Privacy Policy
Last updated: 01/03/2023
This privacy policy ("Privacy Policy") applies to the processing of personal data at website [https://marianordinofficial.com/] and for the Service provided on the website ("Service"). The purpose of this Privacy Policy is to explain why and how personal data is collected by Service Provider and for what purposes personal data is used and disclosed. Please read this Privacy Policy carefully before you start using the Service.
1. Data Controller
The data controller in accordance with the applicable data protection law is [M.A.N. Knows Better] ("Service Provider", "we", "us", "our"). Service Provider is responsible for ensuring that the processing of personal data complies with this Privacy Policy and the applicable data protection laws.
Contact details of the data controller:
-
M.A.N. Knows Better
-
2779854-2
-
Junatie 9, 20700 Turku
2. Data Collection
Service Provider may collect personal data through different means, which are explained below. As a rule, the personal data processed by Service Provider is provided by the users themselves upon registration and/or in the context of usage of Service, such as
-Name
-Contact details, such as email address, address and phone number
-Language preferences
-Information relating to customer relationship, such as date of registration and billing information
-Customer interaction, customer contacts and replies
Service Provider may collect technical data on the use of Services, which may be personal data, such as:
-Time stamps and log data relating to the use of Services; and
-Device ID, device type, operating system used and application settings.
-Customer interaction, customer contacts and replies
We may also use cookies and other similar techniques for statistical purposes to compile anonymous, aggregated statistics, such as about the users' visits and number of users that allow us to understand how users use the Service and improve user experience.
3. Legal basis and purpose of processing personal data
Service Provider collects personal data for the following purposes:
(1) To provide the Services and manage customer relationship The primary purpose of collecting personal data is to provide the Service and to manage and maintain the customer relationship. This processing of personal data is based on the contract between the user and Service Provider. This concern, for example, the data collected upon registration, during the use of the Service and the technical data needed to run the Service and communication with the user.
(2) Marketing Service Provider may send users emails to inform them about new features, solicit feedback, or provide information on operations and services. In this respect, processing may be based on consent or on our legitimate interest to provide users with relevant information as part of the Service and to promote the Service to users. Users may object to marketing communications at any time in accordance with section 7 below.
(3) Service development and information security Service Provider pursues to offer a good quality and secure Service. Therefore, Service Provider may use the data to analyze the market, users and Service for the purpose developing and improving the quality of the Services. This processing is based on our legitimate interest to grow and develop.
4. Disclosure of personal data
We may disclose users' personal data to third parties in the following cases:
(1) We may disclose personal data to trusted subcontractors who act on our behalf and do not have an independent right to use the personal data we disclose to them. We may use subcontractors when providing the Service;
(2) When required by law such as response to a subpoena, comply with requests by competent authorities or related to legal proceedings;
(3) If Service Provider is involved in a merger, acquisition, or sale of all or a portion of its assets; and
<p(4) When we believe in good faith that disclosure is necessary in order to protect Service Provider's or users' rights or safety or to respond to a government request.
5. Transfer of personal data outside of EU/EEA
Service Provider (or its subcontractors) may process personal data outside of European Economic Area. In this case we will use the required established mechanisms that allow the transfer to subcontractors in those thirds countries, such as the Standard Contractual Clauses approved by the European Commission. We will rely on the so-called Privacy Shield for those subcontractors located in the U.S that are Privacy Shield-certified. For more information about the Privacy Shield framework developed by the U.S. Department of Commerce and the EU Commission and the related principles concerning processing of personal data, please see please see here.
6. Data retention
The personal data will be retained only for as long as necessary to fulfill the purposes defined in this Privacy Policy. After that personal data will be removed except when retention is required by law or rights or obligations by either party.
7. Privacy Rights
Each individual user ("data subject" in accordance with applicable data protection law) has following privacy rights under applicable data protection law:
A user has a right to access personal data that Service Provider holds about him or her and right to request to correct or delete his or her personal data to the extent required by applicable data protection law. A user may review his or her personal data by signing into Service by using his or her User ID and password;
A user has a right to request restriction of processing and object to processing for the purpose of direct marketing to the extent required by applicable data protection law;
A user has a right to data portability, i.e. the right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable data protection law;
If a user thinks there is a problem with the way Service Provider is processing user's personal data, user has a right to file in a complaint to the national data protection authority in the EU/EEA. In Finland the competent authority is the Data Protection Ombudsman. The user may contact Finnish Data Protection Ombudsman through this link.
Please send above mentioned requests to [[email protected]].
8. Security
Service Provider has carried out the technical and organizational measures necessary for securing personal data against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. Service Provider limits the access to personal data to authorized employees and subcontractors who need to know that information in the course of their job description, for example, for the purposes of responding to requests or development of the Service. Please be aware that, although Service Provider endeavors to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.
9. Changes to Privacy Policy
Children under 15 years old are not allowed to register as the Service users.
10. Other terms and regulations
Service provider reserves the right to change or update this Privacy Policy. If Service Provider makes changes to this Privacy Policy, we will provide a notice on our website at [https://www.freetoheal.org], where we will also keep the most current version of this Privacy Policy available.