PRIVACY POLICY

TinyApp is a service developed and maintained by HelsinkiNYC International Ltd designed for the activity planning and evaluation of kindergartens, after-school clubs, and schools, documentation of children’s knowledge and learning, and communication with families.

 

HelsinkiNYC International Oy (hereinafter ”TinyApp”, ”we”, “us”, “our”) provides the TinyApp website, the TinyApp mobile application and the TinyApp web application. By “Services”, we are referring to the TinyApp Mobile Application, the TinyApp Web Application and the TinyApp Website, including any subdomains thereof and the TinyApp Online Store made available at the TinyApp Website. By ’Privacy Policy’, we mean this privacy policy. Reference to ’User Terms’ shall mean this Privacy Policy together with the Terms & Conditions of Service available at www.tinyapp.biz and the Online Terms of Use concerning the TinyApp Online Store available at the TinyApp Website, as applicable.

 

This Privacy Policy is applicable to the personal data processed by TinyApp relating to the users, customers and/or visitors (hereinafter “User(s)” or “you”) of the Services. The definition of “User” within the context of the Services shall include inter alia the dedicated representatives of our business or public authority customers as well as our consumer customers for the TinyApp Web Application, TinyApp Mobile Application, or TinyApp Online Store. 

 

The purpose of this Privacy Policy is to provide Users with information about the processing of their personal data in accordance with the information obligations set in Articles 13 and 14 of the General Data Protection Regulation 2016/679 (GDPR). We shall describe hereunder, for example, the types of personal data we process in conjunction with the provision of the Services and how you may use your legal rights as a data subject.

 

Please take the time to read this Privacy Policy, because it forms a part of the  Terms & Conditions of Service and Online Terms of Use for our Online Store. By using our Services, you agree to this Privacy Policy. If you do not agree to the Terms & Conditions of Service or Online Terms of Use or any part thereof, please do not use our Services. 

 

This Privacy Policy may be updated if required in order to reflect the changes in data processing practices or otherwise. The current version can be found on our website at https://www.tinyapp.biz/tietosuojaseloste?lang=en.  

 

Please note that this Privacy Policy only applies to processing carried out by TinyApp as a data controller within the context of providing the Services defined above. This Privacy Policy does not address, and we are not responsible for, the privacy and data processing practices of any third parties. 

 

Please note that personal data inserted into Services by our company or other community Users (e.g. representatives of kindergartens and nurseries or parents) in connection with the Users’ use of the Services is collected by the User and TinyApp has no control over the data, and therefore TinyApp processes such personal data on behalf of the User as a data processor. In this case, the relevant User shall be considered to be the data controller for said personal data and these processing activities are subject to the Users’ privacy policy, if any. 

TinyApp’s Contact details

Name: HelsinkiNYC International Oy

Business ID: 2546069-5

Correspondence address: Lapinlahdenkatu 16, 00100 Helsinki, Finland

E-mail address: hello@tinyapp.biz

www.tinyapp.biz

Personal data processed and sources of data

We may collect three types of information concerning the Users: (i) User Data (ii) Transaction Data; and (iii) Technical Data.

 

User Data

 

User data is personal data collected directly from you, your organization, public sources, or generated by us. We may collect user data from our Users in a variety of ways, including, when they register to an account or fill out a form available at the TinyApp Website, make purchases from the TinyApp Online Store or subscribe to a TinyApp Web or Mobile Application or a newsletter.

 

We may process the following categories of User Data relating to Users depending on the User category in question:

 

  • First and last name;

  • phone number;

  • e-mail address;

  • login credentials;

  • status of the User’s account (i.e. active or not);

  • feedback given pertaining to the Services;

  • profile pictures;

  • country of residence;

  • other communication between User and TinyApp;

  • other data you may choose to share with us; or

  • marketing opt-ins and opt-outs.

 

Technical Data

 

Technical Data may be collected automatically as you use or interact with our Services, by us and/or our authorized service providers for example through automated logging systems used by the Services. Although we do not normally use Technical Data to identify individuals, sometimes individuals can be recognized from it, either alone or when combined or linked with User Data. In such situations, Technical Data shall also be considered to be personal data under applicable laws and we will treat the combined data as personal data, and process such data in accordance with this Privacy Policy.

 

We may automatically collect the following categories of Technical Data when you visit or interact with the Services:

 

Device information. We collect the following information relating to the technical device you when using the Services:

 

  • your IP or proxy server IP;

  • device and device identification number, device IMEI;

  • user logs;

  • operating system;

  • browser type and version;

  • basic domain information;

  • your Internet service provider is sometimes captured depending on the configuration of your ISP connection; or

  • language settings.

 

Usage information. We collect information on your use of the Services, such as:

 

  • the date and time of your visit to the Service;

  • the parts of the Services you have accessed;

  • the length of your session; or

  • the number of times you access our Services.

 

Transaction Data

 

Transaction Data concerning payment transactions and/or credit card information is received directly from Users in connection with subscription purchases made in relation to the Services through TinyApp Online Store.

