The purpose of these Data Processing Rules is to provide to the natural person (data subject) information about the purpose, scope and security of personal data processing, timeline of the processing, rights and protection of the data subject, carried out when processing personal data of the data subject in  Peero App.

Peero is the next generation tool for involvement, motivation, feedback and gamification for company employees, staff and students of educational institution, or any other group of persons (hereafter, Peero Activities). The Website and the Phone App ensures Peero App, helping the participants of the group to take part in Peero Activities, as well as to administer, organize and document such Peero Activities and data related thereto.

  1. Information about the controller and the processors

The data controller in charge of the processing of personal data specified herein, shall be the User of  Peero App, who, when applying for Peero App in the log-in page of the website, shall obtain the rights to administer the functions of the Administrator or shall otherwise enter and process data in  Peero App (hereafter, the Controller). If you do not agree to the procedure of data processing described herein and are not ready to undertake the liabilities of the Controller described in these Data Processing Rules, you should not apply for the status of the User with Administrator functions of Peero App described herein and should not use Peero App in such status.

The personal data processor shall be SIA DPA, reg. No 40003351675, address: Kr. Valdemara Street 21-19, Riga, LV – 1010, Latvia, telephone: +37167509900, e- mail:  (hereafter, the Processor). Should you have any questions regarding processing of your personal data, please contact us, by writing to: .

Should you have any questions regarding personal data processing, please contact the Controller or the Processor, using the contact details specified in these Data Processing Rules, or, with respect to the Controller – the contact details known to you personally.

By accepting these Data Processing Rules, you agree that the Processor, in order to provide you with the availability and functionality of Peero App, shall be entitled, at its own discretion, to attract to the processing of your data the employees of SQUALIO Group companies. It shall be the duty of the employees of the Processor and other attracted employees of SQUALIO Group companies having access to personal data to process such data in accordance with  Peero App Data Processing Rules, the provisions of the Privacy Policy of the Processor and instructions of the Processor, only for the purposes referred to herein and to improve the service quality.

Only correspondingly appointed and duly authorized employees of the Processor and SQUALIO Group companies shall have access to your data, by means of their user ID and personal password in the relevant systems.

Goal and purposes of personal data processing

​Personal data processing shall be necessary for the fulfilment of the Agreement, where the data subject  – the User is the contracting party to, or for taking measures, upon request of the User, prior to the conclusion of the Agreement, as well as during the fulfilment of the Agreement. The Controller shall assess the possible impact on the rights and freedoms of a person and shall ensure that the processing of personal data does not adversely affect the rights and freedoms of a person.

The Controller, when exercising its interests to use Peero App, shall carry out personal data processing, based on the consent of the data subject, in order to:

  • promote the motivation to cooperate among the Users of Peero App,
  • promote more active involvement of the Users Peero App in joint processes,
  • implement peer-to-peer cooperation,
  • raise feedback-oriented culture,
  • create positive cooperation and corporate culture,
  • create the sense of belonging to organization or community in the Users of Peero App,
  • emphasize the fundamental values of organization or community,
  • introduce gamification elements in the cooperation environment.

The aggregated personal data shall be processed in accordance with the principles laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereafter, the Regulation).

  1. What data is processed?

​Categories of data subjects, whose personal data is processed by the Controller:

  • Users of Peero App

Categories of personal data processed by the Controller:

  • Identification data of the User – name, surname, photo,
  • Contact details and login-in data – e-mail.

The Controller shall obtain personal data from the data subjects, by ensuring that all formalities prescribed by laws and regulations for legitimate obtaining of data are arranged for and the consents of data subjects for data processing in Peero App in accordance with the terms and conditions of the Agreement are received.

Where the Controller involves children in the use of Peero App, the Controller shall be fully liable that such a child is at least 13 years of age or, if the child is under 13 years of age, the consent of parents of the child as the data subject or his/her lawful custodian is received in accordance with the provisions of the Regulation for the use of Peero App and processing of data of the child in Peero App. The Controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.

  1. Transfer of personal data

​Data may be transferred to the third persons insofar, as it is necessary for ensuring technical operation of Peero App and the fulfilment of contractual liabilities pertaining to Peero App. Third persons shall undertake not to disclose and not to use data for any other purposes, as well as to observe the data processing and privacy rules described herein and other instructions of the Controller.

