iZzzleep Privacy Policy

Privacy Policy for the iZzzleep Application Customer Register

1. Data Controller

The data controller of the register is Uniohjaamo Uneksija Oy (Business ID 3299617-2).

Contact Person for Registry Matters:

Uniohjaamo Uneksija Oy

Address: Hietaniementie 18 A, 39160 Julkujärvi, Finland

Phone: +358 44 555 3668

Email: info@izzzleep.fi

2. Name of the Register

The name of the register is the iZzzleep Application Customer Register.

3. Purpose of Processing Personal Data

Personal data is processed for purposes related to managing, administering, and developing customer relationships, providing and delivering services, as well as service development and billing. Personal data is also processed for handling possible complaints and other claims.

Additionally, personal data is processed for customer communication, such as notifications, news, and marketing, including direct marketing and electronic direct marketing purposes.

The customer has the right to prohibit direct marketing targeted at them.

The data controller processes the data and utilizes subcontractors authorized to process personal data on behalf of the data controller.

4. Legal Basis for Processing

The legal bases for processing personal data are as follows, in accordance with the EU General Data Protection Regulation (GDPR):

1. The data subject has given consent for processing personal data for one or more specific purposes (GDPR Article 6.1.a);

2. Processing is necessary for the performance of a contract to which the data subject is a party, or for taking steps prior to entering into a contract at the request of the data subject (GDPR Article 6.1.b);

3. Processing is necessary for the legitimate interests pursued by the data controller or a third party (GDPR Article 6.1.f).

The legitimate interest mentioned above is based on the relevant and appropriate relationship between the data subject and the data controller, arising from the fact that the data subject is a customer of the data controller, and processing occurs for purposes that the data subject could reasonably expect at the time of data collection.

5. Register Content (Categories of Personal Data)

The register contains the following personal data of all registered individuals:

1. Basic personal and contact information: [first name, last name, address, phone number, email address];

2. Information related to the person’s company or organization and their position or title within said company or organization;

3. Direct marketing permissions and prohibitions.

Additional information collected during the use of the application includes:

1. User’s name, email address, and phone number;

2. Child’s name, date of birth, gender, and residence time zone;

3. Child’s daily activities, such as sleep patterns, care, eating habits, and schedules;

4. Child’s temperament, toilet habits, and other developmental and behavioral improvement data;

5. User’s IP address, browser type, operating system, screen size and resolution, usage time, and date;

6. Application usage data, such as buttons clicked, events, usage, progress, and performance data.

6. Regular Sources of Information

Personal data is collected directly from the data subject.

Personal data is also collected and updated, within the limits of applicable legislation, from publicly available sources related to the implementation of the customer relationship between the data controller and the data subject.

7. Retention Period of Personal Data

Data collected in the register is retained only as long as necessary for the original or compatible purposes for which the data was collected.

The need to retain personal data is reviewed every five years, and in any case, data is deleted 10 years after the customer relationship with the data controller has ended, and all obligations and actions related to the relationship have been completed. For example, accounting records are retained for five years after the fiscal year ends.

The data controller regularly reviews the necessity of the data in accordance with internal guidelines. In addition, all reasonable measures are taken to ensure that inaccurate, incorrect, or outdated data is deleted or corrected promptly.

8. Recipients of Personal Data (Recipient Groups) and Regular Transfers

Personal data is not transferred to external parties.

9. Transfer of Data Outside the EU or EEA

Personal data contained in the register is not transferred outside the EU or EEA.

10. Principles of Register Protection

Materials containing personal data are stored in locked premises, accessible only to designated persons authorized for such access due to their duties.

The database containing personal data is on a server stored in a locked space, accessible only to designated and authorized persons. The server is protected by appropriate firewalls and technical safeguards.

Access to databases and systems is restricted to personal user IDs and passwords granted separately. The data controller limits access rights to systems and other storage platforms to ensure that only necessary individuals can view and process the data. The system also logs access and actions.

Employees and other personnel of the data controller are bound by confidentiality obligations and must keep personal data confidential.

11. Rights of the Data Subject

The data subject has the following rights under the GDPR:

1. The data subject has the right to obtain confirmation from the data controller as to whether their personal data is being processed or not, and if such data is being processed, the right to access the personal data along with the following information: (i) the purposes of processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data has been or will be disclosed; (iv) where possible, the planned retention period for the personal data or, if not possible, the criteria used to determine that period; (v) the right to request from the data controller rectification or erasure of personal data or restriction of processing or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) where the personal data is not collected from the data subject, any available information as to its source (GDPR Article 15), with these details (i–vii) provided to the data subject using this form.

2. The right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (GDPR Article 7).

3. The right to demand that the data controller rectify inaccurate or incorrect personal data concerning the data subject without undue delay, and the right to have incomplete personal data completed, including by providing additional information, considering the purposes for which the data is processed (GDPR Article 16).

4. The right to have the data controller erase personal data concerning the data subject without undue delay, provided that (i) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) the data subject withdraws consent on which the processing is based and there is no other legal basis for the processing; (iii) the data subject objects to the processing based on their specific personal situation and there are no overriding legitimate grounds for the processing, or the data subject objects to processing for direct marketing purposes; (iv) the personal data has been unlawfully processed; or (v) the personal data must be erased to comply with a legal obligation under Union or national law applicable to the data controller (GDPR Article 17).

5. The right to have the data controller restrict processing if (i) the data subject disputes the accuracy of the personal data, in which case processing is restricted for the time needed to verify the accuracy of the data; (ii) the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; (iii) the data controller no longer needs the personal data for processing purposes, but the data subject requires it for the establishment, exercise, or defense of legal claims; or (iv) the data subject has objected to processing based on their specific personal situation, pending verification of whether the data controller’s legitimate grounds override those of the data subject (GDPR Article 18).

6. The right to receive personal data concerning oneself, which the data subject has provided to the data controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another data controller without hindrance from the original data controller, if the processing is based on consent as defined by the regulation and is carried out by automated means (GDPR Article 20).

The right to lodge a complaint with a supervisory authority if the data subject considers that the processing of their personal data violates the EU General Data Protection Regulation (GDPR Article 77).

Requests regarding these rights must be addressed to the contact person mentioned in section 1.

12. Web Analytics

Services such as Google Analytics collect anonymized information about visits.

13. Targeted Marketing

Targeted advertising may be carried out on platforms such as Meta and Google based on site visits.

Contact information

If you have any questions regarding this privacy policy, please contact:

Uniohjaamo Uneksija Oy, Hietaniementie 18 A, 39160 Julkujärvi, Finland, Email: info@izzzleep.fi