privacy statement
Privacy Statement for Personally Identifiable Information of Jasu Wonder World
Updated: May 1st, 2020
Jasu Wonder World (referred to as "we", "us", "JWW" or "Company") is committed to protecting your privacy
and processing your personally identifiable information (referred to as "PII" or "personal data" or "personal
information") with transparency. The PII we collect and process depends on the purpose of your visit and the
service or services you have purchased or otherwise agreed to receive from us.
This privacy statement for personally indentifiable information:
provides an overview of how JWW collects and processes your personal information and
informs you about your rights according to the local laws for the protection of personal information and
the European Union's General Data Protection Regulation (GDPR).
is addressed to natural persons who are either existing or prospective clients of the Company
or are authorized representatives / assignees, or the beneficial owners of legal or natural persons who
are existing or potential clients of the Company
is addressed to natural persons who had a business relationship of this nature with the
Company in the past
contains information regarding when your PII will be conveyed to / exchanged with other
companies or subcontractors of the Company and other third parties
For the purposes of this statement, personal information is understood to be any information which is relevant
to you, with which your identity is or can be identified and which include, for example, your name, email
address, physical address, VAT number, IP address (only when we have collected it in conjunction with
directly identifying information) or the information you submit in your private tickets.
1. Who are we
JWW is a limited company registered in Rovaniemi, Finland with the purpose expending and valorizing the
artwork of Jasmine Hintsala through the creation of a multitude of products. Our registration number
FI27867421
If you have any questions about your use of personal information you can contact us through the Contact Us
form of our site or by emailing Jasu at
If you want a copy of your personal information kept on file ("data portability right") or delete the personal
information we keep on file for you ("right to be forgotten") please log into our site and use the Data Rights
menu item.
2. Which personal information we process and
where do we collect it from
We collect personal information of our current and prospective clients through our web site. We never collect
information in person, through any other means or using a third party representative.
Invoicing information. In accordance to the local tax laws and the European Union's VAT and invoicing
directives we collect the following personal information: your name, email address, physical address,
company name (if applicable), company activity (if applicable), VAT number (if applicable), IP address, country
based on your IP address and the User Agent string of the web browser you used when subscribing. This
information is used to generate the legally stipulated invoice upon successful payment of your purchase and
for proving your country of origin should it be required in accordance to the European Union's VAT directives.
IP address. Your IP address is temporarily collected whenever you are accessing our site in our web server's
logs, our security software's logs and our download system's logs (only when downloading through our site or
when downloading updates to our for-a-fee a.k.a. Professional editions of our software). This information is
used to ensure the security of our web site and to prevent abuse. IP address information is not directly
identifiable information but if it's stored in conjunction with your user account ID it might be an indirect
identifier.
Support ticket information. Any identifiable information you provide when requesting support through our
ticket system's private tickets feature including but limited to connection information to your site(s) and any
other personally identifiable information you may volunteer. We use that information to provide you with
technical and account support and, generally, to answer your questions and address your requests. Please
note that when filing a public ticket or when you are providing your ticket system signature you have no
reasonable expectation of privacy and as such any information volunteered in a public ticket is not subject to
our privacy statement.
Contact form information. Any information you volunteer by submitting a contact form through this web site's
Contact Us page. We use this information to respond to your requests.
Two Step Verification / account security. Information provided or generated in the course of setting up and
using the Two Step Verification system for securing your account's log in. We use this information only for
providing the Two Step Verification functionality of our site. Two Step Verification information is not directly
identifiable information but if it's stored in conjunction with your user account ID it might be an indirect
identified.
3. Whether you are legally obliged to provide us
your personal information
Providing your invoicing information is legally required in accordance to the European Union's VAT directive
and its incorporation to local tax laws. It is unlawful for us to let you make a purchase without issuing an
invoice which requires this information. Information not printed on the invoice (IP address, country based on
your IP address and your User Agent string) are also required for the same reason, to prove your country of
origin for purposes of applying the correct VAT rate.
