Privacy and security policy

Contents

GISGRO Online Service

Statement has been prepared: 29/03/2017
Statement was last modified: 13/09/2019

1. THE REGISTRAR

VRT Finland Oy (ID 2343968-1) (“VRT”)
Ruokkeentie 17, 40660 Jyväskylä
phone: –
e-mail: info@vrt.fi

2. PERSON RESPONSIBLE FOR THE REGISTER

Simo Rantanen
phone: +358(0)407627376
e-mail: simo.rantanen@vrt.fi

3. NAME OF THE REGISTER

GISGRO user and feedback registry.

4. PURPOSE OF THE REGISTER

The purpose of the registry is to use and maintain login information, user accounts, feedback and communication for GISGRO service. Information of the registry may be used for

Identification of user
Maintaining and developing customer relations
Delivery of general information and information on GISGRO features
Providing users with technical information on GISGRO
Analysing users for R&D and business development purposes
User support
Digital marketing purposes

5. CONTENT OF THE REGISTER

The user’s first name and last name.
The user’s e-mail address.
The user’s username and password.
information of an user that has invited new end users to use GISGRO.
Information on user account status, permissions to digital marketing etc.
Login information, permission to use cookies and beacons.

6. REGULAR SOURCES OF INFORMATION

Information is provided by a customer ordering or using the service. The Registrar may receive information on public sources and information may be updated by the personnel of the Registrar.

7. DATA TRANSFER

The registrar uses Stripe.com for payment methods. Upon payment verification the registrar will not store or receive users credit card information. The registrar receives information on the completion of payment of respective user only. Personal data is transferred outside of EEA to SendGrid mailing system for customer communication. SendGrid is an EU-U.S. Privacy Shield Framework certified company.

Any feedback provided by a user is processed with Usersnap service. The host servers on which Usersnap processes and stores its databases are located exclusively within the GDPR compliant areas. We also use Sentry error tracking system. We send a pseudonymized user identifier to Sentry in order to provide customer service.

Personal data (name and email address) is transferred to third party digital marketing service provider.

Otherwise the data is not transferred from the registrar.

8. Data removal

The data is planned to be removed 3 months after the customer relation to the user has ended.

9. Location

The information is stored in secured third party server inside European union. Access to the information is restricted on technical measures and permission to access the information is granted to the registrars limited personnel only.

10. Right for inspection

Any user may inspect the registrar’s information of respective user by written request to the registrar or ask for correction of stored data.

The user may also ask for the removal of all personal data. However, the use of GISGRO is possible only when the registrar possesses the necessary user information.

11. Digital marketing and restriction to use

Registrar may use information for digital marketing only if permitted by the user. The user has a right to cancel any such permission.

12. Risk estimate

The register is considered as low risk personal information register. No sensitive information is collected, and personal information is required for user account maintenance only.