This Privacy Policy was last updated on [5.7.2018].

PRIVACY STATEMENT

Popit Ltd (“Popit”) collects personal data that relates to the users of the Popit Service. This privacy statement applies The Site (popit.io), Popit Connect, Popit Sense and Popit App are referred to together as Service (“Service”). Popit acts as the controller for per-sonal data that users of the Service provide when they use Service or by other means or that is collected automatically in conjunction with Service using activity. Throughout this Statement the term “personal data” means information relating to an identified or identifi-able individual (i.e. a natural person).

Protecting your privacy and your personal data is of the utmost importance to Popit. Popit is committed to complying with the requirements that data protection regulation places upon Popit in the processing of your personal data. The means and purposes of pro-cessing your personal data are described in further detail in this privacy statement.

This privacy statement is subject to change. You will always find the up-to-date version of this privacy statement on Popit Service.

1. Why does Popit process personal data?

Popit collects and processes certain personal information about you in order to

  • Enable you to use Service; we may process and use your personal data to pro-vide you Service you have requested, fulfill your other requests such as customer Service, process your order or as otherwise may be necessary to perform or en-force the contract between you and Popit.
  • Maintain and develop the Service more customized; We may process and use your personal data to develop our products and/or Service. However, for the most part we only use aggregate and statistical information in the development of our products and Service, and not data directly identifiable to you. We may also pro-cess and use your personal data to personalize our offerings and to provide you with Service more relevant to you, for example, to make recommendations and to display customized content and advertising. We may combine personal data col-lected in connection with your use of a particular product and/or Service with other personal data we may hold about you, except where such personal data was col-lected for a different purpose.
  • Enhance or improve your experience of our Service by collecting details of your visit to our websites using cookies and similar technologies such as standard weblogs
  • Enable communication and marketing uses; we may process and use your per-sonal data to communicate with you, for example, to provide information relating to our products and/or Service you are using or to contact you for customer satis-faction queries. We may process and use your personal data for marketing. Mar-keting purposes may include using your personal data for personalized marketing or research purposes in accordance with applicable laws, for example, to conduct market research and to communicate our products, Service or promotions to you via our own or third parties’ electronic or other Service.
  • To prevent and resolve possible misconduct

2. What personal data does Popit process and sources of information

Personal data we collect and process depends on how you use our Service. For exam-ple, if you visit our Site, we might collect personal data through analyzing techniques. If you use Popit App without creating a profile or registering – we will only collect personal information you voluntary provide us, such as health information or profile information.

If you choose to create a profile or register with us – you will be asked to provide person-al information which will be associated with your health information and profile infor-mation. Whenever you submit information via our Service – by telephone or email with customer Service, we may collect personal data you provide us, in order to provide you with our Service. It is your voluntary decision whether to provide us with any personal data, however, if you do not provide this information you may not be able to create a pro-file or register with the Service and your use of Service may be limited.

The personal information Popit collects can be grouped into the following categories:

  • Personal data we may collect from you when you, for example, download our application
    • Account data, such as date of birth, gender, country and login/user ID and password when you, for example, use our application
    • Identification information such as name, when you for example, order Popit Sense device.
    • Contact information: such as phone number, email, address when you for example, order Popit Sense device
    • Information you may voluntarily provide us when you use our Service, such as medication details and name of the pharmacy
    • Special categories of personal data, such as health information and phys-ical measurements you may voluntarily provide us in order to get more cus-tomized user experience.
  • Information collected through observing use of Service; such as time of visit to our Service; the page from which the system accessed site; pages visited during the session; Internet Protocol address used (IP address), device type, operating system or similar technical information. Popit uses cookies and other technologies to collect this information.

3. Lawful Basis for Processing

Performance of a contract to enable you to use Service and us maintaining and developing the Service more customized;

  • Account data
    • Identification information
    • Contact information:
    • Information you may voluntarily provide us when you use our Service
  • Legitimate interest to maintain and develop Service;
    • Cookies and similar technologies such as standard weblogs;
    • Enable communication and marketing uses
  • Explicit consent;
    • Special categories of personal data. Users are requested to grant consent for such data collection explicitly per each function of the Service in ques-tion. This may be done by adjusting the settings of The Popit App. Denial of the consent may affect the provision of the relevant Service.

In addition, Popit has legitimate interest to process personal data for the purposes of data security and to prevent and resolve possible misconduct.

4. Disclosures of personal data

Disclosures personal data only to the extent necessary for the purposes personal data is processed:

Service providers

Popit uses partners to maintain and provide the Service and for processing purposes as specified in this privacy statement. We will transfer your personal data to these partners only to the extent that these partners need access to personal data in order to provide Services to Popit for the purposes defined in this privacy statement.

