PRIVACY POLICY

Partners and 24 Center Partner application, 24 Center Oy, 19.3.2021

Your personal data at 24 Center in a nutshell

We at 24 Center try not to overcomplicate things, not even GDPR compliance. That’s why we made it easy for you to understand what info we hold about you and why. Here you go:

Who’s concerned
 
  • You, who use the 24 Center Partner service.
Information we hold about you
 
  • Contact and partnership details
  • Communications
  • Service use analytics (access control and service security)
  • Location data
What do we need your data for
 
  • Contact you and inform you about relevant matters concerning the service
  • Notify you about updates to our service
  • Inform you of nearby customers that need your help
  • Monitor the safety of the service (access control and service security)
  • Organize our CRM and keep track on who has registered
Where do we get your data
 
  • We get your information when you become a partner or start using 24 Center Partner services 
  • We store any communication between us securely at the time of communication
  • The 24 Center Partner Application collects location data with your consent
Who else gets (some of) your data
 
The most important services we use:
  • Payments: Paytrail / Checkout Finland
  • Infrastructure: Amazon AWS
  • Communications: Google, Hubspot
  • Others: Faktucon Oy, Nordea Bank 
You have rights – here they are

You may request:
  • A copy of your data
  • The deletion of your data
  • That we correct any incorrect data
  • The restriction of processing
  • That we cease some processing of your data (right to object)
How long do we keep your data
  • We delete the info we need for contacting you when you you cease using 24 Center Partner services or end your partner relationship with us (see more below)

1. Controller

The 24 Center Partner service is run by us – 24 Center Oy.

In order to keep our service running smoothly we need some information about you. This information is called ‘personal data’ as it can be used to identify you. Because we collect, use and store your personal data we are a so-called controller of your information. This means, for example, that we are responsible for keeping your personal data safe.

Below we explain in a bit more detail how, why and for how long we process your personal data.

This Privacy Policy has been last been updated on 19.3.2020. 

We may from time to time update this Privacy Policy. We will always notify you if the changes are significant or if we intend to use your information for purposes other than those stated here.

Controller

24 Center Oy
Robert Huberin tie 3 B
01510 Vantaa

Our contact person for data protection

Joose Pinomaa (CEO)
tel. +358401966396
[email protected]

2. Purpose and legal basis for processing personal data

Data subjects Purpose for processing Basis for processing
Partner representatives Communications Performance of a contract
Marketing Legitimate interest
Users of 24 Center Partner application Identification Performance of a contract
Communications Performance of a contract
Provision of the 24 Partner Application service Consent, performance of a contract
Invoicing Performance of a contract
What does ‘legitimate interest’ mean?
 
The collection and processing of all personal data requires a so-called basis on which the processing is lawful. A ’legitimate interest’ is one such basis. Other processing criteria include, for example, consent and performance of a contract.
 
Processing in the legitimate interest is lawful if, and only if, the fundamental rights and freedoms of the person and their protection are not more important than the legitimate interest of the party conducting the processing (in this case us).
What does ‘performance of a contract’ mean?

Contractual processing is lawful if the data subject is a party to a contract for the performance of which the processing of his or her personal data is necessary. The processing is limited to the personal data necessary for the performance of the contract. 
What does ‘consent’ mean?

Consent-based processing is lawful if the data subject has given his or her consent to the processing of his or her personal data for one or more purposes. For example, the data subject may give his or her consent by ticking the box on a website or an application. It must be possible to withdraw consent as easily as it could have been given. Consent must be explicit and freely given.
What does a ‘legal obligation’ mean?

Compliance with the controller’s legal obligations may require the controller to process personal data. 

3. Regular sources of information

We receive information about you from you. 
 
The 24 Center Partner application collects location data from your device if you opt to share it.
 
We do not collect information about you from other parties or other sources. 

