Effective Date: January 20, 2023
1. General Information
EO Space Oy complies with the General Data Protection Regulation ("GDPR") (EU) 2016/679 and other data protection laws and regulations.
Please also keep in mind that our sites and applications may contain links to other sites not owned or controlled by us and we are not responsible for the privacy practices of those sites. We encourage you to be aware when you leave our Website and to read the privacy notices of other websites that may collect your Personal Data.
Please review the sections below and if you have any questions, please do not hesitate to contact us at email@example.com.
"Personal Data" means to information that is being collected and recorded in electronic or physical format that could, with reasonable effort, be used to identify an individual. "Processing" means any activity with Personal Data, e.g., collection, usage, sharing, storing, transmitting, etc. "Data Subject" means any natural person whose Personal Data is being collected, held or processed. "Data Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. "Data Processor" means the natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller. "Registered User" refers to a natural person who is accessing our Website or Platform through individual user account. "Services" means activities or other engagement by Registered User with EO Space Platform.
3. Data Controller and Data Processor
Registered User who is working as an employee or a contractor to an organization (e.g., kindergarten or a school); or
A legal guardian or a minor Registered User who is using the Website/Platform.
4. What information do we process?
Children can access many parts of the Website/Platform and its content and use many of its features without providing us with personal information. However, some content and features are available only to Registered Users or require us to collect certain information, including Personal Data. In addition, we use certain technologies, such as cookies, to automatically collect information from our users (including children) when they visit or use the Website/Platform.
We only collect as much personal information as is reasonably necessary for a user to participate in an activity, and we do not condition a user's participation on the disclosure of more personal information than is reasonably necessary.
We collect Personal Data in two ways: information you provide to us directly, and information that we collect automatically when you or a minor under your legal guardianship use our Website/Platform.
4.1. Information you provide to us
The information that you, a minor Registered User under your guardianship provide to us directly could be used to identify an individual. This information is being collected and stored when an account has been created or updated.
This type of personally identifying information includes: name, email address, phone (whatsapp).
We do not sell Personal Data to anyone. We may disclose your Personal Data to our contractors and sub-contractors for the purpose of developing and/or providing the Service, on condition that they have signed a confidentiality agreement with us (if located outside EU/EEA – Data Processing Agreement with SCCs (Standard Contractual Clauses)), effectively obligating them to treat Personal Data as confidential information. Also, the you can always refuse to provide us with personally identifying information with the caveat that it may prevent you or a minor Registered User under your legal guardianship from using some features of our Platform.
4.2. Information we collect automatically
The information that we collect automatically refers to information that our Platform and your web browser send us automatically, without your direct and explicit submission. This information is by nature primarily of the non-personally identifying type.
The personally identifying data that your web automatically sends us whenever you access our Website is the public Internet Protocol ("IP") address of the device being used for accessing such Website. Non-personally identifying information that your web browser sends us include information such as your browser type, browser version, the pages of our Website/Platform that you visit, the time and date of your visit, the time spent on those pages, cookies and other statistics.
When you or a minor Registered User under your legal guardianship use our mobile application, we collect certain non-personally identifying information automatically, including, but not limited to, the type of mobile device used, the mobile device's unique device ID, the operating system and other statistics. Personally, identifying data that our mobile application sends us automatically is limited to the device's public IP address.
The learning process related information will be used for providing and developing the Platform, as well as for visualizing Registered User learning progress in its original and processed format.
Our services may use "cookies" and other technologies such as pixel tags, local shared objects, hardware-based device identifiers, flash cookies, operating system-based identifiers, clear GIFs and web beacons.
A "cookie" is a small file your browsers stores when told to do so by a website. Typically, websites place a number of different cookies on an end-user's device. Some are "First-party" cookies,' i.e. from the website itself, and others are "Third-party" cookies, meaning they belong to advertising and analytics entities or social networks. Cookies are personal information.
EO Space's cookies do not include any other personal information and are typically used to quickly identify your device and to "remember" your device during subsequent visits for purposes of functionality, preferences, and website performance. You can disable cookies on your device or set your device to alert you when cookies are being sent to your device; however, disabling cookies may affect your ability to use EO Space Website/Platform.
6. Purpose for processing Personal Data
We collect, store and process Personal Data only for predefined purposes. We also always make sure that there is at least one legal basis for processing Personal Data. The main purposes and the applicable legal basis for processing Personal Data are:
Provision of services (Website/Platform) Personal Data is collected and used for managing the entire customer relationship and providing our digital service. This may include for instance user authentication. The legal basis for this processing is a contract between EO Space Oy and the customer. The legal basis for some processing may also be consent (children). Marketing Personal Data is not used by EO Space Oy for marketing purposes. You may subscribe to our newsletter. When Personal Data is used for sending you our newsletter, such communications will be based on your consent (opt-in) which you can withdraw at any time. However, EO Space Oy can send direct marketing regarding similar products and services you have acquired from us and using the electronic contact information provided by you. You have the right to object to this kind of marketing too, and it is possible to do it also in advance (opt-out). Customer Communications We also collect and use Personal Data for customer communication purposes, including handling of support requests and customer feedback as well as notifying users about the service. The legal basis for this processing is fulfilling contractual obligations as well as our legitimate interest. Analytics and business development We also use anonymized data for statistical and research purposes. This is mainly data that is generated during the use of our service. This anonymized data may be transferred to third parties, such as educational organizations and institutions for the purpose of educational analysis and development. This may be done in the form of reports provided to our customers. We also use the Personal Data as well as the anonymized data generated from the use of our service to develop our own digital service. The legal basis for this processing is mainly our legitimate interest. Information security Personal Data is processed for preventing, detecting and remediating potentially prohibited or illegal activities. They are also processed for protecting data and property. Personal Data can be used for investigating possible security incidents, crimes or damages. Processing related to security and safety is a legal obligation, but some of the security measures are done in the legitimate interests of EO Space Oy such as protection of our property. Legal obligations We also process Personal Data when required by applicable law and/or to comply with the laws and regulations (e.g. accounting or other specific legislation). The legal obligation is the basis for the processing. Purposes that require your consent Your consent is required for certain types of processing of your Personal Data such as newsletters and processing of sensitive data. We do not intend to collect sensitive Personal Data, but data subjects may submit it voluntarily, and then we process it based on consent. For the processing of Personal Data that you have given your consent you can withdraw your consent at any time regarding further processing of your Personal Data. See instructions further down (8 Rights of the data subjects and the Supervisory authority). We will comply with such request unless there is another legitimate ground to process the data.
