Last Updated: 1 December 2021
We turn to the definitions given by the General Data Protection Regulation (2016/679) when it comes to meanings of ‘personal data’, ‘data subject’, ‘processing’, ‘controller’ and ‘processor’.
We collect or store information about: i) the Customers and their representatives and contact persons, ii) the Users of the Service and Consultancy Service, iii) reviewers who have published reviews in publicly available Application Stores, and iv) visitors of AppFollow website www.appfollow.io (‘Website’).
Sometimes things change and thus this Privacy Statement may be updated from time to time. An up-to-date version will be available on our Website. In case such a change is required, which would reduce your rights, AppFollow will provide a prior notice thereof.
(i) ‘AppFollow’ means the AppFollow entity with which you have an agreement. This is either AppFollow.fi Oy, a limited liability company construed according to the laws of Finland having its principal place of business at ℅ Epicenter, Mikonkatu 9, 00100 Helsinki, or AppFollow, Inc., a Delaware corporation having its principal place of business at 470 Ramona Street, Palo Alto 94301, California. The AppFollow entity, with which you don’t have an agreement, is a subprocessor of AppFollow.
(ii) ‘AppFollow Personal Data’ refers to personal data collected and processed by AppFollow of the Customer’s representatives and contact persons, Users of our Service or Consultancy Service, as well as visitors of our Website – here AppFollow is the controller;
(iii) ‘Customer’s Personal Data’ refers to personal data processed by AppFollow relating to reviewers and app publishers as well as to any social media or email accounts linked to the Service – here AppFollow is the processor while the Customer is the controller; and
(iv) ‘Personal Data’ refers jointly to AppFollow Personal Data and Customer’s Personal Data.
Okay, let’s get moving.
Personal Data and Sources of Data
The Personal Data collected and/or processed by AppFollow can be divided into two different sets: AppFollow Personal Data, for which AppFollow is the controller, and Customer’s Personal Data, for which AppFollow is the processor.
1. AppFollow Personal Data
We collect the data we need to be able to enter into an agreement with Customers, to be able to fulfil our obligations regarding our Service and Consultancy Service and to be able to contact each Customer if needed. We further collect this information for marketing, statistics and improvements of our Service and Consultancy Service. In relation to the information defined in this Section 1, we are the data controller.
When breaking it down, this means we gather the following information:
👩💻 Contact data - name of each representative and/or contact person of the Customer (company) as well as representatives’ email address, phone number and role/title. In case the Customer signs up for the Account by using a social media account, we will get this information from the social media account. In case our Customer is not a company but a natural person, this information is collected about said natural person.
💻 Account data – meaning details of your subscription (type, length, fee), which may be personal data only if the Customer is an individual, and any feedback potentially given to us by the User.
📊 Usage data – meaning information and statistics of how and how often the User uses our Service or Consultancy Service, how many Apps the User is following, geographical location (country), IP address for trouble-shooting purposes and details about the size of the screen and browser window.
🔧 Technical data – meaning information regarding the number of visitors to our Website divided geographically by countries, which is done for statistics and marketing purposes. In detail, this means the IP address, browser type and version, location (country), operating system and platform, and language.
💶 Transactional data – meaning data regarding the amounts, dates and methods of payments (credit card or invoice) the Customer has made to AppFollow. This may be personal data only if the Customer in question is an individual.
How do we get this data, you may ask. Well, Contact data is given to us by Customers and Users. Account data, Usage data, Technical data and Transactional data is collected by us via your use of our Service or Consultancy Service, our Website, and also via cookies (more on these later on – hang in there).
Rest assured, we do not collect any of the following:
🕵️ Personal information – meaning date of birth, marital status or gender.
🏳️🌈 Sensitive personal information – meaning personal data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, genetics, health, sexual orientation, and so forth.