 

We may process the following categories of Transaction Data:

 

  • billing address;

  • contact information;

  • date/time/amount of transaction;

  • order ID; or

  • any other information provided by you in the process 

 

Please note that save for the above categories of Transaction Data, our payment service provider Stripe Payments Europe, Ltd., processes further payment data concerning your purchases as an independent data controller in accordance with their privacy policy, available at ​​https://stripe.com/en-fi/privacy. TinyApp shall not be considered as a data controller for such payment-related personal data processed by Stripe Payments Europe, Ltd., as an independent data controller.

Cookies and Analytics Tools 

We use various technologies to collect and store information when Users visit our Services, including cookies. 

 

Cookies are small text files sent and saved on your device that allow us to identify visitors to our Services and calculate the aggregate number of people visiting as well as monitor the use thereof. This helps us to improve our Services and better serve our Users. We also use cookies that make the use of the Services easier, for example by remembering usernames, passwords, and (language) preferences. We also use tracking and analytics cookies to see how well our Services are being received by our Users. The cookies will not harm your device or files.

 

Users may choose to set their web browser to refuse cookies or to alert when cookies are being sent. Please note that some parts of our sites and Services may not function properly if the use of cookies is refused. For more information about cookies and how to delete them, visit www.allaboutcookies.org. For detailed information about our use of cookies on our Website, please see www.tinyapp.biz

 

Web analytics services

 

Our Services use Google Analytics and other web analytics services to compile reports on visitor usage and to help us improve our sites and services. For an overview of Google Analytics, please visit http://www.google.com/analytics/. It is possible to opt out of Google Analytics with this browser add-on tool: https://tools.google.com/dlpage/gaoptout.

 

Purpose and legitimate grounds for processing

 

Purposes of processing

 

To provide the Services and carry out our contractual obligations (legal ground: performance of a contract and legitimate interest)

 

TinyApp processes personal data in the first place to be able to deliver the agreed Services to our Users and to run, maintain and develop TinyApp’s business. Personal data may be processed by us to carry out our contractual obligations towards the User or the organization the User represents, for example, to offer essential functionalities of the Services. Further, if a User contacts our customer service, we will use the provided information to answer questions or solve complaints.

 

For our legal obligations (legal ground: compliance with a legal obligation)

 

TinyApp processes personal data to enable us to administer and fulfill our obligations under the law. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities, as applicable.

 

For claims handling and legal processes (legal ground: legitimate interest)

 

TinyApp may process personal data in relation to claims handling, debt collection, and legal processes. We may also process data to monitor activity on the Services for the purposes of prevention of fraud, misuse of our Services, and for data, system, and network security.

 

For communication and marketing (legal ground: legitimate interest)

 

TinyApp may process personal data for the purpose of contacting our Users regarding our Service and for informing Users of changes in our Services. We may also process personal data to market our Services to you, for example in the form of sending newsletters. 

 

For quality improvement and trend analysis (legal ground: legitimate interest)

 

We may also process information regarding the use of the Service to improve the quality of and customize our Services, for example by analyzing any trends in the use of our Services. To ensure that our Services are in line with your needs, personal data can be used for things like customer satisfaction surveys. Where possible, we will do this using only aggregated, non-personally identifiable data.

 

Legitimate grounds for processing

 

TinyApp primarily processes the personal data of Users on a contractual basis in order to fulfill our contractual obligations to you or to pursue our legitimate interest to run, develop and maintain our Services. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with an easy-to-use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.

 

We may also process your personal data to comply with legal obligations.

 

In some parts of the Services, you may be requested to grant your consent for the processing of your personal data. In this event, you may withdraw your consent at any time by notifying us via the contact details set out above.

 

TinyApp does not process the User’s personal data for automated decision-making purposes, including profiling.

 

The provision of the Services hereunder does not require the processing of any special categories of personal data in accordance with GDPR Article 9. We kindly ask you to refrain from providing us with any special categories of personal data. To the extent you provide us with such data, we shall process it in accordance with this Privacy Policy and applicable data protection laws and delete such data as soon as possible.

 

Please note that if you choose not to provide us with your personal data for the purposes set forth hereunder, we may not be able to provide you with our Services and you may not be able to access the full range of features available through our Services.

When may we disclose personal data?

We only share personal data within our organization if and as far as reasonably necessary for the purposes of this Privacy Policy. 

 

We do not share personal data with third parties outside of TinyApp’s organization unless one of the following circumstances applies:

 

It is necessary for the purposes of this Privacy Policy 

To the extent that third parties need access to personal data to perform the Services, TinyApp provides such third parties with your data. Furthermore, we may provide your personal data to our affiliates or to authorized service providers who perform services for us (including data storage, accounting, sales, and marketing) to process it for us and to payment service providers to process your payments to us. When your personal data is processed by third parties as data processors on behalf of TinyApp, TinyApp has taken the appropriate contractual and organizational measures to ensure that personal data are processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations and subject to appropriate obligations of confidentiality. 

