The purpose of this Privacy Note is to provide the natural person (data subject) with information about the purpose of the processing of personal data, the scope, protection, duration of processing, the rights and protection of the data subject by processing personal data of the data subject within Peero App under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation) (hereafter – Regulation).
Peero is the next generation tool for involvement, motivation, feedback and gamification for company employees, staff and students of educational institution, or any other group of persons (hereafter, Peero App). Peero App is owned by SIA Peero, reg.No. 50203329221, address: Kr. Valdemara Street 21-19, Riga, LV-1010, Latvia, telephone: + 371 67509900, e-mail: firstname.lastname@example.org.
The Controller responsible for the processing of this personal data is the legal entity or educational institution which is the administrator of the Peero community (hereafter, the Controller), member of which has requested for your feedback.
The Processor is SIA Peero, reg.No. 50203329221, address: Kr. Valdemara Street 21-19, Riga, LV-1010, Latvia, telephone: + 371 67509900, e-mail: email@example.com (hereafter, the Processor).
Due to necessity of sub-processing of data within the Peero App the Controller has authorised Processor to process its data via the following sub-processors for the following activities:
Microsoft Corporation – Peero App is using Microsoft Azure Services for hosting (Standard Contractual Clauses (SCCs) are used as a lawful transfer mechanism if personal data is transferred outside of the EU).
Only duly appointed and appropriately authorised employees of the Controller and the Processor can access data through their own user ID and personal password in the respective systems. Personal data included in Peero App shall be made available to other data processors solely in beforehand informing about that the Controller.
If you have any questions regarding processing of your personal data, please contact the Controller or the Processor by using the contact details provided in this Privacy Note.
The processing of personal data is based on the legitimate interests of the Controller. The Controller shall assess the possible impact of the Peero App on the rights and freedoms of the person and shall ensure that the legitimate interests of the Controller in the processing of personal data do not adversely affect the rights and freedoms of the person.
When exercising its legitimate interests, the Controller intends to process personal data in order to:
The personal data collected shall be processed in accordance with principles established by the Regulation.
Categories of data subjects whose personal data are processed:
Categories of personal data processed by the Controller (set of core data required for the operation of the Peero App):
Within the Peero App feedback it is prohibited to include and process:
The primary responsibility of the Controller shall be to establish for what purposes and to what extent the External contact data may be transferred to processors.
Likewise, the data may be transferred to third parties in so far as it is necessary for the technical operation and support of the Peero App, and for fulfilment of the contractual obligations pertaining to this application. The third parties shall undertake not to disclose or use the data for any other purpose and to comply with the data privacy rules established by this Privacy Note and other instructions of the Controller.
The Controller may transfer the personal data to the following categories of personal data recipients:
The Processor shall receive from the Controller and process only the amount of personal data that is necessary for the performance of the specific task.
The Controller shall keep External contact personal data for up to 3 months to:
The Processor shall keep the personal data in the Microsoft Azure system for up to 3 months to:
The Sub-processors shall have access to and process the personal data made available to them by the Processor and they shall process them according to the tasks assigned on them by the Processor:
Processor and Sub-processors will delete data also upon request of the Controller.
All other data submitted by the External contact will be irreversibly anonymized after 3 months from the day when the feedback was received to ensure that the External contact data are not processed for longer than necessary.
The Controller and the Processor shall ensure that personal data are always secure and that the processing thereof is carried out in accordance with applicable laws and best practices.
In order to ensure that personal data can be accessed only by authorized persons and to prevent unauthorized processing of personal data, the Controller and the Processor shall use various technological and organisational procedures and measures, which assist in providing adequate protection for the processed personal data.
To ensure proper processing of personal data, a person has number of rights that can be exercised with regard to the processing of personal data. To exercise your rights, please contact the Controller or the Processor by using the contact details indicated in this Privacy Note.
Access to personal data
A person has the right to ask for information about personal data related to him/her being processed.
Rights to rectify personal data
If a person considers that the personal data processed are incorrect, incomplete or are inappropriate, the person shall be entitled to ask for his/ her personal data to be restored or corrected.
Rights to object and restrict processing of personal data
When processing personal data on the basis of legitimate interests of the Controller, the person shall be entitled to object and ask to restrict the processing of personal data if he/she considers that at least one of the following conditions exists:
Upon receipt of an objection from a person, the Controller will discontinue or limit processing of personal data, unless the Controller can substantiate such processing with appropriate and proportionate legitimate interests it has or carrying out of the rights of a person is not possible as it requires performance of disproportionately complex technical and organisational measures.
If a person wants to exercise his /her rights, questions have raised, or person has complaints concerning processing of personal data, please contact the Controller or the Processor by using the contact details indicated in this Privacy Note.
Controller and Processor will use the information submitted by the person to examine the person’s complaint and respond to the person as soon as the complaint is reviewed.
The Controller and the Processor shall ensure compliance of the that data processing and protection with the statutory requirements; however in case of objections, if the particular question is not resolved with the Controller or the Processor, the person shall be entitled to contact the data processing supervisory authority – the Data State Inspectorate (Elijas Street 17, Riga, Latvia, e-mail: firstname.lastname@example.org).
Controller and Processor shall be liable for losses incurred by the data subject as a result of processing of the personal data contrary to the order established hereby, other terms agreed by the Controller and the Processor, as well as in cases provided for by the Regulation and other applicable data protection laws.
The Processor shall be liable for losses of the data subjects only in so far as it concerns compensation liability related to data processing hereunder.
You can find the latest version of the privacy note each time you receive a feedback request.