1. GENERAL INFORMATION
1.2 Our role as a data controller and data processor: We may act either as a data controller and a data processor. Our role depends on the specific situation in which personal data is handled by us, as explained in detail below:
- Data controller. When we are the data controller, we determine the purposes and means of the processing of personal data. Hence, we are the controller when you send us an inquiry or conclude a service or employment contract with us. Situations when we are controller of personal data are further explained in this document. We comply with the data controller’s obligations set forth in the applicable laws.
- Data processor. We are a data processor when we process personal data on behalf of our customers. As a processor we process your data only in accordance with the instructions issued by a respective data controller. Such instructions can be seen from data processing agreement: www.lifetimely.io/policies/data-processing-agreement (the “DPA”). The DPA is incorporated by reference into our Terms and Conditions. Hence DPA is concluded automatically upon acceptance of the Terms and Conditions.
1.3 Minors. Our service is not intended for use by children (i.e., persons who are minors in their country of residence). Therefore, we do not knowingly process minors’ personal data. If you, as a parent or a legal guardian of a child, become aware that the child has submitted his/her personal data to us, please contact us immediately. We will delete your child’s personal data from our systems without undue delay.
2. WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES AND WHICH LEGAL BASES DO WE USE IT?
2.1 Personal data processed. We shall process the following personal data provided by you:
- Account information. When you register your user account, we collect personal data necessary in order to register you to our services, such as email address, name, company name, website URL, and your role in the company.
- Agreement related information. We shall process agreements related information, such as service agreement or employment agreement, in connection with our business operations.
- Inquiries. When you contact us, we process information related to your inquiry such as your name, email address, and any information that you decide to include in your message.
- Payments. We might process payment information in connection with our business. However, please note that we do not process payments in connection with our service. It is done by our third-party payment processors Shopify and Stripe.
We shall observe the following information from the usage of our services:
- Usage data. When you use services provided by us, we may collect usage information such as registration log, login/logout, time stamps of usage activities, including how you open and close communication sent by us.
Legal basis. We use your personal data to provide you with the service and/or fulfil the contractual obligations. This requires us to process your above mentioned personal data for the customer/employment/partner relationship management, support, and communication, conducting customer surveys, customer complaint handling, maintenance, software and system updates, user identification as well as for problem diagnosis and fixing. Hence, the above-mentioned processing of your personal data is based on your contract with us.
In addition, we use your above mentioned personal data for the following purposes based on legitimate interests pursued by us:
- Analytics and development purposes, including creating aggregated groups based on your usage activities. This also enables us to understand our users’ needs as customers and to improve the quality and user experience of our current and future services and offerings.
- Marketing purposes, including communicating with you about our offerings, conducting sales promotions, and other marketing campaigns, as well as creating aggregated target groups for marketing. Knowing customers’ preferences enables us to target our offerings and provide products and services that better meet the needs and expectations of our customers.
- Information and account security purposes, including detecting or preventing various types of misuse of services and fraud to provide you with secure and reliable services.
Electronic Direct Marketing and communication via email. We may send you electronic direct marketing, such as newsletters, promotions about new products as well as information about user surveys and trials, by email. You can opt-out of such electronic direct marketing or communication at any time free of charge by clicking on the “unsubscribe” link included in our newsletters, adjusting the settings of your user account, or by contacting us directly.
Sensitive data. We do not collect or have access to any special categories of personal data as defined by Art. 9 of the GDPR (“sensitive data”) from you unless contractual obligations or mandatory legislation, such employment legislation, requires us to process it. Sensitive data is information that is for example health related data. If Your Data contains the said sensitive data, we will process such data for the purpose of fulfilling our contractual or legal obligations, such as regarding employment relationships.
5. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
6. HOW DO WE SHARE AND DISCLOSE YOUR DATA?
6.1 Location of personal data. We store your data in the databases located in the EU/EEA. However, some of our third-party vendors may be located outside the EU, including the United States.
6.2 Sharing of your personal data. We share your data in the following ways:
- Our third-party vendors, who provide us with cloud-based IT and business support as well as customer care services, may need to process your information. All such third parties are operating under contract and acting on behalf of us.
- Competent authorities. When required in response to a legal process or request from a competent authority according to applicable laws or in connection with a legal proceeding or process.
- Mergers, acquisitions or sale of assets. When required as part of a merger, acquisition, sale of assets (such as service agreements) or transition of service to a group entity or another company.
- Third Party Advertising Platforms. When our digital marketing activities utilize different third-party advertising platforms' features, we may target you by uploading your account information (e.g. a hashed email address or phone number) or advertising ID to such a platform. We may also use third-party tracking platforms, which collect data about how users interact with our ads for ads attribution analysis and effect evaluation purposes. Such third parties are operating under contract and acting on behalf of us and include data transfers to partners located in the US.
6.3 International transfers. When transferring and disclosing your data outside the EU/EEA in above mentioned situations, where the local law may not provide the same level of protection, we comply with applicable legal requirements for providing adequate safeguards to such transfer by e.g. using the European Commission's Standard Contractual Clauses (SCC).
8. WHAT RIGHTS DO YOU HAVE WITH REGARD TO YOUR PERSONAL DATA?
8.1 Data Subject Rights. You have the right to control how your personal data is processed by us by exercising the rights listed below:
- Right of access: you can get a copy of your personal data that we store in our systems;
- Right to rectification: you can rectify inaccurate personal data that we process about you;
- Right to erasure (‘right to be forgotten’): you can ask us to erase your personal data;
- Right to restriction: you can ask us to restrict the processing of your personal data if;
- Your data is unlawfully processed, but you do not want to erase it.
- You have a legal claim that you need to establish, exercise, or defend, and you requested us to keep your data when we would not keep it otherwise.
- You have contested the accuracy of your personal data and the accuracy of your data is pending our verification.
- Your request for objection is pending our verification process
- Right to data portability: you can ask us to provide you with a copy of your personal data in a structured, commonly used and machine-readable format
- Right to object: you can ask us to object processing your personal data when processing is based on legitimate interest
- Right to withdraw consent: you have the right to withdraw your consent, if you have provided one; or
- Right to complaint: you can submit your complaint regarding our processing of your personal data to the local data protection authority. For more information, please see for example https://tietosuoja.fi/en/home.
8.2 How to exercise your rights? If you would like to exercise any of your rights, please contact us by email at firstname.lastname@example.org and explain your request in detail. The scope of your right depends on the nature of processing and legal basis. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information that allows us to identify you in our system. We will answer your request within a reasonable time frame but no later than one month.