Privacy and security policy
GISGRO Online Service
Statement has been prepared: 29/03/2017
Statement was last modified: 13/09/2019
1. THE REGISTRAR
VRT Finland Oy (ID 2343968-1) (“VRT”)
Ruokkeentie 17, 40660 Jyväskylä
2. PERSON RESPONSIBLE FOR THE REGISTER
3. NAME OF THE REGISTER
GISGRO user and feedback registry.
4. PURPOSE OF THE REGISTER
The purpose of the registry is to use and maintain login information, user accounts, feedback and communication for GISGRO service. Information of the registry may be used for
- Identification of user
- Maintaining and developing customer relations
- Delivery of general information and information on GISGRO features
- Providing users with technical information on GISGRO
- Analysing users for R&D and business development purposes
- User support
- Digital marketing purposes
5. CONTENT OF THE REGISTER
The user’s first name and last name.
The user’s e-mail address.
The user’s username and password.
information of an user that has invited new end users to use GISGRO.
Information on user account status, permissions to digital marketing etc.
6. REGULAR SOURCES OF INFORMATION
Information is provided by a customer ordering or using the service. The Registrar may receive information on public sources and information may be updated by the personnel of the Registrar.
7. DATA TRANSFER
The registrar uses Stripe.com for payment methods. Upon payment verification the registrar will not store or receive users credit card information. The registrar receives information on the completion of payment of respective user only. Personal data is transferred outside of EEA to SendGrid mailing system for customer communication. SendGrid is an EU-U.S. Privacy Shield Framework certified company.
Any feedback provided by a user is processed with Usersnap service. The host servers on which Usersnap processes and stores its databases are located exclusively within the GDPR compliant areas. We also use Sentry error tracking system. We send a pseudonymized user identifier to Sentry in order to provide customer service.
Personal data (name and email address) is transferred to third party digital marketing service provider.
Otherwise the data is not transferred from the registrar.
8. Data removal
The data is planned to be removed 3 months after the customer relation to the user has ended.
The information is stored in secured third party server inside European union. Access to the information is restricted on technical measures and permission to access the information is granted to the registrars limited personnel only.
10. Right for inspection
Any user may inspect the registrar’s information of respective user by written request to the registrar or ask for correction of stored data.
The user may also ask for the removal of all personal data. However, the use of GISGRO is possible only when the registrar possesses the necessary user information.
11. Digital marketing and restriction to use
Registrar may use information for digital marketing only if permitted by the user. The user has a right to cancel any such permission.
12. Risk estimate
The register is considered as low risk personal information register. No sensitive information is collected, and personal information is required for user account maintenance only.