XES NETWORK - MOBILE APPLICATION DATA PROTECTION NOTICE


Effective Date: 1.1.2020


Xes Network and Helsinki Entrepreneurship Society Ry operating it (“we”, “us” or “our”) places the highest value on protecting the personal data of our members and users of our digital services (“Member”, “User”, “you” or "your"). This Data Protection Notice ("Notice") explains how we collect, use, disclose, safeguard and retain your personal data when you interact with Xes, e.g. by attending our events, or by using our digital services, such as this mobile application (“Application”) and/ or our web service ("Service", Notice or Service alone or both together, depending on the context, also "Offering").


We are committed to processing your personal data in accordance with all applicable laws. European Union general data protection regulation (EU 2016/679) is the primary data protection enactment applicable to our Offering and processing of your personal data. 


Please read this Notice carefully. If you do not agree with the terms and content of this Notice, you should not join Xes Network as a member and you must stop using our Offering immediately.


OUR ROLE AS DATA CONTROLLER AND CONTACTING US


We are the controller of your personal data. Therefore, we are responsible for the processing of your personal data and we define the purposes and means for the processing. Our identification and contact information are as follows:


Helsinki Entrepreneurship Society Ry

Ratapihantie 13, Helsinki

00520

Helsinki, Finland


Isa Hiltunen, Chair of Board, isa.hiltunen@myy.haaga-helia.fi


Use the above contact information to reach us if you have any questions or requests related to your personal data or the processing of it.


YOUR ROLE WHEN USING OUR OFFERING 


You may access and use our Offering in three manner, namely as: 


  1. Guest: You can access some areas of our Offering without signing up as a registered Xes Member. However, if you provide us with your personally identifiable data, e.g by signing up to our events, subscribing to our mailing list, joining our social media groups, etc. you are personally identifiable by us and your data can be processed according to principles stated in this notice. If you access our Digital Offering through a single device, which is exclusively in your possession, you could be indirectly identified e.g. by a 3rd party with access to other identifying data sources, such as your device serial number, mobile network identifiers, and personal data associated with them. For example, your mobile operator and legal authorities might have such data collection and combination capabilities. Due to e.g. these 3rd party capabilities we will consider all Pseudonymous User data as personal data and protect it as such. To learn more about the ways and conditions how 3rd parties, such as mobile network operators and legal authorities, can collect the necessary data to identify you personally, we recommend you to review your mobile operator’s privacy policies and privacy laws of your country.
  2. Registered Xes Members With a Hidden profile in Xes Network: To access restricted content in our Offering and enjoy full membership rights in Xes, you need to sign-up as a registered member. Registration of your personal data is required during the sign up process and your personal data will be stored into our membership database. Registered member with a hidden profile is identifiable by Us, but your personal data is not visible, or accessible to others in Xes Network beyond what you reveal about yourself during your interactions with them.
  3. Registered Xes Members With a Public profile in Xes Network: If you want to have a public membership profile which is visible to others in Xes Network you need to create a member profile and set it as public. Your public profile is identifiable by Us, and your personal data is visible to other users of the service who have access to groups you are associated with. If you wish to prevent others seeing your personal data, use your personal settings to hide your profile or ask your group manager to remove you from the groups you no longer wish to be associated with.


As all Users are at least indirectly identifiable to us, we will comply with applicable data protection legislation for all our Users. Our data record consists of the personal data of the Users belonging to any of the three above described user categories. Your profiles and your interactions with other users has implications to the quality and culture of this service. Therefore We as a service provider reserve the rights to use your personal data to uphold quality of the service and enforce code of conduct. We are obliged by the law and by contracts with 3rd parties to prevent abuse, spread of inappropriate content, and criminal use of this service to infringe copyright, or national security laws. To find out more about the particular rules and code of conduct applicable to your country of residency, please refer to our terms of service, the terms of service your Internet Service Provider, Network Operator, and your country’s privacy legislation.



OUR PERSONAL DATA COLLECTING METHODS


We may collect your personal data in a variety of ways. Depending on your activities related to the Offering (e.g. becoming a registered member), you may be required to personally actively submit to us your personal data. This may occur e.g. through completing and submitting a digital form in any of our Offering interfaces available to you (i.a. in connection with registering your membership with Us) or answering a questionnaire. 


