The purpose of these Data Processing Rules is to provide to the natural person (data subject) information about the purpose, scope and security of personal data processing, timeline of the processing, rights and protection of the data subject, carried out when processing personal data of the data subject in Peero App.
Peero is the next generation tool for involvement, motivation, feedback and gamification for company employees, staff and students of educational institution, or any other group of persons (hereafter, Peero Activities). The Website and the Phone App ensures Peero App, helping the participants of the group to take part in Peero Activities, as well as to administer, organize and document such Peero Activities and data related thereto.
The data controller in charge of the processing of personal data specified herein, shall be the User of Peero App, who, when applying for Peero App in the log-in page of the website https://www.peero.app/, shall obtain the rights to administer the functions of the Administrator or shall otherwise enter and process data in Peero App (hereafter, the Controller). If you do not agree to the procedure of data processing described herein and are not ready to undertake the liabilities of the Controller described in these Data Processing Rules, you should not apply for the status of the User with Administrator functions of Peero App described herein and should not use Peero App in such status.
The personal data processor shall be SIA DPA, reg. No 40003351675, address: Kr. Valdemara Street 21-19, Riga, LV – 1010, Latvia, telephone: +37167509900, e- mail: (hereafter, the Processor). Should you have any questions regarding processing of your personal data, please contact us, by writing to: .
Should you have any questions regarding personal data processing, please contact the Controller or the Processor, using the contact details specified in these Data Processing Rules, or, with respect to the Controller – the contact details known to you personally.
Only correspondingly appointed and duly authorized employees of the Processor and SQUALIO Group companies shall have access to your data, by means of their user ID and personal password in the relevant systems.
Personal data processing shall be necessary for the fulfilment of the Agreement, where the data subject – the User is the contracting party to, or for taking measures, upon request of the User, prior to the conclusion of the Agreement, as well as during the fulfilment of the Agreement. The Controller shall assess the possible impact on the rights and freedoms of a person and shall ensure that the processing of personal data does not adversely affect the rights and freedoms of a person.
The Controller, when exercising its interests to use Peero App, shall carry out personal data processing, based on the consent of the data subject, in order to:
The aggregated personal data shall be processed in accordance with the principles laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereafter, the Regulation).
Categories of data subjects, whose personal data is processed by the Controller:
Categories of personal data processed by the Controller:
The Controller shall obtain personal data from the data subjects, by ensuring that all formalities prescribed by laws and regulations for legitimate obtaining of data are arranged for and the consents of data subjects for data processing in Peero App in accordance with the terms and conditions of the Agreement are received.
Where the Controller involves children in the use of Peero App, the Controller shall be fully liable that such a child is at least 13 years of age or, if the child is under 13 years of age, the consent of parents of the child as the data subject or his/her lawful custodian is received in accordance with the provisions of the Regulation for the use of Peero App and processing of data of the child in Peero App. The Controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology.
Data may be transferred to the third persons insofar, as it is necessary for ensuring technical operation of Peero App and the fulfilment of contractual liabilities pertaining to Peero App. Third persons shall undertake not to disclose and not to use data for any other purposes, as well as to observe the data processing and privacy rules described herein and other instructions of the Controller.
The Controller may transfer persona data to the following categories of personal data recipients:
The Processor shall receive from the Controller only such scope of personal data as is necessary for the fulfilment of a particular task.
The Processor shall process personal data only according to the instructions of the Controller and shall not use them for any other purposes, as well as shall not transfer personal data to other persons without prior consent of the Controller.
The Controller shall store personal data for as long as it is necessary, in order to:
The Processor shall store personal data in Microsoft Azure system, in Europe, for as long as it is necessary, in order to:
Data transfer outside the European Union may be carried out only in coordination with the Controller.
The Controller and the Processor shall take due care to ensure that personal data are secure at all times, as well as that the processing thereof is carried out in accordance with the applicable norms of law and the best practices.
To ensure that only persons duly authorized thereto have access to personal data, as well as to prevent unauthorized personal data processing, the Controller and the Processor shall apply various technological and organizational procedures, helping to ensure appropriate protection for the processed personal data.
To ensure appropriate personal data processing, a person shall have several rights possible to be exercised with respect to personal data processing.
Access to personal data
A person shall have the right to request information about the processed personal data related to a person.
Right to rectification of personal data
Where a person considers that the processed personal data is not correct, complete or relevant, a person shall have the right to request updating or rectifying his/her personal data.
Right to object to and restrict personal data processing
A person shall have the right to object to and request the restriction of personal data processing, if a person considers that at least one of the following conditions exists:
Upon receipt of objections of the person, the Controller shall cease or restrict personal data processing, unless the Controller is able to justify the processing by corresponding and proportionate interests based on laws and regulations, or it is impossible to exercise the rights of the person, if it requires taking disproportionately complex technical and organizational measures.
A person shall have the right to request erasure of his/her personal data, if a person considers that at least one of the following grounds exists:
Upon receipt of objections of the person, the Controller shall assess them and shall erase personal data, unless the Controller is able to justify the processing by corresponding and proportionate interests based on laws and regulations, or it is impossible to exercise the rights of the person, if it requires taking disproportionately complex technical and organizational measures.
Should you wish to exercise your rights or incur any questions or complaints with respect to personal data processing, please contact the Controller or the Processor, via the contact details specified in these Data Processing Rules.
The Controller and the Processor shall use information to be provided by a person, in order to review the complaint of the person and to send the answer to the person once the complaint is reviewed.
The Controller and the Processor shall ensure the fulfilment of the requirements of data processing and security in accordance with laws and regulations, however, in the event of objections, should the particular issue not be resolved with the Controller and the Processor, the person shall have the right to lodge a complaint with the data processing supervisory authority – Data State Inspectorate (Blaumana Street 11/13, Riga, e-mail address: ).
Where the Processor incurs reasonable concerns or becomes aware of information that the Controller fails to observe the duties prescribed by these Data Processing Rules, the Processor shall be entitled to refuse further access to Peero App to the Controller and the Users related thereto, by disconnecting all access options to the system, and to terminate the Agreement.
*Unless prescribed otherwise in these Data Processing Rules, the terms used herein correspond to the definition thereof as provided for in the Terms and Conditions of Use of Peero App.
This wording of the Data Processing Rules shall take effect in March 2020.