TinyApp is a service developed and maintained by HelsinkiNYC International Ltd designed for the activity planning and evaluation of kindergartens, after-school clubs, and schools, documentation of children’s knowledge and learning, and communication with families.
TinyApp’s Contact details
Name: HelsinkiNYC International Oy
Business ID: 2546069-5
Correspondence address: Lapinlahdenkatu 16, 00100 Helsinki, Finland
E-mail address: email@example.com
Personal data processed and sources of data
We may collect three types of information concerning the Users: (i) User Data (ii) Transaction Data; and (iii) Technical Data.
User data is personal data collected directly from you, your organization, public sources, or generated by us. We may collect user data from our Users in a variety of ways, including, when they register to an account or fill out a form available at the TinyApp Website, make purchases from the TinyApp Online Store or subscribe to a TinyApp Web or Mobile Application or a newsletter.
We may process the following categories of User Data relating to Users depending on the User category in question:
First and last name;
status of the User’s account (i.e. active or not);
feedback given pertaining to the Services;
country of residence;
other communication between User and TinyApp;
other data you may choose to share with us; or
marketing opt-ins and opt-outs.
We may automatically collect the following categories of Technical Data when you visit or interact with the Services:
Device information. We collect the following information relating to the technical device you when using the Services:
your IP or proxy server IP;
device and device identification number, device IMEI;
browser type and version;
basic domain information;
your Internet service provider is sometimes captured depending on the configuration of your ISP connection; or
Usage information. We collect information on your use of the Services, such as:
the date and time of your visit to the Service;
the parts of the Services you have accessed;
the length of your session; or
the number of times you access our Services.
Transaction Data concerning payment transactions and/or credit card information is received directly from Users in connection with subscription purchases made in relation to the Services through TinyApp Online Store.
We may process the following categories of Transaction Data:
date/time/amount of transaction;
order ID; or
any other information provided by you in the process
Cookies and Analytics Tools
We use various technologies to collect and store information when Users visit our Services, including cookies.
Web analytics services
Our Services use Google Analytics and other web analytics services to compile reports on visitor usage and to help us improve our sites and services. For an overview of Google Analytics, please visit http://www.google.com/analytics/. It is possible to opt out of Google Analytics with this browser add-on tool: https://tools.google.com/dlpage/gaoptout.
Purpose and legitimate grounds for processing
Purposes of processing
To provide the Services and carry out our contractual obligations (legal ground: performance of a contract and legitimate interest)
TinyApp processes personal data in the first place to be able to deliver the agreed Services to our Users and to run, maintain and develop TinyApp’s business. Personal data may be processed by us to carry out our contractual obligations towards the User or the organization the User represents, for example, to offer essential functionalities of the Services. Further, if a User contacts our customer service, we will use the provided information to answer questions or solve complaints.
For our legal obligations (legal ground: compliance with a legal obligation)
TinyApp processes personal data to enable us to administer and fulfill our obligations under the law. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities, as applicable.
For claims handling and legal processes (legal ground: legitimate interest)
TinyApp may process personal data in relation to claims handling, debt collection, and legal processes. We may also process data to monitor activity on the Services for the purposes of prevention of fraud, misuse of our Services, and for data, system, and network security.
For communication and marketing (legal ground: legitimate interest)
TinyApp may process personal data for the purpose of contacting our Users regarding our Service and for informing Users of changes in our Services. We may also process personal data to market our Services to you, for example in the form of sending newsletters.
For quality improvement and trend analysis (legal ground: legitimate interest)
We may also process information regarding the use of the Service to improve the quality of and customize our Services, for example by analyzing any trends in the use of our Services. To ensure that our Services are in line with your needs, personal data can be used for things like customer satisfaction surveys. Where possible, we will do this using only aggregated, non-personally identifiable data.
Legitimate grounds for processing
TinyApp primarily processes the personal data of Users on a contractual basis in order to fulfill our contractual obligations to you or to pursue our legitimate interest to run, develop and maintain our Services. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with an easy-to-use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.
We may also process your personal data to comply with legal obligations.
In some parts of the Services, you may be requested to grant your consent for the processing of your personal data. In this event, you may withdraw your consent at any time by notifying us via the contact details set out above.
TinyApp does not process the User’s personal data for automated decision-making purposes, including profiling.
Please note that if you choose not to provide us with your personal data for the purposes set forth hereunder, we may not be able to provide you with our Services and you may not be able to access the full range of features available through our Services.
When may we disclose personal data?
