Business ID 2796004-4
Pohjoinen Hesperiankatu 15
Contact person in matters relating to processing of personal data
Pohjoinen Hesperiankatu 15
0400 467 373
Processing of personal data of the Users is based on the customer relationship between FitCard and the User (based on an agreement or FitCard’s legitimate interest). FitCard acts as a controller for personal data processed in this context. FitCard processes User’s personal data in order to provide and develop the Service, prevent and settle Service misuse, provide customer service and for purposes of customer communication and marketing (provided that the User has given FitCard a marketing permission). When Users book services of Service Providers in the Service, FitCard discloses to the Service Providers the Users’ data necessary for providing these services and managing the service bookings made. The Service Provider is, as a controller, independently responsible for processing such data disclosed to it in the Service while FitCard acts as a processor. When acting as a processor, FitCard processes the User's personal data according to the service agreement between the Service Provider and FitCard and the instructions given by the Service Provider. In addition to the User's personal data, FitCard processes personal data of the Service Providers’ contact persons. FitCard acts as a controller for these personal data. FitCard is entitled to process these personal data based on legitimate interest and an agreement between FitCard and a Service Provider. FitCard processes personal data of the Service Provider’s contact persons for the purposes of providing the Service and communication.
Information identifying the Users consists of the full name of the User (first and last name) as well as an email address and a password. In addition, FitCard stores user-specific data needed for identity and access management. The following identifying information is processed of the Service Providers’ contact persons: full name of the contact person (first and last name) email address, title and phone number of the user. In addition, FitCard stores contact person-specific information needed for purposes of identity and access management, as well as information concerning the communication between the contact person and FitCard.
User data is entered into the Service either by Users themselves or the data come from a third party. The Service allows Users to register and sign up to the Service also through a service provided by a third party, such as Facebook. In such cases, a third party discloses to FitCard the name and email address a User has entered into the service of a third party in question. In addition, user-related information is collected from the User him/herself when he or she uses the Service, in connection with customer service, and otherwise directly from the User. FitCard uses Maksuturva Group Oy (“Maksuturva”) as a partner for transmitting payments related to the use of the Service. Maksuturva collects information it needs to receive and transmit payments in the Service with its own protected function. The connection to Maksuturva is protected so that FitCard does not have direct access to the information collected by Maksuturva at the time of payment, but Maksuturva will pass on to FitCard, after a successful payment transaction, information relating to the User FitCard needs in order to provide the User with the services he or she has paid. The basic information of Service Providers’ contact persons FitCard obtains from Service Providers. FitCard creates a profile of a service location in the Service in accordance with the information entered by the Service Provider or its representative into the agreement between FitCard and the Service Provider. In addition, FitCard collects data of the Service Providers’ contact persons or information relating to them as they are in contact with FitCard.
FitCard discloses User’s personal data to Service Providers for the purposes of providing their services and managing the service bookings made. Maksuturva acts as FitCard’s partner in transmitting payments related to the use of the Service. Maksuturva collects information it needs to transmit payments in the Service with its own protected function. FitCard does not, as a controller, otherwise regularly transfer or disclose personal data outside FitCard or parties involved in the provision of the Service. FitCard uses partners in providing the Service and for the purposes of data processing defined in Section 3 of this policy and, in this context, FitCard may process personal data outside the EU or EEA area, in accordance with applicable legislation. In case FitCard sells its business or part of it or otherwise reorganizes its business, personal data processed by FitCard as a controller may be disclosed to buyers and their advisors in accordance with applicable legislation.
Security and availability of personal data are ensured by appropriate technical and organizational measures. Personal data is protected against unauthorized access and illegal or accidental data processing by appropriate technical solutions such as firewalls. Identity and access rights management ensures that personal data is processed only by members of the personnell of FitCard or its partners whose work requires the processing of personal data and thus have been authorized to process personal data.
The storage time of data depends on the type of data and its processing purpose. FitCard stores the personal data it processes as a controller at least for as long as it is needed for fulfilling the posted purposes of use, such as providing the Service, answering questions, solving problems or fulfilling statutory obligations. When FitCard no longer needs the personal data collected, the data will be safely destroyed or irrevocably anonymized. FitCard may suspend the User’s user account in the Service if the User’s user account has been inactive for one year. After suspending the user account, FitCard will destroy or anonymize the User’s personal data unless there is any other legitimate ground for processing of personal data. When FitCard acts as a processor, Service Providers as controllers define the manner and time of storage of personal data.