Privacy policy

PRIVACY POLICY of fitcard oy

FitCard OY
Business ID 2796004-4
Pohjoinen Hesperiankatu 15
00260 Helsinki

(Hereinafter ”FitCard”)
Contact person in matters relating to processing of personal data
Juha-Pekka Tuovinen
FitCard Oy
Pohjoinen Hesperiankatu 15
00260 Helsinki
0400 467 373
info@fitcard.fi

FITCARD and processing of personal data

FitCard provides a cloud-based booking service ("Service") through which service users ("User") may book services of sports or other service providers (”Service Provider”) offered in the Service against a monthly payment to FitCard. In connection with the production of the Service, FitCard processes personal data either in the role of a controller or a processor as further described in this privacy policy.

why does fitcard process personal data?

Processing of personal data of the Users is based on the customer relationship between FitCard and the User (based on an agreement or FitCard’s legitimate interest). FitCard acts as a controller for personal data processed in this context. FitCard processes User’s personal data in order to provide and develop the Service, prevent and settle Service misuse, provide customer service and for purposes of customer communication and marketing (provided that the User has given FitCard a marketing permission). When Users book services of Service Providers in the Service, FitCard discloses to the Service Providers the Users’ data necessary for providing these services and managing the service bookings made. The Service Provider is, as a controller, independently responsible for processing such data disclosed to it in the Service while FitCard acts as a processor. When acting as a processor, FitCard processes the User's personal data according to the service agreement between the Service Provider and FitCard and the instructions given by the Service Provider. In addition to the User's personal data, FitCard processes personal data of the Service Providers’ contact persons. FitCard acts as a controller for these personal data. FitCard is entitled to process these personal data based on legitimate interest and an agreement between FitCard and a Service Provider. FitCard processes personal data of the Service Provider’s contact persons for the purposes of providing the Service and communication.

what personal data does fitcard process?

Information identifying the Users consists of the full name of the User (first and last name) as well as an email address and a password. In addition, FitCard stores user-specific data needed for identity and access management. The following identifying information is processed of the Service Providers’ contact persons: full name of the contact person (first and last name) email address, title and phone number of the user. In addition, FitCard stores contact person-specific information needed for purposes of identity and access management, as well as information concerning the communication between the contact person and FitCard.

from Where does fitcard obtain personal data?

User data is entered into the Service either by Users themselves or the data come from a third party. The Service allows Users to register and sign up to the Service also through a service provided by a third party, such as Facebook. In such cases, a third party discloses to FitCard the name and email address a User has entered into the service of a third party in question. In addition, user-related information is collected from the User him/herself when he or she uses the Service, in connection with customer service, and otherwise directly from the User. FitCard uses Maksuturva Group Oy (“Maksuturva”) as a partner for transmitting payments related to the use of the Service. Maksuturva collects information it needs to receive and transmit payments in the Service with its own protected function. The connection to Maksuturva is protected so that FitCard does not have direct access to the information collected by Maksuturva at the time of payment, but Maksuturva will pass on to FitCard, after a successful payment transaction, information relating to the User FitCard needs in order to provide the User with the services he or she has paid. The basic information of Service Providers’ contact persons FitCard obtains from Service Providers. FitCard creates a profile of a service location in the Service in accordance with the information entered by the Service Provider or its representative into the agreement between FitCard and the Service Provider. In addition, FitCard collects data of the Service Providers’ contact persons or information relating to them as they are in contact with FitCard.

Does Fitcard transfer or disclose personal data regularly?

FitCard discloses User’s personal data to Service Providers for the purposes of providing their services and managing the service bookings made. Maksuturva acts as FitCard’s partner in transmitting payments related to the use of the Service. Maksuturva collects information it needs to transmit payments in the Service with its own protected function. FitCard does not, as a controller, otherwise regularly transfer or disclose personal data outside FitCard or parties involved in the provision of the Service. FitCard uses partners in providing the Service and for the purposes of data processing defined in Section 3 of this policy and, in this context, FitCard may process personal data outside the EU or EEA area, in accordance with applicable legislation. In case FitCard sells its business or part of it or otherwise reorganizes its business, personal data processed by FitCard as a controller may be disclosed to buyers and their advisors in accordance with applicable legislation.

How is personal data protected?

Security and availability of personal data are ensured by appropriate technical and organizational measures. Personal data is protected against unauthorized access and illegal or accidental data processing by appropriate technical solutions such as firewalls. Identity and access rights management ensures that personal data is processed only by members of the personnell of FitCard or its partners whose work requires the processing of personal data and thus have been authorized to process personal data.

How long is personal data processed?

The storage time of data depends on the type of data and its processing purpose. FitCard stores the personal data it processes as a controller at least for as long as it is needed for fulfilling the posted purposes of use, such as providing the Service, answering questions, solving problems or fulfilling statutory obligations. When FitCard no longer needs the personal data collected, the data will be safely destroyed or irrevocably anonymized. FitCard may suspend the User’s user account in the Service if the User’s user account has been inactive for one year. After suspending the user account, FitCard will destroy or anonymize the User’s personal data unless there is any other legitimate ground for processing of personal data. When FitCard acts as a processor, Service Providers as controllers define the manner and time of storage of personal data.

what rights do the data subjects have?

“The data subject” refers to natural persons whose personal data is processed by FitCard, i.e. Users and Service Providers’ contact persons. The data subjects have the right to access the data stored by FitCard as a controller on the filing system and to get incorrect personal data related to them rectified. Access or rectification of personal data may be done by the User himself in the Service, or a request for access to or rectification of personal data may be directed to FitCard. Service Provider’s contact person must turn to FitCard in order to use their right of access or rectification of his or her personal data. If the request to access and rectify personal data is presented to FitCard, the request must be in written or in electronic form and be signed, and addressed to the contact person mentioned in this privacy policy. The request shall contain the basic information needed for finding the requested data. After receiving and processing the request, FitCard shall send a copy of the personal data to the data subject by mail or electronically. FitCard reserves the right to not complete the request of the data subject if the request is manifestly unfounded or vexatious. Should the data subject request for multiple copies or should the data subject do more than one request per year, FitCard may charge the data subject a reasonable fee based on administrative costs for the execution of the request. Data subject shall have the right at any time to request FitCard to erase personal data concerning him or her and processed by FitCard and FitCard has the obligation to erase the data if there is no longer a legitimate basis for processing the data. Data subject also has the right to object the processing of personal data if the data has been processed on the basis of legitimate interest, and FitCard has the obligation to stop processing personal data unless FitCard demonstrates compelling legitimate grounds for further processing of personal data. In addition, a data subject has the right to file a complaint with the supervisory authority regarding FitCard’s processing of personal data. In cases where FitCard acts as a processor, a data subjct shall submit requests relating to the rights mentioned above to Service Providers acting as controllers. When acting as a processor, FitCard does not disclose personal data to the data subjects unless the controller has instructed FitCard to do so.

in conclusion

FitCard reserves the right to update and modify this privacy policy. Unless otherwise provided by mandatory legislation, FitCard may not personally post changes to the data subjects and therefore FitCard prompts the data subject to check this policy from time to time for possible changes.