Done Privacy Policy

Done acts as the data controller when processing the personal data described in this privacy policy. Done determines the purposes and means of processing personal data. This privacy policy applies only to personal data processing where Done acts as the data controller.

Name: Done Technologies Oy

Business ID: 3258550-9

Postal address: Sahakatu 2, 65170, Vaasa, Finland

Email address: info@doneplatform.com

Done has appointed a data protection contact, who can be reached through the contact details above.

As a starting point, we collect and process personal data only as user data.

User data means personal data that Done collects directly from you or from a customer or partner organization. We may collect user data directly from our users or customer organizations. We collect data in different ways, including when entering into a service or cooperation agreement, through services bought or sold via the Done app, or when a form maintained by Done is completed.

Please note that we also collect information related to orders, payment transactions, and payments made through our services.

When you register for the service and create a user account, you must provide your full name and email address.

We also process other information that you may provide when adding listings, reviewing Done services or purchased services, giving feedback, buying or selling services, or communicating by phone, email, or chat. This information may include phone number, address, payment and payment method information, information about your skills or profession, and location data.

Done uses cookie technologies to collect and store analytics data. Cookies make it possible to make the service easier to use, create aggregated visitor data, and continuously improve our services.

Done processes personal data to provide its services and fulfill obligations based on contractual relationships. We use the data, as applicable, to process payment transactions, support requests, and feedback, and to provide the platform service to both service providers and buyers.

Done also processes data to comply with legal obligations. This includes processing data to meet accounting obligations and providing data to appropriate authorities, such as tax authorities.

Done may process personal data in connection with legal claims, debt collection, and legal proceedings. We may also process data to prevent fraud and misuse of our services, and for information, system, and network security.

Done may process your personal data for customer communications, marketing, quality improvement, and analysis of usage trends. Where possible, we use aggregated data for these purposes so that individuals cannot be identified.

The legal bases for processing include performance of a contract, compliance with a legal obligation, and legitimate interest.

We share your personal data only within the Done organization and only to the extent reasonably necessary for the purposes described in this privacy policy.

We do not share personal data with third parties outside the Done organization unless sharing is necessary for the purposes described in this privacy policy, with authorized service providers, for legal reasons, for other legitimate reasons, or with your explicit consent.

When third parties process data on behalf of Done, Done ensures appropriate contractual and organizational measures so that personal data is processed only for the purposes stated in this privacy policy and in accordance with applicable laws, regulations, and our instructions.

Done does not retain personal data longer than the maximum period permitted by law and only for as long as necessary to provide the service or parts of it. The retention period depends on the nature of the data and the purpose of processing.

You have the right to access the personal data concerning you that we process. You can request a copy of the personal data we have collected about you.

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

You have the right to request that we correct or complete inaccurate or outdated personal data that we store.

You may ask us to delete your personal data from our systems. We will carry out the requested actions unless we have a legitimate reason not to delete the data.

You may object to the processing of your personal data, request restriction of processing, and receive your personal data in a structured and commonly used format.

These rights may be exercised by sending Done a letter or email containing the user's full name, company name, address, email address, and phone number. We may request additional information necessary to verify identity.

Users have the right to prohibit us from using personal data for direct marketing, market research, and profiling carried out for direct marketing purposes by contacting us through the contact details provided above.

If a user considers that our personal data processing activities violate applicable data protection legislation, the user may lodge a complaint with the local supervisory authority. In Finland, the supervisory authority is the Data Protection Ombudsman, tietosuoja.fi.

We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. These measures include encryption, firewalls, secure premises and systems protected with restricted access rights.

If, despite security measures, a data breach occurs that is likely to have adverse effects on users' privacy, we will notify the relevant users, other affected parties, and authorities as required by applicable law as soon as possible.