Updated 7.1.2021
Your privacy is important to us. This privacy statement provides information about the personal information that seppo.io collects, and the ways in which seppo.io uses that personal information, especially relating to the use of Seppo platform.
Data controller
The data controller relating to processing of personal data pursuant to this privacy statement is (hereinafter also “seppo.io”, “us” or “we”):
Päivöläntie 52
00730 Helsinki FINLAND
You can use the above details also for contacting us in privacy matters. Person responsible for seppo.io's privacy: Tero Kulha.
Seppo.io as a data processor
By offering the Seppo platform, we may operate also in the role of a data processor to an organization or entity who uses our service for educational purposes. We advise you to contact the applicable organization, if you have privacy-related questions regarding how they use and handle personal data with the help of our Seppo platform.
For what purposes we collect personal data? What is the legal basis for processing personal data?
We collect, store and process personal data for predefined purposes. We also always make sure that there is at least one legal basis for processing personal data. As a data controller, our main purposes and the applicable legal basis for processing personal data are:
We collect and process personal data to provide our services and for fulfilling contractual obligations. A personal user account is required to be able to use the Seppo platform.
During the customer relationship, we also use personal data for invoicing, debt
collection, handling of complaints as well as for customer support purposes.
The legal basis for this processing is a contract between seppo.io and the user, or preparations made for concluding a contract, as well as our legitimate interest.
We use personal data to contact potential customers.
We process personal data also for direct marketing purposes, for personalizing advertising and content as well as for developing customer and user segments.
Based on our legitimate interest we may also send email marketing messages. In certain situations we may execute direct marketing based on your consent, and we will always ask for it if required by applicable laws. You may withdraw your consent at any time. Even if marketing would not require your consent, you can always prohibit direct marketing targeted to you.
We may use third party services for customer communications and marketing activities.
Customer testimonials are published based on consent.
The legal basis for this processing is primarily our legitimate interest as well as consent (if required by law). A person has however always the possibility to object direct marketing.
We use personal data for customer communication purposes, e.g. notifications regarding the use of Seppo platform, handling customer requests and support issues.
The legal basis for this processing is our legitimate interest, possibly also a contract between seppo.io and the customer.
We may also use personal data for developing our Seppo platform as well as developing our business relating to use of digital services platforms for learning and educational purposes.
The legal basis for this processing is our legitimate interest.
We may use and process personal data also for fulfilling legal obligations (e.g. bookkeeping, tax laws, companies act), responding to legal claims or preparing them, fraud prevention and detection and also if required by a court or an authority.
The legal basis for this processing is fulfilling legal obligations, partly also our legitimate interest.
Whose personal data we collect? What personal data?
We collect, store and use personal data mainly relating to:
our customers and users of seppo.io platform
employees and job candidates
partners and subcontractors
shareholders
Relating to customers and users we collect and use typically the following personal data:
company name
information that you provide for the purpose of registering with the website (including name and email address)
information about your use of our website and Seppo platform;
information about transactions carried out over our service; Credit card or bank details are never stored or processed by seppo.io, but the transaction takes place solely in Paytrail’s (or other third party payment service provider’s) service.
if you prefer to login with your Facebook account (after registration), seppo.io asks and uses your email address only
if you prefer to login with your Google account (after registration), seppo.io asks and uses your Google basic profile only
if you login via Edustore portal Seppo uses user’s eMail address, which becomes seppo userID
marketing opt-in / opt-out’s
other business correspondence
standardized browser information, which includes internet protocol address, browser type and version, sites you visited, time, date, time used on each website, overall time used on website and other details.
device information you are using to access the seppo.io website. These include device type, operating system, device identification information, device settings and location information. Our gathered information depends on device specific settings. We strongly advice you to check manufacturer's and software provider policy.
Relating to employees we collect and use typically the following personal data:
name
contact details
social security id (considered as sensitive data)
possible trade union membership (considered as sensitive data)
details required for payment of salaries and withholding taxes
data relating to the person’s employment (e.g. job title, start date, data relating to work time and holidays, travel and related expenses, health data as required by laws, and other data possibly required by laws)
Relating to job candidates we collect and use typically the following personal data:
name
contact details
education, experience, previous employers
possible application and cv
references and data from other sources than the job candidate, such as LinkedIn Relating to shareholders we collect and use typically the following personal data:
name
contact details
social security id / business id
share of ownership
Cookies and third party applications used by us
Seppo uses cookies in player solution to manage the login session and to enable the user to continue his/her previous game.
Seppo uses cookies and other storage technologies from third-party partners such as Google for measurement services, better targeting ads, and for marketing purposes. This takes place from the Seppo.io site. These cookies and other storage technologies allow us to display Seppo specific promotional material to you on other sites you visit across the Internet and define the sources where visitors come from to Seppo.io webpages.
You may opt-out of Google Analytics for Display Advertisers including AdWords and opt-out of customized Google Display Network ads by visiting the Google Ads Preferences Manager. To provide website visitors more choice on how their data is collected by Google Analytics, Google has developed an Opt-out Browser add-on, which is available by visiting Google Analytics Opt-out Browser Add-on, to enable you to opt-out of Google’s programs.
Seppo.io collects into logs the login information (date, time and User ID) to manage the eventual error situations. The logs are stored for 14 days.
Seppo uses (in the application itself) Google Analytics service to monitor the usage flows to improve the quality of service. No users are identified.
Seppo stores also business information about their customers and prospects in the usual customer management manner.
Primary sources of personal data
Data is collected mainly from the person itself, for instance when making a contact request or later when concluding an agreement with us or registering as a user. Data is also collected and created during the use of the Seppo platform.
