THE HANDY – PRIVACY POLICY
Last updated: October 2020
Protecting your privacy is a core part of Sweet Tech´s mission. Therefore, we have throughout the product development process of “Handy” – the ultimate hand job machine for men – built in safety and data protection by default.
In order for you to understand this privacy policy we have defined some important concepts:
“personal data” |
means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly. Examples of personal data includes name, an identification number, location data, an online identifier such as IP address, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
“special categories of personal data” |
means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (often called sensitive data). |
“controller” |
Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. |
“processor” |
means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; |
IN SHORT:
Here is a summary of our commitment to secure your personal data when using the Handy device. Please read the full Privacy Policy.
- Sweet Tech is the controller as we determine the purposes and means of the processing of personal data for you as our customer.
- We process your personal data in accordance with the GDPR (The EU General Data Protection Regulation) and this Privacy Policy. We provide full transparency about what we do with your personal information. If you have any questions, please contact us at the contact details below.
- Your Personal Data is not shared with anyone unless we have legal grounds for such transfer and such transfer is in accordance with this Privacy Policy, or you have consented to such sharing.
- You can ask Sweet Tech to gain access to, rectify and delete your personal data at any time.
- We will not store your personal data any longer than is necessary for the purposes as listed below.
1. What kind of data do we collect and why
1.1 Overview
What data we process depends on your interaction with us and your use of the Handy device. See below for various alternatives:
1.2 Purchase of the Handy device
When you purchase the Handy device from our website, we collect:
- your name,
- email address,
- phone number,
- billing and shipping address, and
- payment card information that you provide us through our web site.
We use this information to process your purchase, fulfill your order, accounting purposes and register your Handy device for warranty purposes.
The processing is necessary for the performance of a contract to which you are a party. Legal basis is therefore GDPR art. 6 (1) b.
1.3 Using the Handy device offline
We have developed the Handy device with privacy as default. Therefore, when you use the Handy device offline, we do not process any personal data.
1.4 Connect the Handy device to the online world
Note that default WIFI setting is off. The machine will not connect before the user activity presses the WIFI button. If you choose to connect your Handy device to the internet, we will need to collect:
- IP address
- Your unique connection key
We need this information in order to connect the Handy device to the internet.
During the internet connection:
- The Handy device connects to our servers through an encrypted connection (secure socket layer – SSL)
- The Handy device and our servers exchange a connection key to verify that the intended remote partner and third-party service provider connects to the correct Handy device.
- our servers will act like a Chinese wall between your Handy device and any third-party service provider to ensure that are no direct connection between the Handy device and any remote partner or third part provider. Consequently, the remote partner and third-party service provider will not see your IP address
- all communications between the Handy device and any remote partner or third-party service provider will then go through a safe SSL connection.
- you can at any time change the connection key or turn off the device to break the connection with internet.
- the data is stored volatile memory (RAM) while your Handy device is connected to our servers.
The legal basis for the processing is the performance of our contract with you and your consent (GDPR art. 6 (1) b) cf. art. 9 (2) b).
1.5 Using online synchronization with third parties or handyfeeling.com (operator use)
When you as the owner and operator of the Handy device use online synchronization with third party service providers, we collect the personal data in order to connect to the internet, please see sec. 1.4. In addition, we collect:
- the current state of the device
- the identification of the third-party supplier
- the script download URL used for video synchronization.
The purpose of the processing is to enable you to synchronize your Handy device with third part service providers of your choice. We may in the future also use this information to provide payment services.
In order for us to be able to connect your Handy device to the service you want to synchronize with, you will need to provide your unique connection key to the third-party supplier. The unique connection key is generated randomly but will be connected with your name if the third-party supplier you wish to synchronize with has it.
The key alone will not reveal your name. You may at any time regenerate a new unique connection key.
When you use the online synchronization with videos, our processing of your personal data will take place only during the session. When you log off, we will within one hour delete the session data. Please be aware that your Handy device will store the video script file in its persistent memory to enable video synchronization from handyfeeling.com. The data stored inside your Handy device will be deleted when its overwritten by new scripts.
In addition to the processing we perform, the provider of the service with which you synchronize, will be processing your personal data. We will be the controller of the personal data that we process as described in this Privacy Policy. However, the third-party service provider you chose to synchronize your Handy device with, will be the controller of the personal data that it process for its own purposes. Such data will typically consist of any payment details, product choices and other related data. Please consult the privacy policy of such provider.
The legal basis for the processing is the performance of our contract with you and your consent (GDPR art. 6 (1) b) cf. art. 9 (2) b).
1.6 Using the Handy remote control (remote partner use)
When you use the Handy remote control, a remote partner, such as a girlfriend or boyfriend, may control the device. If you choose to use Handy device this way, we collect the personal data in order to connect to internet, please see sec. 1.4. In addition, we collect:
- IP address
of the remote partner. We need this information to connect the remote partner to your Handy device.
