Privacy Policy of the Service

Last updated: 01/09/2023

Your privacy is important to us

Protecting your personal data and privacy is of utmost importance to us. We are committed to respect your privacy and protect the personal data you give us.

This Privacy Policy applies to the Someturva service, through which you can get help and support if you have encountered an unpleasant situation, such as bullying, harassment or intimidation, on social media, online or elsewhere.

The processing of personal data in the service is necessary for us to provide our service and to help you when you face bullying or harassment. Our service is designed to meet the requirements of data protection legislation and data security.

This Privacy Policy applies not only to users of the service, but also, where applicable, to persons who may be identified from a situation reported to us by a user.

This Privacy Policy has been translated from its original Finnish version which was updated on 22.3.2023.

Data controller and contact information

Somis Enterprises Oy (Someturva)
Business-ID: 2837159-1
Köydenpunojankatu 2 D,
00180 Helsinki
info@someturva.fi

Someturva is the data controller under data protection legislation. Someturva is responsible for ensuring that personal data is processed in accordance with this Privacy Policy and applicable data protection legislation. If you have any questions about the processing of personal data, we will be happy to help you.

What is personal data?

Personal data means information about a person, such as you, from which the person can be directly or indirectly identified. The concept of personal data is very broad in law. In addition to your name or address, it can basically be any piece of information that makes it, either individually or by combining it with some other piece of information, possible to identify that the information concerns you.

What information do we process?

We process personal data that is necessary for the purposes described in this Privacy Policy.

(1) When you log in for the service

When you log in to the service, we process:

  • The contact information you use to sign in to the service, i.e. your phone number or email address
  • The activation code you use to indicate your access right to the service

With your phone number or email address, we create you an anonymous user account. The contact information is stored in an external secure vault, which allows us to handle cases anonymously in the service.

The activation code lets us know the community that pays for the service, such as a municipality, learning community or organisation. We cannot tell who the individual user is from the activation code.

(2)  When you report a case

When you ask us for help on the service, we process:

  • Description of the case given by you, including, but not limited to:
    - your age
    - the age of the suspected offender
    - description of the situation
    - estimated time
    - consequences and/or harmful outcomes
    - the social media where the situation happened
    - other parties involved
  • Someturva's assessment and advice on how to resolve the situation and other information related to resolving the case

Although we need accurate information about what happened, we do not ask for your name, where you live or any other information that could identify the parties. The only identifying information we ask you to give is age. The age of the parties can have a major impact on the legal assessment of the situation.

Use of the service is completely voluntary and we will handle the case you report to us on the basis of the information you give us. Therefore, it is not necessary to provide all the personal data listed above, but the extent of the information may affect how well we are able to help you.

(3) Cookies

In addition, we may process personal data related to cookies on the service. Cookie information may include, for example:

  • IP address
  • electronic communication identification data
  • browser and operating system information

A separate Cookie Policy applies to the use of cookies. The purpose of using cookies is not to identify individual users, but to improve the user experience. However, if an individual can be identified from them, the data will be processed in accordance with this Privacy Policy.

From where do we collect the information?

You give us the information yourself when you log in to the service or report a case to us.

Representatives of an organisation can also report to us about a situation that someone else, such as a student or an employee, has encountered. We have no interest in identifying the individuals involved and we instruct the representatives of the organisation to describe the situation anonymously so that the individuals involved cannot be identified.

How do we use personal data and on what basis?

We can use personal data for the purposes listed below. We only process personal data where there is a legal basis for doing so.

If the processing is based on our legitimate interest, we have ensured that your right to privacy is protected by assessing and weighing the legitimate interest using the balance test in accordance with the Office of the Data Protection Ombudsman’s instructions. If you would like to have more information on the legitimate interest assessment and balancing test, please contact us.

(1) Providing the service

We process personal data so that we can handle the case you report to us, assess your situation from a legal and psychological point of view, help you resolve the situation in the best possible way and protect your information from unauthorised access.

