Privacy policy

GAMEPROOFER OY PRIVACY POLICY

This is the privacy policy for users of GameProofer Oy's services. This policy consists of two parts: the privacy policy for the user registry and the privacy policy for the application.

USER REGISTRY PRIVACY POLICY

1. Data Controller

The data controller for the user registry is GameProofer Oy (3281277-5). The data controller's contact person for privacy matters is Toni Toijanaho, toni.toijanaho@gameproofef.com.

2. Purpose and Legal Basis of Data Processing

The purpose of processing personal data is as follows:

  • Granting and maintaining user accounts for the application.

The legal basis for processing personal data is the fulfillment of contractual obligations and the legitimate interest of GameProofer Oy for its own employees.

3. Data Stored in the Registry

The following information about application users is stored in the user registry: • First and last name

  • Phone number
  • Email address

4. Duration of Data Processing

Personal data is processed for the duration of the application's use. Data is retained during use and deleted within 12 months after the user ceases using the application.

5. Accuracy, Timeliness, and Completeness of Data

The accuracy of data is verified in terms of usage.

6. Rights of the Data Subject

a) Right to Access Personal Data

The data subject has the right to confirm whether personal data concerning them is being processed and, if so, to obtain a copy of their personal data.

b) Right to Rectification of Data

The data subject has the right to request the correction or completion of inaccurate or incomplete personal data.

c) Right to Erasure of Data

The data subject has the right to request the erasure of personal data concerning them if the data is no longer needed for its original purpose or if the data has been processed unlawfully.

d) Right to Restrict Data Processing

The data subject has the right to restrict the processing of their personal data if:

  • They dispute the accuracy of the data
  • The processing is unlawful, and they oppose its erasure while requesting a restriction on its use
  • The data controller no longer needs the data for its original purpose, but the data subject requires it for the establishment, exercise, or defense of legal claims

e) Right to Object

The data subject has the right to object to the processing of their personal data on grounds relating to their particular situation, unless the data controller can demonstrate compelling legitimate grounds for the processing that override the data subject's interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

f) Right to Data Portability

The data subject has the right to receive their personal data in a commonly used machine- readable format and to transmit those data to another data controller.

g) Right to Lodge a Complaint with the Supervisory Authority

The data subject has the right to lodge a complaint with the national supervisory authority, which is the Data Protection Ombudsman operating under the Ministry of Justice, if they believe that the processing of their personal data has violated relevant legislation.

7. Regular Data Sources

The data in the registry is obtained from the users themselves or from their employers.

8. Data Disclosures

User registry data is not generally disclosed to customers or for purposes other than service provision. Data may be disclosed to a maintenance partner for the purpose of addressing faults and errors.

9. Transfer of Data Outside the EU/EEA

Data is not generally transferred outside the European Union or the European Economic Area.

10. Automated Decision-Making and Profiling
The data in the registry is not used for automated decision-making or profiling.

11. Principles of Registry Protection

Registry data is known only to the primary users of GameProofer Oy's services to the extent required for the performance of their tasks. Primary users are bound by confidentiality obligations. Written material is kept in locked premises. Computer-stored data is protected with user names and passwords. The application has been developed according to modern application development principles. Backups and updates for the application are managed centrally, and user access rights are restricted to necessary parties. Staff has received instructions on the use of the application and confidentiality.

 

APPLICATION-DATA PRIVACY POLICY

1. Data Controller

The data controller for the application is the company using it, GameProofer Oy (3281277- 5). GameProofer Oy acts as a processor of personal data in the context of the General Data Protection Regulation (GDPR), and the contact person for privacy matters is Toni Toijanaho, toni.toijanaho@gameproofer.com.

2. Purpose and Legal Basis of Data Processing

The purpose of processing personal data is as follows:

  • Providing GameProofer Oy's services and producing and analyzing personal data for
  • the users of GameProofer Oy's services.

