Data Protection

Using the service requires registration. You may register to the service either by using you Facebook or Google account or with your email address and a password.

Any information you enter to the service remains visible only to you and the administrator or other users of the service have no access to your data. Neither is your data transferred to third parties.

The user’s email address is stored into a database for the purposes of logging into the service and administration of user accounts.

Only the following statistical information is collected regarding the users and they cannot be used to identify an individual user:
- the number of users (total number and new users each month)
- age and gender distribution of the users
- earnings and expense distribution of the users

You can stop using the service at any time and completely delete your account. When you delete your user account, all transaction and user data is removed from the service.

Description of the file required by the Personal Data Act (523/99) section 10 §, created March 4, 2016 (updated March 3, 2017):

1. Controller
Name: Takuusäätiö
Contact information: Asemamiehenkatu 4, FI-00520 Helsinki, Finland

2. Contact person
Name: Minna Markkanen
Telephone: +358 (0)50 599 6305

3. Name of the register
Penno user register

4. The purpose for processing the personal data
The personal data stored into the register will only be used for the following purposes:
- logging into the service and administration of user accounts
- statistical summaries that cannot be used to identify individual users

5. Content of the register Only the following information may be processed in the register:
- the name, gender, and year of birth of the registered party
- the email address of the registered party

6. Regular destinations of disclosed data and whether the data is transferred to countries outside the European Union or the European Economic Area
The personal data will not be disclosed to third parties without the consent of the registered party, unless the controller of the register is legally required to do so. The controller may use services provided by third parties for maintaining the service, in which case the service providers may process the personal data on behalf of the controller.

The controller will not disclose personal data for marketing purposes.

The personal data will not be transferred to countries outside the European Union.

7. Regular sources of information
Personal data is collected from registered parties as part of the service.

8. The principles of protection of the register
The information security of the register and the confidentiality of personal data is ensured by using appropriate technical and administrative measures. Personal data is protected from unauthorized access and unlawful or accidental data processing. Personal data is only processed by the persons specifically assigned by the controller and third parties maintaining or developing services on behalf of the controller whose duties include processing personal data. The network traffic of the online service is protected by using a secure TLS 1.2 connection and at least 128-bit encryption.

9. The right of inspection and rectification of information
Under the Personal Data Act sections 26–28, the registered party is entitled to inspect what data has been stored in the register regarding them. A written and signed inspection request can be sent to the controller using the address mentioned in section 1. The inspection request can also be presented in person at the address mentioned above.

The registered party is entitled to request rectification of any incorrect information regarding them included in the register by delivering a written, sufficiently specific rectification request to the address mentioned in section 1.

10. Use of cookies
Within the service, session-specific cookies are used to provide the services and to facilitate the use. The cookies are required to retain the functionality of some services, so the controller cannot guarantee full functionality of the service if cookies are not allowed.

Cookies are not used for marketing purposes.

11. Removing Data from the Register
If a user of the service wants to stop using the service, they may delete their user account from the service. When the user account is removed, all personal data will the deleted from the service.