be outsourced to third party service providers, with Auntie ensuring, through adequate contractual obligations, that the- processing of personal data is done in accordance with, and within the limits set by, data protection legislation.

6 CONTENTS OF THE REGISTER

We only collect such personal data from you that is relevant and necessary for the purposes described in this privacy policy.

The provision of personal data is primarily necessary to provide you with the service and to fulfill the contractual and legal obligations between Auntie and you, and for producing and delivering our services and managing customer and business relationships.

If you do not provide the necessary personal information, for example, the providing of the service may become impossible, the conclusion or performance of a contract or the fulfillment of legal obligations may be hindered.


● Account information
      ○ Contact information such as name, telephone number, email address, customer number.
      ○ Services requested and used.
      ○ Purchase and payment information.

      ○ Consent and preferences.
      ○ Time zone and language settings, as well as selected Auntie package(s).

 Meeting information
      ○ Video and audio transfer during Auntie sessions. However, Auntie does not, nor does any third party, record any audio or video of the sessions held by you and an Auntie professional.

      ○ Information on persons who have had dealings with the data subject, such as your Auntie professional or coach.

 Company information
      ○ Company name and when applicable, any other information, such as operational units or cost centers, required by the customer.

● Technical Information
      ○ Metadata, such as timestamps, internet addresses and data source identifiers.

● Your own words and other user generated information
      ○ Content produced by you such as answers to surveys, exercises, assignments and customer feedback.

We may also use your anonymized personal data, i.e. data that is de-identified and no longer can be associated with any individual user and is not regarded as personal data, for internal purposes such as data analysis to further develop our products and services.

7 REGULAR SOURCES OF INFORMATION

Your personal data is mainly collected directly from you, for example, at the time of registration or use of our service.

Some personal data may also be collected when a customer company signs an agreement with Auntie, or automatically when the data subject uses our online services.

8 COOKIES

We use cookies on our service, for example, to improve the service and its use. Cookies are small text files that we store on your device (phone, computer, tablet or such) and are commonly used on the Internet. Some cookies are required for the service to work, while other cookies improve your experience and make navigating the service easier.

9 REGULAR DISCLOSURE

Your personal data will not be disclosed to our employees or any other party unless as expressly provided in this policy, and/or any specific legislation requiring us to do so.

Personal data may be shared with:


● Our employees or subcontractors
Some Auntie employees may access and process your personal data to process service orders, provide you service, and solve any issues relating to providing the service to you.


● Our service providers and professionals
We may share your personal data to third parties for providing you with the service. We limit their access to your personal data strictly to what is required to provide the service.

Additionally, we require non-disclosure agreements with all our contractors, who process personal data. We also contractually bind them to this privacy policy.

Please note that your Auntie professional or coach has access to the answers you give to our surveys, exercises and assignments.

● Our service maintenance and development personnel

We may share your personal data with our technical staff so that they can identify security risks and technical errors.


● Authorities, law enforcement and courts
By way of exception, personal data may be disclosed to authorities in situations required by law and justified situations. In the event of emergencies or other unexpected circumstances, Auntie may be required to disclose the personal data of registered persons in order to protect human life, health and property. In addition, Auntie may be required to disclose the personal data if the company is involved in legal or other dispute resolution proceedings. In these cases, however, Auntie will first contest the disclosure.

10 DATA TRANSFERS OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA

We do our best to ensure that no personal data is transferred outside the European Union (“EU”) or the European Economic Area (“EEA”).
However, when service delivery requires it, some personal data may be transferred outside the EU/EEA area. This may be the case, for example, when you or the Auntie professional or coach resides outside of the EU or EEA. If personal data is transferred outside the EU or the EEA, the transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission, or the transfers are carried out by using appropriate legal safeguards such as standard data protection clauses (SCC) adopted, including any supplementary measures, where assessed to be necessary, or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.

11 DESCRIPTION OF PRINCIPLES FOR REGISTER PROTECTION

We take personal data security seriously. We take steps to continually improve our data security and data protection practices. Our efforts are continuously audited.

We have been awarded with an ISO27001 certificate for our efforts. It goes to prove our security governance is on par with international standards.

We process personal data in a manner that ensures appropriate security and protection at all times, including protection against unauthorized processing and against accidental loss, destruction or damage. We use appropriate technical and organizational safeguards to ensure this.

12 AUTOMATIC DECISION MAKING AND PROFILING

We may utilize automated decision making to deliver our services. For example, when finding you an Auntie professional or coach or creating suggestions of Auntie-materials. We do not use this information for marketing purposes.

13 LINKS TO OTHER WEBSITES AND THIRD PARTY MATERIALS

We may share links to third party websites. They are not subject to Auntie’s policies nor terms. Please read through their policies and terms before you use their services.

