Data Processor’s Privacy Statement
Last updated (Effective Date): February 27, 2023
HappyOrNot® is a pioneer of instant customer feedback. As a Service Provider we process Personal Data sometimes as a “Controller” and sometimes as a “Processor”. This Data Processor’s Privacy Statement is meant for the cases where HappyOrNot® processes Personal Data as a “Processor”, i.e., on behalf of our customers. If you want to know when and how HappyOrNot® processes your Personal Data as a “Controller”, please refer to our Privacy Policy at www.happy-or-not.com/en/privacy-policy/.
Processor’s details
HappyOrNot Ltd (“HappyOrNot Oy”, “HappyOrNot”, “We”, “Our” “Us” or “Processor”)
Åkerlundinkatu 11 A, 33100 Tampere, Finland.
Processor’s Data Protection Officer (DPO)
Victor Shekera
+358504777988
Purpose of processing of Personal Data by HappyOrNot
In order to enable certain features of HappyOrNot’s Service for its customers, HappyOrNot processes Personal Data of customers’ clients (data subjects) on behalf and according to the instructions given by the customers. HappyOrNot acts as a Processor for its customers and Customers are the Controllers.
Type of information we process
HappyOrNot processes its customers’ clients’ feedback or survey information, including statistical demographics data (i.e., approximate age and gender) and customers’ clients’ request to contact them, e.g., their name, phone number and email address.
Retention Period
Customers’ clients’ Personal Data will be automatically deleted from HappyOrNot’s databases/servers after sixty-five (65) days. For historical or analytical purposes, instead of deleting customers’ clients’ Personal Data, HappyOrNot may anonymize it, i.e., all identifying information will be deleted, which in turn will make any identification of a natural persons impossible.
Data Security
HappyOrNot has implemented appropriate administrative, physical, technical, organizational, and other security measures to protect against unauthorized access to, destruction, loss, unavailability, or alteration of customers’ clients’ Personal Data.
Data Subjects Rights
HappyOrNot processes customers’ clients (data subjects) Personal Data on behalf and according to the instructions given to us by our customers. Customer is the Controller of your Personal Data and HappyOrNot is the Processor. If you want to know how HappyOrNot’s customers process your Personal Data, please refer to customer’s Privacy Policy (also known as “Privacy Statement”, “Privacy Notice”, “Data Protection Notice” or “Data Protection Policy”) and contact the customer directly, if necessary.
As customer’s client (data subject), you have the right to withdraw your consent at any time. You also have the right of access, rectification, erasure (“right to be forgotten”), right of restriction of processing, right of objection, right to have a copy of your data, as well as the right to complain to the relevant Data Protection Authority. You can exercise these rights by contacting the Controller or relevant Data Protection Authority.
Sharing and transfer of your information outside EU/EEA*
HappyOrNot uses servers located within the territory of EU/EEA. Some of our service providers (subcontractors/sub-processors) or their support functions, which enable the proper functioning of service by HappyOrNot, are located within EU/EEA and some outside of EU/EEA. When we use service providers (subcontractors/sub-processors) or their support functions within EU/EEA or outside of EU/EEA, we use appropriate legal mechanisms (EU-approved standard contractual clauses, adequacy decisions or similar arrangements) to ensure the same level of protection for processing of Personal Data. Any processing of Personal Data by our service providers (subcontractors/sub-processors) or their support functions within EU/EEA or outside of EU/EEA is always with the written authorization from our customers (Controllers).
* For USA citizens/residents. If/when your Personal Data is transferred outside the USA, your Personal Data will be processed with the appropriate security safeguards, protocols, audits, and contractual provisions (where applicable) to ensure the same level of protection for your Personal Data (PII – Personally Identifiable Information).