This notice explains how Rovio Entertainment Limited (referred to as “we” in this document) collects, stores, uses, or otherwise processes the personal data those who view or interact with our web-based augmented reality experiences (referred to as “you” in this document), and what rights you have if we are processing your personal data. It is important that you read this notice so that you are aware of how and why we may use your data.
In this notice, “Experiences” refers to our web-based augmented reality experiences.
By “data controller,” we mean an entity that determines how and why personal data is processed. With regard to the activities described in this notice, we are the data controller. Our company name is Rovio Entertainment Limited. Our address is Keilaranta 7, FI-02150 Espoo, Finland.
We may have created some Experiences in collaboration with a third party. In these cases, a link to the third party’s website or other property may be provided in the Experience. If you navigate to and interact with a third party’s property, they may collect and process data about you. We do not control this use of data and are not responsible for it. For more information, please review the third party’s privacy notice.
In matters related to this notice, you can reach us by email at privacy@rovio.com.
We have also designated a Data Protection Officer (“DPO”) to oversee our data protection related matters. If you have any questions or concerns about the way we use your data, you may contact our DPO by email at dpo@rovio.com.
Based on our legitimate interest to make sure our Experiences are the best they can be, we may process your data:
We do not use your data to make automated decisions which significantly affect you. By an “automated decision,” we mean a decision made by an information system without any human intervention.
In connection with the Experiences, we may process the following data relating to you:
We do not collect any of your personal details such as name, email address, or phone number or any photos or video you create or share in connection with the Experiences. We also do not process any special categories of data relating to you. By special categories of data, we mean genetic, biometric or health information, information revealing racial or ethnic origin, sex life or sexual orientation, political opinions, religious or philosophical beliefs or trade union membership, or information about your criminal offences or convictions.
Our Experiences use cookies. A “cookie” is a small file your browser stores when told to do so by a website. Cookies are typically used to identify or “remember” your device, for example to enable functionality, improve performance, or store your preferences. Our Experiences use cookies to improve performance (for example, to cache content locally to improve subsequent loading times). These cookies are technically necessary to deliver the Experiences to you. We also use a cookie for analytics purposes. The analytics cookie is associated with the data we collect as discussed above. You can use the Experiences without analytics cookies by selecting this option when launching the Experience. You can also control the use of cookies using your browser settings, for example by disabling some or all cookies or configuring your browser to notify you when cookies are being set. However, please consider that disabling cookies may affect your ability to use the Experiences.
We collect data directly from your interaction with our Experiences.
We may share your data with third parties to achieve the purposes described in this notice. This may include sharing data with the following types of recipients:
While we currently store data on servers located in the European Union (“EU”), your data may be transferred to or processed in countries outside of the EU and the European Economic Area (“EEA”). These countries may have data protection laws that differ from the laws of your country. In these cases, we will provide appropriate safeguards to protect your personal data as required by applicable laws and regulations. These safeguards may include compliance with the European Commission’s standard contractual clauses for transfers of personal data or reliance on the EU-US Privacy Shield framework. Upon request, we can provide you a copy of the European Commission’s standard contractual clauses and further details on the applicable safeguards.
We will keep your data for as long as necessary to achieve the purpose(s) for which it was collected, including compliance with any legal, accounting, or reporting requirements. Currently, we keep your data for up to six months. We may continue to use data that is not identifiable to you (for example, de-identified or aggregated data) after the applicable retention period.
We have adopted measures to provide your data a level of security appropriate for the degree of risk involved with the processing activities described in this notice. These measures are designed to protect your data against accidental or unlawful destruction, loss, or alteration as well as unauthorized disclosure or access. The specific measures we employ include, for example, encryption in transit and at rest as well as limiting access to data to those who need it.
If we are processing your data, you have the right to:
To exercise any of your rights, you may contact us at privacy@rovio.com. To fulfill your request, we need to confirm your identity to verify your right to make the request, which may involve requesting additional information from you. While we will usually not do so, we reserve the right to charge an appropriate fee from you for the exercise of your rights where permitted by applicable laws and regulations.
Finally, you always have the right to lodge a complaint with your local data protection authority regarding our processing of your data. For more information, please contact your local data protection authority (for example, the Office of the Data Protection Ombudsman in Finland).
We may update this notice from time to time, for example due to changes in our operations or the legal obligations that apply to us. Updates will be made available here. We may also notify of changes by other means that are appropriate to the significance of the changes.