14 RETENTION PERIOD FOR PERSONAL DATA

Unless you specifically ask for us to delete your personal data, we will keep it for the duration of the customer and/or contract relationship, and for the necessary period after the end of the customer and contract relationship. We shall, however, reserve the right to make additions or amendments to and delete your personal data. It may do so, for example, but not limited to, in a situation when it is no longer needed.


We will retain personal data for as long as is necessary for the purposes defined in this privacy policy. We might keep it longer, if some legal requirements force us to do so (for example, responsibilities and obligations under specific legislation, accounting or reporting obligations).


However, even if you request a deletion, we may retain information for a longer period of time, if it is necessary, for example, to exercise a legal claim, to defend a legal claim, or to settle a similar dispute.


We will remove or anonymize the personal data 24 months after the last customer activity from you and/or the end of the contractual relationship with the customer company, unless you specifically request that the information be kept for the purpose of monitoring the performance of the service. We will, however, delete all personal data when it is no longer needed.


If you have granted us permission to use your personal data for marketing purposes, we will keep your data as long as our customer, your employer for example, is targeted for marketing activities. Once the retention period has expired, personal data will be deleted or anonymized. After deletion or anonymization, your rights to access, rectify, erase and port data can not be enforced.

15 YOUR RIGHTS AS THE DATA SUBJECT

● The Right of Access
You shall have the right of access to the personal data stored concerning you and, upon request, the right to receive information in writing or in electronic form. The request for inspection must be made in accordance with section 16 of this privacy policy. The right to inspection may be denied on the grounds provided by law. The use of the right to inspection is, in principle, free of charge.


● The Right to Rectification
You agree to provide us information that is correct and up-to-date. If you notice incorrect data, you can usually correct it yourself. If you are unable to do so, you can request for rectification to be made in accordance with section 16 of this privacy policy. You also have the right to demand correction of incorrect or inaccurate information.


 The Right of Erasure or Restriction of Processing
You always have the right, under the applicable data protection law, to request your personal data to be erased. Subject to the conditions of data protection law, you shall have the right to request a restriction on the processing of personal data. In addition, in a situation where personal information that is suspected to be incorrect cannot be rectified or erased, or there is confusion about the request for erasure, Auntie may restrict access to the data.


You shall always have the right to require us to restrict the processing of your personal data, for example when you are waiting for Auntie to respond to a request for rectification or erasure of their personal data. We also take initiative to erase, rectify and complete any unnecessary, incomplete or outdated personal data we detect.


 The Right to Data Portability
You have the right under the applicable data protection law to request the transfer of your personal data to another controller.


● The Right to Object
You have the right to object to profiling and other processing. You may lodge an objection in accordance with section 16 of this privacy policy. At the time of the claim, you must identify the specific situation on the basis of which they object to the processing. We may refuse to comply with a request on the grounds provided by law.


You have the right to object to the use of personal data for certain processing, such as direct marketing. You may grant consent to or prohibit
us from doing direct marketing on a per-channel basis, including profiling for direct marketing purposes.


● Other rights

If the processing of personal data is based on your consent, you have the right to withdraw your consent by notifying us in accordance with section 16 of this privacy policy. This withdrawal does not affect any processing that took place before the withdrawal. If your request cannot be granted, you shall be informed in writing. We may refuse your request (such as erasure of data), due to the statutory obligation or the statutory right of a
company, such as a service obligation or claim.


You have the right to object to the processing of personal data carried out on the basis of our legitimate interest on the basis of a specific personal situation.

16 THE RIGHT TO LODGE A COMPLAINT

You shall have the right to lodge a complaint to the Finnish data protection authority (https://tietosuoja.fi/en/home) if you consider that we have not complied with applicable data protection legislation.

17 YOUR OBLIGATIONS

You are responsible for the information you provide us, and for ensuring this information is accurate. You are also responsible for ensuring that you use the service in accordance with our Terms of Service and relevant legislation, and that any information you share with us does not violate any other persons’ rights.

18 CONTACT

You should contact Auntie Solutions Oy, Firdonkatu 2T 151, 00520 Helsinki, or dpo@auntie.fi for any queries related to the processing of personal data and the exercise of their rights. Where appropriate, we may ask you to specify your request in writing and, if necessary, your identity can be verified before taking any further action.

19 CHANGES TO THIS PRIVACY POLICY

We are constantly improving our services and as a result, this privacy policy may need to be amended and updated. Changes may also be based on changes in legislation. We recommend that you regularly review the contents of this privacy policy. Changes will be announced on our website and substantial changes will be communicated to data subjects before changes when necessary. If you do not agree to the new changes, stop using the service.