Effective Date: August 28, 2017
Data Controller and Contact Information
Data Controller is Passwork Ltd (Business Identity Code: 2840821-9), Pasilankatu 2, 00240 HELSINKI, Finland.
Name of the Register
Passwork’s customer and user register.
Purpose of Processing Personal Information
The purpose of Passwork’s processing of personal information is to:
- (i) provide the Service to the user;
- (ii) ensure an efficient and secure use of the Service;
- (iii) provide customized Service and other content recognizing user specific needs and interests;
- (iv) improve, develop and analyse our Service and other Passwork’s business activities;
- (v) manage customer relations, as well as to provide good customer service; and
- (vi) conduct research and collect statistics;
The Personal Information may also be used for direct marketing purposes, market research and to fulfil the requirements based on legislation and authority regulations.
Passwork will store personal information only for as long as is necessary in order to fulfil the purposes set out in this section and/or in accordance with the applicable legislation.
Passwork collects personal information on persons who use the Service or if the collection of personal information derives from a legal obligation. Most of the personal information is collected from the data subjects themselves when the user creates a user account and/or uses the Service. Updates to the personal information may also be received from authorities, organizations, companies offering updating services, public directories and other public sources of information.
Information Passwork Collects
- IP Address
- User agent information
The information is collected from user HTTP request’s header formed by a browser.
Personal Data That You Provide:
- Name (optional)
Usage and other Non-Identifiable Data:
When you use the Website and/or Service, Passwork receives and stores certain personally non-identifiable information, such as the total number of visitors to our Website, the number of visitors to each page of our Website, device and browser information as well as Service usage data. We cannot currently use this information to identify you. It is important to note that no personal information is available or used in this process.
Aggregated Personal Information and other Information:
In an ongoing effort to better understand and serve our users, Passwork conducts research on user demographics, interests and behaviour based on the personal information and other information provided to us. Passwork compiles and analyses this research on an aggregate basis, and may share this aggregate data with partners of Passwork. This aggregate information does not identify you personally. Passwork may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
Passwork also collects information regarding the use of Service in order to better understand user behaviour and trends, detect potential outages and technical issues. All log analysis is done in an anonymous, aggregate, non-personally identifiable manner.
Lawful grounds for processing of personal data:
We take your privacy seriously and in accordance with the European Union General Data Protection Regulation (GDPR), we will commit to the following:
We will be asking you for personal data in order to:
- (a) Complete your registration and create your Passwork account.
- (b) Administer your Passwork paid subscriptions.
- (c) Process your orders and deliver services requested by you including server hosting, password storage and security management as well as incident reporting.
- (d) Authenticate your access and use of the website and services
We must have a legal basis for collecting this data, and there are six lawful bases:
- Consent: where the individual has given clear consent for processing their personal data for a specific purpose
- Contract: Where the processing is necessary for a contract Data Controller has with the individual or because individual have asked Data Controller to take specific steps before entering into a contract
- Legal obligation: Where the processing is necessary to comply with the law (not including contractual obligations)
- Vital interests: Where processing is necessary to protects someone’s life
- Public task: the processing is necessary for to perform a task in the public interest or for official functions and the tasks or function has a clear basis in law
- Legitimate interests: Processing is necessary for Data Controller’s legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual persons’ data which overrides those legitimate interests.
We will be processing your data under the following legal bases.
Consent: We rely on your consent to process personal data for purposes specified above.
Performance of Contract: We will process your personal data as is necessary to perform obligations arising out of contract between you and us.
Compliance with Legal obligation: We may store, retain and/or use your personal data as is necessary to comply with any legal obligation such as tax reporting and/or accounting purposes or in response to request by law enforcement or public authority (e.g. court order).
Legitimate interests: We may process your personal data in connection with our legitimate interests including for example sharing your personal data to third parties who provide services on our behalf, to improve our services (including website maintenance, customer support) as well as in connection with business transfer, merger or acquisition. We will not process data under this lawful base if processing entails significant risk to your individual rights and freedoms which override our legitimate interests.
Where we require consent we will provide a way for you to positively make a decision about the information that you make available and how this is shared.