Data is collected mainly from the person itself or with consent from other sources (e.g. references, LinkedIn profile). Some data is also generated or created during the employment. Relating to employees, we may also receive data from tax authorities as well as pension and insurance companies.
Personal content
Seppo is an authoring tool to create educational games. This means that seppo stores data that users have created. It can be pictures, tasks, stories and rules that the instructors (e.g. teachers or trainers) have created or different kind of answers, pictures, videos and audios that the players have created while completing the tasks in the games.
All the content created by players is seen only by the teacher who owns the game (and eventual other instructors that the game owner has allowed to monitor the game). It is advice to pay attention to the privacy and permission issues before such data is shared to the public Internet including Social Media.
If are teacher user decides to share his/her game into the Content Library, he/she has possibility to update or delete the game in the user interface. If that game is downloaded by another user (which the teacher must allow) and the teacher chooses to delete his/her shared game, the downloaded copies are not deleted.
Who processes and has access to personal data? Is it transferred to anyone?
People within our organization have access to the personal data for the purposes of performing their work tasks.
We store data especially in electronic form and we use various services providers and tools for performing our work. Such services provider may be considered as a data processor to seppo.io. In these situations, we make sure contractually and otherwise that the confidentiality of personal data is secured and data is processed and transferred lawfully and for our benefit only.
Where seppo.io discloses your personal information to its agents or sub-contractors for the above mentioned purposes, the agent or sub-contractor in question will be obligated to use
that personal information in accordance with the terms of this privacy statement. Agents and sub-contractors have access to the data of customers of just their own territory.
Your personal content is not accessible to anyone through the user interface. It can be accessed in the database only by the technical staff of Seppo and will be accessed only to help solve eventual errors or if Seppo has evidence or a reason to suspect that the user has violated the Terms of Use.
The majority of the data of seppo.io resides in a database on servers that are managed and operated by Heroku. Part of the data - images, video files and audio files - reside in Amazon’s Cloud Storage Service. All these servers are located inside EU.
Seppo uses Pipedrive CRM, Typeform and ActiveCampaign – that are commercial SaaS products – to support its business operations.
We may also provide personal data to a third party due to a legal obligation or requirement by an authority or a court, for responding to or preparing legal actions, or based on a person’s consent. We may also provide personal data to a third party if we are involved in a business sale, transaction or restructuring.
NOTE. If a user downloads a Sponsored Game from our webshop, s/he needs to provide a valid eMail address to obtain access to the game. User's eMail is transferred to the provider of that Sponsored Game. (Creating Sponsored games requires a contractual relationship with Seppo and we check the trustworthiness of the provider.)
Is personal data transferred outside the EU?
Personal data may be transferred outside the EU, as we store data and may use services of such services providers, which may locate outside the EU. If personal data is transferred outside the EU, we make sure that (1) the transferee is located in a country with adequate safeguards (as decided by the EU commission from time to time), (2) the transferee is Privacy Shield certified (if a US-based company), or (3) the transfer occurs by using model clauses published by the EU commission.
How long is data stored?
We will not store personal data for a longer period than is necessary for its purpose or required by contract or law. The retention periods for personal data may vary based on its purpose and the situation as well as on the legal basis for processing personal data. The data may be deleted (1) when a person withdraws his/her consent or requests deletion of his/her data and we have no other grounds for processing personal data, (2) when a contractual relationship ends, (3) or when data becomes obsolete or is inaccurate. The retention period may also be based on laws (e.g. accounting, tax laws, employment contracts act, companies act). We may also update data from time to time.
If the user so requests, the data concerning him/her will be deleted immediately.
How is data stored and kept secure?
Personal data is stored and secured in accordance with general industry standards and practices. We consider and keep personal data confidential. Access to personal data is also protected with user-specific logins, passwords and user rights. Our premises are also safe and secure. The communication inside the solution happens using a secured https connection, both for end-users and administrators.
Is it mandatory to provide personal data? What happens if you don’t provide it?
We need some amount of personal data especially in customer relationships to conclude and fulfill contracts. Our digital service requires a personal user account, so we require some personal data to register a user account and for verification purposes. Relating to employment we also need to process at least the minimum personal data required to fulfill employment contracts and legal obligations relating to employment. Collecting certain minimum personal data relating to shareholders is also a legal requirement. Potential partners, job candidates and potential customers usually can decide how much and whether to share personal data with us.
What rights do you have?
Update your information
You have certain possibilities to check and update your user information by yourself by accessing the Seppo platform.
Withdraw your consent
If we process personal data based on your consent, you can at anytime withdraw your consent by notifying us, for instance by contacting us using the contact details provided above.
Access to data
You have the right to have confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.
Right to have errors corrected
You have the right to request that we correct any inaccurate or outdated personal data we have about you.
Right to prohibit direct marketing
You have the right to request that your personal data is not processed for direct marketing purposes by contacting us using the contact details provided above.
Right to object processing
If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.
Right to restrict processing
In certain situations you have the right to require that we restrict processing of your personal data.
Right to data portability
If we process your personal data based on your consent or fulfilling of a contract, you have the right to require transfer of the data you have provided to us to another services provider in a commonly used electronic format.
How can you use your rights?
You can execute and use your rights by contacting us, for instance by using the contact details provided above. Some rights can be used by accessing your own user account in the Seppo platform. Remember also that we need to use reasonable measures to verify your identity before executing your rights to make sure that your data does not end up in wrong hands. If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervising authority (Finland: tietosuojavaltuutettu; www.tietosuoja.fi).
Can this privacy policy be updated?
We may make updates to this privacy policy when our operations change or develop. Also changes in law may make it necessary to update this privacy policy. The changes become valid once we have published them in the form of an updated privacy policy. Therefore, please visit this page and read this privacy policy from time to time.