The purpose of the processing is thus to operate the Handy device remotely.
The legal basis for the processing is the performance of our contract with you and your consent (GDPR art. 6 (1) b) cf. art. 9 (2) b).
The processing will take place only during the remote session. This data will be stored in volatile memory and will be gone the moment the connection is finished.
1.7 Update your Handy device
When you update your Handy device, we process:
- hardware version of the Handy device
- PCBA version of the Handy device
- serial number of the Handy device
- batch number of the Handy device
- current firmware version of the Handy device
The data is collected to make sure that your Handy device receives the correct update.
The data is not stored in any persistent medium and is used and deleted after the update request have been fulfilled (<1second). The processing is necessary for the performance of a contract to which you are a party.
The legal basis for the processing is the performance of our contract with you and your consent (GDPR art. 6 (1) b) cf. art. 9 (2) b).
1.8 Cookies
A “cookie” is a piece of data sent from a website that is visited and stored locally on your browser. The purpose of cookies is to maintain data related to user preferences and account settings, as well as to evaluate and compile statistics about user activity. Please find our list of cookies we use by clicking this link.
Name |
Provider |
Expiry |
TrackerTypeName |
Type |
Description |
CookieConsent | store.thehandy.com | 1 year | HTTP Cookie | Stores the user’s cookie consent state for the current domain | |
wc_cart_hash_# | store.thehandy.com | Persistent | HTML Local Storage | Necessary | |
wc_fragments_# | store.thehandy.com | Session | HTML Local Storage | Necessary | |
_ga | store.thehandy.com | 2 years | HTTP Cookie | Statistics | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
_gat | store.thehandy.com | 1 day | HTTP Cookie | Statistics | Used by Google Analytics to throttle request rate |
_gid | store.thehandy.com | 1 day | HTTP Cookie | Statistics | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
_hjAbsoluteSessionInProgress | store.thehandy.com | 1 day | HTTP Cookie | Statistics | This cookie is used to count how many times a website has been visited by different visitors – this is done by assigning the visitor an ID, so the visitor does not get registered twice. |
_hjAbsoluteSessionInProgress | store.thehandy.com | 1 day | HTTP Cookie | Statistics | This cookie is used to count how many times a website has been visited by different visitors – this is done by assigning the visitor an ID, so the visitor does not get registered twice. |
_hjid | store.thehandy.com | Persistent | HTML Local Storage | Statistics | Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. |
_hjid | store.thehandy.com | 1 year | HTTP Cookie | Statistics | Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. |
_hjIncludedInPageviewSample | store.thehandy.com | 1 day | HTTP Cookie | Statistics | Determines if the user’s navigation should be registered in a certain statistical place holder. |
_hjIncludedInPageviewSample | store.thehandy.com | Persistent | HTML Local Storage | Statistics | Determines if the user’s navigation should be registered in a certain statistical place holder. |
_hjTLDTest | store.thehandy.com | Session | HTTP Cookie | Statistics | When the Hotjar script executes, it tries to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, it tries to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. |
IDE | doubleclick.net | 1 year | HTTP Cookie | Marketing | Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. |
test_cookie | doubleclick.net | 1 day | HTTP Cookie | Marketing | Used to check if the user’s browser supports cookies. |
pagead/1p-user-list/# | google.com | Session | Pixel Tracker | Marketing | Tracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites. |
pagead/landing | google.com | Session | Pixel Tracker | Marketing | Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement – This also allows the website to limit the number of times that they are shown the same advertisement. |
_gaexp | store.thehandy.com | 82 days | HTTP Cookie | Marketing | This cookie is used by Google Analytics to determine if the visitor is involved in their marketing experiments. |
_gaexp_rc | store.thehandy.com | 1 day | HTTP Cookie | Marketing | Determines whether the user is assigned to a specific content-experiment to optimize website content and advertisement efforts. |
You can choose whether to accept cookies by editing your browser settings. However, if cookies are refused, some features on our website may not work as intended. Information about the procedure to follow in order to enable or disable cookies can be found at:
For more information about other commonly used browsers, please refer to http://www.allaboutcookies.org/manage-cookies/.
1.9 Complaints
Any complaints must be processed in accordance with our General terms and conditions. We will need the following personal data in order to process your complaint regarding faults and/or defects on your Handy device:
- name
- email address
- phone number
- residential address
- serial number
- the date and proof of purchase.
To protect your privacy, please do not include personal identifiable information including photographic or video images as relevant proof.
The processing is necessary for of technical maintenance to ensure the performance of a contract to which you are a party. Thus, the legal basis for the processing is GDPR art. 6 (1) b.
