Runfrog app - Privacy Policy
Privacy Policy for RunFrog App Updated 12th February 2022
**Personal Data Act (523/1999) Sections 10 and 24, as well as EU General Data Protection Regulation (679/2016) Articles 12 and 13 combined register description and information document. This privacy policy describes the processing of personal data by Vauhtisammakko Oy. The data subject in question is the customer data in the RunFrog app.
CONTROLLER:
Vauhtisammakko OY
Sirkkalankatu 13
20500 Turku
mikko@vauhtisammakko.com
+358 41 502 4078
WHAT DATA WE COLLECT AND FOR WHAT PURPOSE
We collect only the necessary information from users for the operation and development of our service. Information related to identification and authentication, communication, and the execution of the service, including names, email addresses, and certain company information in connection with certain agreements. Passwords are never stored in a readable format.
For payment purposes, we may collect card identifier, card type, card expiration date, and the last four digits of the card. This information does not include the full card number, security code, or other data required for online payments; we do not charge the card ourselves. All mobile payment and card charging activities take place within the payment partner PayPal’s system, which complies with legal requirements. We store receipts in accordance with the Accounting Act and use this data anonymously for purchase behavior profiling. Our website collects cookies to optimize its performance. We store anonymous information in cookies, such as IP addresses and details about the device and browser used. We also retain information related to email customer service to improve the service.
PERSONAL DATA WE COLLECT DIRECTLY FROM THE DATA SUBJECT
We collect the previously mentioned information directly from the data subjects themselves, such as during registration, login, use of the service, purchase, or customer service request. This information is used for communication to provide or deliver the services to the customer. We do not collect data from third parties unless it is required for the provision of the service or content.
DATA SUBJECT RIGHTS AND HOW TO USE THEM
Data subjects have rights regarding the personal data held by Vauhtisammakko. Data subjects have the following rights:
- The right to access their own personal data. Access may be restricted due to legal or other privacy protection considerations.
- The right to request corrections to inaccurate or incomplete data.
- The right to request the deletion of their data. Deletion can occur in cases such as withdrawal of consent when there is no other legitimate basis for processing.
- The right to restrict the processing of personal data.
- The right to object to the processing of their data.
- The right to receive their personal data in a machine-readable format for data processed based on a contract or consent.
- The right to withdraw consent at any time without affecting the lawfulness of processing before consent withdrawal. The withdrawal of consent may impact our ability to provide services and content.
To exercise these rights, please contact mikko@vauhtisammakko.com
HOW WE USE THE DATA AND ON WHAT BASIS WE PROCESS IT
Vauhtisammakko processes personal data to fulfill legal and contractual obligations. The legal bases for our processing are:
Contract performance: Fulfilling the obligations of our service contract is the primary legal basis for processing personal data. The contract is established between Vauhtisammakko and the user when the user registers for the service, starts a trial of the free version, or sends a service-related request. Users consent to the data processing in accordance with the privacy policy when using the service. We process personal data to deliver the service ordered by the user, as necessary. To optimize our website and services, we collect analytics data based on user consent. By accepting cookies upon arrival to the site, you provide your consent. Separate consent is collected for information collected for marketing purposes, which can be withdrawn at any time. Users have the option to block cookies by changing their browser settings in accordance with the browser manufacturer’s instructions and clear any cookies from the browser cache. Clearing cookies does not stop data collection.
DATA RETENTION PERIOD
We retain personal data only for the duration of the contractual relationship unless legislation, such as the Accounting Act, requires otherwise. We store anonymous visitor analytics data for as long as necessary for marketing and customer service monitoring and development. Data processing is carried out by Vauhtisammakko employees in accordance with the applicable Personal Data Act. Vauhtisammakko reserves the right to partially outsource the processing of personal data to third parties, ensuring, by contractual arrangements, that personal data is processed in accordance with the Personal Data Act and appropriately. Transaction amounts related to purchases are transferred to our payment service provider’s system for charging. Otherwise, data is not combined with other registers, nor is it disclosed to third parties unless required by law.
RISKS RELATED TO DATA PROCESSING AND HOW WE PROTECT DATA
The main risk related to user data in the system is the unauthorized access to user data and purchase history in case of a data breach, for example. In case of this risk materializing, the data could be used to identify the user’s purchasing behavior in our services, deduce the location of the user on event days, and send spam. In the event of a significant data breach, the contact person (contractual partner) will always be notified, regardless of whether the matter falls under the notification requirement. Vauhtisammakko’s security measures aim to ensure the availability of data and data systems, confidentiality, data integrity, and minimize the damages caused by possible deviations. Security measures are based on a risk assessment of operations and are adjusted to manage the risks to the target and the risks posed to the assets. Actions to ensure data security and data protection include measures such as:
- Measures to ensure data availability and usability to ensure relevant information is available when needed, including the operation of systems, backups, contingency systems, and the correct archiving of data.
- Measures to ensure data integrity through controls and monitoring of systems. Security measures and guidelines aim to prevent errors and omissions in data processing.
- Measures to ensure data confidentiality through organizational and technical means, such as confidentiality agreements, defined operational processes, instructions, and staff training.
- Technical measures including virus and malware filtering, data encryption, strong user authentication (in the case of payment services), securing the network and terminal devices, and encryption.
- Vauhtisammakko uses only well-known and reliable partners who are bound by contract to process data lawfully and in accordance with the agreement they have with Vauhtisammakko.