💳 Financial data – meaning the Customer’s or the User’s personal bank account or card details. We don’t process the payments for our Service or Consultancy Service ourselves, so we do not collect any financial data except for when a payment was made (time), in what amount (sum) and with what method (credit card or invoice). Instead, the Customer is requested by our payment provider to provide certain personal data in order to make payments for our Service or Consultancy Service. Such payments are carried out between the payment provider and the Customer, meaning that for such data AppFollow is neither the controller nor the processor.
We don’t collect the aforementioned information because we simply don’t need it for anything.
2. Customer’s Personal Data
We collect the data we need to be able to provide our Service and Consultancy Service. This data is collected from publicly available Application Stores regarding Apps chosen by the Customer. In relation to information defined in this Section 2, we are the data processor and the Customer is the data controller.
When breaking it down, this means we process the following information:
👋 Contact data - name or nickname of the reviewer as entered by the reviewer when writing and publishing a review.
🌍 Usage data – meaning geographical location (country) of where each review was published, and the language of the review, to be able to provide our Service and Consultancy Service. We also collect the reviewer’s OS version, and device model in Google Play, in case the reviewer has made the necessary integrations. This is done to understand to which application version the review is related to.
📄 Content data – we process and analyze the reviews published in Application Stores and thus we may process any and all information included in the titles, body texts or other textual parts of reviews, as published by each reviewer and as chosen to be analyzed by our Customers.
💰Transactional data – we process and analyze the number and sums of payments and/or purchases made within our Customer’s application, subject to the Customer making the necessary integrations. This is not personal data, however, as this data cannot be traced back to any individual data subject (we do not, for example, have access to any information regarding payment methods or credit card numbers).
This data we gather from publicly available Application Stores. Each reviewer has either submitted this information to an Application Store themselves, or this information has been collected by the Application Store in question. The exception is the Transactional data, which we collect through the integrations possibly made by our Customer.
Regarding the Customer’s Personal Data, the Customer as data controller is responsible for ensuring that such personal data is collected for legitimate purposes. The Customer is also responsible for providing information, if applicable, to data subjects about data collection/processing and the rights of data subjects.
It is very important that you as a Customer and/or User keep your personal data up-to-date and accurate, as we need it to be able to provide you with our Service and Consultancy Service. Kindly be in touch, should there be any changes while you’re our Customer and/or User.
How We Use Your Data
We use your data for the following purposes:
👷 Providing our Service and Consultancy Service: we use Personal Data to both set up the designated User(s) with our Service or Consultancy Service, meaning enabling the Users to use such, and to be able to provide our Service and Consultancy Service, including the functionalities provided by them, to the Customers and Users.
✍️ Handling customer agreements: when you have an Account with us and/or are using either our Service, Consultancy Service or both, it means we have an agreement with you and vice versa. We’re happy about that! We use AppFollow Personal Data for fulfilling our contractual obligations as well as handling and managing our Customer agreements, including getting in touch with you, if needed, regarding the specifics of your subscription, and any potential issues. We may also contact you for marketing purposes, but you can opt out whenever (more on this later).
🛠️ Improving our Service and Consultancy Service: we use AppFollow Personal Data, namely feedback potentially provided by Customers and Users, as well as any details and recorded logs of issues and trouble-shooting activities with our Service and Consultancy Service, to fix said issues, potential bugs, and to overall develop and make our Service and Consultancy Service better. IP addresses are also collected for, and only for, this purpose.
📈 Statistics and analytics for marketing and developing purposes: we use geographical data (countries), anonymized statistics of the number of Customers, Users, visitors to the Website, and similar metrics to see how we could improve our Service and Consultancy Service, and for marketing purposes. All of this is AppFollow Personal Data.
📇 Compliance with applicable laws: we also use Personal Data to comply with requirements of the GDPR imposed on us, as well as to comply with Finnish legislation and other laws that may be applicable to us, as the case may be. For this purpose, we only use Personal Data to the minimum extent to fulfil our legal obligations.
We never profile Customers, Users or visitors to the Website on the basis of Personal Data, and we never use automated decision making or enable Personal Data to be used for such decision-making purposes. We also never sell Personal Data to any third parties, for any purpose.
