Data Protection Policy
NayaDaya Analytics Inc. is collecting, analyzing, publishing, and distributing emotion and behavior data on the contexts of employers, transformations, M&A processes, projects, sustainability, brands, news, and phenomena among employees, customers, consumers, and citizens, for example. We follow the General Data Protection Regulation (EU) 2016/679 (“GDPR”) in processing of personal data.
1. Controller
Name: NayaDaya Analytics Inc.
Business ID: 2775123-4
Address: Åkerlundinkatu 8, 33100 Tampere, Finland
E-mail: petri.jarvinen@nayadaya.com
2. Contact person for registration matters
Name: Petri Järvinen
Address: Åkerlundinkatu 8, 33100 Tampere, Finland
Phone number: +358 45 238 5537
E-mail: petri.jarvinen@nayadaya.com
3. The personal data processed, purpose of data processing, legal basis and sources of information
As a controller NayaDaya Analytics processes the following personal data of its clients and potential clients:
NayaDaya Analytics’s service is implemented in a manner that the service itself does not contain personal data and NayaDaya Analytics is not a controller of personal data in relation to its clients.
4. Storage of personal data
Personal data of the customers is stored for the duration of the customer relationship and for three years after its termination, after which the data will be filed, unless there is a legal obligation for a longer storage period.
For the purpose of new customer acquisition, the data of the data subjects shall be reviewed on an annual basis and the data that is not necessary to store, shall be deleted.
5. Controllers of personal data
The controller may use sub-controllers to support their business and to provide their goods and services. In relation to sub-controllers, the contractual obligations under the GDPR shall be applied.
The controller shall provide information of the used sub-controllers, if necessary.
6. Transfers and disclosures of the personal data
We will only forward your data to providers or storage locations in countries outside the European Union to the extent that such is necessary to process orders and perform contracts. If personal data is transferred outside the EU/EEA, we ensure that the personal data is transferred in accordance with the applicable law, for example by ensuring that the recipient of the data participates certification schemes (including the EU-US Privacy Shield).
7. Principles of protection of the personal data
Only employees who are authorized to process personal data on behalf of their work are entitled to access the customer data system. Access to workspaces is restricted. The data is collected to documents in a technical environment protected by firewalls, passwords and other up-to-date technical means. The data is regularly backed up to a cloud-service protected with access control and firewalls.
8. The rights of data subjects
A data subject has the right to verify the data concerning the data subject herself/himself that is stored in the filing system. Contacts concerning the right to verify must be submitted in writing and signed. Contact information concerning the request are given in section 1.
A data subject has the right to request correction of the data concerning her/him that is stored in the filing system, if the data is incorrect. The request for correction must be submitted in writing and signed. Contact information concerning the request are given in section 1.
A data subject has the right to forbid the controller from processing the data concerning her/him for direct advertising, distance selling and other direct marketing as well as market and opinion poll or other purposes. Contact information concerning the ban are given in section 1. The controller has the right to refuse such request, if it would prevent the delivery of the goods and services of the controller.
A data subject has the right to request that personal data concerning her/him is deleted from the filing system. Contact information concerning the ban are given in section 1. The controller has the right to refuse to execute the data deletion, if it would prevent the delivery of the goods and services of the controller or if it would be unlawful.
A data subject always has the right to make a complaint to the data protection authority, which in Finland is Data Protection Ombudsman. More information can be found at https://tietosuoja.fi/en/home.
9. Use of cookies in connection with NayaDaya Analytics’s services
Use of the NayaDaya Analytics’s service requires the acceptation of cookies by the end user. The end user has always a possibility to not accept cookies or prevent their use completely from her/his browser settings. The end user may always remove cookies by clearing cache of her/his browser.
Page specific cookies:
Page specific cookies are created in connection with emotional reactions. The data of the emotion is stored to cookie and by means of it, providing several emotional expressions are prevented in the same context and others answers are shown in connection with reload. Page specific cookie is valid at most one month.
Browser-specific cookie:
DeviceID is encrypted browser-specific identifier, which is valid for five years. Cookie is stored in NayaDaya® Analytics -cloud service with the emotion. Cookie is not customised. It enables monitoring of given emotions from the same browser, but it does not identify the person or device. By means of cookie, expressing emotions repeatedly to the same question can be prevented.
Cookies are installed only if the end user accepts the installation of cookies. By means of cookies the device or the user of the device cannot be identified afterwards and cookies do not contain, for instance, any kind of device identifier or IP address from which the emotional reaction or answer is given. Identity, used and created by NayaDaya Analytics, does not comprise such link or identifier, that the emotion data could be restored to the end user’s device and if the end user removes cookie from the used cache of the browser, the possible new cookie does not link to the previous cookie. Therefore, NayaDaya Analytics does not process cookies to identify the device or the user of the device or does not connect the emotion data to the personal data.
Use of the NayaDaya Analytics application requires always the acceptation of cookies. NayaDaya Analytics admins its own measuring points, where the visit requires always the acceptation of cookies. In the websites of clients, using NayaDaya Analytics's service, cookies must be accepted page specific seperately. Each client admins its own cookie practice.
NayaDaya Analytics requests its clients to use at least the following cookie notice and highlights, that the end user must always have an explicit possibility to accept or decline the use of cookies:
”This website uses NayaDaya® Analytics -service, which collects emotional reactions or answers to the contents that is presented on the website. Use of service requires use of cookies. Page specific cookies are created in connection with emotional reactions. The data of the emotion is stored to cookie and by means of it, many emotional expressions are prevented in the same context and others answers are shown in connection with reload. Page specific cookie is valid at most one month. Browser-specific cookie (DeviceID) is encrypted browser-specific identifier, which is valid for five years. Cookie is stored in NayaDaya® Analytics -cloud service with the emotion. Cookie is not customised. It enables monitoring of emotions that are given from the same browser, but it does not identify the person or device. Cookies do not contain personal data of the website user and by means of them it is not possible in any situation to identify an individual person or individualise the device that the browser is used. By accepting the use of cookies you give a permission to install cookies to your browser. You can always remove cookies by clearing the cache of your browser. Additional information: https://www.nayadaya.com/privacy-notice."
10. Google Analytics
NayaDaya Analytics also uses Google Analytics -service to collect general information i.a. operating time of websites, keystrokes of links, geographical locations, browsers and operating systems (using ”The Google Analytics tag” integration). Google Analytics may use IP addresses. Data of the Google Analytics is used to common monitoring and developing of the NayaDaya Analytics -emotion application. Data of the Google Analytics cannot be connected to emotion data.