Updated on July 14, 2022.
This is a statement pursuant to the EU’s General Data Protection Regulation (2016/679; GDPR) on the processing of personal data.
- the MyBioethics mobile application
- the MyBioethics.com website (including subdomain get.mybioethics.com).
The services are hereinafter referred to collectively as the “Service”.
Name: Duckling Codehouse Oy
Business ID: 3182841-7
Address: Pirkankatu 21 A 9, 33230 Tampere, Finland
Email address: firstname.lastname@example.org
2. The purpose and basis for personal data processing
The personal data saved in Duckling Codehouse Oy’s customer registers are processed for the following purposes:
- enabling the use of the Service;
- the maintenance and development of the Service;
- using the data collected in the Service for academic research purposes in cooperation with research teams and projects;
- customer relationship management;
- studying and analysing the use of the Service and compiling statistics related to its use;
- customer marketing and other equivalent uses;
- the implementation of legal rights and obligations, and for data protection purposes and preventing the abuse of the Service.
The legal basis for the processing of the personal data is the consent of a data subject as well as the contractual relationship between the data subject and the controller.
Data subjects have the right to withdraw their consent at any time, provided that the processing of their personal data is based on consent.
3. The personal data processed
The controller collects only personal data which is relevant and necessary for the purposes of use specified in this privacy statement.
The content of the register may consist of the following data:
- email address;
- the data subject’s home country;
- password, user ID and any nickname used in the Service;
- data saved in the context of using the Service, such as
- the time when the application was last used
- details on the type of a device and its operating system
- the type and version of the data subject’s browser;
- IP address;
- communication taking place via the Service, such as discussions, comments and participation in polling/the responses given, personal bioethics stories containing text and images;
- any contacts made towards the controller, including requests to be included in the mailing list for MyBioethics research updates, or, to be listed in the hall of fame, and any feedback given; and
- any other data collected at a data subject’s consent.
4. Data sources
Any data provided by data subjects themselves and any data collected and formed in connection to the Service’s use.
5. Cookies and related services
The Service uses services provided by third parties. The services of third parties are subject to their own terms and conditions and data protection policies. You can read more about each service provider’s operations as well as cookie and data protection policies on their respective websites.
5.1 More detailed description of the cookies and related services we use
5.1.1 Wordfence service
5.1.2 Google’s reCAPTCHA service
5.1.3 WPForms service
To facilitate consistent user experience and functioning of the MyBioethics.com website, WPForms will connect user profiles with the forms used on the website. Besides this, WPForms assigns every user a UUID (Universally Unique Identifier). The UUID is a random number that does not contain any user information, and is stored in a cookie in the user’s browser. The UUID will further help to connect different form entries by the same user together. WPForms also collects users’ IP addresses and general information regarding the types of their browsers and operating systems. WPForms will be particularly utilized to publicly show anonymous user votes regarding ethical cases, which will be further categorized by country depending on the profiles of the users who have voted.
5.1.5 Media with embedded location data
If you upload images to the Service, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the MyBioethics.com website can download and extract any location data from images on the website.
5.1.6 Embedded content from other services
5.1.7 Other relevant aspects regarding cookies and related services
If you have an account and you log in to the MyBioethics.com website, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. By default, your login cookies will persist for one year. If you log out of your account, the login cookies will be removed.
6. Data collection relating particularly to the MyBioethics mobile application
The full nature of the Service is that it integrates the MyBioethics.com website and the MyBioethics mobile application together. Thus, it is integral to address both parts of the Service at the same time. For the sake of clarity, however, this section addresses data collection relating more directly to the MyBioethics mobile application.
When data subjects install the MyBioethics mobile application either through Apple App Store (for iOS) or Google Play Store (for Android), they consent to the terms of these services. Particularly noteworthy is that this means consenting to the policies these services have regarding gathering data on application installations and other such general usage relating to the application.
Personal bioethics stories submitted through the MyBioethics mobile application and published after moderation on the MyBioethics.com website contain text and potentially also images by data subjects. This content will be shown publicly and associated with an alias the user can choose when submitting a story. Please see 5.1.5 to take into account that you should avoid uploading images that contain embedded location data.
