Last updated: June 5, 2009
This Privacy Policy is a description of a personal of personal data file ("rekisteriseloste") in the meaning of Article 10 of the Finnish Personal Data Act (523/1999). According to Article 10 of the Personal Data Act the Act applies to processing of personal data where the controller is established in the territory of Finland. As Controller of the personal data file is established in Finland, the Finnish Personal Data Act is applied.
1. Name of Controller
Sulake Corporation Oy ("Controller")
Korkeavuorenkatu 35, 00130 Helsinki, Finland
Tel. +358 10 656 7000
2. Person Responsible for Maintaining the Data File
Sampo Karjalainen
Tel. +358 10 656 7000
Address same as Controller's
3. Name of the Personal Data File
Bobba® End User Database
4. Collected Data
Bobba® End User Database contains the following data:
Information Submitted by the User
Automatically Collected Information
5. Purpose of Collection
The personal data is collected for the purposes of enabling the rendition of the service, maintaining the client relationship and for developing our business and product portfolio. For sake of clarity, your avatar name and certain other data may be shared between the other users of the service. Without limiting the generality of the foregoing, the data can be used to contact you for the purposes of asking feedback on the Bobba® service, and to inform you about updates and changes in the Bobba® service. In addition, the data may be used for moderation purposes, including without limitation for investigation by us and/or police or other relevant authorities when misconduct in suspected in connection with the Bobba® service or otherwise. The collected personal data may also be used for direct marketing purposes in compliance with the applicable laws.
6. Source of Information
The personal data is collected from you when you create or update your Bobba® service account and when you visit or use the Bobba® website (www.bobba.com) or the Bobba® service.
7. Erroneous, Incomplete or Obsolete Data
We do not review the personal data for the purposes of determining whether it is erroneous, incorrect or obsolete. You have, after having supplied sufficient search criteria, the right to access, amend and rectify the data in your personal data file or receive a notice that the file contains no data. You may be provided tools for realizing this right of access. You do not have access to your log data or IP address data.
8. Disclosures
We will not sell, share or rent your information to others except as set out in this Privacy Policy. We will only disclose personal information to other companies within our group of companies and such suppliers we engage to provide the Bobba® service or process the data on our behalf. We may also disclose data to police and other relevant authorities in connection with investigation of suspected misconduct.
Our partners, purchasers of our business and suppliers may gather information for their own purposes and for that reason we cannot exercise control over the uses to which they apply your personal information.
In the event of the sale of the Controller or its assets your personal data may be disclosed to the purchaser of the Controller or the purchaser of its assets. Furthermore, we may disclose your personal data to any third party taking over the distribution and/or operation of the Bobba® service.
Your personal data is not disclosed to countries outside the EEA. Notwithstanding the foregoing, your personal data may be disclosed to such affiliates or business partners of the Controller who are domiciled in non-EEA country, which disclosure may be made for the purposes of providing and maintaining the service, which include without limitation the moderation of the service and the provision of its customer care.
9. Data Security
Within our organization, access to your personal data is limited to such persons who need to have such access. All such persons who have access to the data have personal access rights granted to them by us. Personal identification code and password enables us to verify all accesses to the data file. Different access right schemes may be implemented. Industry standard technical measures have been implemented for securing the personal data against e.g., unauthorized access or disclosure.