  • The basis for processing personal data for this purpose is your consent.
  • Even if you are under 13, the processing is based on your consent. Under the applicable data protection legislation, the consent of a parent or guardian is not required when providing preventive or counselling services directly to a child (GDPR, recital 38). Our service is such a counselling service for resolving incidents of harassment and bullying.
  • You have the right to cancel your consent to the processing of your personal data at any time by contacting us (see more under "What are your rights?"). Please note, however, that cancelling consent while we are still handling your case means that the case is no longer being handled, as it is not possible without personal data.
  • Representatives of an organisation can report to the service about a situation taking place in the organisation but concerning a person other than the user themselves. In this context, the processing of personal data (other than the user’s) is based on a legitimate interest in providing advice to organisations to resolve harassment and bullying situations where it is not possible to provide such advice without processing personal data. Especially, when it comes to the service provided for school communities, there is also a broader public interest in addressing and resolving abusive situations against children and young people online.

(2) Service development

We process personal data to improve the service. Here, the processing of personal data is primarily based on our legitimate interest to teach the artificial intelligence the service employs and to improve the user experience, the service, the expertise of our professionals, and the data security. Only pseudonymised or fully anonymised data will be used to teach AI.

When you give us information about your case and its consequences that concern your health or well-being, the processing of personal data is always based on explicit consent. We will only use this information for service development with your permission.

How long do we keep your information?

We will only store your personal data for as long as it is necessary to fulfil the purposes set out in this Privacy Policy.

As a rule, we will keep the personal data you have given us as long as it is necessary for handling the case you have reported to us. At the latest two years after the last contact with a user, we will delete or anonymise the data.

Who handles your information?

At Someturva, your personal data will be handled only by persons who have a work-related need and the right to do so. When you report a case in the service, it will be received and processed by Someturva's Emergency Unit. The experts of the Emergency Unit are under an obligation to keep your information confidential.

We may use subcontractors and service providers, for example, for technical maintenance and development of the service. Subcontractors and service providers work for us and do not have independent access to personal data. They may not use your information for any purposes other than the ones we have specified to carry out the purposes described above.

Do we share personal data to third parties?

We will not disclose your information to third parties. The only exceptions are:

  • if it is required by law, for example, to respond to a summons or in connection with legal proceedings; or
  • if we are involved in a merger, acquisition or other business transaction.

Do we transfer your data internationally?

As a priority, we only process data within the European Economic Area (EEA). Exceptions are IT service providers related to the functioning of our service (sending verification code, error monitoring and use statistics), which may transfer data outside the EEA, such as to the United States.

Where we use such services to handle your information, we use accepted standard safeguards, such as standard contractual clauses (SCC) adopted by the European Commission, whereby our service provider commits to appropriate data protection measures to safeguard your personal data.

How do we protect your information?

We pay strong attention to data protection and security in the design, production and maintenance of our services.

We have appropriate technical, administrative and physical security measures in place to protect your information from loss, destruction, misuse and unauthorised access.

We restrict access to personal data only to the appointed employees and persons contracted to us who have an essential work-related need and the right to handle the personal data in question and to the service providers who can process the data only in accordance with our instructions. We require our subcontractors to process personal data with confidentiality and to ensure the adequate level of security to protect personal data. All persons who have access to personal data are bound by confidentiality obligations.

We continuously implement data protection and security, for example by training our staff and regularly reviewing our compliance with data protection legislation and good data security practices.

What are your rights?

You have the right to:

  • Request access to your own personal data
  • Withdraw consent to the processing of personal data
  • Request correction of inaccurate or incorrect personal data
  • Request restriction of processing of your data
  • Request the erasure of your personal data
  • Object to the data processing based on our legitimate interest
  • Receive your personal data in a machine-readable format and transfer the data to another controller, provided that you have given us the personal data in question
  • File a complaint with the competent supervisory authority (in Finland, the Office of the Data Protection Ombudsman)

The above requests should be sent to our customer service by e-mail to: info@someturva.fi.

Changes and updates

We are constantly developing our services. As a result, we may need to change and update this Privacy Policy. Changes may also be based on changes in legislation. If we make changes to this Privacy Policy, we will update the new version of it on our website with the date of the update.