NATLINK GROUP’S PRIVACY NOTICE FOR END CUSTOMERS AND MARKETING
This Privacy notice is used and is valid for Natlink Group and its daughter companies, currently Natlink Oy and Natlink Ab.
Natlink Group Ab (“Natlink” or “we”) is highly committed to keeping your personal data safe and private. We want to be as transparent as possible in data protection matters. In this privacy notice you can find out how we collect, use, store and share your personal data in accordance with GDPR – the EU data protection regulation. We make every attempt to clarify how the information you entrust to us will be used to make your hunting simpler, safer and more enjoyable.
Personal data is the data that can be used in identifying and contacting a person. It is possible for you to refuse the use of this data, but it may complicate or prevent the use of the service. It is important to us that you are fully aware of how we process your personal data and below you will find more detailed information on how your data is processed.
1. Controller
Natlink Group AB, including subsidiaries
Sveavägen 168, SE-113 46 Stockholm, Sweden
Business ID: 559354-2474
2. Contact in data protection related matters
The data protection officer (DPO), who handles all personal data protection related matters, can be contacted by e-mail: GDPR@natlink.fi
3. Name of the data file
End customer and marketing data file
4. The purposes for processing personal data
The personal data is used for executing all the actions related to creating, managing, and developing a customer relationship with you. These actions include our rights and responsibilities related to providing products and services to our customers, fulfilling our contractual obligations, collecting and processing customer feedback as well as communications, sales and direct marketing purposes concerning products and services offered by us. The customer relationship actions also include the actions needed for you to connect and interact with your hunting companions.
Furthermore, the personal and location data can be used for purposes such as testing, product development, data analysis as well as research and building up new products and services. In addition to existing end customers, we may also process personal data of potential and former end customers. The services provided by us are not marketed at children and we therefore do not deliberately offer of information society services directly to or collect personal data on children.
We also use personal data collected at our products, services and website for user analytics, in order to maintain, facilitate and improve the functions, content and user experience of our products, services and website as well as support our work on detecting and counteracting flaws, breaches and incidents. Furthermore, we may use your data for analytics such as trend identification, where we analyse various trends and developments in the use of our products and services. In cases like this, where possible, we use pseudonyms or anonymous information in order to avoid identification.
5. The legal basis for processing personal data
Personal data is mainly processed based on a contract (where processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract).
Some personal data is also processed based on our legitimate interests (where processing is necessary for the legitimate interests pursued by us in order to conduct, maintain and develop our business and / or where there is a customer relationship between us and you). Based on the legitimate interests we will send you newsletters and marketing email but you can anytime decide to opt-out from those marketing channels. When data is transferred within Natlink companies, the processing is based on our legitimate interest for the administrative purposes within our group, such as reporting and effective operations. When we process your personal data in conjunction with our legitimate business interests, we always weigh our own interests against your right to privacy.
In certain cases, we may request your consent when processing personal data. For example, if you decide to participate in our competitions, you give your consent concerning the publicity of the top lists. Also, when you download and install our application on your device, you give your consent for receiving app messaging. In these cases you may withdraw that consent at any time.
Also, there are some cases where we use legal obligation as a basis for processing your personal data. Laws and regulations may require us to process and disclose your personal data, such as rules regarding security or bookkeeping. We will only disclose your personal data if we are legally required to, or if you have approved it.
6. The contents of the data file
We may process following information about you (Please note: Not all this information is processed for all the registrants):
Basic personal data such as name, address, email, telephone number, age, gender and photo.
Data related to the agreements such as billing and payment data and your identity number, as well as account history including offers, ordered products or services, and feedback.
Communication and service history such as questions, answers and feedback regarding our products and services.
Given and withdrawn consents such as direct marketing consent or prohibition.
