PRIVACY STATEMENT AND GDPR 7.7.2024
PRIVACY STATEMENT VALIDITY
This Privacy Statement has been checked and approved on 7.7.2024. All Users should familiarise themselves with it, carefully, and revisit it regularly to learn of new updates.
PROCESSING OF PERSONAL DATA IN ROUNDBUY SERVICE
RoundBuy (Service Provider) processes all personal data with care and safety in relation to the Service and the customer (User), and thus is committed to protecting the privacy of the Users in accordance with the following legislation:
EU General Data Protection Regulation (GPDR),
Act on Electronic Communications Services (Laki sähköisen viestinnän paveluista 917/2014)
and other applicable legislation.
In addition RoundBuy complies with industry’s self-regulation guidelines.
Purpose of Processing Personal Data
We collect and process personal data from the Users for the purposes explained below:
In order to provide and improve our services and Service.
In order to make the user experience more personal on the Service.
In order to contact you in relation to your user account and membership and advertisement.
In order to provide help and customer service.
In order to provide advertising solutions and personalised advertisements.
In order to prevent, find and investigate fraudulent and illegal activity.
In order to organise our legal obligations such as accounting.
In order to have reliable and Service, and the continuity of the system (backups).
We also share your personal data with third parties, for the expounded purposes, and to fulfil our contract or agreement with you.
Processed Personal Data
The Service Provider collects and processes mainly User provided information and identifiers or information that identifies the User particularly, such as:
Personal Identifiers: our name, address, phone number, email address.
Demographic data: Age, sex, title, work etc.
Registration data: such as username, password or other identifiers.
Payment Data: Social security number, date of birth, tax ID, company ID and VAT number.
Commercial Information: payment information, invoicing, product information, customer feedback, membership plans, termination of account, interests categories from user
permissions and consents, contacts, chat content.
Customer Service Exchange: possible chats, emails and phone calls (customer service) between User and the Service Provider. We may process recordings of calls.
Service Action Information: information that is collected through your actions in the Service, which linked to your account e.g. favourites, searches and interests. Browsing
history data. Also IP address, session identifiers, session duration and time, operating system. Also device location information, as GPS coordinates if User has given permission.
Professional data: occupation, business contact information.
Analytical Data: possible interests of the User collected through analytics when using the
Service. Also User’s access time, language settings, and web log information. Model of device used, operating system, device identifiers, cookie-related data.
Geolocation Data: User location data including IP address, but also if permission granted
more precise location of the User’s mobile device. In the settings menu this can be chosen in most mobile devices.
Information from User’s Device: for example time zone, language settings, cookie
preferences operating system or similar information etc.
Sensitive Personal Data: Social security number, driver’s license, or bank card etc. Also contact info as phone number and email address.
It is noteworthy that we do not collect all of the data of each above type of data from users, but we may collect all of them, or some of them mainly in the use of the Service.
Reasons for Retention and for Processing Personal Data
The personal data we collect and retain, are processed on different grounds and purposes of use, which are divided in categories below:
Consent Reason: It is necessary to retain and process User’s personal data based on the consent the User has provided. For example when communicating with the User via chat or email, or making offers of our services, we do these in accordance with the User consent preferences.
Statutory and Legal Reasons: Certain personal data has to be retained for legal or officials
reasons, such as legal compliance, accounting, taxation and auditing purposes, but also to detect and prevent fraud and illegal activity. Some data is also retained for resolution of disputes between Users.
Contractual Reasons: For contractual reasons we process information that is essential and
necessary so that we can provide the Service. This could be personalisations of the Service, and certain contact and other information necessary. Therefore as the User starts using the Service we provide, the personal data of the User is processed in accordance with the contract between User and Service provider.
Service Reasons: The continuous improvement, safety development, maintenance and
quality of performance of the Service requires retention of personal data. This is essential in order to provide uninterrupted Service. For instance we protect and safeguard our online Service, so that the User can have a better user experience. We thrive to develop and improve our Service, the quality and features, so that the data security measures are always upheld as high as possibly.
Business Reasons: Some data is processed and retained in order to constantly develop and
make the business more efficiently, while at the same time providing better platform for our Users. Users should rest assured, as we minimise the use of personal data.
Combining of Personal Data
The combining of personal data is done as follows: (1) the ones received when automated system observes the use of the Service by the User (derived and observed data), and (2) randomly generated identifier data, which are combined together. It is noteworthy that the combining of the aforementioned personal data is done so that the User cannot be identified from them personally. In
addition we can gather some data from social media, but it is not combined with other data expounded int this Privacy Statement.
Protection of Personal Data
Our selection of means consists of the following technical and personnel or staff measures. Technical measures include: virus protection, firewalls, secure rooms for equipments, encryption programs and technologies. Personnel or staff measures include: instruction of usage for personnel involved (in processing, collecting, retention), secure access control, control of granting and supervision of administrative user rights.
In addition all the partners, and subcontractors are chosen with care, and they have to consent on the same regulations.