Please see Appendix 1 for a chart where we have collected all data categories and purposes for their collection and processing.
Do We Share Your Data?
They say sharing is caring, but that is not always the case when it comes to your personal data…
We use subprocessors for analytic purposes, to contact and communicate with our Customers, and to store Customer’s Personal Data. Subprocessors are not used for any other kind of processing or handling of Customer’s Personal Data except for storage. In other words, our servers where the Customer’s Personal Data is located are provided to us by our subprocessors.
Using of subprocessors is always subject to the following:
📍the subprocessor is located within the EEA or a country with an equivalent level of personal data protection as determined by the European Commission, or such subprocessor has provided sufficient guarantees that the subprocessor in question processes personal information with the sufficient level of protection from the GDPR-point-of-view. Such a sufficient level is reached, for example, by agreeing about it by using the standard contractual clauses (SCCs) as issued by the European Commission; and
📜 such subprocessing is subject to the terms of an appropriate data processing agreement (DPA) between us and the subprocessor.
AppFollow may also disclose Personal Data if we have an obligation to do so according to law, decree, regulation, order by a court or other official authority, or a similar action applicable to us, or if we are allowed to do so according to an agreement we have with a Customer, or in order to seek legal remedies or enforce our rights under such agreement. In these cases, we will only disclose Personal Data to the minimum extent necessary case-by-case, and in case of an agreement with a Customer, according to the clauses of the said agreement.
Psst! Our enthusiastic team is distributed with some members located outside the European Economic Area. They may also process Personal Data if it’s part of their job here at AppFollow. However, this is not sharing data as such, nor is this subprocessing, as these esteemed colleagues process the Personal Data on behalf and in the name of AppFollow. They are bound by the appropriate non-confidentiality obligation and their location does not affect the location of the Personal Data, e.g. the servers where that data is snuggled in.
Keeping Your Data Safe and Sound
We respect the principles of lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality, and accountability when it comes to personal data. We are obliged by the GDPR to understand and abide by these principles, but we also think they are really cool to have. Meaning, we think they are not just words but rather really important things!
Here at AppFollow we have implemented appropriate technical, administrative and organizational measures in order to achieve many things, such as:
- to be able to protect Personal Data the best we can
- to ensure and to be able to demonstrate that we perform data processing in accordance with the GDPR
- to prevent any unauthorized person from gaining access to computer systems processing Personal Data
- to prevent any unauthorized reading, copying, alteration or removal of Personal Data
- to prevent any unauthorized memory inputs as well as any unauthorized disclosure, alteration or erasure of stored Personal Data
- to prevent unauthorized persons from using AppFollow’s systems by means of data transmission facilities
- to ensure that authorized Users of Service or Consultancy Service have access only to such Personal Data that their access right refers
- to ensure that our employees processing Personal Data are subject to a duty of confidentiality and only process Personal Data according to our instructions.
Despite all this, please keep in mind that the Internet (and functions working via it, such as email) are never (or at least until this moment in space and time have not been) completely free of errors or secure in a way that a computer-operated completely offline is (although they too can crash). Life is a risky business, as they say, but especially when it comes to personal data, it’s good and necessary to be aware of these things.
How Long Do We Keep Your Data For?
In case you’re trying to forget the look you had in the 80s, don’t worry – we probably won’t be able to remind you about that!
The necessity is most likely dictated by one of the following reasons:
- storing the Personal Data is necessary for us to be able to fulfil the purpose for which said Data was collected, namely our contractual obligation with you and/or providing our Service or Consultancy Service to you
- we have to store the Personal Data to comply with our legal obligations
- we need the Personal Data to resolve a dispute
- we need the Personal Data to be able to enforce our agreements
We check the Personal Data we have periodically and erase such parts we don’t need any more. Please note that instead of deleting, we may anonymize the Personal Data and keep it for statistical purposes. At this point, the Personal Data will stop being Personal Data, as after being anonymized, it is no longer possible to identify any Data Subject from or based on said information, directly or indirectly, and not even by connecting different pieces of information.
