Privacy, security and online safety are important for us, and we process all personal data with due care and in accordance with applicable laws and regulations.
1. GAPHOOK’ Contact Details
Name: GapHook Oy
Company ID in Finnish trade register: 3384845-4
Correspondence address: Kappelikuja 6, 02200 Espoo, FINLAND
E-mail address: email@example.com
2. Personal Data Processed and Sources of Data
We collect two types of information of the Data Subjects: (i) Profile Data; and (ii) Technical Data. Although we do not normally use Technical Data to identify individuals, sometimes individuals can be recognized from it, either alone or when combined or linked with Profile Data. In such situations, Technical Data can also be considered to be personal data under applicable laws and we will treat the combined data as personal data.
GAPHOOK may collect and process for example the following Profile Data: (i) first and last name; (ii) address details, (iii) telephone number, (iv) e-mail address, (v) credit card and other payment details, (vi) professional details such as employment history, job title, areas of expertise and professional interest, (vii) information that Data Subjects provide when rating our Services or giving feedback on our Services, (viii) information about the Data Subjects’ interaction with us and our Services; (ix) other personal data Data Subjects provide themselves; (x) other personal data we may receive from authorities, publicly available sources, and other third parties.
The specific kind of Profile Data collected will depend on the Services used, and on other interaction between us and the Data Subject. As a rule, Profile Data is received directly from Data Subjects. We may also receive, collect and update personal information for the purposes described below from authorities, publicly available sources and information gained from other third parties, within the limits stipulated in the applicable law.
Technical Data may include for example the following data (i) the Data Subject’s IP address; (ii) browser type and version; (iii) preferred language; (iv) geographic location using IP address or the GPS, wireless, or Bluetooth technology on Data Subject’s device; (v) operating system and computer platform; (vi) the full Uniform Resource Locator (URL) clickstream to, through, and from our Services, including date and time; (vii) products or services Data Subject viewed or searched for while using our Services; and (viii) areas of our Services the Data Subject has visited.
Analytics and other tools
3. Purposes for Processing of Personal Data
There are several purposes for the processing of personal data by GAPHOOK:
To provide our Services and carry out our contractual obligations
We process personal data in the first place to be able to offer the Services to Data Subjects and to run, maintain and develop our business. In some cases, personal data may be processed in order to carry out our contractual obligations towards the Data Subject. We may use the data for example to offer essential functionalities of the Services and to provide access to the Services. If Data Subject contacts our customer service, we will use the provided information for answering questions and solving possible issues.
For customer communication
We may process personal data for the purpose of contacting Data Subjects regarding our Services and to inform Data Subjects of changes in our Services, and for other customer relationship management and marketing purposes. Data may also be used for research and analysis purposes in order to improve our Services.
For quality improvement and trend analysis
We may process information regarding the use of the Services to improve the quality of our Services e.g. by analysing any trends in the use of our Services. When possible, we will do this using only aggregated, non-personally identifiable data.
4. Legitimate Grounds for Processing of Personal Data
We process personal data to perform our contractual obligations towards Data Subjects and to comply with legal obligations. We also process personal data for our legitimate interest whilst fulfilling our contractual obligations towards our customer organization represented by the Data Subject. Furthermore, we process personal data to pursue our legitimate interest to run, maintain and develop our business.
In some parts of the Services, Data Subjects may be requested to grant their consent for the processing of personal data. In this event, Data Subjects may withdraw their consent at any time.
5. Transfer to Countries Outside Europe
We have operations, entities, and service providers in several geographical locations. As such, we and our service providers may transfer personal data to, or access it in, jurisdictions outside the European Economic Area or the Data Subject’s domicile. We will take steps to ensure that personal data of Data Subjects receives an adequate level of protection in the jurisdictions in which we process it. We provide adequate protection for the transfer of personal data to countries outside of the European Economic Area through a series of intercompany agreements and agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements.
We only share personal data within the organization of GAPHOOK if and as far as reasonably necessary to perform and develop our Services and business. We do not share personal data with third parties outside of GAPHOOK’ organization unless one of the following circumstances applies:
To the extent that third parties (such as our customer organizations represented by the Data Subject) need access to personal data in order for us to properly perform the Services, we provide such third parties with the Data Subject’s personal data.
For legal reasons
We may share personal data with third parties outside GAPHOOK’ organization if we have a goodfaith belief that access to and use of the personal data is reasonably necessary to:
(i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of GAPHOOK, Data Subjects, or the public, in accordance with the law. When possible, we will inform Data Subjects about such transfer and processing.
To authorized service providers
For other legitimate reasons
With explicit consent
We may share personal data with third parties outside GAPHOOK’ organization for other reasons than the ones mentioned before, when we have the Data Subject’s explicit consent to do so. The Data Subject has the right to withdraw this consent at all times.
7. Storage Period
Data Subject’s e-mail address collected for direct marketing purposes is stored for such purposes until further notice. If Data Subject later opts out of the direct marketing, we delete other information regarding the direct marketing, but will retain the information that Data Subject has opted out of the direct marketing to ensure compliance with the opt-out.
Personal data of Data Subjects may also be deleted when the Data Subject makes a request regarding deletion of the Data Subject’s personal data provided that we do not have a legitimate ground to continue processing the personal data in question.
8. Data Subjects’ Rights
Right to access
GAPHOOK offers access for the Data Subjects to the personal data processed by GAPHOOK. This means that Data Subject may contact us and we will inform what personal data we have collected and processed regarding the said Data Subject and the purposes such data are used for.
Right to withdraw consent
In case the processing is based on a consent granted by Data Subject, the Data Subject may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use our Services.
Right to correct
Data Subjects have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored about the Data Subject corrected or completed.
Right to deletion
Data Subjects may also ask us to delete the Data Subject’s personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. We may not immediately be able to delete all residual copies from our servers and backup systems after the active data have been deleted. Such copies shall be deleted as soon as reasonably possible.
Right to object
Data Subject may have the right to object our processing of the Data Subject’s personal data when that processing is based on our legitimate interest. We will comply with such objection unless we have a legitimate ground not to. If the Data Subject objects to the further processing of the Data Subject’s personal data, this may lead to fewer possibilities to use the Services.
Notwithstanding any consent granted beforehand for the purposes of direct marketing, Data Subject has the right to prohibit us from using the Data Subject’s personal data for direct marketing purposes, market research and profiling by contacting us on the addresses indicated above or by using the functionalities of the Services or the unsubscribe possibility offered in connection with any direct marketing messages. Please bear in mind that some parts of our Services may include messaging that are considered part of the Services and that cannot be unsubscribed from.
Right to restriction of processing
Data Subjects may request us to restrict certain processing of personal data; this may however lead to fewer possibilities to use our Services.
Right to data portability
Data Subjects have the right to receive their personal data from us in a structured and commonly used format and to independently transmit those data to a third party.
How to use the rights
The above mentioned rights may be used by sending a letter or an e-mail to us on the addresses set out above, including the following information: name, address, phone number and a copy of a valid ID. We may request the provision of additional information necessary to confirm the identity of the Data Subject. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
9. Lodging a Complaint
In case Data Subject considers our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection.
10. Information Security
We will take all reasonable and appropriate security measures to protect the personal data we store and process from unauthorized access or unauthorized alteration, disclosure or destruction. Measures include for example, where appropriate, encryption, firewalls, secure facilities and access right systems.
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. We regularly test our websites, data centres, systems, and other assets for security vulnerabilities.
Should despite of the security measures, a security breach occur that is likely to have negative effects to the privacy of Data Subjects, we will inform the relevant Data Subjects and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as reasonably possible.