PRIVACY NOTICE: ROVIO LICENSING BUSINESS CONTACTS
Last updated: February 1, 2019.
This notice explains how Rovio (referred to as “we” in this document) processes the personal data of Rovio’s licensing business contacts (referred to as “you” in this document), and what rights you have if we are processing your personal data.
1. Data controller
The data controller for the activities described in this notice is Rovio Entertainment Corporation. The data controller’s address is Keilaranta 7, FI-02150 Espoo, Finland. In matters relating to this notice, you can also reach us by email at firstname.lastname@example.org.
2. Why do we process data and on what basis?
We process your personal data for the purpose of running our brand licensing business, which includes the following purposes:
- fulfilling our agreements with licensees and other business partners (including invoicing and enforcement where applicable),
- building and managing our business relationships with licensees, prospects, and other business partners,
- communicating with our licensees, prospects, and other business contacts (including marketing communications), and
- other purposes related to and compatible with the above.
Our processing of personal data for these purposes is based on our legitimate interest to conduct our brand licensing operations and related business activities. With respect to information relevant to executed agreements and related payments, processing may be necessary for compliance with our legal obligations to maintain records for accounting, product liability, and other similar purposes.
Note that you will be provided an option to opt out of receiving our marketing communications each time we send communications of that kind to you.
3. What data do we process?
We may process the following data relating to our business contacts:
- name and job title,
- contact information for business purposes (including an email address, street address, and phone number), and
- information relating your business communications with us (including message headers, content, and log information).
We neither request you to provide nor intend to collect any information relating to special categories of personal data or criminal convictions and offenses. By “special categories” of personal data, we are referring to genetic, biometric, or health data as well as information relating to racial or ethnic origin, sex life or sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership.
4. Where do we collect data from?
We collect data either directly from you (or the company you represent), from our agents and other business contacts, or from publicly available websites such as professional networking websites or the website of the company you represent.
5. Who do we share data with?
We may share your personal data with the following types of recipients:
- companies in our business group involved with our licensing business,
- companies outside of our business group that provide services to us (including our licensing agents, hosting providers, client relationship management (CRM) platform providers, and marketing communications service providers),
- competent governmental authorities, courts of law, or other similar entities where we believe disclosure is necessary (a) under applicable law or regulation or (b) to exercise, establish, or defend our legal rights,
- with a prospective or actual buyer (and their agents and advisors) in the context of a planned or actual acquisition, merger, or other business restructuring, or
- with any other person or entity with your consent.
6. Do we transfer data to third countries or international organizations?
We primarily store your personal data within the European Union (“EU”) and the European Economic Area (“EEA”).
However, some of the circumstances described under the section titled “Who do we share data with?” may involve a transfer of your personal data to countries outside of the EU and EEA. These countries may have data protection laws that are different from the laws of your country. Where that is the case, we will ensure that appropriate safeguards are in place so that your personal data remains protected in line with this notice. These appropriate safeguards may include compliance with the European Commission’s standard contractual clauses for transfers of personal data, which require the group company, third-party service provider, or other recipient to protect the personal data in accordance with EU data protection laws. Alternatively, we may rely on the EU-US Privacy Shield framework as an appropriate safeguard for your personal data.
A copy of the European Commission’s standard contractual clauses and further details on the appropriate safeguards we have implemented can be provided on request.
7. How long do we keep data?
We will only keep your personal data for as long as necessary for the purposes described in this notice. Typically, this will at least correspond to the duration of our business relationship with you (or the company you represent). However, we may need to retain data longer than that for accounting, product liability, or other similar purposes, if we had a contractual relationship with you (or the company you represent).
8. How do we keep data secure?
We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures are designed to provide a level of security appropriate for the degree of risk involved with processing your personal data. Specific measures include the encryption of data in transit and at rest, the use of anti-virus software and firewalls, and user rights management. Only those of our employees who are involved with related tasks as part of their work are entitled to access your personal data. All users have a personal user account and password in the system.
9. Your rights
If we are processing your personal data, you have the right to:
- access, correct, or request the deletion of your personal data,
- request us to restrict our processing of your personal data,
- object to our processing of your personal data to the extent our processing is based on our legitimate interests, or
- where technically feasible, request that we give you a copy of the personal data you have provided to us in machine-readable format.
Where our processing of your personal data is based on your consent, you also have the right to withdraw your consent at any time. Please be aware that we may still continue processing your personal data, if we have a lawful basis for doing so.
To exercise any of the rights outlined here, please contact us using the contact information provided above under the section titled “Data controller”. We will respond to all requests from individuals wishing to exercise their rights in accordance with applicable data protection laws.
In addition to the rights listed above, you have the right to lodge a complaint with your local data protection authority regarding our processing of your personal data. For more information, please consult with your local data protection authority, which in Finland is the Office of the Data Protection Ombudsman (https://tietosuoja.fi/en).
We may update this notice from time to time, for example due to changes in technology, our operations, or the legal obligations that apply to us. We will inform you of any changes made by means that are appropriate considering the significance of the changes.