We may also collect your personal data in connection with your using of the Offering (i.a. related to your use of chat or any other interactive communication feature of the Offering). 


Furthermore, our servers automatically collect your personal data of technical nature when you access or use the Offering (i.a. software versions, phone model and timestamps) or of your native actions that are integral to the Offering features (i.a. the number of messages you have sent and received, or other data based on your similar interactions with the Offering or with other users of the Offering).  


Finally, in order to function as intended, the Application (but not the Service) will require the access to the following mobile phone features, some of which are technically used as part of the above defined personal data collection methods:



If you wish to change our access or permissions, you may, circumstances allowing do so in your device’s settings. However, please note that changing our access or permissions may cause limitations or complete denial of your access and use to the Offering. 



PERSONAL DATA WE COLLECT AND PROCESS 


When you use Xes Network Mobile Application we will collect and process the following personal data of you:




If you are a Registered Member, we will collect and process all of the above data and in addition the following personal data of you:



NOTE ABOUT COMMUNICATION AND CONTENT: Message and voice communication are protected by data encryption. We do not monitor the content of the communication between our users and voice calls are not recorded or stored by us. Therefore you are solely responsible for the relationships you establish in the Offering. We advise you not to provide any confidential information if you do not trust the other party in the Offering. Chat history remains accessible on both participating Users' device and on our servers needed for the message content relay. In certain circumstances, e.g if demanded by us by legal authorities pursuing legitimate criminal investigation, Us and 3rd parties are technically capable of breaking the encryption of the private messages, access their content, and at least indirectly identify their senders and receivers personally.

 


YOUR CONSENT TO US


Some of the above personal data provided to us by you may contain personal data belonging to special categories ("Sensitive Personal Data"). When you access the Offering the first time, you provide us with your explicit consent for processing your Sensitive Personal Data. 


Further instructions and remarks on your consent and withdrawing it are below in this Notice.


LAWFULNESS OF PROCESSING OF YOUR PERSONAL DATA 


Our processing of your personal data is based on:


  1. Contractual relationship between you and us (the contract is executed when you accept our service terms and conditions as a necessary precondition for your access to and use of the Offering); and/or
  2. Consent received from you for:
  3. The processing your Sensitive Personal Data; or
  4. Sending you electronic direct marketing.


You may at any time withdraw the consent to which the processing of your Sensitive Personal Data or our electronic direct marketing to you is based on by contacting us with the above contact information.


Please note, that subject to our sole decision, withdrawing of your consent may make the provision of our Offering to you more limited or impossible and lead to:



PURPOSES OF USES OF YOUR PERSONAL DATA


We process your personal data for maintaining Xes Membership & guest registry; to perform our administrative duties; to enforce rules of the association and code of conduct of the community; to report about the society and promote its membership base to current and potential sponsors & supporters; to comply with relevant legal obligations; to provide you with this Offering and to fulfill our contractual obligations and rights towards you. We may also process your personal data for the development of the Offering as well as our other products & services and conduct statistical analyses, scientific & academic studies.


Your personal data can also be used to provide you with personalized content and communication (including personalized push notifications to your mobile device) as part of the Offering. This content and communication may include, but is not limited to, event information, personalized recommendations, customer relations communication, marketing, feedback and research. However, we will not send you electronic direct marketing without your consent. If you receive undesirable content, or you are unhappy about the frequency of messaging, please do not hesitate to contact Xes community managers, so that we can improve the relevancy of the content together with you. You can use the privacy settings of your mobile device to control the notices you receive from us, by for example disabling push notifications, or by switching off sound alerts for the notices. To fully ensure your privacy, you can also uninstall the application at any time.


Personal data processing for the above-mentioned purposes may involve profiling. However, it will never include solely automated decision-making that would produce legal (or other similarly serious) effects for you.


DISCLOSURES AND INTERNATIONAL TRANSFERS


At times we may need to share your personal data with sponsors, supporters, and partners of our society, e.g Haaga-Helia, Startup School, Helsinki Business College, City of Helsinki, LaureaEs, etc, and with legal authorities. Such sharing does not occur regularly, but should it be necessary, for example in hosting a joint event, we will share only the smallest possible amount of your personal data, and always within the limits of applicable legislation and in proportion to the task we set out to accomplish.


