Coiniverse privacy notice
Privacy notice – Coiniverse Mobile Services User Register
Updated 27 Sept 2023
1. Data controller
Coiniverse Ltd
Konepajankuja 1
00510 Helsinki
Finland
2. Contact person in matters involving the register
Mikko Sievänen
Konepajankuja 1
00510 Helsinki
Finland
E-mail: hello@coiniverse.app
3. Name of register
Coiniverse mobile application user register
4. Purpose and basis of processing personal data
We process your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to run, maintain and develop our business and to create and maintain customer relationships.
More specifically, we process your personal data for following purposes:
To provide Coiniverse services and carry out our contractual obligations (legal ground: performance of a contract and legitimate interest): we process your personal data to be able to offer the Coiniverse services to you under the contract between you and Coiniverse. If you contact us, we will use the information provided by you to answer your questions or solve your complaint.
For our legal obligations (legal ground: compliance with a legal obligation) We process data to enable us to administer and fulfil our obligations under law. This may include data processed for complying with our bookkeeping obligations and providing information to relevant authorities, if applicable.
For claims handling and legal processes (legal ground: legitimate interest) We may process data for the prevention of misuse of our services and for data, system and network security.
For customer communication and marketing (legal ground: legitimate interest): Coiniverse processes your personal data to contact you regarding the Coiniverse services and to inform you of changes relating to them. Your personal data is also used for the purposes of marketing the Coiniverse services to you.
For development of our services and quality improvement (legal ground: legitimate interest): We may also process information about your use of the Coiniverse services to improve the quality of the Coiniverse services e.g. by analyzing any trends in the use of the Coiniverse services. In order to ensure that our services are in line with your needs, personal data can be used for things like customer satisfaction surveys. When possible, we will do this using only aggregated, non-personally identifiable data.
In some parts of the Coiniverse services, you may be requested to grant your consent for the processing of personal data, including in case of direct marketing (Legal ground: consent). In this event, you may withdraw your consent at any time under your Profile Settings or by clicking the “Unsubscribe” button in any marketing e-mail.
5. Processed data contents
The personal data collected and processed by us can be divided into two general data categories: A) User Data and B) Analytics Data
A) User data:
When registering via our mobile application, you provide us with certain information, including email, password, , name, and profile picture.
We register the information you provide when using the mobile application, including coin collections, your traffic on the Platform and your communication with us.
Our mobile application may ask for your permission to enable the collection of the location of your device/you. If you have given permission to collect your device location, we may use the location to show you certain offers available around your location as personalized marketing message. Location may also be used for analytics etc.
B) Analytics Data:
Although we do not normally use Analytics Data to identify you as an individual, you can sometimes be recognized from it, either alone or when combined or linked with User Data. In such situations, Analytics Data can also be considered personal data under applicable laws and we will treat such data as personal data.
We may automatically collect the following Analytics Data when you visit or interact with the Coiniverse Services:
Device Information. We may collect the following information relating to the technical device you use when using the Coiniverse services:
device
country
IP address
browser type and version
operating system
Internet service providers
advertising identifier of your device
Usage Information. We may collect information on your use of the Coiniverse services, such as:
time spent on the Coiniverse Services
interaction with the Coiniverse Services
information on your orders made through the Coiniverse Services
the URL of the website you visited before and after visiting the Coiniverse Services
the time and date of your visits to the Coiniverse Services
the sections of the Coiniverse Services you visited
the products you searched for while using the Coiniverse Services
6. Regular sources of data
Personal data is collected from the data subject him/herself through the Coiniverse mobile application.
In addition we collect data from your device, see above “Analytics data”.
In addition, the use of the mobile application and Coiniverse website is analysed by using cookies. More information on cookies can be found at: www.rahapaja.fi/en/cookies/
In addition to the cookies the IP address that is used to monitor user statistics is stored of user’s website visits.
7. Regular disclosure of data
Some of the personal data may be accessible and processed by Coiniverse subsidiaries, subcontractors and other service providers, to the extent needed in connection with the above described purposes. Coiniverse ensures that such third parties are always bound by contracts, which sufficiently address data protection and confidentiality requirements. We are using external service providers for certain parts of business operations, e.g. IT system maintenance.
