Time Atlas Labs Oy – Privacy Notice
Last updated on 23th of May 2025
This privacy notice (the “Privacy Notice”) describes how and why Time Atlas Labs Oy (“Time Atlas Labs” or “we”) collects, uses and shares your personal data when you use our applications, sites and related services (the “Service”).
Time Atlas Labs Oy
Business ID 3481672-9
P.O. Box 1188
00101 Helsinki
Email: [email protected]
Please send all notices and requests relating to the processing of your personal data to the following email address: [email protected]
We process your personal data as a controller only for the purposes described in this Privacy Notice or as otherwise communicated to you when collecting your personal data, and only to the extent it is necessary for each purpose of processing further described herein.
We process your personal data primarily to offer you the services related to the Service, including the processing of your payments and possible complaints, and to interact with you in relation to the service or customer service, or as requested by you.
To protect your privacy, we primarily encrypt your personal data locally on your device before it is, to the extent necessary, transmitted to our servers. We do not process your personal data in non-encrypted form unless necessary. We ensure that our service providers adhere to an equal level of data security when processing your personal data on our behalf.
Depending on the context in which you interact with us, we also process your personal data for multiple different purposes, as further described below.
Apart from the personal data described in this Privacy Notice and as requested by us specifically, we do not act as a controller for any personal data that you may provide while using the Service. For these data we only act as a processor, and you are responsible for ensuring that there is, for example, a legal basis for the processing of those data. These data may include, for example, personal data of you and others that you share in your entries.
We process the following personal data about you:
Contact information | such as your name, email address and phone number |
Device information | such as which device you use the Service on, your IP address and the operating system you are using |
Purchase information | such as your active and previous subscriptions and other purchases from us |
Payment information | such as credit card details and other details on used payment methods |
Location data | including your exact location at regular intervals. |
Reviews | such as reviews and other feedback that you post on our channels or send directly to us |
Information regarding the use of the Service | such as your interactions while using the Service, including analytic data on how you use the Service, excluding (1) any files you upload to the service, (2) entries you may make in the Service, (3) your location data or (4) health and activity data |
Health and activity data | such as your pulse, sleep data, mood data, data on activity levels and similar information regarding your health and activity |
When you login to the application providing the Service, we automatically collect certain data on your terminal device as well as details on your visit, such as your IP address, information on your operating system and interface, including version and language, the time of your visit, referral page and the amount of data transferred.
We mainly process your personal data based on the agreement between you and us concerning the provision of the Service for Providing the Service, Creating an account and logging into the Service and for Handling of subscriptions and other purchases (Article 6(1)(b) GDPR). We may process your Location data and Health and activity data with your consent (Article 6(1)(a) GDPR). Our processing of your personal data related to our customer service is based on legitimate interest (Article 6(1)(f) GDPR). The processing of your personal data related to our newsletters sent to you and developing the Service is based on your consent and our legitimate interests.
The table below shows for which purposes and on which legal grounds we process each type of personal data:
Purpose of the processing | Categories of personal data | Legal basis |
Providing the Service | Contact information Device information Purchase information | Agreement |
Creating an account and logging into the Service | Contact information | Agreement |
Handling of subscriptions and other purchases | Contact information Purchase information Payment information | Agreement |
Customer service | Contact information | Legitimate interest (to provide you the best possible service experience and to aid you in managing your subscriptions) |
Development of the Service | Reviews, Information regarding the use of the Service, | Legitimate interest (to develop the Service, to learn how you interact with the Service and to provide better user experience for our users) |
Development of the Service | Health and activity data, Location data | Only with consent |
Newsletter subscriptions | Contact information | Consent and legitimate interest (to provide you relevant information about the Service and the management, analysis and development of the customer relationship between you and us) |
All processing contexts: limited processing for other legitimate interests
In addition to the primary purposes of processing elaborated above, we may process the personal data collected in each identified processing context for a limited number of other legitimate interests, such as protecting our property; preventing and investigating suspected malpractices; defending against or prosecuting a legal claim; analysing and compiling statistics for business purposes, developing our products and business, reorganisation of our business and for scientific research purposes, but only to the extent the processing is proportionate to the interests of the data subjects and the processing can be considered to be in line with the reasonable expectations of them. To the extent identification of a data subject for these processing purposes is not necessary, we will use the data for these purposes in non-identified form.
We primarily obtain your personal data directly from you. You may provide us personal data for instance by sending us emails or faxes, through phone conversations or meetings with us, or through documents you provide to us.
With your approval, we may receive personal data from 1) other applications or sensors on your device that may, among others, track, health and activity data or your location data, and/or 2) other services or third parties that have access to such data.
Why we transfer or disclose your personal data
We may transfer or disclose your personal data to our group companies or to external service providers as follows. You can find a list of our service providers to whom personal data is disclosed via this link: www.timeatlaslabs.com/legal/providers.txt
We use external service providers to provide us services, for example, services related to the technical maintenance or hosting of the Service, in the context of which these service providers process personal data as processors on our behalf, and we require that these parties agree to process personal data based on our instructions and in compliance with this Privacy Notice.
We may also disclose personal data to our partners within the limits permitted by law, e.g. for purposes of carrying out deliveries, billing or marketing. For example, to execute your orders, we use services of our partners (such as payment services offered by banks or credit card companies or shipping and delivery services offered by dispatching companies). We will only provide these partners the information they need to deliver the services agreed, such as, to process your payment and to deliver your order. If we advertise through social networks (e.g., Facebook, Instagram), we may provide information about the data subjects (e.g., device and usage information, ad and cookie IDs, email addresses) in encrypted form to the respective social network service provider.