Your IP address in the context of security and abuse prevention is specifically exempt from requiring your
consent per the European Union's GDPR. We are legally required to ensure the security of your personal
information through any appropriate technical means and that includes collecting your IP address in that
context.
Any other personal information is volunteered by you in order for us to be able to provide our services to you.
You are not legally required to provide it but unless you do we won't be able to provide you the services
agreed upon. Simply put, if you don't tell us what the problem is and give us the means to reproduce and
troubleshoot it we can't do anything for you except tell you to read our documentation.
4. Why we process your personal information
and what is the legal basis
As we mentioned already, we process your personal information with transparency and as such we process
your personal information per the GDPR and the local data protection laws for one of the following reasons:
4.A. Contractual obligations
We process your personal information to carry out the sales and creation of whatever product we have agreed
to create or selling in our online shop.
When you create your account with us, our website will automatically classify you as a website user ant will
most likely subscribe you automatically to our newsletter. You can delete your newsletter subscription at any
time. logging in we automatically process your PII to protect you against unauthorized access to your account
and ensure your account safety. We also display you parts of your PII for reasons of personalization of our
site's pages and ensuring that it's clear who is the currently logged in user.
When you ask for an username reminder or password reset we automatically process your PII to provide the
service requested.
When downloading our eBooks we are automatically processing your PII to make sure that you have
purchased access to the software you are trying to download and ensure that your account is not being
abused.
When using our support ticket system we process your PII to reply to your request. We also automatically
process your PII to send you automated email notifications about the handling of your request.
When using our contact form we process your PII to reply to your request. We also automatically process your
PII to send you automated email notifications about the handling of your request.
When you are a subscriber we automatically process your PII send you automated transactional emails, i.e.
reminders about your subscription expiration and any changes in your subscription's status with us.
4.B To comply with a legal obligation
There are certain obligations in accordance to local and international laws, as well as Directives issued by the
European Union. These legal obligations require the processing of your personal information. In other cases
we may receive a court order or otherwise be legally obliged to process or convey your personal information
to third parties.
When you are subscribing we automatically process your PII to issue the legally required invoice and send
you automated emails with the invoice and information about your purchase. The invoicing information is also
sent to our Accountants and Auditors to comply with local tax regulations.
4.C To protect our interests
We process your personal information to protect the legal interests of us and others.A legal interest exists
when we have a business or commercial reason to use your information. Even then it must not be against
what is fair to you and your best interests. Examples of such processing are as follows:
In case of a suspected abuse or an attempt to compromise, deteriorate, disrupt or otherwise interfere with of
our services we may process PII to identify the perpetrator and pursue redress. Such steps may for example
(not an inclusive list) include contacting the suspected offender or pursuing the matter legally.
In rare occasions we may send you a personal, manual email to address a concern regarding your
subscription e.g. if there is an unexpected problem with your payment as we are notified by the company
processing the payment.
In case of a serious security issue in our software where a public announcement is deemed inadequate we
may send you an email informing you of the situation, the risks and what you can do.
4.D Because you have given your consent
If you have explicitly provided your consent the processing of your personally identifiable information draws its
legality upon your explicit consent. You have the right to withdraw your consent at any time. However, any
processing which took place before your consent's withdrawal is not affected.
5. Who are the recipients of your personal
information
While fulfilling our contractual or legal obligations your your personally identifiable information may be
conveyed to our partners and subcontractors. These providers and suppliers are in contract with JWW with
which they are obliged to uphold the confidentiality and protection of your personal information in accordance
to the local data protection laws and the GDPR.
The recipients of your personal information are as follows.
1. PayPal (Europe) S.à r.l. et Cie, S.C.A. 5th Floor, 22-24 Boulevard Royal, Luxembourg, 2449,
LUXEMBOURG. They process payment for us. Any PII submitted to them is subject to their own
privacy policy. We only convey PII to them for pre-filling the payment form when you explicitly select
them as a payment processor and click on they Pay Now button on our site.