Popit has taken appropriate measures to ensure that in these cases your personal data will only be processed for the purposes mentioned in this privacy statement and in accordance with applicable legislation.

Third-party marketing

Popit may work with third-parties to make marketing for users as interesting as possi-ble. Popit does not disclose personal or identifying data to the advertiser. In order to properly target advertising, we will disclose only anonymised information, such as demographic information or interest information.

Research use

In some situations, Popit may disclose your personal data for the purposes of re-search. In these cases, all personal data is processed in accordance with the General Data Protection Regulation and national data protection legislation.

Statutory reasons

Popit may disclose your personal data to third parties if access to personal data or other processing of personal data is required to i) fulfill statutory responsibilities or a court order; ii) detecting, preventing or handling misuses, security risks or technical issues.

For other legitimate reasons

If Popit is involved in a merger, acquisition or asset sale, we may transfer your per-sonal data to the third party involved. However, we will continue to ensure the confi-dentiality of all personal data. We will give notice to all customers concerned before the personal data are transferred or become subject to a different privacy statement.

5. International transfers of personal data

We strive to carry out all Services related to our Service using operators and Services located within the EU or the EEA. However, in some cases, Services related to the use of our Service may also be carried out by operators and on servers located in third coun-tries. In such cases, your personal data may also be transferred outside the EU or EEA in accordance with applicable legislation. In regards to transfers of personal data to coun-tries where local data protection legislation does not provide an adequate level of data protection, transfers are protected utilizing appropriate safeguards, such as standard contractual clauses approved by the European Commission or a competent supervisory authority, or binding corporate rules. To learn more about the appropriate safeguards we use, please contact us by using the contact information provided below.

6. Retention period

Personal data will be retained for the period of validity of the legal basis for processing and for as long as necessary for the processing purposes mentioned in this privacy statement.

For example, the information of users is retained for as long as Popit´s legitimate inter-ests can reasonably be deemed valid. We determine the validity of our legitimate interest by, for example, your use of our Service as well as the communication between us.

7. Data concerning minors

Popit does not seek to collect any information from or engage in any transactions with persons under the legal age in their respective country. Our databases may neverthe-less contain personal data of children due to the fact that it is not always possible to de-termine precisely the age of the user. We reserve the right to block the Service from any person who is or whom we reasonably suspect of being a minor.

8. Your rights

The General Data Protection Regulation grants the data subject a number of rights with which the data subject can govern the processing of their personal data. The data subject may use the following rights in relation to Popit insofar as Popit acts as the controller for the data subject’s personal data:

Right of access and right to rectification

You have the right to receive confirmation on whether we process personal data relating to you and the right to access any such personal data. Popit may ask you to specify your request where necessary, for example with regard to the details of the provision of infor-mation.

In addition, you have the right to request the rectification of incorrect personal data relat-ing to you, or to supplement incomplete personal data Popit is processing.

Right to data erasure

You have the right to request erasure of your personal data from our data systems. Popit will comply with your request, provided we do not have a legitimate reason not to delete the data, such as a statutory obligation to continue processing the personal data. Per-sonal data may not be deleted instantly from backup copies and other such data systems, but will be deleted through regular database retention practices.

Right to object

You also have the right to object to the processing of your personal data if your personal data is processed for other purposes than the fulfillment of legal responsibilities or the provision of Services. You may object to the processing of your personal data for purpos-es of direct marketing, even if the basis for such processing is consent given by you in the past. Objecting to the processing of your personal data may lead to limitation of the us-age of The Service. You have the right to prohibit direct marketing by following the in-structions contained in all of our marketing messages.

Right to restriction of processing

If you contest the correctness of the data which we have registered about you or lawful-ness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to on-ly storage. The processing will only be restricted to storage, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.

If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the pro-cessing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a le-gal claim or if you have granted your consent to this.

Right to data portability

You have the right to receive your personal data from us in a structured, commonly used format so that you may transfer your personal data to another controller, provided that the processing of your personal data is based on consent or a contract between you and Popit.

9. Who is the controller and who can I contact?

You can use your rights by contacting Popit at (reachout[at]popit.io) The extent of your rights is subject to the legal basis for processing and exercising your rights requires identification.

The controller:

Popit Ltd
Metsänneidonkuja 6
02130 Espoo
Finland

Right to lodge a complaint

If the processing of your personal data is in breach of applicable legislation, you have the right to lodge a complaint with the national supervisory authority. You can lodge the complaint with a competent supervisory authority. In Finland, this is the Data Protection Ombudsman, and the complaint must be lodged in accordance with instructions provided by the Office of the Data Protection Ombudsman. Please see http://www.tietosuoja.fi/en for more information.