In addition, we may disclose your personal information if we are required to do so by law or if we in good faith believe that such action is necessary to conform to the provisions of the law or comply with legal process served on us or to protect and defend our rights or property.
We may share limited amounts of personal data within the Time Atlas Labs group of companies for legitimate business purposes, such as to develop and improve our business or products and analyse and enhance customer experience. In case we sell our business or part of it, or otherwise reorganize our business, we may disclose and transfer personal data to buyers and their advisors in accordance with the limits of applicable legislation.
International transfers of personal data
We use partners in business activities requiring the processing of personal data, and in this context, we or our partners may, in accordance with applicable legislation, process personal data anywhere in the world and thus transfer the personal data also outside the UK, the EU or the EEA. Regarding transfers of personal data to countries where the local data protection legislation does not provide adequate level of data protection, the transfers are based on appropriate safeguards, such as standard contractual clauses approved by the European Commission (the “EU SCCs”) or the UK Secretary of State (the “UK SCCs”), as applicable.
The EU SCCs can be found here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
The UK SCCs can be found here: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/
To learn more about the appropriate safeguards we use, please send us an email at the address provided at the beginning of this Privacy Notice.
We have taken appropriate technical and organizational measures to protect the security of your personal data and to ensure that your choices for its intended use are honoured. We protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction by appropriate technical measures such as firewalls.
We do not share your personal data outside Time Atlas Labs, its subsidiaries, affiliates or other partners, except under conditions and for purposes explained in this Privacy Notice, or unless otherwise required under mandatory applicable law. Within Time Atlas Labs, its subsidiaries, affiliates and other partners, personal data is stored in password-controlled environments with limited access granted only to such persons whose work requires the processing of personal data.
The retention time of the collected personal data is subject to the legal basis and processing purpose for which the data were collected. We will retain your personal data for as long as they are necessary for carrying out the processing purposes for which it was collected, as specified in this Privacy Notice, in particular for the fulfilment of our contractual and statutory obligations. Where the processing is based on our legitimate interest, we will retain your personal data for as long as our legitimate interest can be deemed valid, or until you request the deletion of your personal data.
Retention periods
The general retention periods for personal data in different contexts are as follows:
Purpose of processing | Retention period |
Providing the Service | The information is retained for as long as the data subject has an active account. |
Creating an account and logging into the Service | Basic account information and login information is stored for 5 years since the previous login. If the user has not logged in for 5 years, all account information will be deleted. |
Handling of subscriptions and other purchases | Data on active subscriptions are retained for as long as the data subject has a subscription in force. Data on past subscriptions are stored for 5 years. To the extent we are obligated to retain data regarding purchases and payments pursuant to laws (e.g. accounting legislation) for longer than 5 years, we retain the data for the time specified in applicable legislation. |
Customer service | Emails and other messages sent to our customer support are retained for 5 years. |
Development of the Service | Published reviews are not deleted unless the data subject requests deletion. Published reviews do not, in general, contain personal data. Location data and health and activity data are retained until the data subject withdraws their consent. |
Newsletter subscriptions | Data on active newsletter subscriptions are stored for as long as there is an active newsletter subscription. Data on newsletter analytics is stored for 2 years. |
When we no longer need the collected personal data, the data will be safely destroyed or irrevocably anonymized. If you delete your user account, we will delete all data stored about you, unless contractual or statutory retention periods apply. If the complete deletion of your data immediately after you have deleted your user account is not possible or necessary for legal reasons, access to your data for further processing will be prevented.
We may also retain certain personal data after the termination of the initial processing purpose, should such retention of personal data be necessary to comply with other applicable laws or should we need the personal data to establish, exercise or defend a legal claim, on a need-to-know basis only.
Below we have summarized the rights that you as a data subject have under the European data protection legislation. The “data subject” refers to natural persons whose personal data is processed by us, i.e., our customers and other consumer groups whose personal data we process as specified in this Privacy Notice. Some of the rights are complex and are subject to certain exceptions, and to keep this Privacy Notice concise, not all of the details have been included in the below summaries.
The data subjects have the right to access the data processed by us as a controller and to get incorrect personal data related to them rectified. If you wish to use your right of access or rectification, please proceed as follows. The request shall contain the basic information needed for finding the requested data. After receiving and processing the request, we will send you a copy of the personal data by mail or electronically. We reserve the right not to complete your request if the request is manifestly unfounded. Should you request for multiple copies, or should you wish to submit more than one request per year, we may charge you a reasonable fee based on administrative costs for the execution of your request.
You also have the right at any time to request us to erase the personal data concerning you and processed by us and we are obliged to erase the data if there is no longer a legal ground for processing the data. Please note that certain data processed by us are subject to statutory retention requirements, and regardless of a request of erasure, such data we cannot erase until the end of the statutory retention period. You also have the right to object to the processing of your personal data if the data has been processed on the basis of our legitimate interest, and we are obliged to stop processing such personal data unless we can demonstrate compelling legitimate grounds for further processing of such personal data. You also may have the right to obtain from us restriction of our processing of your personal data.
If you have declared your consent regarding certain types of processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
To exercise the above rights, please reach out to us using the contact details mentioned at the beginning of this Privacy Notice.
If you consider that our processing of your personal data infringes the data protection laws, you have the right to lodge a complaint with a data protection supervisory authority. You may do this to the Information Commissioner’s Office (if you are in the UK) or in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
We reserve the right to update and modify this Privacy Notice. Unless otherwise provided by mandatory applicable legislation, we may not personally post changes to this Privacy Notice to the data subjects in person, and therefore we prompt you to check this Privacy Notice from time to time for possible changes.
If for some reason you believe that we have not adhered to the foregoing, please notify us by email at the address set out at the beginning of this Privacy Notice, and we will do our best to determine and correct the problem promptly.
(6)