Kanijo Oy complies with the EU General Data Protection Regulation (GDPR) in collecting and processing personal data in connection with the Pisarasi service. Kanijo Oy seeks to ensure that its users are able to exercise their rights under the GDPR. Under the GDPR, personal data means data that can be used individually or when combined with other data to identify an individual person.
This documents provides information on the processing of personal data within the Pisarasi service. This document was last updated on 16 April 2020. In the event Kanijo Oy changes it practices with regards to the processing of personal data, users will be informed as soon as possible, and a new version of this document will be made available.
1. Processing of personal data in the Pisarasi service
Personal data is collected in the service when users register for the service, submitting personal data such as their names and email addresses. Users also submit personal data into the service after registration, by inputting data relating to their movements and contacts while using the service. Furthermore, users can import data automatically into the service from other user accounts (Google account). Furthermore, the service collects certain personal data such as the user’s IP address when the user uses the service.
The service does not currently collect sensitive personal data, for example data relating to users’ health or concerning young children. If Kanijo Oy intends to start collecting or processing sensitive personal data, users will be informed in advance and Kanijo Oy will ensure that there is a lawful basis for said processing of personal data, and that the processing shall be carried out in accordance with the applicable law and good practice.
2. Data controller and processors
Kanijo Oy is the data controller with regards to the personal data referred to above. The only external processor used by Kanijo Oy is UpCloud Oy, Kanijo Oy’s cloud service provider. Kanijo Oy and its external processors have implemented appropriate technical and organisational measures to ensure the security and integrity of the personal data processed in the service as well as that the personal data is processed in accordance with the law and good practice. Kanijo Oy undertakes to comply with its duties as data controller under the GDPR, as well as to ensure that any processors acting on its behalf comply with the processors’ duties under the GDPR.
Personal data are never transferred outside the EU. Furthermore, users’ personal data are never transferred to third parties except as expressly provided herein. The data controller shall ensure that the personal data stored in the service are encrypted. Furthermore, the data controller shall ensure that only those persons have access to the data for whom such access is necessary in order to provide the service.
3. Categories of personal data in the service
Kanijo Oy only collects personal data needed in order to provide the Pisarasi service. The personal data in question is not used for any other purpose. Please find below a description of the categories of personal data processed in the service, the legal basis for processing, the purpose of processing as well as the life cycle of the personal data:
| Henkilötieto | Käsittelyn laillinen peruste | Käsittelyn tarkoitus | Elinkaari |
| Sähköposti, salasana | Rekisteröidyn ja Kanijon välisen sopimuksen toteuttaminen siten, että käyttäjä pystyy käyttämään Palvelua aiotulla tavalla (GDPR artikla 6(1)(b)) | Käyttäjätilin luominen, palveluun kirjautuminen | Tiedot poistetaan sen jälkeen, kuin käyttäjä on poistanut käyttäjätilinsä tai muuten selvästi lakannut käyttämästä palvelua. |
| Sähköposti, nimi | google -tilin yhdistäminen palveluun, palveluun kirjautuminen google-tunnuksella | ||
| Käyttäjän itsensä palveluun syöttämät tiedot (esimerkiksi kuinka monta henkilöä on ollut läsnä tietyssä paikassa jossa käyttäjä on käynyt) | Päiväkirjan muodostaminen käyttäjän liikkeistä/oleskelusta mahdollisten tartuntojen kartoittamista varten | Päiväkirjan tiedot säilytetään ainoastaan 14 viimeisen vuorokauden ajalta. | |
| Paikkatiedot | Päiväkirjan muodostaminen käyttäjän liikkeistä mahdollisten tartuntojen kartoittamista varten | ||
| Kodin, työpaikan, vapaa-ajan harrastusten sijainnit | Päiväkirjan muodostaminen käyttäjän liikkeistä/oleskelusta mahdollisten tartuntojen kartoittamista varten | ||
| Käyttäjän kontaktien nimi, sähköposti, puhelinnumero, kotipaikkakunta | Käyttäjän tai kontaktien elintärkeiden etujen (terveyden) suojaaminen (GDPR artikla 6(1)(d) | Päiväkirjan täydentäminen tiedoilla kontakteista helpottaakseen mahdollista altistuneiden kartoittamista | |
| IP-osoite | Rekisterinpitäjän oikeutettujen etujen toteuttaminen (GDPR artikla 6(1)(f) | Palvelun teknisen tilan seuranta ja virheenselvitys | Tiedot poistetaan sen jälkeen, kuin käyttäjä on poistanut käyttäjätilinsä tai muuten selvästi lakannut käyttämästä palvelua. |
4. Rights of users
The user has the following rights with respect to processing of personal data:
- Right of access: the user has the right to request confirmation of whether his or her personal data is processed by Kanijo Oy and access to that personal data.
- Right of rectification: the user has the right to rectify, and to request Kanijo Oy to rectify any inaccurate or incomplete personal data concerning him or her held by or processed by Kanijo Oy.
- Right of erasure: the user has the right to request that personal data concerning him or her is erased where it is no longer necessary for the purpose for which it was collected or processed, where the user objects to the processing and there are no overriding legitimate grounds for processing, where his or her personal data is being unlawfully processed, or where personal data must be erased in order to comply with relevant legislation.
- Right of restriction: the user has the right to request restriction of processing of his or her personal data where the accuracy of the personal data is contested, where processing is unlawful or where the personal data is no longer needed by the data controller but the user legitimately opposes the erasure of the personal data, or where the user objects to the processing and it has not yet been verified whether legitimate grounds exist for the processing.
- Right to object: the user has the right to object to the processing of his or her personal data where the processing is based on the legitimate interests of Kanijo Oy (GDPR Article 6(1)(f)).
- Right to data portability: the user has the right to receive the personal data concerning him or her, which he or she has provided to the controller, and the right to transmit those data to another controller
The user shall always have the right to complain about the processing of his or her personal data to the competent data protection authority, i.e. the Data Protection Ombudsman in Finland. Please find more information at www.tietosuoja.fi.
5. Cookies
When using the service, cookies will be saved on the user’s device in order to identify the user’s device in order to provide the service. The cookies do not identify the user using the device or any other individual person, nor is it possible to identify an individual person with said cookies, i.e. they are not personal data.
The following cookies are saved on the user’s device when using the service:
- The cookie of the Pisarasi service, which is a session cookie that allows the user to log onto the service and to use the service. The cookie expires immediately after the session in question ends.
- Third party (Google/Alphabet Inc) Google Analytics cookies, the purpose of which is primarily to identify individual devices, collect information about website usage and to provide certain functionalities of the Pisarasi service that require use of Google Analytics (additional information). All Google Analytics cookies expire after a set term, the length of which depends on the cookie in question (from immediately after the ending of a session to several years)
No other Kanijo Oy or third party cookies are saved on the user’s device when using the service except for those mentioned above.
By using the service you consent to the above cookies. If you do not consent, you must deactivate cookie use by either completely stopping or restricting all cookie use through your browser settings, or by restricting only Google Analytics cookie use through the Google browser add on. In the event you restrict cookie use, in particular if you do so through browser settings, the service may not work as intended or at all.
6. Kanijo Oy data protection representative
You can contact the following person with regards to personal data processing in the Pisarasi service or if for example you wish to exercise your rights under this policy or the GDPR:
Pisarasi Product Owner
Katariina Pirttijärvi
katariina.pirttijarvi@pisarasi.fi