Personal Data Retention Duration
The retention of personal data is done only as long as necessary to fulfil the purpose of use, of personal data, and for the Reason for Retention and for Processing Personal Data (please see above). These activities are always done in accordance with valid legislation, and are expounded below, and for each the retention period is 7 years maximum if not law require otherwise:
Data Relating to Account (also Deletion of Account): we store user history and contact information through out the active membership period. Also data on activity in the platform (buying, selling, renting etc.), and subscriptions are retained. In the case of terminated membership, we retain data max 7 years. Notably, user can delete his own account, but the Service Provider will retain mentioned data nevertheless for the duration if possible.
Data Relating to User Preferences: This data is retained for maximum of 7 years.
Data Relating to Accounting: In order to conduct our accounting or other necessary and
compulsory legal functions, in accordance with legislation, we retain the required personal data. For accounting the receipts, invoices or similar for maximum 7 years of its creation. It is noteworthy that for these reasons we retain also some part of the deleted user account personal data.
Data Relating to Marketing: For marketing purposes we can retain personal data, such as
name, contact details, phone number, occupation, age or gender for various online marketing reasons for the maximum of 7 years.
If the User requires it, it can be possible to arrange faster deletion time for the User’s personal data, but the User might have to pay for the task, depending for the time required and difficulty of the task.
Handling of Location Data
The Service provided doesn’t require that the User provides the user location data for example the precise location of the device. However, location-based services could improve and enhance the user experience, if the User has given the permission to the use of location data with the User device.
The location data is provided by the GPS technology after the consent of User. It is possible to change these settings from the device at any time. The approximate location of the device can also be estimated from the IP address of the device, if the User has approved targeting advertising.
The Service has been designed so that it is not necessary to use precise geo-locations or trackers, as the location can be set manually by dragging and dropping the “map-pin” or marker to appropriate place, which indicates the place of the chosen marketplace, the location where the User wants to make the business transactions.
Get more Information on Personal Data Processing
Please email to Service Provider should you have some more questions.
Email (link)
Register Statement (link) Privacy Staement (link) Cookie Policy (link)
PROCESSING OF PERSONAL OF THIRD PARTIES AND BUSINESS PARTNERS Sources of Collecting User’s Personal Data
The personal data is collected from the User by the following ways: (1) registration, (2) membership plan payment, and (3) during active membership as a User; in addition (4) with cookies and similar devices, some observational data on service usage is collected; (5) social media, from the company maintained Facebook page, we collect visitor data (more info from Facebooks data protection description).
Personnel Who Processes User’s Personal Data
Service Provider processes your data according to this Privacy Statement, through automatic systems, the data the User have provided, or we have automatically collected. The personnel have the appropriate training to process and handle the personal data safely according to the legislation.
Furthermore, if we use subcontractors same rules and legislation binds them as the Service Provider, through the contracts or agreements. Some of the responsibilities of our subcontractors: development of the application and homepage (the Service), storage and safety of data, consultation of the functionality and technical improvements, management and maintenance of physical infrastructure, google optimisation and analytics, payment traffic, advertising, and various marketing research and solutions.
Data Procession Inside EEA
Service Provider holds data in European Economic Area only (EEA), but with some provisions in United States of America and United Kingdom. The Service Provider has no data transfer elsewhere. The data procession is done inside EEA, to maintain the highest standards, but should we transfer data outside EEA, we would ensure an adequate level of personal data security and protection. However, even then we would use the same Privacy Statement modelled on European Union legislation, as an operational basis, and would not lower standards.
Transfer of Personal Data to Third Parties
Situation where we can give the User’s personal data to third parties include the following:
Advertising: Observed User data can be disclosed to advertising partners in order to target advertise, and sell advertisements, or to measure and develop advertising services, to improve the safety and prevent fraud. Advertising partners may not combine this data with the identified Users personal data without consent.
Surveys and Scientific Studies: To some surveys studying customer opinion or markets or
similar, disclosing data is possible in accordance with law.
User has Given Consent: The User data can be disclosed to our partners in the cases the User has given us consent to the electronic direct marketing. Furthermore, companies that collect receivables can receive user data.
Change of Company Ownership: If the company is re-organised for example through merger, selling or buying, or if the Service Providers business is re-organised in some other way, the personal data of User can be disclosed to the new ownership.
Authorities: If demanded we can disclose personal data of a User to authorities, government agencies and officials if required by legislation.
Release of personal data to third parties can be done if the User has given consent to, or there exist forcing legal basis for the disclose.
It is noteworthy we do not give in any form, nor sell or rent, recognised Users personal data or information to third parties otherwise.
Collection of Personal Data by Another Party
Notably, third parties can have their own cookies for number of visits or other statistics that are generated while User visits our Service with the User’s device. Examples of such are precise geo- location or tracking services used by Google Maps, and advertising solutions etc.
Google Maps can collect information about the Users in accordance with its privacy protection terms. All Users are encouraged to check the community service terms and conditions should they require additional information.