2. Google, Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Provides analytics
for our site. Only anonymized information is sent to Google. Evan as such, it's unclear whether they
should be listed as a data processor. The only way to resolve ambiguity is to list them here but clearly
state that to the best of knowledge and technical ability we do not send any personally identifiable
information to them.
6. Remittance of your PII to a third party
country or international Organization
Your personal information may be conveyed to third countries (countries outside the European Economic
Area) in certain cases, e.g. payments made using a non-EEA payments processing company or support
provisioning by our non-EU subcontractors, or whenever this is mandated by law or if you have explicitly
consented. All the Processors are obliged to comply and conform to the European Union's data protection
norms and provide appropriate assurances regarding the remittance of of your personal information according
to Article 46 of the GDPR.
7. To which extent is there automated decision
making, including profiling
In general, in the course of the creation and carrying out a business relationship we do not use automated
decision making. The only automated actions are as follows:
1. Application of the correct VAT rate. This is legally mandated and it's based on your country of
origin. This does use your personal information (IP address and country kept in your user profile)
2. Application of early renewal discounts. If you are renewing an existing subscription before it
expires we will apply a discount automatically. However, this does not use your personal information,
just the fact that you have an active subscription with us.
In general, we do not perform any kind of automated profiling of our clients and web site visitors. We provide
the same service to everybody. In case of an abnormally high number of downloads, support tickets or other
signs of potential abuse we may process your PII on file to create a profile of your usual behavior to determine
if there is a potential problem with your account.
8. How we deal with your personal information
for marketing purposes and whether we use
profiling for such activities
In general, we do not base our marketing activities on the personal information we have collected from our
clients. We do not perform personalized marketing and we do not make use of profiling for marketing
purposes.
Aggregate information, such as the amount of income from each country, may be used to influence our
marketing activities. However, no personally identifiable information or pseudonymized information will be
used for these activities.
If we want to make a marketing campaign which includes your personally identifiable information, e.g. naming
you as the recipient of a raffle, we will seek your explicit consent. In this case you have the right to withdraw
your consent at any time. Any processing taking place or marketing campaigns launched before your consent
withdrawal shall not be affected.
9. How long do we keep your personal
information
We retain your personal information for as long as we have a business relationship with you as evidenced by
the existence of an active subscription or a log in to your account.
We are legally required to retain your invoicing information, both as an off-line backup and in the custody of
our auditors, for a period of up to TEN (10) years after your purchase.
After SIX (6) months after the termination of our business relationship (explicitly: the expiration of your last
subscription with us or your last log in to our site, whichever comes later) the following actions will be taken:
Your invoices and invoicing information will be removed from our site (we wills till keep the off-
line copies as explained above). A pseudonymized, non-identifiable record of your purchase will be
kept for statistical purposes.
Your user account will be pseudonymized and locked to make logging in impossible.
Your private tickets will be permanently removed and you will forever lose access to them.
Please note that your public tickets remain intact. Moreover, your ticket system signature is removed.
Any record of your downloads history is removed from our site (as long as the downloads took
place while you were logged in; or downloads and updates obtained using a valid at the
time Download ID).
Other logs which may contain personal infomration such as server access logs and security logs are kept for
up to FOURTEEN (14) months.
We may retain your personal information longer than that for regulatory, technical or legal reasons.
Your information may be stored longer than that in encrypted backups. However, we have technical means in
place to remove your PII upon restoring those backups unless otherwise legally required, e.g. in assisting a
criminal investigation.
10. Your data protection rights
You have the following rights with regards to the personally identifiable information we keep on file for you:
Access your personal information. This lets you for example get a copy of the personal data we
keep on file for you and confirm that we are processing it legally. You can request a copy of your data
through the Data Rights menu item on our site after logging into our site.