In addition we may provide advertisers and other business partners with anonymized reports about the kinds of people seeing or clicking their ads or using Coiniverse services, but we don’t share information that personally identifies users.
By means of In-app purchasing, you may have the option to subscribe to the paid subscription plan version of the mobile services in which case the order button will lead you directly to either the Apple AppStore or the Google Play Store depending on which operating system you use. In this context, we will transmit the starting date and the end date and, if applicable, the termination date of the subscription and the reason for the termination (for instance, withdrawal). The data for processing the payment are collected directly by the app stores.
For the privacy policies of the app stores, please go to:
Apple App Store: https://www.apple.com/de/privacy
Google Play Store: https://policies.google.com/privacy
8. Transfer of data to countries outside the EU or EEA
In general we do not transfer personal data outside the EU or European Economic Area (EEA). If we do transfer personal data outside the EU or EEA, we will guarantee the sufficient level of data protection by among other things agreeing on matters related to confidentiality and processing as required by the legislation, e.g. by using model clauses adopted by the European Commission.
9. Retention period
The retention period of personal data depends on the information concerned and its purpose of use. The controller retains personal data at least as long as they are needed for the execution of the informed purposes of use, such as in the performance of the controller’s contractual obligations.
When personal data are no longer needed, the data is destroyed in a secure way or irrevocably anonymized.
Most personal data relating to a User’s user account with the Coiniverse Services will be deleted after the User has deleted its user account with the Coiniverse mobile application. Please note that some information may remain in our records after your account has been deleted, and that we may only be able to delete this information later when updating our backups.
10. Your rights
The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situations himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Coiniverse to the extent Coiniverse acts as the controller to the personal data of the data subject in question.
Right of access: The data subject has the right to obtain a confirmation from the controller on whether the controller processes personal data concerning the data subject and the right to access such data. The data controller may ask the data subject to specify his/her access request, amongst others, with regard to the details of the data to be delivered.
Right to rectification: The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him/her processed by the controller, or to have incomplete personal data processed by the controller to be completed.
Right to be forgotten: The data subject has the right to obtain from controller the erasure of personal data related to him/her and the controller has the obligation to erase such data in case there is no longer a legal ground for the processing of such data or, where the legal or contractual obligation binding the controller related to the storing of the personal data has ended or, where the data subject has withdrawn his/her consent to the processing of his/her personal data.
Restriction of processing: In certain cases, where so prescribed by law, the data subject may have the right to obtain from the controller restriction of processing of his/her personal data.
Right to data portability: The data subject may, subject to certain conditions prescribed by law, have the right to receive the personal data concerning him/her processed by the controller in a commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the original controller.
Right to object to processing of his/her personal data: In certain cases, the data subject may have the right to object to processing of personal data concerning him or her. The right to object is applicable in such situations in particular where the processing of personal data is based on the controller’s legitimate interest. In such situations the controller has to follow the data subject’s request, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
To the extent the processing of personal data has been based on the data subject’s unambiguous consent, the data subject has, at any time, the right to withdraw his/her consent regarding the processing.
In certain cases the data subject can access and rectify his/her data through electronic services provided by Coiniverse. In cases where the data subject has no such services in use, the requests, including requests concerning the erasure, portability or the objection to processing shall be directed to hello@coiniverse.app.
Coiniverse will take measures based on the data subject’s request without delay, and provide the data subject with the information concerning the measures related to the use of the data subject’s rights primarily within one month from receiving the data subject’s request.
In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, in Finland to the Data Protection Ombudsman, in accordance with its instructions. The website of the Data Protection Ombudsman can be found here: www.tietosuoja.fi/en.
11. Data security
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include for example, where appropriate, encryption, pseudonymization, firewalls, secure facilities and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data. The databases and their backups are located in locked up spaces.
We make sure that access to data is permitted only to those of our employees and only to those employees of the companies acting on behalf of us who have the need to access the data for the execution of the tasks assigned to them.
12. Amendments to the privacy statement
This privacy statement may be amended from time to time. You can see when changes have been made to the statement by referring to the “Last Updated” date on top of this page. We encourage you to familiarize yourself with the privacy statement regularly for any amendments.
If we materially change the ways in which we use and disclose personal data, we will inform of it separately.