The Controller may transfer persona data to the following categories of personal data recipients:

  • Personal data processors,insofar, as it is necessary for ensuring technical operation of Peero App and the fulfilment of the liabilities under the Agreement for the purposes specified in these Data Processing Rules.

The Processor shall receive from the Controller only such scope of personal data as is necessary for the fulfilment of a particular task.

The Processor shall process personal data only according to the instructions of the Controller and shall not use them for any other purposes, as well as shall not transfer personal data to other persons without prior consent of the Controller.

  1. Duration of data storage

​The Controller shall store personal data for as long as it is necessary, in order to:

  • ensure the use of Peero App,
  • administer the preferences and rights of a person exercised in accordance with these Data Processing Rules,
  • maintain common statistical data on the Users in Peero App.

The Processor shall store personal data in Microsoft Azure system, in Europe, for as long as it is necessary, in order to:

  • fulfil the requirements for ensuring technical operation of Peero App and for the fulfilment of the contractual liabilities. Upon termination of contractual liabilities, the Processor shall delete data within the period of 90 (ninety) days.

Data transfer outside the European Union may be carried out only in coordination with the Controller.

  1. Security of data

​The Controller and the Processor shall take due care to ensure that personal data are secure at all times, as well as that the processing thereof is carried out in accordance with the applicable norms of law and the best practices.

To ensure that only persons duly authorized thereto have access to personal data, as well as to prevent unauthorized personal data processing, the Controller and the Processor shall apply various technological and organizational procedures, helping to ensure appropriate protection for the processed personal data.

  1. Rights of a person

​To ensure appropriate personal data processing, a person shall have several rights possible to be exercised with respect to personal data processing.

Access to personal data 

A person shall have the right to request information about the processed personal data related to a person.

Right to rectification of personal data 

Where a person considers that the processed personal data is not correct, complete or relevant, a person shall have the right to request updating or rectifying his/her personal data.

Right to object to and restrict personal data processing 

A person shall have the right to object to and request the restriction of personal data processing, if a person considers that at least one of the following conditions exists:

  • personal data is inaccurate,
  • data processing is unlawful,
  • personal data is not needed for the Controller to implement its interests,
  • a person considers that the right to data protection overrides the interests of the Controller.

Upon receipt of objections of the person, the Controller shall cease or restrict personal data processing,  unless the Controller is able to justify the processing by corresponding and proportionate interests based on laws and regulations, or it is impossible to exercise the rights of the person, if it requires taking disproportionately complex technical and organizational measures.

Rights to erase your personal data

​A person shall have the right to request erasure of his/her personal data, if a person considers that at least one of the following grounds exists:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (for example, a person is no longer interested in taking part in the use of Peero App),
  • the personal data have been unlawfully processed,
  • the person objects to the personal data processing.

Upon receipt of objections of the person, the Controller shall assess them and shall erase personal data, unless the Controller is able to justify the processing by corresponding and proportionate interests based on laws and regulations, or it is impossible to exercise the rights of the person, if it requires taking disproportionately complex technical and organizational measures.


  1. Where to address possible questions and complaints?

​Should you wish to exercise your rights or incur any questions or complaints with respect to personal data processing, please contact the Controller or the Processor, via the contact details specified in these Data Processing Rules.

The Controller and the Processor shall use information to be provided by a person, in order to review the complaint of the person and to send the answer to the person once the complaint is reviewed.

The Controller and the Processor shall ensure the fulfilment of the requirements of data processing and security in accordance with laws and regulations, however, in the event of objections, should the particular issue not be resolved with the Controller and the Processor, the person shall have the right to lodge a complaint with the data processing supervisory authority  – Data State Inspectorate (Blaumana Street 11/13, Riga, e-mail address: ).


  1. Liability

​Where the Processor incurs reasonable concerns or becomes aware of information that the Controller fails to observe the duties prescribed by these Data Processing Rules, the Processor shall be entitled to refuse further access to Peero App to the Controller and the Users related thereto, by disconnecting all access options to the system, and to terminate the Agreement.

  1. Changes in the Data Processing Rules

​In the event of introduction of material changes in these Data Processing Rules, you will be notified thereof.

*Unless prescribed otherwise in these Data Processing Rules, the terms used herein correspond to the definition thereof as provided for in the Terms and Conditions of Use of Peero App.

This wording of the Data Processing Rules shall take effect in March 2020.