1. DATA CONTROLLER
LoupeDeck Oy (2769529-5)
Museokatu 8 A, 00100 Helsinki
2. WHY DO WE PROCESS YOUR PERSONAL DATA?
We process your personal data for the following purposes:
Providing LoupeDeck Online Store
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address, e-mail address and phone number, as well as data related to your purchase, such as order information and delivery details.
Marketing our products and services and Communications
If you order our products or consent to our marketing communications, we may occasionally send you e-mail about our online store, new product and other updates related to our products and services. You can also subscribe to our mailing list at our websites by providing us with your e-mail address. You can opt-out from these e-mails by clicking the “unsubscribe” button at the bottom of these e-mails or contacting us at email@example.com/de.
In addition, we may send you certain customer communications and transactional messages that pertain to your purchases or agreements with us, or other communications that we are otherwise legally required to bring to your attention.
Information about your interaction with LoupeDeck’s customer support.
LoupeDeck user accounts and custom profiles
We collect personal data in connection with LoupeDeck user accounts and custom profiles. LoupeDeck customers may create either an ordinary user account or a developer account.
For user accounts we collect information such as user account information including your username, and data on functionalities such as user actions and adjustments saved on your profile.
For developer accounts we may process also additional information related to your role as a developer and relative to the content provided by you to us.
In connection with the LoupeDeck Software, we collect anonymous technical data from your computer, from your LoupeDeck products and the software. When you download LoupeDeck Software, you accept the terms and conditions of LoupeDeck End-User Licence Agreement (EULA). We ask for your explicit consent to the collection of telemetry data or, to the extent that such limited data is de-identified and processed in an anonymised manner, we will notify you of such data collection in EULA. We, for example, may collect information regarding your operating system, software information and diagnostic data after software crash. All these data are de-identified and processed in an anonymous manner.
Telemetry data collected though the LoupeDeck Software may include, for example, the following data:
- Log and usage information, the time and duration of your use of features and plugins, service performance data;
- Service and device information, such as device model, settings, operating system and when your device was purchased from LoupeDeck Online Store.
- Identifiers, such as IP-address and user IDs, such as your LoupeDeck Account, where available;
- Defect information, such as crash logs, device performance and stability and error codes.
3. LEGAL BASES FOR PERSONAL DATA PROCESSING
We process your data based on several legal bases and the same personal data attributes may be processed for multiple reasons. This provides that although you may request erasure for certain data kept pursuant to an agreement, we may require to keep it partially or in whole e.g. to comply with legal obligations such as tax and bookkeeping purposes.
Here you can find a short overview of our legal bases for processing:
|Processing based on the performance of a contract;||– To provide you with our services, such as certain online services like the LoupeDeck account, ;
– To identify you;
– To process your order and payment;
– To arrange for a delivery or return a purchase;
|Processing for compliance with a legal obligation;||– To keep appropriate records for tax or accounting purposes;
– To process information for data protection or product compliance purposes in certain occasions,
|Processing based on a legitimate interest;||– To communicate with you about or products and services,
– To process certain information relative to telemetry and data analytics,
– To respond to your requests and inquiries
|Processing based on consent;
NB: You can always withdraw your consent.
|– To deliver content and communications classifiable as advertising,
– To deliver tailored content,
– To process identifiable information relative to telemetry and data analytics,
SECTION 4 – SOURCES OF PERSONAL DATA
Primarily, we collect personal data directly from you.
We may also collect personal data automatically from your devices that interact with our services e.g. when collecting cookie data.
In some cases, we also process personal data we have received from third party sources, such as our retailers who disclose us information related to purchases.
5. RECIPIENTS OF PERSONAL DATA
Some of our operations may require the disclosure of your data to third parties to provide you with our services. E.g. when you make an order in our online store, we disclose personal data related to payments to the payment service provider.
We do not disclose any personal data to third parties unless it is in accordance with applicable law. We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
6. DATA SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. In other words, we use appropriate safeguards to protect your personal data.
7. DATA TRANSFERS OUTSIDE THE EU/EEA
Our data processing is in part provided by third-party service providers, such as IT service providers, that may process your personal data outside the EU/EEA. When our service providers are transferring your personal data outside the EU/EEA, we contractually ensure that appropriate safeguards are in place.
9. PROFILING AND AUTOMATED DECISION-MAKING
10. STORAGE PERIOD
Your personal data will be stored as long it is necessary for providing our products and services to you. As a main rule, we discard the personal data collected by us once it no longer serves the purpose for which it was collected.
Your LoupeDeck Account and any data linked to your profile is considered active unless you have not terminated your Account as provided in the Account Terms.
In the end of the data lifecycle of your personal data, we either delete the data or de-identify and process it in an anonymized form. Our de-identification and anonymization methods may vary from time to time and differ in relation to the scope of the datasets.
11. DATA SUBJECTS’ RIGHTS
You may have certain data protection rights as a data subject.
- Right of access: You have a right to access personal data that we held about you. You can ask for a copy of your personal data.
- Right of rectification: You have a right to rectify possible erroneous or inaccurate information we may process.
- Right to erasure: You have a right to request us to erase data about you if you consider that we have or no longer have an adequate legal basis for processing your personal data.
- Right to restriction of processing: You have a right to request us to restrict the processing of your data if you consider your personal data to be erroneous or if the processing is unlawful and you need your personal data for making, presenting or defending a legal claim.
- Right to data portability: You have a right to acquire your personal data from us in a machine-readable format and a right to move such data to another controller in certain situations.
- Right to object: If we are processing your personal data on a basis of legitimate interest, you have a right to object this processing.
- Right to lodge a complaint with a supervisory authority: You have a right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes data protection legislation. National supervisory authority in Finland is the Office of the Data Protection Ombudsman: tietosuoja.fi.
13. THIRD PARTIES
Third party apps and services
LoupeDeck services may include third party apps or services, such as registration by third parties or e-commerce elements provided by third parties. Third-party websites, apps, services and features may operate independently from us and may have their own privacy notices or policies. Where such linked website, app, service is not owned by us, we are not responsible for its privacy practices.
Social media plugins
14. LOUPEDECK ONLINE STORE
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Cookies related to our Shopify online store
Here is a list of the most important cookies that we use in our online store. We’ve listed them here so that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer. cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.