# MOPRIM OY
## Data Privacy Statement for Green Team Finland
Using your data appropriately is important to us. Privacy officer contact details are
Porvoon Akilles ry, c/o Privacy Officer, c/o Alkemax Oy, Terhi Järvikari, Sannaistenkatu 8 06100 Porvoo, Finland
Moprim Oy, c/o Privacy Officer, Lautatarhankatu 6, 00580 Helsinki, Finland
### Purpose of Collection
Moprim Oy, a limited liability company incorporated in Finland (reg number FI27324425), having its registered address at Lautatarhankatu 6, 00580 Helsinki, Finland (hereinafter referred to as "Moprim") and Porvoon Akilles ry, association registered in Finland (reg number FI06699529) (hereinafter referred to as "Akilles") are providing you a smartphone application Green Team Finland for mobility measurement (hereinafter referred to as the “App”), with which you (hereinafter also referred to as the “User”) can measure and track your movements, your modalities and your mobility during your everyday activities, join communities (hereinafter referred to as “Community”), where you can share your movement data with the Community, within the framework of these General Terms and Conditions (hereinafter referred to as “Terms”), as well as take advantage of other services from Moprim and Akilles and their partners (hereinafter referred to in general as the “Service”).
### Description of the App
The App has been developed to provide new insights into mobility behavior and to collect relevant key data, such as modalities or transport volumes, as well as to identify centers of use for individual means of transport. The data recorded and corrections of modalities help us to improve the quality of the methods by which we determine this key data, and thereby improve the App itself.
### Collection Methods for Movement Data
The App collects user’s modes of transport and location data when needed. Collected data is used to build daily travel chains and for estimating modes of transport and routes in a longer period. The development of user’s modes of transport can be evaluated based on collected data.
When you start using the App, Moprim’s technology will collect smartphone’s acceleration sensor and possibly gyroscope- and other sensor data for resolving the mode of transport, and location data. Based on the collected data distance and travelled routes can be solved and your mobility profile can be built.
App also collects your smartphone model number, operating system version number, App version number, location data and mode of transport, and transfers them to Moprim cloud. Moprim cloud service uses the data to build travel chains and may combine information from public transportation services and builds map presentation of the travel chain to be presented in the App.
### Type and Scope of Data Collected
The following list provides an overview of the data collected (only collected if the sensor is available on the smartphone model and the service requires the data to be collected):
User identification data
+ Username and e-mail address
+ Other voluntarily registration information for registering through the app, for example name, nickname and phone number
+ Location data and precision (GPS, Wi-Fi, cellular network location)
+ Acceleration values (determined by sensors in smartphone)
+ Gyro sensor values (determined by sensors in smartphone)
+ Barometer / air pressure data (determined by sensors in smartphone)
+ Magnetometer (determined by sensors in smartphone)
+ Movement activities from operating system
+ Detection reliability (confidence) for movement activities
+ User agent device type, operating system version, app version
### Processing Movement Data
After being recorded by the app, data is transmitted via Wifi and/or mobile data connection to Moprim cloud service, where it is saved in a databank. The main used cloud service is Amazon AWS. Transmission of data recorded by the app occurs exclusively through encrypted procedures. The use of the Amazon AWS cloud service happens primarily in the EU/ETA region.
### Saving Data in the App
App might save data to the phone, but mainly uploads updated data to the cloud service.
### Disclosure of the information to third parties
Our products and services may be provided using resources and servers located in various countries around the world. Therefore your personal data may be transferred across international borders outside the country where you use our services, including to countries outside the European Economic Area (EEA). In such cases we ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law, for example, by using standard contractual clauses for the transfer of personal data of the European Parliament and of the Council (where necessary) and by requiring the use of other appropriate technical and organizational information security measures.
Apart from Hosting Providers, we may disclose your personal data to third parties provided:
+ the disclosure is reasonably necessary to provide you with the services. We may, for example, share your name and contact details with a Community Owner of a Community which you want to join and use so that the Owner knows you will be using their services and will be able to contact you directly. When you have joined the Community, you have given consent to disclose the information to the Community and Community Owner;
+ the disclosure is reasonably necessary for us to be able to enforce our Terms of Service;
+ the disclosure is reasonably necessary for the purposes of detecting and preventing fraud or security breaches;
+ the disclosure is made at the request of a public authority;
+ the disclosure is made in accordance with applicable law.
If we decide to sell, buy, merge or otherwise reorganize our businesses in certain countries, this may involve us disclosing personal data to actual purchasers and their advisers.
We may share non-personal data or anonymized statistical data to selected third parties.
We may share or sell anonymized mobility data to third parties.
### Storing of your personal data
As most other service providers, we store and process your personal data (if any) on third party servers (” Hosting Providers”). The Hosting Providers we have chosen enable us to keep your data mostly in the European Economic Area. If we transfer some personal data outside of European Economic Area, we ensure that such transfer is effected in a manner which is compliant with Data Protection Law. Those third party servers are protected by physical as well as technological security devices. By using our services, you give us consent to store, process and transfer your personal data (if any) outside of your country of residence to the countries where our Hosting Providers are located. Your personal data is stored for no longer than is necessary for the purposes for which the personal data is processed.
Your profile and the related data will be removed immediately when you remove your profile from our service. All other personal data will be anonymized or removed permanently, regularly at least once a year, unless applicable legislation, relating to for example consumer protection, periods for filing suit or accounting, otherwise necessitates. Such data retention obligations typically last for 3-10 years. If we store some of your personal data longer, for example for statistical or research purposes, we always ensure the anonymization of data.
### Data Security
We limit access to our databases containing personal data to authorized persons having a justified need to access such information.
+ We use industry standard security mechanisms to protect the collected personal data. All collected personal data is stored in protected databases located behind a firewall and with both physical and software-based access controls provided by our Hosting Provider.
+ We pseudonymize and encrypt the personal data
When developing our services, we can introduce new or alternative data security measures to protect your data.
In the event of a physical or technical security incident, Moprim has the ability to restore the availability and access to the personal data. We also inform all security incidents to our Community customers.
### Your rights
When you are providing personal data to us you have certain rights. You have the right to obtain a confirmation that we are processing your personal data and the right to know what information we have collected about you. You also have the right to have incorrect, incomplete, inaccurate, unnecessary or outdated data removed or rectified and, under certain conditions, to restrict or object the use of personal data according to applicable legislation. You may also make a request to have your data moved to another system if it is technically feasible and to withdraw your previously given consent to processing your personal data. We want to make this process as simple as possible. Therefore, some of the information you provide will be accessible via the App itself and you can view, edit or delete that information at any time.
Some of the information is not available via the App. In case of such information, you can request to review, amend or delete it by sending a written request to our address stated in the beginning of this statement, together with documentation that enables us to verify your identity.
If you consider that the rights given to you under the data protection regulation have been infringed and we have not corrected our actions despite your request, you may contact the supervisory authority in the EU Member State of your habitual residence.