4. Personal data in the register

In this register the following information personal data is collected:

Information on Partner representative
(information you provide)
Purpose for processing
Name and title Identification
Telephone number Communication
Marketing
E-mail Communication
Marketing
Address Communication
Marketing
Name of company Identification
Address of company Communication
Marketing
Payment Information Invoicing
Information on Users of 24 Center Partner application
(information you provide)
Purpose for processing
Name and title Identification, communication, provision of the 24 Partner Application service
Telephone number Communication, provision of the 24 Partner Application service
E-mail Communication, provision of the 24 Partner Application service
Address Communication, provision of the 24 Partner Application service
Name of company Identification, provision of the 24 Partner Application service
Address of company Communication, provision of the 24 Partner Application service
Payment Information Invoicing, provision of the 24 Partner Application service
Location data* Provision of the 24 Partner Application service

*) Details on location data

24 Center Partner Application only collects location data if the user has given his/her consent to it by opting in. 
 
Location based services determine the user’s location using interfaces provided by the user’s device, such as GPS. Device location can be determined with these services both while using the application and while the application is in the background or closed.
 
The technical details on the application’s geolocation features are publicly available at https://github.com/transistorsoft/react-native-background-geolocation/wiki/Philosophy-of-Operation
 
24 Center Partner Application is an application for building maintenance services companies partnered with 24 Center, that informs the user of nearby customers in need of maintenance services by providing notifications in the application. With the help of the application, the user can accept work tasks quickly and easily and to manage work tasks in execution. The distance between the location of the work task and the user’s location affects whether the user receives a notification of the new work task appearing nearby. 
 
The application collects and processes location data from the device of the user so that it can target notifications about new work tasks based on the location of the user also when the application is closed. Many of the work tasks are urgent and require quick reaction from the user in order to provide help to customers and to ensure that the user gets to choose a suitable work task. Location sharing must be turned on by the user if the user wants to receive notifications of work offers also based on their own location (and not just based on the location of their office) and filter notifications based on distance. Background location enables the user to receive suitable work tasks even while the application is closed without a need to periodically manually update the list of available work tasks within the application.
 
A commission will be paid to the executor of a work task according to the contract between 24 Center and the executor.
 
24 Center Oy does not share location data from the 24 Center Partner application with any third parties.

6. Duration of processing

Partner representatives

We will receive your personal data when your company becomes our partner and will retain your information for as long as that relationship lasts, and for a maximum period of five years thereafter. We process personal data based on what you tell yourself about yourself. You can request that your personal data be corrected or deleted at any time.

Users of 24 Center Partner application 

We will receive your personal data when your company becomes our partner and you begin using our application, and we will retain your information for as long as you keep using our partner application. We process personal data based on what you tell yourself about yourself and what is necessary to provide the application service. You can request that your personal data be corrected or deleted at any time. 
 
Location data collected by the application automatically overwrites previous location data. Location history is not collected. The latest collected location data point is automatically removed after 24 hours. 

7. Your rights

You have the following rights, the requests for the exercise of which must be made to: [email protected]

Your rights
Inspection You have the right to access and correct your personal data retained in our register. You can view, edit and delete your customer data by sending us a request to [email protected].
Deletion of personal data / “Right to be forgotten” If you feel that the processing of some of your personal data is not necessary for our processing purposes, you have the right to ask us to delete that data. However, please note that you can decide what information you provide about yourself, as well as delete unnecessary information by sending us a request to this address at [email protected].

However, if you wish to delete any other information, we will process your request as soon as possible, after which we will either delete your information or provide you with a valid reason why the information cannot be deleted. If you disagree, you have the right to lodge a complaint with the Data Protection Ombudsman (instructions for making a complaint).
Objection to processing You have the right to object to the processing of your personal data at any time if you feel that we have processed your personal data unlawfully or that we do not have the lawful basis to process your personal data. We will process your request as soon as possible.
Complaint You have the right to file a complaint with the Data Protection Ombudsman if you feel that we are in breach of applicable data protection laws when processing your personal data (instructions for making a complaint).

9. Disclosure of Information

We do not disclose your personal data to any third parties.