The Service Provider works to ensure that these third parties comply with the legislation and industry guidelines and if possible through contracts and agreements.
Please note we are not responsible in any way of the privacy practices of any other site, even if a link appears on our web site.
Use of Cookies in the Service
The User can manage the Users’s browser-based cookies by adjusting the settings of the used device browser. Some common device browsers are Firefox, Chrome, Safari and Internet Explorer.
With the cookies and similar devices Service Provider collects personal data of the Users. Such data as: precise device location, used system, or use of services. Cookies are small morsels of data created by the browser, as User is browsing a website, which is then stored to Users device by the User’s browser. Also a unique anonymous identifier is usually stored, which can help to study the way the User uses the Service.
Service Provider’s Cookie Policy is viewable here: (link).
Privacy Conditions when Using Applications
The mobile applications we offer to the User, are subject to the following: (1) this Privacy Statement, (2) the terms and conditions of the respective Service Provider.
All Users should ensure they act in accordance with the privacy conditions, and should familiarise themselves regularly to their change.
The mobile application is offered for: mobile phone, tablets, and for Apple and PC computers. The application can be downloaded from the Service, and from the online application shops, se below.
The respective application shops are here listed with a link to their terms and conditions: Google Play (link here)
Apple Store (link here)
Microsoft Store (link here)
USERS PRIVACY RIGHTS Note when Accessing your Data
Users should note we shall make commercially reasonable efforts to identify the personal information of the User, from the collected, processed, archived or disclosed or otherwise available data, and to provide the Users answers if they should require them.
However, we do reserve the right to charge a reasonable fee, or even decline to act upon a request, if its too big or too difficult to fulfil. In that case, we shall explain the reason for it. In addition, the Users requiring help in these matters, should note they must identify themselves to us first, so we know the User is the specific User verifiably, and not someone else, and only then we can act. If however, the request to access data appears suspicious we shall decline to proceed.
Privacy Rights of Users In accordance to the Data Protection Regulation
In accordance to the Laws and legislations the Users of RoundBuy have the following Privacy Rights:
Right to Access: User have right to request that we disclose the personal data what we have collected, processed, discloses or otherwise used. We reserve 60 days for the handling of request to access of personal data.
Right to Transfer: The Users have right to request a personal data transfer from one system to another. We reserve 60 days for the handling of transfer of personal data.
Right to Correct: Users have right to request a correction of the personal data we have collected or processed of them. There are some exceptions to this, for example legislative grounds. We reserve 60 days for the handling of correction of personal data.
Right to delete: Users have right to request a deletion of the personal data we have collected or processed of them. There are some exceptions to this, for example legislative grounds. We reserve 60 days for the handling of deletion of personal data.
Right to Opt Out of Sale: User have right to opt-out of the Sale of their personal information. This includes the transfer of personal data to third parties in exchange of money or other similar valuable.
Right to Opt Out of Sharing: Users have the right to opt-out of the Sharing of your personal information. This, sharing, includes the transfer of personal data to third parties for cross-context behavioural purposes of advertising. Such data could be: IP address, device identifies. Should the User wish to exercise it, the User has right to deny us from sharing or use their personal data for cross-context behavioural advertising purposes.
Right to get information on Personal Data breach: In case of a high risk personal data breach the User has right to get information about it.
Right for Non Automatic Decision: the right not to be subject to a decision based solely on automatic processing, if the decision has legal effects concerning the User, or affects the User in a similar way significantly.
Right to Cancel the Consent of processing personal data: If the User wishes to exercise it, the User has right to revoke the consent given on processing of their personal data.
Right to Issue a Complaint about the Processing: A complaint about the processing of personal data can be made in the web page of the Office Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). This is the governmental office for the officer who monitors the legality of processing of personal data.
Change of Privacy Statement
Please note that the Service Provider thrives to constantly improve and develop the Service, and must therefore reserve the right to change this Privacy Statement. In addition changes in legislation will also cause the change of this Privacy Statement.
Possible changes will be announced in the Service under the Help Center Announcement board, or in some other page on the Service. Therefore it is very important that a User gets intimately familiar with this Privacy Statement document regularly, and if in doubt or requiring information otherwise, contacts RoundBuy customer service without delay.
Contact Information
If you have any other questions or concerns about the Privacy Statement or Cookies Policy, please do not hesitate to contact our staff through the Help Center, and issue a request or a reclamation. All demands on privacy rights, are to be made via email.
For Additional Information
Please contact the Administrator via Help Centre.
The legality of personal data processing is monitored by the Data Protection Commissioner’s Office. If you desire to contact the office, the contact information can be found here (link).
Finland: https://tietosuoja.fi/en/home United Kingdom: https://ico.org.uk/
Please do not register, nor give your credit or debit cards details on the page. You are using VISITOR password and username. Furthermore do not provide any other personal details on the page also. You have all the functionalities on your use with this user ID. If entering payment page (when “paying memberships”), do not proceed any further, as you are asked payment details. Thank you.