Peili Vision Ltd is a Finnish company developing virtual reality (VR) technology-based
assessment method for neuropsychological evaluation in health care and for assessment of the
guidance needs of students in school. To serve our customers, we collect relevant information
from our customers’ contact persons. Data processing is based on a legitimate interest related to
the customer relationship or customer acquisition, or on the consent given by the data subject.
The information is used to manage customer relations, deliver services and for advertising and
marketing aimed at companies and other entities. We respect your privacy and comply with the
applicable data protection legislation when processing personal data. This Privacy Policy
describes what personal data we collect about you, why we collect it, how we use it and how you
may control your personal data.

This Privacy Policy does not cover the processing of personal data in the services we provide to
our customers. Regarding the personal data processed in our services, the controller is our
customer and we act as a processor of the personal data on behalf of our customer. Peili Vision
Ltd does not process the personal data of rehabilitators performing exercises with the service for
its own account.

Controller and contact information related to privacy policy

Peili Vision Oy

Business id 2730552-5

Kansankatu 53, 90100 Oulu


+358 40 7772241

The data we collect about you

Our customer register contains information about the contact persons of our customers or
potential customers. The information collected in the registers consists of contact information
provided by the contact person himself or his employer, such as name, e-mail address, telephone
number, employer and job function. In addition, we can store information about consent or
prohibition regarding direct marketing. We do not collect sensitive information.

We may use a variety of methods to automatically collect data from your computer or mobile
device when you visit our website. The automatic methods may comprise cookies, web beacons
and other technologies. Data collected automatically may include your IP address, your location,
the operating system of your computer or mobile device, the browser you are using, the type and
settings of your mobile device, as well as your activity with regard to our services, such as the
pages you visit on our website. Most of such automatically collected data is stored only
temporarily. To prevent automatic cookie-based data collection, you may turn cookies off in
your browser settings. Please see our more in detail information from our Cookie Policy

How we use your personal data

We use your personal data for managing customer relationship, communicating with you,
processing orders, delivering products and services, analytical and statistical purposes, as well as
for targeted advertising and marketing. We may send you, based on your job duties or position,
direct marketing that is aimed at the company you work with, unless you have forbidden it.

The processing of personal data is primarily based on customer relationship with the company or
other organization with which you work and our legitimate interest in managing customer
relationships and targeting our marketing. We may process your information also based on your

Who processes your personal data

Your personal data is processed by employees of Peili Vision Oy whose duties are related with
marketing, sales, customer support or administration. Our staff is trained in safe data processing
and each group of employees processes data only to the extent which is necessary to carry out
their respective duties.

We may transfer your personal data to be processed by external trusted service providers too.
Such service providers provide us services such as information systems, cloud services, data
processing and other information technology services. We do not allow the service providers to
use or transfer your personal data for any purpose other than to provide services on our behalf.
We have binding data processing agreements with all our service providers to ensure that the
requirements of the EU General Data Protection Regulation and other applicable laws are taken
into account.

Will your personal data be transferred outside the EU or EEA

Your personal data will be processed mainly within the European Union. However, we also use
the services of US-based service providers, and, in that case, your personal data will be
transferred outside the European Union. To secure and protect your privacy and your rights, the
service providers have applied for the EU–US Data Privacy Framework certification and are
committed to comply with the EU General Data Protection Regulation. For more information
about EU-US Data Privacy Framework, please see: https://www.dataprivacyframework.gov/s/

Will your personal data be disclosed to third parties

We will not sell your personal data and will only disclose your data as described in this Privacy
Policy. Disclosure of data is subject to the applicable data protection legislation.

If, for strategic or other business reasons, we decide to sell or transfer our business in whole or in
part, we may, as part of such sale or transfer, pass on data that we have collected and maintained,
including customer information containing your personal data, to anyone who is a party to the
sale or transfer of the business.

Additionally, we may disclose your personal data if we consider it necessary because of an
applicable law, regulation or an authority’s request.

How we ensure the security of data processing

We keep your data in electronic records and have taken appropriate steps to safeguard your
personal data. The personal data is protected against unauthorized access and accidental or
unlawful destruction, alteration, disclosure, transfer or other illegal processing. Access to the
data and editing and any processing of the data requires user authentication and a secure
connection. The access to the data records is only allowed for designated persons who are
responsible for system administration or customer relations management.

For how long your personal data will be stored

Your personal data will be stored only for as long as the data can be considered necessary for the
purposes described in this Privacy Policy, unless keeping the data longer than this is required by
law or permitted under the law, for example to fulfill and demonstrate the fulfillment of
obligations regarding accounting and consumer trade. We will delete your data stored in the
register when your employment with our customer ends or when there is no longer a basis for
processing your personal data.

Your Rights as a data subject

You have the right to access your data, the right to demand that inaccurate information be
rectified and the right to request your data to be erased or completed. You have the right to rely
on any of your rights established by data protection legislation, such as the right to restrict or
object processing. You also have the right to prohibit the use of your data for direct marketing. If
you have given us a consent to send you marketing communications, you may later object such
communications in accordance with the instructions we include in the messages.

We always wish to resolve any issues concerning the processing of your personal data directly
with you and we are committed to respect all your rights. However, if you are not happy with our
data processing practices and how we process your personal data, you have a right to lodge a
complaint with a supervisory authority.

Changes to the Privacy Policy

We may update this Privacy Policy and our data protection practices from time to time. If the
changes are significant, we will notify you on our website or by other means, such as by email.

Cookie Policy

When you visit our website, one or more cookies are placed on (or read from) your machine if
your browser is set to accept cookies. A cookie is a small data file that we transfer to your
computer’s hard drive through your web browser. A cookie contains a basic code that is used to
access your account information, maintain current session data, gather broad demographic
information, and help analyze website traffic. We may use the information in cookies for
purposes including, but not limited to, market research and improving the content of our website.
You can choose not to receive cookies by modifying the settings of your browser. If you choose
to decline cookies, you may not be able to take advantage of every feature of our website.

Most internet browsers accept cookies by default. In the cookie settings of our website, you can
accept or reject the use of cookies of different levels. In addition, by changing the browser
settings, the user can prevent the browser from storing cookies or limit their use. By altering
browser settings, users are also able to delete previously installed cookies.