(“Thalia”, “we”, “us”, “our”)
Vilhonvuorenkatu 12, 00500 Helsinki, Finland
2. Contact person in the matter
If you have any questions concerning the processing of your personal data, please contact us by e-mail.
3. What are the purposes and the legal basis for processing personal data?
We only process personal data if such data is necessary in order to carry out the following purposes:
Providing our services
When you order some of our services such, we collect and process your personal data to provide these services. In that case, the processing is based on the performance of a contract.
We may process your data and contact you to manage your contact request and/or to maintain the relationships with our clients, partners and other interest groups. In this case, the data processing is based on our legitimate interest to ensure the appropriate maintaining of our business relationships.
Stripe collects and processes personal and payment data to process payments associated to our Premium services in behalf of us. Sensitive payment data is handled by Stripe and never touches our servers.
Analysing and developing our websites
We collect and process data via cookies to develop the usability and marketing of our website by analysing its usage. This data processing is based on our legitimate interest to get adequate information to improve the quality of our website. You have the right to object to processing based on legitimate interest and you can block cookies from your browser settings.
Analysing and developing our websites
Providing our registered users with information about our promotional offers, products or services, where users would have specifically consented to receiving marketing material.
To provide our service, we collect publicly available data from 3rd party sources such as TikTok application.
We may process publicly available data that is posted on 3rd party sercices (e.g. TikTok) to provide analytics based on the collected data. Analytics made based on the data may include for example profile analysis, content analysis, trend analysis, trend forecasts, regional trend differences, profile comparison to the general public, and marketing campaign analysis.
4. What are the regular sources of information
Personal data is collected either directly from you or during the course of your service use. We collect and process data that
you give us when you register to our service
you give us when you order a service
you give us when you contact us by other means (for example by e-mail or by phone)
are collected through cookies and similar technologies when you visit our website
are collected from publicly available 3rd party services, such as TikTok
5. What personal data do we collect?
We collect and process the following data:
Name, username, email address, personal description
Publicly available profiles, images and videos and their possible descriptions
Data collected by cookies when you use our website (for example your IP address, operating system, device identifier and features, web browser, and proxy server)
Other data you might want to provide us
Credit card and other payment data may be submitted if you use our Premium services. We DO NOT process sensitive credit card or other sensitive payment data ourselves. Sensitive credit card data that you may submit on our site is completely handled by Stripe and it never touches our servers. Needed personal data for payments may include the following: name, email address, postal address, country, credit card information.
You are not obliged to provide us your personal data. However, if you decide so, we might not be able to contact you and our websites might not work properly.
6. Is the data disclosed to third parties and who are the recipients?
As a main rule, we do not disclose personal data to third parties that you have personally provided to us. Despite this, we may be required to disclose data on you to third parties, such as authorities, in individual situations like when the disclosure is mandatory under applicable laws.
All personal data that can be accessed publicly through our service (e.g by viewing someone's profile) has been publicly available on the Internet. You have always right to request rectification or erasure of your own personal data, even if it is still available somewhere else on the Internet.
Despite the above, we outsource the processing of personal data to some third party service providers to store and analyze the data. In such case we ensure that your personal data is processed and protected appropriately and in compliance with applicable laws and this Privacy Notice.
7. Is the data transferred outside the European Union or European Economic Area?
We store the data on Google’s, Amazon Web Service's (AWS), Sentry's, Auth0's, and Stripe's servers outside the EU or EEA. Google, AWS, Sentry, Auth0, and Stripe participate in and have certified their compliance with the EU-U.S. Privacy Shield Framework. You can read more about Google’s privacy notice fromhttps://policies.google.com/privacy. You can read more about AWS's privacy notice fromhttps://aws.amazon.com/compliance/eu-us-privacy-shield-faq/. You can read more about Sentry's privacy notice fromhttps://sentry.io/security/. You can read more about Auth0's privacy notice fromhttps://auth0.com/privacy. You can read more about Stripe's privacy notice fromhttps://stripe.com/privacy-shield-policy.
8. How long will the personal data be stored?
Personal data are retained only for as long as is necessary for the purposes for which the personal data are processed. As a general rule, data based on a contract are stored while the contract is in force. Also, contact persons’ personal data are stored for the duration of the business relationship. The data on job applicants is stored six months from the application date. However, the applicant may request for data erasure or rectification before this. The data collected via cookies are stored at most for a period of 26 months from the date of your last visit on our website.
We use the following kinds of cookies:
Google Analytics – We use Google Analytics to collect information about the usage of our website. We use this information to create reports of the usage and to develop the website. These cookies collect information about the number of people visiting the website, where the visitors arrive to the website and what websites have they been looking. To find more about these cookies and how Google protects the collected information visithttps://support.google.com/analytics/answer/6004245.
We use Sentry to provide error tracking on issues that you may experience during your browsing. For further information, please see Sentry's Security & Compliance notice.
10. How is the data kept secure?
We do not process any data manually and we do not have manual register.
Data in electric form
We process all personal data confidentially. The right of access to personal data is limited so that access rights are provided only to persons who require access in order to be able to perform their duties.
Thalia takes appropriate technical and organisational measures to protect personal data against unauthorised access and accidental or unlawful destruction, alteration, disclosure, transfer or all other unlawful forms of processing.
11. What are your rights as a data subject?
Right to request access, rectification or erasure of personal data
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, when that is the case, access to the personal data. You also have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. In certain situations, you also have the right to obtain the erasure of personal data concerning you. This is, for example, when the personal data are no longer necessary.
Right to restrict or object to data processing
When the data processing is based on legitimate interest, you have the right to object to processing. You may also ask us to restrict processing of you personal data.
Right to lodge a complaint with a supervisory authority
If you consider that we don’t process your personal data appropriately, you may contact the person mentioned in section 2. If you consider that our processing of personal data relating to you infringes applying data protection regulations, you may also complain to a data protection authority.
12. Children and Privacy
Our Site is not directed to children and we will not request personally identifiable information from anyone who we know to be under the age of 18, unless we have obtained verifiable parental consent from a parent or legal guardian. If we become aware that a user under the age of 18 has registered with our Site without prior verifiable consent from a parent or legal guardian, we will immediately delete the user’s personal information.
13. Changes to this Privacy Notice
We may update this Privacy Notice due to developing our community and website. In such case, an updated Privacy Notice is available on our website.