Data Protection Policy
NayaDaya Inc. is collecting, analyzing, publishing, and distributing emotion and behavior data on the contexts of brands, news, and phenomena among consumers, employees, and citizens, for example. We follow the General Data Protection Regulation (EU) 2016/679 (“GDPR”) in processing of personal data.
Name: NayaDaya Inc.
Business ID: 2775123-4
Address: Hatanpään valtatie 24, 1. krs
33100 Tampere, Finland
2. Contact person for registration matters
Name: Timo Järvinen
Address: Hatanpään valtatie 24, 1. krs.
33100 Tampere, Finland
Phone number: +358 40 505 7745
3. The personal data processed, purpose of data processing, legal basis and sources of information
As a controller NayaDaya processes the following personal data of its clients and potential clients:
NayaDaya’s service is implemented in a manner that the service itself does not contain personal data and NayaDaya is not a controller of personal data in relation to its clients.
4. Storage of personal data
Personal data of the customers is stored for the duration of the customer relationship and for three years after its termination, after which the data will be filed, unless there is a legal obligation for a longer storage period.
For the purpose of new customer acquisition, the data of the data subjects shall be reviewed on an annual basis and the data that is not necessary to store, shall be deleted.
5. Controllers of personal data
The controller may use sub-controllers to support their business and to provide their goods and services. In relation to sub-controllers, the contractual obligations under the GDPR shall be applied.
The controller shall provide information of the used sub-controllers, if necessary.
6. Transfers and disclosures of the personal data
We will only forward your data to providers or storage locations in countries outside the European Union to the extent that such is necessary to process orders and perform contracts. If personal data is transferred outside the EU/EEA, we ensure that the personal data is transferred in accordance with the applicable law, for example by ensuring that the recipient of the data participates certification schemes (including the EU-US Privacy Shield).
7. Principles of protection of the personal data
Only employees who are authorized to process personal data on behalf of their work are entitled to access the customer data system. Access to workspaces is restricted. The data is collected to documents in a technical environment protected by firewalls, passwords and other up-to-date technical means. The data is regularly backed up to a cloud-service protected with access control and firewalls.
8. The rights of data subjects
A data subject has the right to verify the data concerning the data subject herself/himself that is stored in the filing system. Contacts concerning the right to verify must be submitted in writing and signed. Contact information concerning the request are given in section 1.
A data subject has the right to request correction of the data concerning her/him that is stored in the filing system, if the data is incorrect. The request for correction must be submitted in writing and signed. Contact information concerning the request are given in section 1.
A data subject has the right to forbid the controller from processing the data concerning her/him for direct advertising, distance selling and other direct marketing as well as market and opinion poll or other purposes. Contact information concerning the ban are given in section 1. The controller has the right to refuse such request, if it would prevent the delivery of the goods and services of the controller.
A data subject has the right to request that personal data concerning her/him is deleted from the filing system. Contact information concerning the ban are given in section 1. The controller has the right to refuse to execute the data deletion, if it would prevent the delivery of the goods and services of the controller or if it would be unlawful.
A data subject always has the right to make a complaint to the data protection authority, which in Finland is Data Protection Ombudsman.
Use of the NayaDaya’s service requires the acceptation of cookies by the end user. The end user has always a possibility to not accept cookies or prevent their use completely from her/his browser settings. The end user may always remove cookies by clearing cache of her/his browser.
Page specific cookies:
Page specific cookies are created in connection with emotional reactions. The data of the emotion is stored to cookie and by means of it, providing several emotional expressions are prevented in the same context and others answers are shown in connection with reload. Page specific cookie is valid at most one month.
DeviceID is encrypted browser-specific identifier, which is valid for five years. Cookie is stored in NayaDaya®-cloud service with the emotion. Cookie is not customised. It enables monitoring of given emotions from the same browser, but it does not identify the person or device. By means of cookie, expressing emotions repeatedly to the same question can be prevented.
Cookies are installed only if the end user accepts the installation of cookies. By means of cookies the device or the user of the device cannot be identified afterwards and cookies do not contain, for instance, any kind of device identifier or IP address from which the emotional reaction or answer is given. Identity, used and created by NayaDaya, does not comprise such link or identifier, that the emotion data could be restored to the end user’s device and if the end user removes cookie from the used cache of the browser, the possible new cookie does not link to the previous cookie. Therefore, NayaDaya does not process cookies to identify the device or the user of the device or does not connect the emotion data to the personal data.
Use of the NayaDaya application requires always the acceptation of cookies. NayaDaya admins its own measuring points, where the visit requires always the acceptation of cookies. In the websites of clients, using NayaDayas service, cookies must be accepted page specific seperately. Each client admins its own cookie practice.
10. Google Analytics
NayaDaya also uses Google Analytics -service to collect general information i.a. operating time of websites, keystrokes of links, geographical locations, browsers and operating systems (using ”The Google Analytics tag” integration). Google Analytics may use IP addresses. Data of the Google Analytics is used to common monitoring and developing of the NayaDaya-emotion application. Data of the Google Analytics cannot be connected to emotion data.