We may also transfer your personal data to third parties (e.g. subcontractors) who process your personal data on behalf of us for the purposes described in this Notice. One such example is Mesensei Oy, which develops the software used in provision and hosting of the Offering. With subcontractors we do not release your personal data from our control. We enforce the data confidentiality with contractual agreements with our processors.


As we operate internationally, due to technical and practical data processing requirements your personal data may be processed by our subcontractors located outside the European Union or European Economic Area (including Switzerland). Countries to which your personal data may be sent to or accessed from may have a data protection standard differing from the country in which you are situated. However, in all such personal data transfer situations, the processing of your personal data shall be in accordance with applicable legislations and our data processing policies and instructions. 


Due to rarity of available EU Commission data protection adequacy decisions, EU Commission standard contractual clauses (of type controller to processor, EU Commission decision 2010/87/EU) would be used as appropriate and suitable safeguards for these data transfers. Alternatively, we may rely on EU/US-Privacy Shield arrangement. Copies of the standard contractual clauses shall be available through the contact details mentioned above.


SECURITY


We and our processors use organisational and technical measures to protect your data and privacy according to standards and requirements set in European Union General Data Protection Regulation (EU 2016/679). These measures include data encryption and role based limitations to access any personal data.


USE OF COOKIES


To improve your experience on our site, we may use small text files known as cookies ‘cookies’, which your browser stores locally on your computer.


Cookies are an industry standard and commonly used by most websites. A cookie is a small text which, which is used as a tool to remember your interactions and preferences on our website. You can prevent the use of cookies from your web browser privacy settings, but please be noted that our site might not function correctly.


You might be particularly interested to know which 3rd party services and cookies we use. Please be noted that our site uses Google Analytics, which helps us to understand our website traffic and usage of this site. We use this data to improve the site functionality to make it more appealing to our different customer segments and to you individually.


While we do not have the direct capability to identify individual users visiting our site, or associate your IP address to you personally, it is possible that other parties, like Google and your Internet Service Provider has access to other data sources which can be used to identify you personally. Google Analytics is registered in United States and statistics about our website traffic data is sent to Google servers in the United States.


If you have any privacy concerns related to our use of cookies, our partners or data transfers to United States, please take appropriate measures with your privacy settings.


YOUR RIGHT TO OBJECT PROCESSING


At any time, you have the right to object the processing of your personal data for direct marketing purposes and unsubscribe (opt-out) yourself from any direct marketing of us. If you do not wish us to process your personal data or receive communication associated with our Offering, stop using the Mobile Application and Uninstall it from your device.


YOUR OTHER RIGHTS


At any time, you have also the following rights: 



Also, at any time, you have the right to:



To use your rights, contact us with the contact information provided above. 


RETENTION PERIOD OF YOUR PERSONAL DATA


As a standardwe retain your personal data for 36 months after the termination or expiration of the contract between us. Your personal data will be anonymized or permanently deleted after the this period, however, allowing us always additional limited time period necessary for the technical execution of the deletion or anonymization. 


The above retention rule is always subject to differing requirements possibly included in any mandatory laws applicable to your personal data, its processing and the Offering. Therefore, in some cases, your personal data retention period may be shorter or longer than the above-mentioned. 


Notwithstanding the above, the retention of your personal data may always be extended due to our existing or imminent need to establish or exercise legal or administrative claims or defend us against legal or administrative claims related to your personal data, its processing and the Offering.


PROVISION OF YOUR PERSONAL DATA 


Provisioning your personal data to us is voluntary but necessary for you to proceed with the access and use of the Offering. Failing to provide us with your personal data prevents or may prevent us from providing you with access to Offering or enabling your use of Offering.


VALIDITY OF AND UPDATES TO THIS NOTICE


This Notice is valid until further notice beginning from Effective Date. 


We reserve the right to make changes to this Notice at any time and for any reason. We will alert you about any changes by updating the “Effective Date" of this Notice. You should therefore periodically review this Notice to stay informed of updates.


You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Notice by your continued use of the Offering after the then current Effective Date.