If we require additional information in order to process your complaint, we may request performance and usage details for the unit in question. Under these circumstances we will explicitly ask for your prior consent in accordance with GDPR art. 9 (2) a.
1.10 Newsletter
We would love to stay in touch so we can tell you all about the future functions and add-ons we have in the pipeline. You can sign up for our newsletter on our website to subscribe to our news, information and marketing regarding our products.
In accordance with GDPR art. 6 (1) a) we will only send you newsletters based on your consent.
You can at any time opt out of receiving our newsletters by following the unsubscribe instructions included in each email message, or by contacting us at [email protected].
1.11 Contact us
If you contact us we may need to process information that identifies you such as your name, email address and country of residence etc. in order to answer your question or respond to your request, comment or complaint. We may retain this information to assist you in the future and to improve our customer service. We also use your personal data to establish and manage our relationship with you and provide quality service.
We are considered to have a legitimate interest to process your personal data whenever you contact us as the processing is necessary to manage our relationship with you and to improve our services in accordance to GDPR art. 6 (1) f. Since the communication is solely based on your initiative, the processing will be in your interest as well as ours.
2. Where we process your data/third parties
2.1 Service providers
We use third party services for analytics, marketing and hosting.
We will only process your personal data with third parties as described in this Privacy Policy. The third parties will be responsible for any processing of personal data for their own purposes. Please find links to their privacy policy under the description of each third party below. If a third parties use cookies and similar technologies to collect information about activity on our website you can find more information in our cookies policy in sec.1.8.
2.1.1 Google Analytics:
We use Google Analytics for the purpose of creating a website experience tailored to users’ needs and continuing optimization of our website. In this context, pseudonymized user profiles are created and cookies are used. The information generated includes:
- web browser type/version,
- operating system used,
- referrer URL (the previously visited website),
- host name of the accessing computer (IP address), and
- time of server request,
are transmitted to and stored on a server belonging to Google in the USA. The European Standard Contractual Clauses are the legal basis for the transfer.
Sweet Tech will be controller of the personal data that we process for our own purposes of marketing through Google Analytics. However, Google will be the controller of the personal data they process for its own purposes.
Read more: https://policies.google.com/privacy
2.2 Business transactions
Personal data may also be provided to third parties in connection with a business transaction, including a prospective or completed merger, acquisition or stock sale (including transfers made as part of insolvency or bankruptcy proceedings). Any change of corporate control or disclosure for the purpose of determining whether to proceed or continue with such transaction or business relationship will be securely protected by non-disclosure agreements.
3. Safety measures
The protection of your personal data is a high priority for us. Our security measures include physical, technical and administrative measures. Everyone at Sweet Tech who handles personal data has received training and guidance on how to handle personal data safely. We adopt industry standard software and guidelines to protect your personal data and other confidential information.
Handy connects to our servers and communicates with third party service providers and remote-control partners through an encrypted connection (secure socket layer – SSL).
The Handy operator may at any time change the unique connection key.
All communication between users and Sweet Tech’s servers is secured with HTTPS.This is our guarantee that the processing of personal data is in line with legal requirements and with the highest level of security. Please note that HTTP access is not blocked.
Connections between our server and Handy is by encrypted HTTPS connection.
Your Handy is only identified through your changeable Connection Key.
Logs scramble sensitive data like Connection Key and IP addresses. Logs are deleted by default after 7 days.
We will launch a bounty program to hunt down security holes in 2021.
Our product design mythology is anonymity by default and only store the minimum data to get services to work or not store data at all if we do not need it.
4. Your rights as a data subject
Subject to applicable law, you may have certain rights with respect to our processing of your personal data.
We will provide you with the right to have access to a copy of, rectify, correct and update the personal data that we have about you in accordance with GDPR chapter 3. You may also have the right to restrict processing or have your data deleted. If our processing is based on your consent, you may also withdraw any consents you have given at any time. Please contact us at [email protected]
Also, please let us know if you consider that our processing of your personal data infringes applicable law.
If you believe that we process your data in violation of your rights, you have the right to complain to the Norwegian Data Inspectorate (“Datatilsynet). You should always contact us directly before sending a complaint to the Norwegian Data Inspectorate, so that we can try to resolve or clarify the issue.
5. How long we store personal data about you
We will not to store personal data for longer than needed or instructed by you. We will however retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
6. Changes in the privacy policy
We may update our Privacy Policy based on changing business practices, technology and legal requirements. Any such changes will be posted on this page. If we make a significant change in the way we use or share your personal information, you will be notified via email and/or through other prominent notice within at least 30 days prior to the changes taking effect.
7. Contact information
Sweet Tech AS,
(organisation/VAT number: NO 920 411 029 MVA)
Slemdalsveien 70A
0370 OSLO
Norway