Data protection record of Rona Finland Oy’s Rona Cybersecurity App 

General

Rona Finland Oy (later “Company” or “We”) is committed to ensure the confidentiality and data protection of personal data in its possession. This data protection record is applied to personal data that we collect in relation to our Rona Cybersecurity App (later “Service”). The personal data and related processing is described in this data protection record. Additional information regarding the processing of personal data in the Service is provided by our contact person Oskari Räisänen, email  privacy@rona.fi

We may update this data protection record from time to time, for example due to changes in applicable legislation. We endeavour to carry out reasonable means to inform you in advance of any possible changes to this data protection record, as well as the effects of such changes. However, we advise you to periodically review this data protection record and  always after you become aware of changes made hereto. This data protection record was last updated on 1 February 2020.

Data Controller 

Name: Rona Finland Oy

Address: Arkadiankatu 10 A 3

00100 HELSINKI

Tel: +358405890844

Business ID: FI29462268

Whose Personal Data Do We Collect?

We process the personal data of persons who have installed and use the Service on their mobile device (later also “You”). 

What Categories of Personal Data Do We Process?

We process the following personal data  for the Service: 

    • your name
    • your contact details: telephone number and email address
    • your devices that logged in to the system and their associated data
    • Ip addresses from which you logged in (on auth)
    • Your locations while the app is active
    • Groups and role you belong to (assigned by admin)
  • What notifications / assignments you have
  • Your password hash / auth tokens

Which Sources Do We Use to Collect Personal Data?

Personal data is collected directly from the user or from the actions of the user when the user is using the service.

Please note, your employer or other entity, which owns the device on which the Service has been installed on may also collect, store, and process your personal data. Such entity will disclose the following personal data to Rona Oy:

Please contact such entity separately to familiarise yourself with their data collection procedures and practises.

Basis, Purposes, and Impacts of Processing Your Personal Data 

We obtain consent for the processing of your personal data, Art. 6(1) lit. (a) GDPR serves as the legal basis for data processing.

Your personal data is processed because this is necessary to fulfil a contract or in the context of a contract-like relationship with you, Art. 6(1) lit. (b) GDPR serves as the legal basis for data processing.

Regular Disclosures and Transfers of Your Personal Data to Third Parties 

We disclose or transfer your personal data to our service providers, business partners and contractors who provide services on our behalf or who we use to support our business.

We may also be required to share your personal data with competent authorities in accordance with data protection legislation.

Transfers of Your Personal Data outside the EU or European Economic Area 

We do not transfer your personal data outside the EU or EEA. 

Principles for the Retention of Your Personal Data

We retain your personal in accordance with the following principles: As long as the contract is valid + 6 months.

Profiling

As part of our data processing activities, We perform automated profiling of data subjects in order to enhance marketing and present you with marketing messages better suited to your interests. You have, at all times, the right to object to profiling in accordance with Section 11 below.

Rights of a Data Subject in Relation to the Processing of Personal Data

You have the right to, according to applicable data protection legislation, at any time: 

  • be informed about the processing of your personal data;
  • obtain access to data relating to you and review your personal data we process;
  • withdraw your consent and object to the processing of your personal data in so far as the processing of your personal data is based on your consent;
  • object to the processing of your personal data on grounds relating to your particular situation in so far as the processing of your personal data is based on our legitimate interest;
  • receive your personal data in a machine-readable format and transmit those data to another controller (provided that you have delivered us such data yourself, we process such personal data based on an agreement or your consent and the processing of personal data is carried out by automated means);
  • obtain a restriction of processing of your personal data;
  • require rectification and completion or erasure of inaccurate and incorrect personal data; and
  • require the erasure of your personal data.

If you withdraw your consent, it will not affect the lawfulness of the processing based on consent before its withdrawal. You may withdraw your consent in accordance with section “Contacts” below.

You should present your request for exercising any of the aforementioned rights in the manner described in the ‘Contacts’ Section of this data protection record. We may ask you to specify your request in writing and to verify your identity before processing the request. We may refuse to fulfil your request on grounds set out in applicable data protection legislation. 

You also have the right to lodge a complaint with the supervisory authority concerned or with the supervisory authority of the EU member state of your habitual residence or place of work, if you consider that we have not processed your personal data in accordance with applicable data protection legislation.

Principles of Data Security 

We respect the confidentiality of your personal data. 

Tangible material containing personal data shall be kept under lock and key in a space to which only separately appointed persons have access. Personal data processed digitally are protected and stored in our information system accessible to persons on a need-to-know basis only. Such persons have personal user credentials and passwords.  We encrypt Personal data transmitted outside our Company.

Contacts

All requests concerning the use of the rights mentioned above, questions about this data protection record and other contacts should be made by e-mail Oskari Räisänen to the address privacy@rona.fi. 

If you wish to withdraw your consent for direct marketing, it can be done by clicking on a link found in each direct marketing message.