We may keep data longer than defined above, but only in such anonymized form that can no longer be connected or traced to any individual person, or even Father Christmas. This is done for statistics purposes. We thought we would mention this too, even though such anonymized data does not actually count as Personal Data, as no one can be identified from or on the basis of it.
Other Important Things not Quite Fitting Under Previous Headlines
1. It may be nice to know that our servers, where Personal Data is stored, are located within the EEA.
2. Hello young person! Please keep in mind that our Service and Consultancy Service are intended for legal entities, self-employed entrepreneurs and/or individuals above the age of 18. We do not on purpose collect any personal data from anyone younger than age 18. If you are a person under the age of 18, please have your parent or a legal guardian take a look at this with you. If you are the parent or a legal guardian of a person younger than age 18 reading this, and believe that AppFollow has collected personal data from or regarding such a person, please give us a shout at: firstname.lastname@example.org. We will be able to assist in deleting such personal data information from our files.
Your Rights, Entirely Yours
General. In case we collect or process your personal data, that makes you a data subject. If you as a data subject have a request relating to your rights, please send us an email at email@example.com. We will get to work and process your request without undue delay, and in any event within one (1) month. If necessary, however, this period of one (1) month may be extended by a further two (2) months.
The request will be handled free of charge unless otherwise mentioned below or unless it is manifestly unfounded or excessive, in which case a reasonable administrative fee may be charged.
Please note, AppFollow will generally require data subjects to identify themselves in order to be able to handle requests regarding personal data. If we don’t know your name (or nickname, as the case may be), there’s unfortunately not much we can do.
Here are things you as a data subject can request from us:
Access. You have a right to see what we’re up to, in other words, you can request a copy of your personal data that is undergoing processing. Please note that the first request will be processed free of charge, whereas reasonable costs will be charged for any later requests. No confidential information of AppFollow or third parties shall be provided. We don’t kiss and tell.
Rectification. It’s a fancy word, and it means correction. You as a data subject have a right to request rectification of any inaccurate personal data concerning you. Please just give us a shout!
Erasure and data portability. You have a right to request the erasure of your personal data that is no longer necessary in relation to the purposes for which it was collected, or if it’s no longer processed, or in case such erasure is required for compliance with Finnish law. No need to mark deadlines for erasure in your calendar, as we periodically erase data that is no longer needed for the purpose it was collected for. However, this right is yours and you should exercise it if you feel it’s necessary. We’re here to help you with it.
You also have a right to request a copy of the personal data relating to you, in which event the personal data will be provided to you in machine-readable form or transferred directly to a third party, at your discretion.
Right to restrict processing. You have a right to request the restriction of the processing of personal data relating to you in the following scenarios:
- if you contest the accuracy of the data
- if you think our processing is unlawful and instead of erasure wish for a restriction
- if we no longer need the personal data but you require said data for the establishment, exercise or defence of legal claim
- in case you have objected to the processing and it’s being verified whether we have legitimate ground that overrides yours
Right to object to processing. You have a right to object, at any time and on the ground relating to your particular situation (whatever that may be – we hope it’s good though), to processing personal data concerning you. We then have to demonstrate compelling legitimate grounds for the processing. If we don’t, we have to stop said processing.
Right to lodge a complaint with a supervisory authority. You don’t have to take our word for it. If you as a data subject think that processing of your personal data infringes your rights, you can lodge a complaint with a supervisory authority agency. The supervisory authority in Finland is the Office of the Data Protection Ombudsman – you can reach them via their website at www.tietosuoja.fi.
Your California Privacy Rights
If you’re lucky enough to be enjoying the gentle waves of the Pacific and the California sun, please read carefully. This section provides additional details about the Personal Data we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or the “CCPA.”