Data related to the web store account, user licence, and use of our products and services such as: user name, password, license code, geographic targets / objects, chat messages, friends and groups and interactions between them, location data and mobile device sensor data, user devices and passwords / key codes, trail camera images and videos, dog images, other images and media uploaded to system, user’s animals and any information user gives about them, connection information to any third party services as well as event log.
Any other information given by you, your organisation or its contact person or added by us to the CRM or other systems such as indicated interest in certain types of products and services.
Technical and analytical data related to website visits and cookies such as IP address, device, operating system and browser used, language settings, and visit dates and times as well as data related to product and service usage information, such as logins and logouts, software versions, identification information of the phone (IMEI, IMSI, BT-ID etc.) and mobile network, and downloaded maps.
7. The data sources
The personal data is mainly collected directly from you. In some cases, data may also be collected from our partners, our other customers, public sources or from various information systems.
Means of data collection include e.g. forms in our websites, e-mails, phone calls, customer meetings and other contacts related to sales or customer relationship. Technical and analytical personal data is collected via use of cookies related to your visits in our websites and via use of our products and services.
We do conduct some automated decision-making and profiling with the personal data processing activities included in this privacy notice. You always have the possibility to opt-out for this kind of automated decision-making by not using our products.
8. Disclosures and transfers of personal data
We will not regularly disclose your personal data to parties outside the Natlink organisation. However, we may disclose your data within our group companies, meaning that another company within our group of enterprises may process the data on our behalf. If we share your personal data with companies within our group, we will make sure that your personal data is processed in a way that conforms to this privacy notice.
Regarding the competitions arranged by us, which you decide to participate in, during the registration you give your consent that your name may be published in the top lists and in our digital channels.
8.1 Transfers to third parties
Device and person location information may be disclosed to a third party to provide required services; for example, another Natlink service user, cross-site, or tracking a sporting event, if the recipient of the information has the device name and password of the device.
We may also disclose some essential data to those third parties who act as our authorised service providers or subcontractors who provide e.g., data storage, sales, billing, marketing, as well as customer support or management services. Customer and location-based information can be transferred and handed over to our partners if it is needed to provide, develop, or improve customer experience.
As far as these third parties require access to personal data to provide their services, Natlink has taken appropriate contractual and organisational measures to ensure that your personal data is processed solely in accordance with the purposes outlined in this privacy notice and all applicable laws and regulations. The transfers will be carried out securely in accordance with our written instructions as well as EU GDPR and other legislative requirements. We use trusted, carefully selected partners on the basis of a mutual partnership agreement (including Data Processing Agreements, DPAs) where they agree to fully comply with the appropriate privacy and security standards.
Please note that when you provide your personal data directly to a third party, for example, through a link on our site, it will likely be processed in accordance with their own documentation and standards.
We may transfer your personal data to authorities such as the police, border control or other third parties outside the Natlink organisation if access to and use of such data is reasonably necessary to comply with any applicable laws, regulations, and / or court decisions; detecting, preventing and handling cases of criminal activity, fraud, security issue, or technical problem; and / or to protect Natlink’s or our customers’ interests or property, to secure or safeguard the public interest in accordance with the law. If possible, we will notify you of this type of transfer or processing of your personal data.
We may transfer personal data to third parties outside of our organisation for reasons other than those mentioned above with your explicit consent. Please note that you have the right to withdraw your consent at any time.
If Natlink is party to a merger, business deal or other acquisition, we may transfer your personal data to a third party or third parties involved in the transaction. In cases like this we will always ensure that your personal data remains confidential. If this happens, it will be informed on our website and the privacy notice will be updated accordingly.
8.2 Transfers outside of EEA
As a general practice, Natlink stores your personal data within the European Economic Area (EEA). However, please be aware that our service providers operate in various geographical regions, which may require the transfer or access of your personal data outside of the EEA. We want to assure you that we take every step to protect your data during such transfers.
Explicit Consent: By using our services, you consent to the transfer of your personal data as described herein.
Transfer Destinations: These transfers may involve countries or regions outside the EEA. While we aim to minimize these transfers, they are occasionally necessary to provide our services effectively.
