PRIVACY NOTICE FOR NEUROSONIC SOFTWARE AND WEBSITE
Last updated: June 5, 2018
Your privacy is of great importance to Oy Neurosonic Finland Ltd. (Later "Neurosonic"). We have created this Privacy notice to provide you with information on how we process your personal data when you use the Neurosonic website, the Neurosonic application and Neurosonic devices.
Personal Data Processed by Neurosonic
When you communicate with Neurosonic:
When you are in business with our customer support via email, telephone, online or in person, we collect personal data, such as your name, mailing address, phone number, email address and contact information; and information about the Neurosonic products you may own, such as their model and date of purchase. To get better in serving you, subject to applicable laws, we may also record and review conversations with our customer support, and analyze any feedback provided to us through voluntary customer surveys.
PURPOSE AND LAWFUL BASIS:
We use this information to provide you with customer and product support and to monitor the quality and types of customer and product support we provide to our customers. The legal ground for processing this information for these purposes is Neurosonic’s legitimate interests in providing quality product support.
When making a purchase from Neurosonic:
PURPOSE AND LAWFUL BASIS:
We collect your name, address and phone number, to be able to fulfill your order and to make it possible for you to finalize your order. Lawful basis for using these information in these cases is a contract. We also process your personal information when detecting fraud behaviour. Lawful basis for your personal information usage in this case is that it is of Neurosonics best interest to cover Neurosonic and our customers from fraud behaviour or from someone trying such.
When using a Neurosonic device:
For time being, when you are using a Neurosonic device with Neurosonic application, the only data we process is the analytics data mentioden below in chapter “Cookies and Similar technologies”.
Different types of Recipients of Personal Data
Other service providers:
Marketing email service
Neurosonic uses cloud services from Klaviyo to assist in sending emails. This service tracks the activities associated with emails, such as whether they were opened, whether links in the emails were clicked on, and whether purchases were made following clicks on those links. Neurosonic uses this data to analyze the level of engagement with its emails. We suggest you to familiarize yourself with Klaviyo's privacy notice.
We may disclose personal data about you to others: (a) if we have your valid consent to do so; (b) to comply with a valid subpoena, legal order, court order, legal process, or other legal obligation; (c) to enforce any of our terms and conditions or policies; or (d) as necessary to pursue available legal remedies or defend legal claims.
We may also transfer your personal data to an affiliate, a subsidiary or a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Neurosonic’s business, assets or stock, including, without limitation, in connection with any bankruptcy or similar proceeding, provided that any such entity that we transfer personal data to will not be permitted to process your personal data other than as described in this Privacy Notice without providing you notice and, if required by applicable laws, obtaining your consent.
From where do we receive information?
We receive data primarily from the following sources: from the data subject himself, from the population register, from the authorities, from credit information agencies, from contact information service providers and from other similar reliable sources.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.
To whom do we disclose data and do we transfer data outside of EU or EEA?
We do not disclose data from the register to external parties.
We use subcontractors listed in this privacy notice that process personal data on behalf of and for us.
Cookies and Similar Technologies
If you do not want information collected through the use of these technologies, there is a simple procedure in most browsers that allows you to automatically decline many of these technologies, or to be given the choice of declining or accepting them.
Firebase. Firebase is an analytics product from Google, Inc. that allows us to track crashes of the App, monitor events in the App, provide us stats regarding the use of the App. To track and analyze behavior of our App's users (in particular, how they react to changes of the App structure, text or any other component), we also use Firebase Remote Config. Firebase Remote Config is an A/B testing and configuration service provided by Google, which also enables us to tailor the content that our App's users see (for example, it allows us to show different onboarding screens to different users). Firebase may collect certain device identifiers in order to understand on what devices and under which circumstances particular incidents and events happen. We share the following data with Firebase: your IDFA or Android advertising ID, data on installing the App, your actions in the App (for example, tapping particular buttons like whether to receive notifications or not), including actions with additional parameters, opening particular screens, starting and cancelling a trial period, starting and cancelling subscription, passing the onboarding screen, completing registration, different technical events (for example, whether you have read a manual or not). We never share with Firebase data related to health without your explicit consent. Read about Privacy and Security in Firebase here.
Amplitude. We use Amplitude as analytics platform. Amplitude may collect certain device identifiers in order to understand on what devices and under which circumstances particular incidents and events happen. We share the following data with Amplitude: your IDFA or Android advertising ID, data on installing the App, your actions in the App (for example, tapping particular buttons like whether to receive notifications or not), including actions with additional parameters, opening particular screens, starting and cancelling a trial period, starting and cancelling subscription, passing the onboarding screen, completing registration, different technical events (for example, whether you have read a manual or not). We never share with Amplitude data related to health without your explicit consent. Read about Privacy and Security in Amplitude here.
DATA SECURITY Security of your Personal Data is important to us. When you provide your Personal data that is considered to be sensitive or falls under "categories of special data" under applicable laws to us, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and once we receive it.
Among others, we utilize the following security measures to protect your Personal Data:
- Pseudonymization and tokenization of certain categories of your Personal Data;
- Protection of data integrity;
- Encryption of your Personal Data in transit and in rest;
- Systematic vulnerability scanning and penetration testing;
- Organizational and legal measures. For example, our employees have different levels of access to your Personal Data, and only those in charge of data management get access to your Personal Data and only for limited purposes required for the operation of the App. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your Personal Data.
- Conducting periodical data protection impact assessments in order to ensure that the App fully adheres to the principles of 'privacy by design', 'privacy by default' and other internationally accepted data protection principles. We also commit to undertake privacy audit in case of Company's merger or takeover.
Bear in mind that no method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our App, you can contact us at firstname.lastname@example.org.
Here are examples of third-party providers of analytics and similar services we currently use:
- Google: Google Analytics is used to track our site and user demographics, and behaviour on websites. Find out how this analytics information may be used, how to control use of your information, and how to opt-out from Google Analytics.
Our Service is not directed or suitable for children under the age of 18. We do not knowingly collect any Personal Data from children under 18. If you are aware of a user under the age of 18 using the Service, please contact us immediately. We reserve the right to delete any account if we suspect the account holder is a child under the age of 18.
Changes in the Privacy Notice
Should we make amendments to this privacy notice we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you regularly visit out webpage and notice possible amendments to this privacy notice. review these privacy protection principles from time to time to ensure you are aware of any amendments made.
How do we protect the data and how long do we store them?
Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.
We store the personal data for as long as is necessary considering the purpose of the processing.
We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.
Oy Neurosonic Finland Ltd,
Saaristonkatu 19, FI-90100 Oulu, Finland
+358 45 844 8863
Who can you be in contact with?
All contacts and requests concerning this privacy notice must be submitted in writing or in person to the person mentioned above.
What are your rights as a data subject?
As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data, provided that the request has a legal basis. You also have a right to withdraw or change your consent.
As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our customer relationship with you. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
As a data subject you have the right to object to processing at any time free of charge, including profiling in so far as it relates to direct marketing.
In case of any privacy related questions, you can be in contact with email@example.com