Updated 7.1.2021

Your privacy is important to us. This privacy statement provides information about the personal information that collects, and the ways in which uses that personal information, especially relating to the use of Seppo platform.

Data controller

The data controller relating to processing of personal data pursuant to this privacy statement is (hereinafter also “”, “us” or “we”):

Lentävä Liitutaulu Oy

Päivöläntie 52

00730 Helsinki FINLAND


You can use the above details also for contacting us in privacy matters. Person responsible for's privacy: Tero Kulha. as a data processor

By offering the Seppo platform, we may operate also in the role of a data processor to an organization or entity who uses our service for educational purposes. We advise you to contact the applicable organization, if you have privacy-related questions regarding how they use and handle personal data with the help of our Seppo platform.

For what purposes we collect personal data? What is the legal basis for processing personal data?

We collect, store and process personal data for predefined purposes. We also always make sure that there is at least one legal basis for processing personal data. As a data controller, our main purposes and the applicable legal basis for processing personal data are:

To provide our digital Seppo platform

Primary sources of personal data

Customers (incl. potential), users and partners

Data is collected mainly from the person itself, for instance when making a contact request or later when concluding an agreement with us or registering as a user. Data is also collected and created during the use of the Seppo platform.

Employees, job candidates, shareholders and investors

Data is collected mainly from the person itself or with consent from other sources (e.g. references, LinkedIn profile). Some data is also generated or created during the employment. Relating to employees, we may also receive data from tax authorities as well as pension and insurance companies.

Personal content

Seppo is an authoring tool to create educational games. This means that seppo stores data that users have created. It can be pictures, tasks, stories and rules that the instructors (e.g. teachers or trainers) have created or different kind of answers, pictures, videos and audios that the players have created while completing the tasks in the games.

All the content created by players is seen only by the teacher who owns the game (and eventual other instructors that the game owner has allowed to monitor the game). It is advice to pay attention to the privacy and permission issues before such data is shared to the public Internet including Social Media.

If are teacher user decides to share his/her game into the Content Library, he/she has possibility to update or delete the game in the user interface. If that game is downloaded by another user (which the teacher must allow) and the teacher chooses to delete his/her shared game, the downloaded copies are not deleted.

Who processes and has access to personal data? Is it transferred to anyone?

People within our organization have access to the personal data for the purposes of performing their work tasks.

We store data especially in electronic form and we use various services providers and tools for performing our work. Such services provider may be considered as a data processor to In these situations, we make sure contractually and otherwise that the confidentiality of personal data is secured and data is processed and transferred lawfully and for our benefit only.

Where discloses your personal information to its agents or sub-contractors for the above mentioned purposes, the agent or sub-contractor in question will be obligated to use

that personal information in accordance with the terms of this privacy statement. Agents and sub-contractors have access to the data of customers of just their own territory.

Your personal content is not accessible to anyone through the user interface. It can be accessed in the database only by the technical staff of Seppo and will be accessed only to help solve eventual errors or if Seppo has evidence or a reason to suspect that the user has violated the Terms of Use.

The majority of the data of resides in a database on servers that are managed and operated by Heroku. Part of the data - images, video files and audio files - reside in Amazon’s Cloud Storage Service. All these servers are located inside EU.

Seppo uses Pipedrive CRM, Typeform and ActiveCampaign – that are commercial SaaS products – to support its business operations.

We may also provide personal data to a third party due to a legal obligation or requirement by an authority or a court, for responding to or preparing legal actions, or based on a person’s consent. We may also provide personal data to a third party if we are involved in a business sale, transaction or restructuring.

NOTE. If a user downloads a Sponsored Game from our webshop, s/he needs to provide a valid eMail address to obtain access to the game. User's eMail is transferred to the provider of that Sponsored Game. (Creating Sponsored games requires a contractual relationship with Seppo and we check the trustworthiness of the provider.)

Is personal data transferred outside the EU?

Personal data may be transferred outside the EU, as we store data and may use services of such services providers, which may locate outside the EU. If personal data is transferred outside the EU, we make sure that (1) the transferee is located in a country with adequate safeguards (as decided by the EU commission from time to time), (2) the transferee is Privacy Shield certified (if a US-based company), or (3) the transfer occurs by using model clauses published by the EU commission.

How long is data stored?

We will not store personal data for a longer period than is necessary for its purpose or required by contract or law. The retention periods for personal data may vary based on its purpose and the situation as well as on the legal basis for processing personal data. The data may be deleted (1) when a person withdraws his/her consent or requests deletion of his/her data and we have no other grounds for processing personal data, (2) when a contractual relationship ends, (3) or when data becomes obsolete or is inaccurate. The retention period may also be based on laws (e.g. accounting, tax laws, employment contracts act, companies act). We may also update data from time to time.

When user’s license expires the data is not removed immediately, but it is saved for 6 months to allow the user access his/her content after the eventual license renewal. User can also save his/her own games into Content Library where they are accessible even after the license expiration.

If the user so requests, the data concerning him/her will be deleted immediately.

How is data stored and kept secure?

Personal data is stored and secured in accordance with general industry standards and practices. We consider and keep personal data confidential. Access to personal data is also protected with user-specific logins, passwords and user rights. Our premises are also safe and secure. The communication inside the solution happens using a secured https connection, both for end-users and administrators.

Is it mandatory to provide personal data? What happens if you don’t provide it?

We need some amount of personal data especially in customer relationships to conclude and fulfill contracts. Our digital service requires a personal user account, so we require some personal data to register a user account and for verification purposes. Relating to employment we also need to process at least the minimum personal data required to fulfill employment contracts and legal obligations relating to employment. Collecting certain minimum personal data relating to shareholders is also a legal requirement. Potential partners, job candidates and potential customers usually can decide how much and whether to share personal data with us.

What rights do you have?

Update your information

You have certain possibilities to check and update your user information by yourself by accessing the Seppo platform.

Withdraw your consent

If we process personal data based on your consent, you can at anytime withdraw your consent by notifying us, for instance by contacting us using the contact details provided above.

Access to data

You have the right to have confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.

Right to have errors corrected

You have the right to request that we correct any inaccurate or outdated personal data we have about you.

Right to prohibit direct marketing

You have the right to request that your personal data is not processed for direct marketing purposes by contacting us using the contact details provided above.

Right to object processing

If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.

Right to restrict processing

In certain situations you have the right to require that we restrict processing of your personal data.

Right to data portability

If we process your personal data based on your consent or fulfilling of a contract, you have the right to require transfer of the data you have provided to us to another services provider in a commonly used electronic format.

How can you use your rights?

You can execute and use your rights by contacting us, for instance by using the contact details provided above. Some rights can be used by accessing your own user account in the Seppo platform. Remember also that we need to use reasonable measures to verify your identity before executing your rights to make sure that your data does not end up in wrong hands. If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervising authority (Finland: tietosuojavaltuutettu;

Can this privacy policy be updated?

We may make updates to this privacy policy when our operations change or develop. Also changes in law may make it necessary to update this privacy policy. The changes become valid once we have published them in the form of an updated privacy policy. Therefore, please visit this page and read this privacy policy from time to time.