PRIVACY NOTICE FOR WEB-BASED AUGMENTED REALITY EXPERIENCES
Last updated: September 21, 2020
This notice explains how Rovio Entertainment Corporation (referred to as “we” in this document) collects, stores, uses, or otherwise processes the personal data those who view or interact with our web-based augmented reality experiences (referred to as “you” in this document), and what rights you have if we are processing your personal data. It is important that you read this notice so that you are aware of how and why we may use your data.
In this notice, “Experiences” refers to our web-based augmented reality experiences.
1 Data controller
By “data controller,” we mean an entity that determines how and why personal data is processed. With regard to the activities described in this notice, we are the data controller. Our company name is Rovio Entertainment Corporation. Our address is Keilaranta 7, FI-02150 Espoo, Finland.
We may have created some Experiences in collaboration with a third party. In these cases, a link to the third party’s website or other property may be provided in the Experience. If you navigate to and interact with a third party’s property, they may collect and process data about you. We do not control this use of data and are not responsible for it. For more information, please review the third party’s privacy notice.
2 Contact information
In matters related to this notice, you can reach us by email at firstname.lastname@example.org.
We have also designated a Data Protection Officer (“DPO”) to oversee our data protection related matters. If you have any questions or concerns about the way we use your data, you may contact our DPO by email at email@example.com.
3 Why do we process your data and on what basis?
Based on our legitimate interest to make sure our Experiences are the best they can be, we may process your data:
- to measure and analyze the use of our Experiences or the data we collect through them (for example, to discover trends or other insights) or
- for additional purposes which are compatible with the above purpose.
We do not use your data to make automated decisions which significantly affect you. By an “automated decision,” we mean a decision made by an information system without any human intervention.
4 What data do we process?
In connection with the Experiences, we may process the following data relating to you:
- online identifiers such as an IP address or cookie ID,
- the time at which you interacted with our Experiences and your coarse location (as inferred from your IP address),
- basic information about the device you use (such as the device model and the operating system in use), and
- information about your engagement with our Experiences.
We do not collect any of your personal details such as name, email address, or phone number or any photos or video you create or share in connection with the Experiences. We also do not process any special categories of data relating to you. By special categories of data, we mean genetic, biometric or health information, information revealing racial or ethnic origin, sex life or sexual orientation, political opinions, religious or philosophical beliefs or trade union membership, or information about your criminal offences or convictions.
5 Where do we collect your data from?
We collect data directly from your interaction with our Experiences.
6 Who do we share your data with?
We may share your data with third parties to achieve the purposes described in this notice. This may include sharing data with the following types of recipients:
- other companies in the Rovio group, for example where they help us develop or operate our Experiences,
- persons or companies outside of the Rovio group that provide services to us and process data on our behalf when providing those services (for example, technology or hosting providers),
- prospective or actual buyers (including their agents or advisors) in the context of a planned or actual acquisition, merger, or other business restructuring,
- competent courts of law or other government authorities where we believe disclosure is necessary as a matter of applicable law or regulation, or
- any person or entity where we believe disclosure is necessary to exercise, establish or defend our legal rights or to protect your or another person’s vital interests.
While we currently store data on servers located in the European Union (“EU”), your data may be transferred to or processed in countries outside of the EU and the European Economic Area (“EEA”). These countries may have data protection laws that differ from the laws of your country. In these cases, we will provide appropriate safeguards to protect your personal data as required by applicable laws and regulations. These safeguards may include compliance with the European Commission’s standard contractual clauses for transfers of personal data or reliance on the EU-US Privacy Shield framework. Upon request, we can provide you a copy of the European Commission’s standard contractual clauses and further details on the applicable safeguards.
7 How long do we keep your data?
We will keep your data for as long as necessary to achieve the purpose(s) for which it was collected, including compliance with any legal, accounting, or reporting requirements. Currently, we keep your data for up to six months. We may continue to use data that is not identifiable to you (for example, de-identified or aggregated data) after the applicable retention period.
8 How do we keep your data secure?
We have adopted measures to provide your data a level of security appropriate for the degree of risk involved with the processing activities described in this notice. These measures are designed to protect your data against accidental or unlawful destruction, loss, or alteration as well as unauthorized disclosure or access. The specific measures we employ include, for example, encryption in transit and at rest as well as limiting access to data to those who need it.
9 Your rights
If we are processing your data, you have the right to:
- access, correct, or request the deletion of your data,
request us to restrict our processing of your data,
- object to our processing of your data to the extent our processing is based on our legitimate interests or the legitimate interests of a third party, or
- where technically feasible, request a copy of the personal data you have provided to us in machine-readable format.
To exercise any of your rights, you may contact us at firstname.lastname@example.org. To fulfill your request, we need to confirm your identity to verify your right to make the request, which may involve requesting additional information from you. While we will usually not do so, we reserve the right to charge an appropriate fee from you for the exercise of your rights where permitted by applicable laws and regulations.
Finally, you always have the right to lodge a complaint with your local data protection authority regarding our processing of your data. For more information, please contact your local data protection authority (for example, the Office of the Data Protection Ombudsman in Finland).
We may update this notice from time to time, for example due to changes in our operations or the legal obligations that apply to us. Updates will be made available here. We may also notify of changes by other means that are appropriate to the significance of the changes.