Subject to certain limitations, the CCPA provides California consumers with the right to request to know more details about the categories or specific pieces of Personal Data we collect (including how we use and disclose this information), to delete their personal information, to opt-out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at firstname.lastname@example.org. We will verify your request using the information associated with your account, including your email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
Then to cookies. These are unfortunately not the kind you can eat but rather the kind made of letters and numbers and placed on your computer when you visit websites.
It’s an important reminder that you are in control, meaning you can block, delete or turn off cookies deposited on your computer any time you wish. This can be done by accessing the Settings section of the web browser of your choice. Please just keep in mind that our Website or Service will not work properly without some cookies.
You can also delete cookies any time by accessing the settings of your browser.
For more information about cookies, see for example allaboutcookies.org.
Us as Pen Pals – You can Opt Out
Upon taking our Service or Consultancy Service into use, you agree to receive two different kinds of communications from AppFollow: marketing messages concerning things we think might be interesting to you, such as new features of our Service, and administrative messages relating to the Service.
You may change your mind, and accordingly, you can change your choices regarding the types of communication you receive from us through your Account. You may, for example, opt out of our marketing emails by following the instructions provided in each email (we’ll be sorry to see you go!).
In case you access our Service by using certain desktop browsers or mobile applications, you may, with permission, receive push notifications. We have no control over these preferences, but they can be modified in the settings menu for the mobile application or the applicable browser.
Please note that we reserve the right to send you certain communications relating to your Account or use of our Service or Consultancy Service (for example, if you wish to invite new Users to use the Service or if there is a billing matter to be taken care of) via email and other means as made available by you. We’re not marketing here, we just wish to keep you updated on what's going on. These messages may be unaffected if you opt out from receiving marketing messages.
Questions or Concerns? Please Reach Out to Us
Appendix 1 – Data Categories and Business Purposes
If you’re in a rush, we collected this chart for quick and easy access to what Personal Data we process and for which purpose.
AppFollow collects and processes the following personal data for which AppFollow is the data controller:
|AppFollow Personal Data|
|Data subject||Category of personal data||Processing carried out by AppFollow||Erasure*|
|Representatives and contact persons of Customers||Name, email address, phone number, title||Performance of agreement, managing customer relations and identifying and being able to contact our customers||Data erased after 12 months of account becoming inactive*|
|Users of our Service or Consultancy Service (which may be the same people as representatives and contact persons above)||Name, email address, phone number, title, IP address, geographical location (country), social media profiles (in case connected by the User), any feedback potentially given by the User, social media account in case integrated by the User||Performance of agreement, i.e. providing our Service or Consultancy Service, providing the User with necessary communication about the Service, marketing (unless opted-out), analytics, troubleshooting possible errors or bugs||Data erased after 12 months of account becoming inactive|
|Publishers of applications/software (if private persons)||Name (collected from publicly available information posted on Application Stores)||Developing our Service by maintaining a rolling list of most popular applications available on Application Stores||Data modified/erased on rolling basis (i.e. as app moves up or down in rankings)|
|Customer’s Personal Data|
|Data subject||Category of personal data||Processing carried out by AppFollow||Erasure*|
|Publishers of applications/software (if private persons)||Name (collected from publicly available information posted on Application Stores)||Performance of agreement, i.e. providing our Service (by tracking apps selected by the Customer and Users)||Data erased or transferred to Customer 12 months after the Account has become inactive|
|Reviewers||Name/nickname, any personal data included in the review, geographical location (country), language, OS version and device details (only in Google Play, in case the reviewer has connected necessary integrations) (collected from publicly available information)||Performance of agreement, i.e. providing our Service, according to selections made by Customers and Users||Data erased or transferred to User after 12 months of account becoming inactive|
*AppFollow may retain the Personal Data for longer than 12 months in order to satisfy a legal obligation or due to an impending or ongoing dispute, in which case the Personal Data shall be retained for the period required to fulfil the legal obligation or reach a final decision/settlement in the dispute. During such a period, processing such Personal Data shall be restricted to the absolute minimum.