3. Data Stored in the Registry

The following data is processed and stored about application users:
  • Phone number
  • Address information
  • Email address
Users mainly enter their own data into the application, which is then processed by GameProofer Oy. The services also store log data related to the use of the services.

4. Duration of Data Processing

Personal data is processed for the duration of the service provision. Log data is stored in a standardized log for a fixed period. Typically, the log contains events for a period of 2-4 weeks.Users are responsible for the accuracy, timeliness, and completeness of their own data.

5. Accuracy, Timeliness, and Completeness of Data

Users are responsible for the accuracy, timeliness, and completeness of their own data.

6. Rights of the Data Subject

GameProofer Oy assists as the data controller in the realization of the data subject's rights but cannot decide on the implementation of these rights as a processor. Primarily, the data subject's rights are determined according to the privacy policies.

a) Right of Access to Personal Data

The data subject has the right to confirm whether their personal data is being processed and, if so, to obtain a copy of their personal data.

b) Right to Rectification of Data
Translated directly from the Finnish version, which is below. The data subject has the right to request the correction or completion of any incorrect or inaccurate personal data concerning them.

c) Right to Erasure of Data

The data subject has the right to request the deletion of their personal data if the data is no longer needed for its original purpose or if the personal data has been processed unlawfully.

d) Right to Restrict Processing

The data subject has the right to restrict the processing of their personal data if:

  • The data subject disputes the accuracy of the data.
  • The processing is unlawful, and the data subject opposes its deletion, instead
  • requesting a restriction of its use.
  • The data controller no longer needs the data for its original purpose, but the data
  • subject requires it for the establishment, exercise, or defense of legal claims.

e) Right to Object

The data subject has the right to object to the processing of their data on grounds relating to their particular situation, unless the data controller can demonstrate compelling legitimate grounds for the processing that override the data subject's interests, rights, and freedoms, or if it is necessary for the establishment, exercise, or defense of legal claims.

f) Right to Data Portability

The data subject has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit this data to another data controller.

g) Right to Lodge a Complaint with a Supervisory Authority

The data subject has the right to lodge a complaint with the national supervisory authority, which is the Data Protection Ombudsman under the Ministry of Justice, if they believe that the processing of their personal data violates applicable laws.

7. Regular Data Sources

The data in the register is obtained from the data subjects themselves.

8. Data Disclosures

Stored data is not disclosed to other companies or entities during normal service operations, except in cases where data disclosure to a maintenance partner is necessary to rectify errors and faults. Data may be disclosed or transferred only with the consent of the service users.

9. Transfer of Data outside the EU/EEA Area

Data is not transferred outside the European Union or the European Economic Area. The

customer company defines data transfers.

10. Automated Decision-Making and Profiling

The data in the register is not used for automated decision-making, nor are data subjects profiled.

11. PrinciplesofRegisterProtection

The data in the register is only known to the personnel responsible for GameProofer Oy's services to the extent required to perform their duties. Personnel are bound by confidentiality obligations. Written material is kept in a locked space. Data stored on computers is protected by usernames and passwords. The application is developed following modern application development principles. Backups and updates of the application are centrally managed, and user rights are limited to necessary parties. Personnel have received instructions on the use of the application and confidentiality.

 

PROCESSING ACTIONS NOTICE

This processing actions notice applies to the processing and storage of data that occurs in GameProofer Oy's services. The same data may also be stored in other GameProofer Oy registers, and other storage, processing, protection, disclosure, and transfer actions may apply to those registers.

REGISTERS: REGISTER NAME

The register name is GameProofer Oy's user register.

DATA CONTROLLER

GameProofer Oy

CONTACT PERSON FOR DATA PROTECTION

Translated directly from the Finnish version, which is below. The contact person for data protection matters is Toni Toijanaho, toni.toijanaho@gameproofer.com.