7. Data Sharing
Personal Data are shared with external service providers to provide technical solutions or services for processing stored information and for accessing the stored information by using a technical interface and will share your Personal Data with such third-party service providers to the extent that it is reasonably necessary to perform, improve or maintain the Website/Platform. We use third party service providers, such as e-mail service providers, credit card processors, information analyzers and business intelligence providers. We have the right to share Personal Data as necessary for the aforementioned service providers to provide their services to us. List of the processors and other recipients can be provided upon request.
Transfers outside EU/EEA
When Personal Data are transferred outside EU/EEA, the transfer is secured by legal measures, appropriate safeguards.
In addition, we may share your information in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements. Personal Data are also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the Website/Platform as well as to guarantee the safety of the Website/Platform.
7.1. Where in the world is your data?
We are located in the Republic of Finland. Our service providers are located and process Personal Data in various countries of EU. Our third-party analytics and advertising vendors are located in EU. This may not be a complete list and not all Personal Data may go to each country listed. Please contact us if you would like more information.
If transferring your data outside your country requires your consent or other transfer process, we intend to follow the requirements. In most cases, our legal reason for processing your information is to complete a contract with you, generally to provide the services you have engaged in with us, whether free or paid. Please let us know if you have any questions firstname.lastname@example.org
8. Retention of Personal Data
We keep your Personal Data for no longer than necessary for the purposes for which the Personal Data is collected and processed. The length of time we retain Personal Data for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise, or defend our legal rights.
This is generally one year past the time you cease interacting with us, or at your request.
9. Deletion of Personal Data
10. How is data stored and kept secure?
We commit to follow to the security provisions of applicable data protection regulations, as well as to process Personal Data in compliance with good processing practices. Personal Data are protected with appropriate technical and organizational measures. We store the information with limited access rights and secure IT-environments. The IT-environments are protected with firewalls and other adequate security technics, and advanced monitoring is done 24/7. Our personnel and processors that process Personal Data are obliged to keep Personal Data strictly confidential. Access to Personal Data is only granted to those employees that need the information to perform their work tasks. Employees and processors have personal IDs and passwords. We inform the authorities and users/data subjects of data breaches according to applicable information security and data protection regulation(s).
11. Rights of the Data Subjects and the Supervisory authority
The data subjects have the rights set out in the applicable data protection legislation.
Right to access and verify
You have the right to have confirmed if we process your Personal Data. You have the right to verify and access your Personal Data and to request us to provide you the data in writing or electronically.
Right to correct and erase (right to be forgotten)
You have the right to have corrected any incorrect or incomplete Personal Data. You have also the right to request us to remove data. We also remove, correct and complete incorrect, unnecessary, incomplete or outdated data on our own initiative when we notice such data.
Right to data portability and to object and restrict processing
You have the right to transmit your data to another controller. You have the right to request us to restrict processing of your Personal Data in accordance with the conditions set out in the data protection legislation. We will also restrict the processing of your Personal Data if we cannot correct or remove incorrect data, or if there is any uncertainty related to request to erase your data. You have the right to object to processing of your Personal Data for certain purposes. You have the right to deny any processing or transferring of data for direct marketing.
Right to withdraw consent
If the processing of your Personal Data is based on consent, you have the right to withdraw consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. You can deny any direct marketing and withdraw your consent regarding electronic direct marketing by following the instructions received in connection to the marketing communication (e.g., in the marketing email). You can always withdraw any consent including parental consent by contacting EO Space Oy using the contact information.
How to exercise the rights of the data subjects
After receiving all the required information of your request (including confirmation of identity), we will start the processing of your request. We will do our best effort to process your request within a period of one (1) month. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
Right to lodge a complaint with the supervisory authority
In case you consider our processing activities of your Personal Data to be inconsistent with the General Data Protection Regulation (GDPR) (EU) 2016/679, you have the right to complain with a data protection supervisory authority.
Office of the Data Protection Ombudsman
Street address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PL 800, 00531 Helsinki, Finland
Switchboard: +358 29 566 6700
Registry: +358 29 566 6768
13. Questions or Concerns
Mailing address: EO Space Oy
Aapelinkatu 10 B 9
02230 ESPOO, FINLAND
Attention: Legal Department