Request the correction of the personal information we keep on you. This allows you to correct
incomplete or inaccurate information we keep on file for you. This can be done from the My Profile
menu item on our site after logging into our site. Please note that correcting your invoicing information
is only possible when purchasing a subscription and the correction is only applied to newly issued
invoices only. This is a legal requirement.
Ask for the deletion of your personal information (a.k.a. "right to be forgotten"). This lets you
request that we delete your personal information when there is no real reason for us to process it.
Kindly note that this is impossible for 60 days since your last purchase for taxation reporting reasons.
Object to processing your personal information (a.k.a. "right to objection") when we base our
processing on protecting our interests’ bit there is something special in your situation which makes you
want to object to the processing for this reason. If you object, we will no longer process your personal
information unless we can prove pressing legal reasons for the processing which trump your interests,
rights and freedoms. Please note that this is largely inapplicable to our business relationship since our
processing is done either on a legal basis, your explicit consent or is exempt from the GDPR
protections (e.g. keeping an IP log for security reasons).
You have the right to object in cases where we process your personal information for reasons
of direct marketing. This also includes profiling, to the extent that this is used for direct marketing. This
is also inapplicable to our business relationship since we do not engage in direct marketing.
Ask the limitation of the processing of your personal information. This allows you to ask us to
limit the processing of your personal information, that is to use it only for specific cases, if:
they are inaccurate;
they have been used illegally but you do not wish us to delete them;
they are no longer necessary but you want us to retain them for their use in potential
legal demands;
you have asked us to stop using your personal information but you are waiting us to
confirm if we have legal reasons to use them.
Ask for a copy of the personal information pertaining to you in a structured, commonly used
and machine-readable format, to convey this information to other organizations. You may also request
that we directly convey that file to another organization of your choice. This is also known as "data
portability right".
Withdraw your consent regarding the processing of your personal information at any time.
Please note that withdrawal of your consent at any time does not invalidate the legality of the
processing based on your consent before that was revoked or withdrawn by you.
To exercise any of your rights we kindly ask you to use the tools offered on our site after logging in.
Alternatively, or if you have questions about the use of your personal information from us, you can contact us
through the Contact Form and use the appropriate contact category. Or you can contact our Data Protection
Officer directly as explained earlier in this document.
According to the law, we will reply to your requests promptly and within 30 business days. If you have not
received a reply from us for over three weeks (21 days) please retry contacting us with alternate means; most
likely your request never reached us. Kindly note that we reserve the right to direct you to our site's tools and /
or this Privacy Statement if your concern is readily addressed by it. Per the law, we reserve the right to not
reply to your requests if they are too often or are otherwise in abuse of the provisions of the law.
Right to file a complaint
If you have exercised some or all of your rights to data protection and you still feel that your concerns about
the way we use your personal data have not been addressed satisfactorily by us, you have the right to file a
complaint by filling in the Contact Us form on our site. You also have the right to file a complaint with the Office
of the Personal Data Protection Commissioner. On the relevant website you will find information on how to file
complaints.
11. Changes in this Privacy Statement
We may periodically modify or amend this privacy statement.
When this happens, we will change the date on the top of the page and keep a change log at the end of this
page. We do not have the technical means to notify our clients about any changes. We recommend that you
re-examine this statement periodically so that you are always updated on the way we process and protect
your personal information.
12. Cookies Policy
Our site uses small text files, known as Cookies, to enhance your experience and work better.
To learn more about the use of cookies on our site please consult our Cookies Policy. Links to this statement,
our Cookies Policy and our Terms of Service can be found at the bottom of every page of our public (meaning:
no user logged in yet) site.
NOTICE: The European Union's General Data Protection Regulation 2016/679 is in effect on May 25th 2018.
Until then the Laws for Processing Personal Data Information (Protection of the Individual) from 2001 to 2012
are still in effect.
Changelog (changes made to this page)
April 2018: Initial version
May 1st, 2018: Rewritten with the wording and sections required by the European Union
