Privacy Business

Page

ROVIO LICENSING BUSINESS PRIVACY NOTICE

Last updated: March 23, 2023.

This notice explains how Rovio (referred to as “we” in this document) processes the personal data of Rovio’s licensing business contacts (referred to as “you” in this document), and what rights you have if we are processing your personal data.

In this notice, the phrase “your data” is used when referring to personal data that relates to you as an identified or identifiable person.

1 Data controller

By “data controller”, we mean an entity that determines how and why personal data is processed. With regard to the activities described in this notice, we are the data controller. Our company name is Rovio Entertainment Corporation.

2 Contact information

In matters related to this notice, you can reach us at privacy@rovio.com.

We have also designated a Data Protection Officer (“DPO”) to oversee matters related to data protection at Rovio. If you have any questions or concerns about the way we use your data, you may contact our DPO at any time by email to dpo@rovio.com.

3 Why do we process data and on what basis?

We process your personal data for the purpose of running our brand licensing business, which includes the following purposes:

  • fulfilling our agreements with licensees and business partners (including enforcing agreements where necessary),
  • managing content productions and other work projects (including related contracting and project related communications) with production partners and contractors,
  • retaining records of our licensing business operations (including the archiving of agreements relevant to the business),
  • building and managing our relationships with licensees, prospects, and other licensing business partners,
  • communicating with licensees, prospects, and other licensing business partners, and
  • other purposes related to and compatible with the above.

Our processing of personal data for these purposes is based on our legitimate interest to conduct our brand licensing operations and related business activities. With respect to information relevant to executed agreements and related payments, processing may be necessary for compliance with our legal obligations to maintain records for accounting, product liability, and other similar purposes.

Note that you will be provided an option to opt out of receiving our marketing communications each time we send communications of that kind to you.

We do not use your data to make automated decisions which significantly affect you. By an “automated decision”, we mean a decision made by an information system without any human intervention.

4 What data do we process?

We may process the following data relating to our business contacts:

  • name and job title,
  • contact information for business purposes (including an email address, street address, and phone number), and
  • information relating your business communications with us (including message headers, content, and log information).

We do not expect or intend to collect or otherwise process any special categories of data relating to you. By “special categories of data,” we mean genetic, biometric or health information, information revealing racial or ethnic origin, sex life or sexual orientation, political opinions, religious or philosophical beliefs or trade union membership, or information about your criminal offences or convictions. Please do not provide this kind of information to us.

5 Where do we collect data from?

We collect data either directly from you (or the company you represent), from our agents and other business contacts, or from publicly available sources such as professional networking websites or the website of the company you represent.

6 Who do we share data with?

We may share your personal data with the following types of recipients:

  • companies in the Rovio group which are involved with our licensing business,
  • companies or individuals outside the Rovio group that provide services to us (including our licensing agents, hosting providers, client relationship management (CRM) platform providers, and marketing communications service providers),
  • competent governmental authorities, courts of law, or other similar entities where we believe disclosure is required by applicable laws and regulations or to exercise, establish, or defend our legal rights,
  • with a prospective or actual buyer (and their agents or advisors) in the context of a planned or actual acquisition, merger, or other business restructuring, or
  • with any other person or entity with your consent.

In connection with the activities described in this document, your data may be transferred to or processed in countries outside of the European Union (“EU”) and the European Economic Area (“EEA”). In particular, this takes place when you are a candidate for a position at a Rovio company based outside of the EU and the EEA. These countries may have data protection laws that differ from the laws of your country. In these cases, we will ensure that appropriate safeguards are in place to protect your data. These safeguards may include compliance with the European Commission’s standard contractual clauses for transfers of personal data. Upon request, we can provide you a copy of the European Commission’s standard contractual clauses and further details on the applicable safeguards.

7 How long do we keep data?

We will keep your data for as long as necessary to achieve the purpose(s) for which it was collected. Typically, this will at least correspond to the duration of our business relationship with you (or the company you represent). However, we may need to retain data longer than that for accounting, product liability, or other similar purposes, if we had a contractual relationship with you (or the company you represent).

8 How do we keep data secure?

We have adopted measures to provide your data a level of security appropriate for the degree of risk involved with the processing activities outlined in this notice. These measures are designed to protect your data against accidental or unlawful destruction, loss, or alteration as well as unauthorized disclosure or access. The specific measures we employ vary from one service or system to another, but typically include, for example, controls to limit access to services or systems that contain personal data, contractual safeguards with third parties who process your data, and maintaining procedures to handle any suspected security incidents.

9 Your rights

If we are processing your personal data, you have the right to:

  • access, correct, or request the deletion of your personal data,
  • request us to restrict our processing of your personal data,
  • object to our processing of your personal data to the extent our processing is based on our legitimate interests, or
  • where technically feasible, request that we give you a copy of the personal data you have provided to us in machine-readable format.

To exercise any of the rights outlined here, please contact us using the contact information provided above under the section titled “Data controller”. To fulfill your request, we need to confirm your identity to verify your right to make the request, which may involve requesting additional information from you. While we will usually not do so, we reserve the right to charge an appropriate fee from you for the exercise of your rights where permitted by applicable law or regulation.

Finally, you always have the right to lodge a complaint with your local data protection authority (such as the Office of the Data Protection Ombudsman in Finland) regarding our processing of your data. However, we ask that you reach out to us first to allow us to address your concerns.

10 Changes

We may update this notice from time to time, for example due to changes in our operations or the legal obligations that apply to us. We will inform you of any changes made by means that are appropriate considering the significance of the changes.