PRIVACY POLICY

(Combined Register Description and Information Document)

Updated: 07.05.2018

1. DATA CONTROLLER
Getaway Games Oy
Åkerlundinkatu 3B
33100 Tampere
Business ID: 2754102-6

2. PERSON RESPONSIBLE FOR REGISTER MATTERS
Ossi Ojala, info@factornew.guru
Getaway Games Oy
Åkerlundinkatu 3B
33100 Tampere

3. NAME OF THE REGISTER
Customer register of the Getaway Games Oy website getaway.fi.

4. PURPOSE OF PROCESSING PERSONAL DATA AND REGISTER CONTENT
Personal data may be used for the following purposes: management of customer relationships, customer service, and related communication and marketing, implementation, development, and monitoring of services, customer relationship analysis, grouping and reporting, implementation of loyalty programs, product recommendations, and reviews, as well as other business development purposes of the data controller. The data controller retains the collected information as long as there is a justified reason for retention. When there is no justified reason, the data is securely deleted.

We use cookies on the getaway.fi website to improve service quality and develop content. Cookies facilitate customer interaction in the online store and make the content more user-friendly. Cookies allow us to offer customers better deals and more precise product content. A cookie is a small text file that a website stores on the user’s computer memory. The use of cookies does not damage the computer or the information system stored on it.

By default, the data collected through cookies is anonymous. With the user’s consent, personal data obtained from the user may be linked to cookie-collected data and used for targeted marketing. Targeted marketing means that you may see products you have viewed in the online store on other websites or social media platforms.

Providing the data mentioned in this policy or using cookies is not mandatory, but the absence of certain personal data may prevent full use of the services provided by the data controller.

The register may contain the following categories of information:

  • Basic personal information (name, date of birth, contact details)
  • Email address
  • Email address used for Google or Facebook login
  • Payment details, personal identity code, or business ID for credit agreements
  • Delivery details, purchase history, product reviews
  • Additional information provided by the registrant regarding marketing
  • Online store browsing, usage, and identification data

Additionally, the register may contain modification details of the above-mentioned data.

Changes to cookie consent settings can be made at any time here.

5. LEGAL BASIS FOR PROCESSING AND RETENTION OF PERSONAL DATA
Personal data is processed based on the consent of the registrant.

6. REGULAR DATA SOURCES AND INFORMATION ON THE RIGHT TO OBJECT PROCESSING, AUTOMATED DECISION-MAKING, AND PROFILING
Personal data is collected from the registrant when they use the service. Personal data is not obtained from third-party companies or authorities.

The registrant has the right, based on their specific personal situation, to object to automated decision-making and profiling, except when the data controller can demonstrate that there is a compelling and legitimate reason for processing that overrides the registrant’s interests, rights, and freedoms, or when processing is necessary for legal claims. If the registrant objects to data processing for direct marketing purposes, the data must no longer be processed for this purpose. Profiling must be based on the registrant’s explicit consent.

7. REGULAR DISCLOSURES AND TRANSFERS OF DATA OUTSIDE THE EU/EEA
Personal data may be transferred outside the European Union or European Economic Area only if the receiving country ensures an adequate level of data protection. Data will not be disclosed to third parties except for processing the service.

8. PRINCIPLES OF REGISTER SECURITY AND DATA DISCLOSURE

A. Physical Material
Physical material is stored in a locked space and is accessible only to authorized personnel.

B. Digitally Stored Data
Personal data contained in the register is kept confidential. Access to the register within the data controller’s organization is controlled, and only those employees whose job responsibilities require access can use the data.

The IT system is protected by security software. Access requires the entry of a username and password. The network and hardware where the register is stored are protected by a firewall and other appropriate technical measures, such as encryption. Data on the website is protected with SSL or TLS 1.2 secured connections.

Processing of personal data may be outsourced to a third party, in which case Getaway Games Oy ensures by contractual arrangements that personal data is processed in accordance with data protection laws and applicable EU regulations.

More information on countries with an adequate level of data protection is available on the European Commission’s website:
http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm

9. RIGHT OF ACCESS AND IMPLEMENTATION OF THE RIGHT OF ACCESS
The registrant has the right to check what personal data about them is stored in the register, as stipulated in Section 26 of the Personal Data Act.

Requests should be submitted in writing, signed, and sent to:
Getaway Games Oy /
Ossi Ojala
Åkerlundinkatu 3B
33100 Tampere

10. DATA RECTIFICATION AND IMPLEMENTATION OF DATA RECTIFICATION
The registrant has the right to influence the processing of their personal data.

According to Section 29 of the Personal Data Act, the data controller must correct, delete, or complete incorrect, unnecessary, incomplete, or outdated personal data at the registrant’s request. The data controller may also correct such data on its initiative.

Requests should be submitted in writing, signed, and sent to:
Getaway Games Oy /
Ossi Ojala
Åkerlundinkatu 3B
33100 Tampere

11. DATA CONTROLLER’S OBLIGATIONS, RIGHT TO DATA PORTABILITY, AND RIGHT TO BE FORGOTTEN
Personal data is retained only as long as there is a justified reason for processing. When there is no justification, the data is properly deleted. The registrant has the right to withdraw consent and request data deletion.

Requests should be submitted in writing, signed, and sent to:
Getaway Games Oy /
Ossi Ojala
Åkerlundinkatu 3B
33100 Tampere

12. SUPERVISORY AUTHORITY
The registrant has the right to bring any personal data law issue to the supervisory authority (Data Protection Ombudsman). More information is available on the Data Protection Ombudsman’s website:
http://www.tietosuoja.fi/fi/index.html