Service Provider Certifications: Rest assured, we only engage with service providers who maintain certifications in accordance with GDPR and other internationally recognized data protection standards, such as ISO 27001.
Safeguarding Measures: To protect your data during transfers to non-EEA countries, we implement stringent safeguards. These may include encryption, access controls, and other security measures.
Legal Framework: These transfers are carried out in compliance with Article 46 of the General Data Protection Regulation (GDPR), which permits such transfers when appropriate safeguards are in place.
Your data security is of utmost importance to us, and we continuously monitor and improve our practices to ensure your personal information remains protected, regardless of its location. If you have any concerns or questions about this process, please feel free to contact our Data Protection Officer.
9. Storage of personal data
We will only store your personal data for as long as is necessary for the purposes outlined above, or for as long as required by law. The data will be erased / anonymised once storing them is not anymore necessary according to legislation or to ensure the rights or responsibilities of either party.License information is required for business analysis and reliable operation, so therefore data will not be deleted / anonymised unless you specifically request it.
When data is processed in order to administer and send direct marketing mail the personal data will be stored for as long as you do not unsubscribe (withdraw your consent) to receiving such mail. The unsubscription can be done any time by using either your app or the unsubscription link which is featured in all our mailings.
10. Protection of personal data
We have implemented appropriate administrative, organisational, technical and physical safeguards in order to protect all of the personal data we process. Our security measures have been designed to ensure a sufficient level of confidentiality, integrity, and availability, to protect personal data from being lost, destroyed, misused, unlawfully accessed or disclosed to third parties.
The data is stored in security-protected data centres. Information systems are protected by modern firewalls and communications with modern cryptographic technologies. Personal data may only be processed by people who have signed confidentiality agreements and who need to process this information in order to complete their work. Data is mainly stored only in electronic form and personal user IDs and passwords are required for accessing the systems containing personal data. Access to data is logged and viewing the data without accepted purpose is prohibited. Any physical material is stored in locked premises.
11. Your rights as the data subject
In this section we describe your rights under applicable European data protection legislation. You will not be charged if you want to exercise your rights and you can exercise them by contacting us (please see our contact details in Chapter 2 of this Privacy Notice). Do not hesitate to contact us if you have any questions regarding your rights.
Please note that we will always do an assessment of a request of exercising a right in order to determine whether the request is legitimate. We may request some additional information from you in order to verify your identity and your justification to the request. Not all rights listed below are absolute and there are exemptions which can be valid. Please note that we have the right to reject requests that are repeated too often, are excessive, or are clearly unfounded.
Your rights are the following:
The right of access: You may request to review all your personal data in this data file. In many cases you can view and edit your personal information and other settings at any time in our service / product / application you use.
The right of rectification: You may request to have your personal data be corrected and/or complemented if they are erroneous, inaccurate and/or incomplete.
The right to erasure: You may request that we delete your personal data from the data file providing that they are no more needed for the purpose they were collected for or that there are no legal obligations in effect concerning us regarding the processing or storing them.
The right to object to / restrict the processing of your data: You may in certain cases request us to restrict the processing of personal data concerning you or to object to the processing of your personal data.
The right to data portability: You may request us to transmit your personal data to another controller when that data was provided by you. You will then receive your personal data from us in an organised and commonly used format for transferring that data to a third party.
The right to withdraw consent: When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.
The right to object to direct marketing: You may at any time object to processing which is done for the purpose of direct marketing. As a recipient of marketing messages, you may anytime leave the marketing channel by acting as advised in the message.
The right to make a complaint to the supervisory authorities: You may at any time make a complaint to authorities regarding the processing of your personal data. However, if you feel that Natlink’s processing of your personal data goes against applicable data protection legislation, we encourage you first contact us in order for us to oversee your complaints and make any necessary corrections.
This document has been reviewed / updated 19 February 2024.