Furthermore, based on the user’s request and qualifications set by the Service, the user’s alias can be shown publicly in the hall of fame on the MyBioethics.com website, together with the date the alias was added.
Please also note that the MyBioethics mobile application will save locally to your mobile device your application settings as well as locally keep track of your usage of the application to offer you more consistent user experience. This data is not accessible to us and it will typically be deleted when you delete the application from your mobile device. This also means that if you install the application again, for example to a new device, you will need to adjust your settings again. This does not, however, affect your activity on the MyBioethics.com website (such as dilemma voting).
7. Disclosure of the data
Personal data may be disclosed for legitimate purposes. Such disclosure is subject to the requirements of the valid personal data legislation. Personal data are not disclosed outside of service providers and partners working for the controller except in accordance with an agreement, separate consent and/or explicit regulations.
The data may be disclosed to partners and subcontractors involved in the implementation of the Service, for example, such as the providers of internet and email services, payment services and those involved in application’s marketing. In addition, the collected data may be disclosed to parties participating in the analysis of the data.
The controller may disclose personal data for the purposes of scientific studies. Such studies may rely on both quantitative and qualitative methodologies. In such cases, the personal data are processed in accordance with the provisions concerning research purposes in the EU’s GDPR and the national data protection legislation. For research purposes, the data is anonymised, i.e. rendered into a format from which individuals cannot be identified.
Please also note that when new users register for the Service, their account details (public name, username, and e-mail address) become reserved for the Service. This means that other users who might try to register with any of the same details will see an error indicating that these details have already been registered for the Service. The same mechanism applies to the password reset functionality of the Service.
8. Transfer of personal data outside the EU or the EEA
In principle, personal data are not transferred outside the EU or the European Economic Area. If this is nevertheless done, the transfer is carried out in accordance with the decision on the adequacy of data protection given by the European Commission.
9. Protection of personal data
The controller processes the data in a manner aiming to ensure the appropriate safety of the personal data, including their protection against unauthorised processing as well as loss, destruction or damage.
The controller applies the appropriate technical and organisational measures to ensure the achievement of this objective, including the use of firewalls, encryption techniques and safe device data, appropriate access control, the careful administration of credentials for information systems and instructions provided to the personnel taking part in the processing of personal data.
10. Data subjects’ rights
Right of access
Data subjects have the right to check the data on themselves saved in the registers. This right can be denied on the basis of grounds provided for in the law.
Right to rectification
Data subjects have the right to demand the rectification of inaccurate data.
Right to erasure (‘right to be forgotten’)
Data subjects have the right to demand the erasure of their data. The controller may only erase the data concerning a data subject whose storage period is not based on a valid customer relationship or legislation.
Right to restriction of processing
Data subjects have the right to request that processing of their data be restricted in a situation where, for instance, a data subject disputes the accuracy of their personal data.
Right to data portability
Data subjects have the right to obtain, in a machine-readable format, any data they themselves have provided to the controller.
Right to lodge a complaint with a supervisory authority
Data subjects have the right to lodge a complaint with a supervisory authority if the controller has failed to comply with the applicable data protection regulations in its operations.
11. Storage of data
The controller stores personal data in the register until the basis for the processing of the personal data comes to an end. Storage periods nevertheless comply with the valid legislation and any instructions issued by the authorities.
12. Changes to the privacy statement
Due to the continuous development of the Service, we reserve the right to change this privacy statement by publishing new versions of it. The changes can also be based on amendments to legislation pertaining to data protection. Should the data protection policies change in a material way, the controller announces the changes in advance in the Service and, if necessary, requests the consent of data subjects. Users are advised to familiarise themselves with the content of the privacy statement at regular intervals.
13. Contact information
Requests pertaining to the registers and data subjects’ rights should be sent via our support contact form or email to email@example.com or by mail to Duckling Codehouse Oy, Pirkankatu 21 A 9, 33230 Tampere, Finland. Data subjects should include their contact details, but not their personal identification number.