Privacy

What information do we collect and for what purpose?

We only collect data that is necessary for the operation and development of our service.

The information we collect directly from you

When you register to the service, we collect your name, e-mail address, and password. This information is collected for identification, communication, and implementation of the service. We do not store passwords in a readable form.

When you contact our customer support through an email or book a demo through the site, we collect the information you provide us in order to be able to help you with your case. We may also store that information to develop our customer support.
We collect the aforementioned information directly from you. You hand over information by signing up, signing in, using the service, or making a customer service request. This information is used for communication and to either develop or provide services.

Personal information we collect from third parties

Third parties may collect or receive information from gApp POS-application, gapp.fi and other apps and use that information to provide measurement services.
On our website, we collect some information to be able to provide the best possible user experience. We need that information for analyzing the way our service are being used. Based on the collected information, we optimize the quality, content, adaptability, and relevancy of our service to match our customers’ needs. It contains anonymous usage data, e.g. technical information about your browser and device. You consent to the data collection by using our website.
Some of the tools that we use for data collection are Facebook Pixel and Google Analytics. Third parties may collect or receive this information and use it to provide measurement services and targeted ads. Read more about privacy policy of Facebook and Google.

What kind of rights you have and how to use them?

You have the rights to personal information held by gApp.

You have the right to access the personal data in our possession. However, access to information may be restricted by the privacy of the legislation and the privacy of other persons.

You have the right to request correction of incorrect or incomplete information.

You have the right to be forgotten. You may request the removal of your data. Data deletion can be done, for example, in cases when you withdraw the consent, and there is no other reason for the processing, or when you deny the data processing, and there is no other reason for the continuation of processing.

You have the right to limit the processing of your personal data.

You have the right to object to the processing of your data.

You have the right of data transferability. Upon request, you may receive personal data in machine-readable form. This right applies to personal information that has been processed automatically by agreement or consent to the breach.

You’re entitled to withdraw the consent, at any time, without prejudice to the lawfulness of the processing before withdrawal if the processing is based on consent. Canceling consent may affect our ability to provide services.

You also have the right to file a complaint with the Data Protection Authority if you suspect that your personal data is being used improperly or unlawfully.

Use of Rights

To use your rights, please contact the gApp customer service [email protected]

For what purpose we use the information and on what basis do we handle them?

gApp handles personal information to meet statutory and contractual obligations. The legal bases of our processing are:

Implementing the contract: Fulfilling contractual obligations, i.e. providing our service, is the main legal basis for our processing of personal data. The contract is formed between gApp and you (Data Subject) when you register to the service. You will accept the processing of data according to this Privacy Statement by using the service. gApp will process personal information to the extent necessary for providing or developing the service.

Statutory Obligation: In addition to our contracts, we have statutory obligations to deal with personal information. Examples of these include Accounting Act and public event and restaurant legislation.

Consent: To develop our website we collect analytical information on the use of the pages based on your consent. Acceptance of data collection is given at the site upon arrival.

How long will we keep the data?

Personal data is kept only for a contractual period unless otherwise required by law, such as the Accounting Act. For example, purchase transactions are maintained for the period required by the Accounting Act, but the information is anonymized at the end of the contractual relationship.

Website anonymous visitor analytics information will only be retained as long as it is necessary to track and develop marketing and customer service, a maximum of 26 months.

Customer support data is kept for the maximum of 24 months.

Data Processors and Cross-Border Processing

Data processing is being done by employees of gApp, in accordance with the current Personal Data Act. gApp reserves the right to outsource the processing of personal data to a third party, thereby guaranteeing contractual arrangements that personal data will be processed in accordance with the Personal Data Act and otherwise appropriately.

Otherwise, data will not be combined with other registers and will not be disclosed to third parties, unless required by law (e.g. the Accounting Act).

The server system used to provide the service is located in the Heroku server of Salesforce, Ireland. For information on the principles of the Heroku Privacy Policy, see the links below:

https://www.salesforce.com/company/privacy/

https://www.salesforce.com/gdpr/overview/

What are the risks involved in personal data processing and how do we protect the data?

The largest (still minor) risk is the personal data ending in the wrong hands, for example in connection with data theft or leakage. If this unlikely event occurs, the information can be used to find out the behavior of the Data Subjects, determine Data Subjects’ locations on event days, and send junk mail. Announcements of the large-scale data leaks are always provided to each party of the contract, regardless of whether or not the party is subject to the notification obligation.

The purpose of the gApp security operations are to secure the availability of information and information systems, to ensure their confidentiality, to ensure data integrity, and to minimize any possible damage caused by deviations. The hedging activities are based on an activity risk assessment and are proportioned to managing the hedged item and the risks it poses.

Your personal data is always processed in accordance with the Personal Data Protection Act.