We do not share personal data with third parties outside of TinyApp’s organization unless one of the following circumstances applies:
For legal reasons
We may share personal data with third parties outside TinyApp’s organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of TinyApp, our Users or the public in accordance with the law. When possible, we will inform Users about such transfer and processing.
For other legitimate reasons
With explicit consent
We may share personal data with third parties outside TinyApp’s organization for other reasons than the one mentioned before when we have the data subject’s explicit consent to do so. The data subject has the right to withdraw this consent at all times.
Aggregate or anonymous information about you may be shared with advertisers, publishers, business partners, and other third parties.
Transfers outside Europe
We do not regularly transfer our Users' personal data from our register outside the EU and the European Economic Area. However, we or our service providers may transfer your personal information to, or access it in, jurisdictions outside the EU and EEA or the User’s domicile, when our affiliate partner or service provider is located outside these areas.
In these cases, we will take appropriate safeguards to ensure that the Users’ personal data receives an adequate level of protection in the jurisdictions in which it is processed and that the rights and freedoms of data subjects are protected in accordance with applicable data protection laws, such as the GDPR.
The transfer of personal data outside the EU or the EEA will always take place on any of the following legitimate grounds:
The European Commission has decided that an adequate level of data protection is ensured in the recipient country;
TinyApp has taken appropriate safeguards to transfer personal data using Standard Contractual Clauses approved by the European Commission. The registrant then has the right to obtain a copy of these standard terms by contacting us at firstname.lastname@example.org; or
The data subject has expressly consented to the transfer of his or her personal data, or there is another legitimate reason for the transfer of the personal data.
More information regarding the transfers of personal data may be obtained by contacting us at any of the addresses indicated above.
How do we store personal data?
We use administrative, organizational, and technical safeguards required by applicable data protection legislation to protect the personal data we collect and process. Measures include, for example, storing personal data on secure servers that are managed by us and our service providers. Personal data that we store are subject to security and access controls, including username and password authentication as well as data encryption where appropriate. However, please remember that no method of transmission over the Internet or method of electronic storage is completely secure. We will use the best possible methods to protect personal data.
TinyApp does not store personal data longer than is legally permitted and necessary for the purposes of providing our Services or the relevant parts thereof. The storage period depends on the nature of the information and the purposes of the processing. The maximum period may, therefore, vary per use. In general, TinyApp deletes all personal data of Users when the relevant user relationship ends and when TinyApp when the User no longer uses the Services.
How can you access your personal data?
You can access most of the collected personal data by logging into your account. You also have the right to make a request to access other information we hold about you and to request corrections of any errors in that information, as set out below. To make an access or correction request, contact email@example.com.
Data Subjects’ rights
Right to access
TinyApp offers access for the data subjects to the personal data we process. This means that the data subject may contact us and we will inform what personal data we have collected and processed regarding the said data subject and the purposes such data are used for.
Right to rectify
Data subjects have the right to have incorrect/imprecise, incomplete, outdated, or unnecessary personal data we have stored about the data subject corrected or completed by contacting us.
Right to deletion
Data subjects may also ask us to delete the data subject’s personal data from our systems. We will comply with such a request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from our active servers and backup systems. Such copies shall be deleted as soon as reasonably possible.
Right to object
Data subjects may object to certain use of personal data if such data are processed for other purposes than purposes necessary for the performance of our Services or for compliance with a legal obligation. Data subjects may also object to any further processing of personal data after prior given consent. If the data subject objects to the further processing of personal data, this may lead to fewer possibilities to use our services.
Data subjects have the right to prohibit us from using data subjects’ personal data for direct marketing purposes, market research, and profiling by contacting us.
Right to restriction of processing
The data subject may request us to restrict the processing of certain personal data, this may however lead to fewer possibilities to use our website and services.
Right to data portability
Data subjects have the right to receive personal data from us in a structured, commonly used format to independently transmit such data to a third party.
How to use the rights
These rights may be used by sending a letter or e-mail to us on the addresses set out above, including the following information: name, address, phone number, and a copy of a valid ID. We may request the provision of additional information necessary to confirm the identity of the data subject. We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded. In case a data subject considers our processing activities of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the local supervisory authority for data protection. In Finland, the local supervisory authority is the Data Protection Ombudsman (www.tietosuoja.fi).
Information you make public or give to others
If you make personal data available to other people, we don’t control or accept responsibility for the way that information is used or managed. Before making any information publicly available or giving your information to anyone else, think carefully.
When do we need to update this policy?
How can you contact us?
If you have any questions about our privacy practices, please contact us at firstname.lastname@example.org.
It’s important to know how your personal data is used and how to best manage it.