These parties process your personal data on our behalf: 

  • Payment intermediary Paytrail / Checkout Finland
  • Google Analytics
  • Accounting firm: Faktucon Oy
  • Bank: Nordea Bank 
  • Communications: Hubspot

These service providers do not have the right to view your information unless necessary to ensure the functionality of the service.

In addition, we use subcontractors to develop our service. These subcontractors do not process your information, but they do have access to our databases.These subcontractors or their employees may therefore see the information we collect about you. All our subcontractors and their personnel are bound by strict professional secrecy and confidentiality.

10. Data transfer outside the EU

We have chosen secure data centers located in Finland as the storage location for your data. The information in the register will not be stored outside the European Union or the EEA. No data transfers are made from the service user register outside the EU or the European Economic Area. 

If we are required to disclose personal data under applicable mandatory law, personal data may be transferred outside the European Union and the European Economic Area.


Privacy Shield and Sample Clauses

However, regardless of the data centers we choose in Europe, it is possible that we or the service providers used by us may, in some circumstances, transfer your information outside the EU / EEA. This can happen, for example, if data is duplicated outside the EU / EEA to the United States so that your data is secure even in the event of a failure of the main servers. Transmission Volumes must always be carried out safely and in accordance with the law. We will ensure that the necessary measures are taken to prevent the transfer of your personal data to a party outside the EU or the EEA who does not comply with the legal requirements for the processing of personal data. 
 
The European Commission has accepted the use of model contract clauses to ensure adequate protection of data transferred outside the EEA. Whenare added to the between the parties to the data transfer standard contract clauses agreement, the personal data will be considered protected when transferred outside the EEA or the United Kingdom to countries where the adequacy decision does not apply. We use these model contract clauses in data transfer. 
 
In addition, we adhere to the principles of the EU-US and Switzerland-US Privacy Shield Frameworks, without relying on these principles as a legal basis for transfers of personal data, taking into account the ruling of the European Court of Justice in Schrems II case C-311/18. Learn more From the U.S. Department of Commerce Privacy Shield website.

 

11. Registry protection principles

The secure processing of your personal data is important to us. The information stored in the service is stored in the system of the controller, which is protected by security software.

  • Our employees have access to personal data only to the extent required for relevant work tasks. 
  • Access to the system requires the entry of a username and password. The system is also protected by firewalls and other technical means.
  • Only certain designated employees of the controller have access to and are entitled to use the data contained in the register stored in the system.
  • The use of the register is protected by user-specific IDs, passwords and access rights.
  • The registry resides on a computer located in a computer room on a server to which unauthorized access is denied.
  • The information contained in the register is located in locked and guarded premises.
  • The register is regularly backed up.

12. Cookies

Our service uses so-called cookies. A cookie is a small text file that is sent to and stored on a user’s computer, enabling the webmaster to identify visitors who visit the site frequently, to make it easier for visitors to log in to the site, and to compile aggregate information about visitors. With the help of this feedback, we are able to continuously improve the content of the service’s pages. Cookies do not harm users’ computers or files. We use them in such a way that it can provide its customers with information and services tailored to their individual needs. The user of the website can adjust the cookies collected by us as instructed in the cookie notification. 

If you do not want us to receive any of the above information through cookies, most browser programs allow you to disable the cookie function. However, it is good to keep in mind that cookies may be necessary for the proper functioning of some of the services maintained by us.

Turning off cookies in most browsers
Chrome From the main menu, select Preferences. Click Advanced at the bottom of the page. In the Privacy and Security section, click Content Options. Select Cookies.
Firefox From the main menu, select Settings. Click Privacy and Security. Under History, select Selected History from the drop-down menu.
Safari From the Safari menu, select Settings. Click Privacy. Click Block All Cookies or Manage Website Data.
Microsoft Edge From the main menu, select Settings. Click Show advanced settings. Select the security level from the Cookies section at the bottom of the menu.
Internet Explorer On the Tools menu, click Internet Options. Click the Privacy tab. Under Settings, click Details.