Regular Destinations of Disclosed Data and The Transfer of Personal Information To Countries Outside of The European Union or The European Economic Area
Passwork may disclose the personal information within the limits of the applicable legislation. Personal information may be disclosed to co-operation partners chosen by Passwork for their marketing purposes, unless the data subject prohibits such disclosure of his/her data. The recipients of such personal information are not allowed to disclose the personal information further.
The confidentiality of the personal information may be broken when required by law or statute, or by ruling of authority.
Due to the technical and practical requirements, some of the personal information may be processed by subcontractors located outside the European Union or European Economic Area or at the subcontractors’ servers outside the European Union or European Economic Area. If any personal information is transferred outside the EU or EEA, Passwork will ensure that the country to which the personal information is transferred is approved as having a sufficient level of privacy protection by the European Commission, or by using standard contractual model clauses approved by the European Commission.
Passwork will only retain your data for as long as necessary to provide services to you. We keep data for a maximum of 10 years in accordance with Finland law or as is otherwise required to comply with a legal obligation. All data that is no longer required is accordingly deleted. If you have subscribed to our newsletter and/or marketing information, we will retain your data until you unsubscribed or withdraw your consent.
The Principles of Securing the Data Register
Passwork uses technical and organizational measures to protect personal information against unauthorized access, transfer, deletion or other handling that may compromise information security. Such methods include the use of firewalls, encryption technologies and safe server rooms, proper access control systems, the controlled provision of user rights and supervision of their use, providing instructions for data processors, and the thorough selection of competent subcontractors who comply with industry standards for information security management.
Only appointed personnel of Passwork and of companies operating by Passwork’s assignment or on behalf of Passwork are entitled to use personal information. All persons processing the personal information have a personal right of use granted by Passwork.
Right of Access, Correction and Prohibition
You may at any time contact Passwork to check that the personal information related to you is accurate. Upon your request, Passwork will modify, remove or supplement any incorrect, unnecessary, incomplete or outdated personal information.You also have the right to ask for copy of personal information we hold about you for free. Please note that for additional copies we may charge a small fee for administrative costs. We may also decline a request for copies of personal information if such request is manifestly excessive or unreasonable.
The request to must be made in writing to Passwork and it must be signed. The request for right of access can also be presented in person in the main office of Passwork at the address Pasilankatu 2, 00240 HELSINKI, Finland.
The user has the right to prohibit Passwork from processing his/her personal information for purposes of direct advertising, distance selling, other direct marketing and market research and opinion polls.
If you no longer wish to receive e-mail communication from Passwork, such as offers, updates and newsletters, you may opt-out of receiving such communications by following the instructions included in each newsletter or communication.
Cookies, Clear Gifs and Other Automatically Collected Data
Passwork may use "clear GIFs" (aka "Web beacons" or "pixel tags") or similar technologies, in the Website and/or in our communications with you to enable us to evaluate Website usage information about visitors to the Website, target campaigns, upgrade visitor information, and know whether you have visited a Website or received a message. A clear GIF is typically a one-pixel, transparent image (although it can be a visible image as well), located on a web page or in an e-mail or other type of message, which is retrieved from a remote site on the Internet enabling the verification of an individual's viewing or receipt of a web page or message. A clear gif may enable us to relate your viewing or receipt of a web page or message to other information about you, including your personal information.
Third-Party Sites and Privacy Practices
Passwork may use website analytics, such as Adobe Analytics and Google Analytics to gather anonymous statistics about the users of the Website with the aim to improve the Website. If Passwork uses such analytics, it will provide the user an opt-out function to indicate that you do not want Passwork to track your visits to Website.
The Website and Service are not intended for or designed to attract anyone under the age of 13 and we do not intentionally or knowingly collect personal information on our sites from anyone under the age of 13 (or older in some jurisdictions). We encourage parents to be involved in the online activities of their children to ensure that no information is collected from a child without parental permission.
Changes to Policy
Notification of breach
In the event personal data breach this is likely to result in a risk to your rights and freedoms, we will notify you, as soon as feasible, of the nature of the breach, the likely consequences of that breach and the steps you can take to mitigate the possible consequences of that breach.