PURPOSE OF PROCESSING PERSONAL DATA

Personal data is processed for the following purposes: fulfillment of contractual obligations and the legitimate interests of the data controller (knowing customers, managing application users, and maintaining the application).

CATEGORIES OF PERSONAL DATA

From the user, the user register stores the name, phone numbers, and email address. User's usage of the application is recorded as diagnostic data, which may contain personal data in the form of data elements such as device, location, and network traffic information.

DATA SUBJECT GROUPS

Data subjects are users of GameProofer products/services, and the data collected, such as name, email address, and phone numbers, corresponds to typical personal information provided by the data subject to the data controller.

RECIPIENT GROUPS

By default, data from the register is not disclosed. Data may be disclosed, for example, in the event of service maintenance to service administrators and developers.

STORAGE PERIOD

User data from the application is stored for the duration of the user's use of the application. The user account is deleted when the use of the application ends.

PROCESSING AGREEMENTS

A processing agreement has been concluded with the data processor for the processing of personal data. GameProofer Oy's staff has signed confidentiality agreements.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

Data is not transferred to third countries or international organizations.

TECHNICAL AND ORGANIZATIONAL SAFEGUARDS

To protect personal data, the following technical and organizational measures have been implemented:

  • Access rights management
  • Restriction of maintenance rights to relevant individuals
  • Services have been developed following best practices in application development
  • Consideration of security and data protection in application development
  • Guidelines
  • Encryption
  • Centralized update management and backups
  • Data security guidelines
  • Office access control
  • Staff confidentiality agreements

IMPLEMENTATION OF PRIVACY PRINCIPLES AND ASSESSMENT OF PROCESSING BASES

This document concerns the realization and assessment of processing bases for the inherent and default data protection in the GameProofer Oy services.

Default Data Protection

Default data protection is realized in services through their structure, usage, and documentation. The services and applications have been developed following modern application development principles. Database structures take into account data integrity requirements and the preservation of data in an unaltered state, ensuring that data does not mix between customers or entities. User management enables various permissions, ensuring that users do not see incorrect or unnecessary data. Services are maintained in a cloud environment, reducing risks related to server-based operations.

Only GameProofer Oy's staff, who have a valid confidentiality agreement, processes data. The staff understands the confidential nature of personal data. Efficient maintenance of the application is arranged with the help of an expert partner.

Inherent Data Protection

The methods of processing and the flow of individual data stored in services and the entire process are defined. Services and applications are limited in purpose to be used only by GameProofer Oy's customers and are not a sales channel but a tool allowed only for customers who have already entered.

Services do not automatically "communicate" with other services or store data in other services. Users themselves input and maintain their data in the services. Users independently create their usernames for the application.

Aspects related to data protection in services are documented and the information is readily available. Processed data and data categories are contractually limited to data required for the provision of services. These data are processed only in ways necessary for the provision of services, including storage time, and data is not combined, unless compelling external reasons require it. Maintenance of the application and the legitimate interest to process and disclose diagnostic data The maintainability of the application is an essential requirement for providing secure and functional services. In the case of the application, diagnostic data may include a wide range of user data, data from the user's device, network connection, and similar information, which may constitute personal data.

Diagnostic data is processed by the maintenance partner of the application, a reputable Finnish IT expert company known to GameProofer Oy. The maintenance partner has designated individuals responsible for processing diagnostic data. Data is processed only as needed during fault situations.

As mentioned earlier, diagnostics are an essential tool for identifying vulnerabilities and causes of faults. The use of data is not systematic, continuous, or recurring on a per-user basis by default. The processing company can be considered reliable and professional. In some cases, diagnostic data may be unnecessarily extensive compared to the information required to resolve the problem. Predicting such situations is very difficult if not impossible.

Therefore, considering the actual impact on the protection of the user's data, it can reasonably be argued that the legitimate interest in processing and disclosing diagnostic data outweighs the user's right to maximum data protection.

Data protection impact assessment and data processing agreement may apply as additional protective measures.