 

For legal reasons

We may share personal data with third parties outside TinyApp’s organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of TinyApp, our Users or the public in accordance with the law. When possible, we will inform Users about such transfer and processing.

 

For other legitimate reasons

If TinyApp is involved in a merger, acquisition, or asset sale, we may transfer personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all Users concerned before the personal data are transferred or become subject to a different privacy policy.

 

With explicit consent

We may share personal data with third parties outside TinyApp’s organization for other reasons than the one mentioned before when we have the data subject’s explicit consent to do so. The data subject has the right to withdraw this consent at all times.

 

Aggregate or anonymous information about you may be shared with advertisers, publishers, business partners, and other third parties.

 

Transfers outside Europe

We do not regularly transfer our Users' personal data from our register outside the EU and the European Economic Area. However, we or our service providers may transfer your personal information to, or access it in, jurisdictions outside the EU and EEA or the User’s domicile, when our affiliate partner or service provider is located outside these areas.

 

In these cases, we will take appropriate safeguards to ensure that the Users’ personal data receives an adequate level of protection in the jurisdictions in which it is processed and that the rights and freedoms of data subjects are protected in accordance with applicable data protection laws, such as the GDPR. 

 

The transfer of personal data outside the EU or the EEA will always take place on any of the following legitimate grounds:

  • The European Commission has decided that an adequate level of data protection is ensured in the recipient country;

  • TinyApp has taken appropriate safeguards to transfer personal data using Standard Contractual Clauses approved by the European Commission. The registrant then has the right to obtain a copy of these standard terms by contacting us at support@tinyapp.biz; or

  • The data subject has expressly consented to the transfer of his or her personal data, or there is another legitimate reason for the transfer of the personal data.

 

More information regarding the transfers of personal data may be obtained by contacting us at any of the addresses indicated above.

 

How do we store personal data?

 

We use administrative, organizational, and technical safeguards required by applicable data protection legislation to protect the personal data we collect and process. Measures include, for example, storing personal data on secure servers that are managed by us and our service providers. Personal data that we store are subject to security and access controls, including username and password authentication as well as data encryption where appropriate. However, please remember that no method of transmission over the Internet or method of electronic storage is completely secure. We will use the best possible methods to protect personal data.

Storage period

 

TinyApp does not store personal data longer than is legally permitted and necessary for the purposes of providing our Services or the relevant parts thereof. The storage period depends on the nature of the information and the purposes of the processing. The maximum period may, therefore, vary per use. In general, TinyApp deletes all personal data of Users when the relevant user relationship ends and when TinyApp when the User no longer uses the Services.

 

How can you access your personal data?

You can access most of the collected personal data by logging into your account. You also have the right to make a request to access other information we hold about you and to request corrections of any errors in that information, as set out below. To make an access or correction request, contact hello@tinyapp.biz.

 

Data Subjects’ rights

Right to access

TinyApp offers access for the data subjects to the personal data we process. This means that the data subject may contact us and we will inform what personal data we have collected and processed regarding the said data subject and the purposes such data are used for. 

 

Right to rectify

Data subjects have the right to have incorrect/imprecise, incomplete, outdated, or unnecessary personal data we have stored about the data subject corrected or completed by contacting us.  

 

Right to deletion

Data subjects may also ask us to delete the data subject’s personal data from our systems. We will comply with such a request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from our active servers and backup systems. Such copies shall be deleted as soon as reasonably possible.

 

Right to object

Data subjects may object to certain use of personal data if such data are processed for other purposes than purposes necessary for the performance of our Services or for compliance with a legal obligation. Data subjects may also object to any further processing of personal data after prior given consent. If the data subject objects to the further processing of personal data, this may lead to fewer possibilities to use our services.

 

Data subjects have the right to prohibit us from using data subjects’ personal data for direct marketing purposes, market research, and profiling by contacting us.

 

Right to restriction of processing

The data subject may request us to restrict the processing of certain personal data, this may however lead to fewer possibilities to use our website and services.

 

Right to data portability

Data subjects have the right to receive personal data from us in a structured, commonly used format to independently transmit such data to a third party.

 

How to use the rights

These rights may be used by sending a letter or e-mail to us on the addresses set out above, including the following information: name, address, phone number, and a copy of a valid ID. We may request the provision of additional information necessary to confirm the identity of the data subject. We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded. In case a data subject considers our processing activities of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection. In Finland, the local supervisory authority is the Data Protection Ombudsman (www.tietosuoja.fi).

 

Information you make public or give to others

If you make personal data available to other people, we don’t control or accept responsibility for the way that information is used or managed. Before making any information publicly available or giving your information to anyone else, think carefully.

 

When do we need to update this policy?

We may need to change this Privacy Policy from time to time to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices. Changes to this Privacy Policy are effective when they are posted on the Services. 

 

How can you contact us?

If you have any questions about our privacy practices, please contact us at hello@tinyapp.biz.

 

Thank you for reading through this Privacy Policy – you made it!

It’s important to know how your personal data is used and how to best manage it.