Howspace Oy (Business ID: 2153753-6) (“Howspace”, “we”) might collect and process personal data of users of Howspace’s website and service whilst providing its services. Howspace processes the collected personal data with due care and in accordance with all applicable laws and regulations such as but not limited to the Regulation (EU) 2016/679 (General Data Protection Regulation), better known and hereinafter referred to as GDPR .
1 – HOWSPACE’S CONTACT DETAILS
Name: Howspace Oy
Company ID in Finnish Trade Register: 2153753-6
Correspondence address: Salomonkatu 17 A 43, 00100 Helsinki, Finland
E-mail address: firstname.lastname@example.org
2 – PERSONAL DATA PROCESSED AND SOURCES OF DATA
Howspace collects two types of information from the employees of its customers and other users of Howspace’s services and website (“Users”): (i) User Data; and (ii) Technical Data. Although we do not normally use Technical Data to identify individuals, sometimes individuals can be recognized from it. In such situations, Technical Data can also be considered to be personal data under applicable laws.
Howspace may collect and process for example the following User Data from Users: (i) first and last name; (ii) address details, (iii) telephone number, (iv) e-mail address, (v) other personal data Users provide themselves, (vi) information that Users provide when rating our services or giving feedback on our services, (vii) other data on Users which Howspace’s customer enters into the service.
Howspace collects and processes User Data solely in connection with the use of Howspace’s service and website.
Our sites use Google Analytics and other web analytics services to compile Technical Data and reports on visitor usage and to help us improve our sites and services. For an overview of Google Analytics, please visit http://www.google.com/analytics/. It is possible to opt-out of Google Analytics with this browser add-on tool: https://tools.google.com/dlpage/gaoptout.
3 – PURPOSES AND LEGITIMATE GROUNDS FOR THE PROCESSING OF PERSONAL DATA
There are several purposes for the processing of personal data by Howspace:
To provide our services and carry out contractual obligations
Howspace processes personal data in the first place to be able to deliver services to its customers and Users and to run, maintain and develop Howspace’s business. Howspace uses personal data in order to conduct its contractual obligations. Howspace uses the data for example to offer essential functionalities of the service and to provide customers with analyses and reports. If Users contact our customer service, we will use the provided information in order to answer questions or solve complaints.
For customer communication
Howspace may process personal data to contact customers and Users regarding our services and to inform customers and Users of changes to our services and products. Data may also be used for research and analysis to improve our services and websites.
For quality improvement and trend analysis
Howspace may process information about the use of the services to improve the quality of our services e.g. by analysing any trends in the use of our services. When possible, we will do this using only aggregated, non-personally identifiable data.
Legitimate grounds for processing
Howspace processes personal data to perform our contractual obligations towards our customers and to comply with legal obligations. Furthermore, we process personal data to pursue our legitimate interest to maintain and develop our businesses.
4 – TRANSFER TO COUNTRIES OUTSIDE EUROPE
We will do our best to ensure that personal data stays in the European Economic Area. However, there are circumstances, such as us using third-party service providers to provide our services and to help operate our business efficiently, where we may transfer personal data to countries outside of the European Economic Area. In doing so we will ensure adequate protection for the transfers of personal data through a series of agreements with our service providers based on the EU Commission’s Standard Contractual Clauses or through other appropriate and available safeguards.
5 – RECIPIENTS
We only share personal data within the organisation of Howspace if and as far as reasonably necessary to perform and develop our services. We do not share personal data with third parties outside of Howspace’s organization unless one of the following circumstances applies:
For legal reasons
We may share personal data with third parties outside Howspace’s organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Howspace, our users or the public in accordance with the law. When possible, we will inform Users about such transfer and processing.
For other legitimate reasons
With explicit consent
We may share personal data with third parties outside Howspace’s organization for other reasons than the ones mentioned before, when we have the data subject’s explicit consent to do so. The data subject has the right to withdraw this consent at all times.
6 – STORAGE PERIOD
Howspace does not store personal data longer than is legally permitted and necessary for the purposes of providing the services. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use. In general, Howspace deletes all personal data of Users within reasonable time after the relevant customer relationship ends or when the User no longer uses the services provided by Howspace.
7 – DATA SUBJECTS’ RIGHTS
Right to access
Howspace offers access for the data subjects to the personal data processed by Howspace. This means that the data subject may contact us and we will inform what personal data we have collected and processed regarding the said data subject and the purposes such data are used for.
Right to rectify
Data subjects have the right to have incorrect/imprecise, incomplete, outdated, or unnecessary personal data we have stored about the data subject rectify or completed.
Right to erasure
Data subjects may require us to erase the data subject’s personal data from our systems. We will comply with such requests unless we have a legitimate ground to not delete the data. After the data have been erased, we may not immediately be able to delete all residual copies from our active servers and backup systems. Such copies shall be erased as soon as reasonably possible.
Right to restrict
Data subjects shall have the right to demand from us restriction of processing where one of the following applies:
1. the accuracy of the personal data is contested by the data subject;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of use instead;
3. we no longer need the personal data for the purposes of the processing, but we are required by the data subject for the establishment, exercise or defense of legal claims;
4. The data subject has objected to processing pending the verification whether the legitimate grounds override the data subject’s objection.
Notification obligation regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
Right to object
Data subjects may object to the use of personal data if such data are processed for other purposes than purposes necessary for the performance of our services or for compliance with a legal obligation. Data subjects may also object any further processing of personal data after prior given consent. If a data subject objects to the further processing of personal data, this may lead to fewer possibilities to use our services.
Data subjects have the right to prohibit us from using data subject’s personal data for direct marketing purposes, market research and profiling by contacting us on the addresses indicated above.
Right to data portability
Data subjects have the right to receive personal data from us in a structured, commonly used format.
Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects the data subject unless:
– This is necessary for entering into, or performance of a contract;
– This is authorized by Union or Member State law to which we are subject and – which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
– is based on the data subject’s explicit consent.
How to use the rights
These rights may be used by sending a letter or e-mail to us on the addresses set out above, including the following information: name and phone number. We may request the provision of additional information necessary to confirm the identity of the data subject. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded. Please note that for certain personal data Howspace might act as a processor and therefore the requests and inquiries might be directed to the controller. In case the data subject considers our processing activities of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.
8 – INFORMATION SECURITY
We will take all reasonable and appropriate security measures to protect Howspace and our customers from unauthorized access to or unauthorized alteration, disclosure or destruction of personal data we hold. Measures include, where appropriate, encryption, firewalls, secure facilities and access right systems. Should, despite of the security measures, a security breach occur that is likely to have negative effects to privacy, we will inform the relevant Users, data subjects and customers about the breach as soon as reasonably possible.
9 – APPLICABILITY AND CHANGES