Version 1.0 - March, 2022
JoyHaptics Oy is a Finnish company working on social haptics communication. When processing your personal data, we comply with the requirements of the EU General Data Protection Regulation (2016/679).
In this document we explain what personal data we collect about you and how we use that data and how you can exercise your rights as the data subject.
Controller and Contact Details
Elimäenkatu 17-19, 00510 Helsinki, Finland
Please note that in relation to requests concerning the exercise of your rights as the data subject you should always send your request in writing by email.
Types of Personal Data we Process
We only collect and process personal data in directly identifiable form when it is necessary for the intended purposes, meaning that if direct identification is not required, we will process that data in an aggregated or otherwise anonymous form in a way that it cannot be linked to a particular individual.
Typically we receive the personal data either directly from you or our service providers, or through your use of the Ixu device and the mobile application.
We typically process:
Account and profile information. When you first sign in to the application you are requested to create an account. When creating your account we ask for your phone number and use that to identify you. We ask you to share your phone book so that we can find other potential users you can connect with. The phone book information is not stored by us anywhere. Only the Ixu-connections you create in the application will be stored.
Chat and related messages are stored in our backend. Access to the content is restricted to only users participating in the discussion.
We also collect anonymous analytical information to better understand the usage of the application and capture possible error conditions. This information is stored by Google.
Sharing and Disclosure of your personal data
We do not sell or otherwise disclose your personal data to third parties, whether for advertising purposes or otherwise.
Place of processing and cross-border transfers
Your personal data will be stored within the EU/EEA on the servers of our hosting service provider, and the principal place of processing of your personal data is in the EU/EEA. If you are residing in a country outside the EU/EEA, your personal data may be transferred to the EU/EEA and will be subject to the EU data protection laws.
On certain occasions we may use service providers located outside the EU/EEA in the provision and technical implementation of our services, in which case your personal data may be transferred outside the EU/EEA. In case we transfer your personal data outside the EU/EEA we have ensured that your personal data is afforded an adequate level of protection by way of contractual obligations or by using other safeguards available under the EU data protection laws.
Your rights as the data subject
As the data subject, you have the following rights you can exercise in relation to the processing of your personal data:
Right of access, rectification and erasure. You can access and update your personal data relating to your account at any time through the functions of the application or by contacting us. At your request we will also rectify any inaccurate, incomplete or outdated personal data relating to you. You also have the right to request your personal data to be erased (right to be forgotten) in accordance with applicable law. Please note that erasure of personal data is not possible in so far you are still using the app and have an existing agreement with us
Right to object to direct marketing (including related profiling). In case you do not want to receive further marketing or other updates from us or wish to opt out of profiling we do to offer you tailored direct marketing, you have the right to object to processing of your personal data for those purposes. Should you use your right to object, you will no longer receive direct marketing from us. You can use your right to object either through the functions of the app by contacting us or through the unsubscribe link on electronic messages we send you.
Right to object to data processing and right of restriction. You have the right to object to processing we carry out based on legitimate interest on grounds relating to your particular situation, unless we have compelling legitimate interests for the processing which override those interests. You also have the right to request the restriction of the processing of your personal data, for example, in case you object to processing as described above or contest the accuracy of your personal data.
Revocation of consent. You may revoke a consent you have given at any time by contacting us or through the functions of the application. Please note that revoking your consent does not affect the legality of the processing we have carried out prior to the revocation.
Data portability. You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller when we process your data automatically and based on an agreement or your consent.
We will only retain your personal data in identifiable form as long as is necessary to fulfill the above mentioned purposes or as long as we have a statutory obligation to keep your information, after which it will be deleted or anonymised.
We retain the personal data of our customers for at least the time they are current, and the customer relationship exists. After the customer relationship ends, the retention period depends on the data and its purpose of use. For example, we retain your personal data for direct marketing purposes until you have objected to it and retain invoicing and payment information for 7 years after the customer relationship has ended. We comply with any statutory obligations in retaining data that may apply.
If you have exercised your right to object to direct marketing, we may still keep certain information about you to comply with that request.
How can I delete my data?
If you want to delete your data, please send a request to firstname.lastname@example.org
Data security principles
We employ sufficient technical and organizational measures to protect your personal data against accidental and/or unlawful access, alteration, destruction or other processing (including unauthorized disclosure and transfer). These measures include proactive and reactive risk management, use of firewalls, encryption and pseudonymisation techniques and secure IT areas as well as access control and security systems, security planning, controlled granting and monitoring of access/user rights, ensuring skills through training for personnel involved in processing personal data and through assessments as well as careful selection of subcontractors and other suppliers. We continuously update our in-house practices and guidelines in an appropriate manner.
Changes to this policy