Privacy Policy

Effective date: March 6th, 2024


Orienteers Oy (“Orienteers” or “we”) collects and processes certain data of the users of our website and Control application (collectively, the “Services”). This Privacy Policy applies to data we obtain from individuals (“you”) through our Services.

In this Privacy Policy we explain which data we process about you and for what purposes we process this data as well as the rights you have under this Privacy Policy. We only process such data in accordance with the European General Data Protection Regulation (2016/379) (the “GDPR”) and the applicable national laws.

This Privacy Policy may be updated, and the current version can be found on our website. We will not make any significant changes to this Privacy Policy or reduce the rights of users under this Privacy Policy without a prior notice.


Providing data to us is not mandatory but if you choose to use our Services, we need to collect your data for some or all the purposes described below (or purposes compatible with any of the purposes described below), depending on the Services you wish to use and your choices when using them.

Firstly, we collect data to perform our obligations under a contract to deliver our Services and process such data for the purposes of enabling you to use our Services and creating a user account, recording your activities and analysing your performance, communicating with other users of our Services, for operating the Services and communicating with you relating to the Services.

Secondly, we collect data when we have a legitimate interest to improve our Services and process such data for the purposes of developing our Services and the user experience, updating and developing the user profiles, providing customer service to you and handling your support requests and customising your user experience. We also have a legitimate interest to keep our Services safe and process data for the purposes of analysing and monitoring the use of Services and their features. We may also collect data for promoting our Services and process such data to track the content you access in connection with the Services as well as delivering and improving advertising.

With your consent, we may also send you newsletters and similar communications as well as provide you with relevant ads in our Services.

Finally, we may process your data when it is necessary for our compliance applicable legal requirements and to protect your or any other person’s vital interests.

We do not process data to make any automated decisions that significantly affect you.


We may collect basic personal data which identifies you as an individual, such as your name and contact details necessary to transact business with you as our customer as well as data identifying your user profile, such as username and photos/videos you upload to your account. This data is received directly from you at the point of creating your account or otherwise at the beginning of and during our customer relationship. It is entirely your decision to provide such data.

We may collect and process your health-related data, such as heart rate, activity and power (for example, from Apple HealthKit Database). All health-related data is considered as sensitive data, and we collect and process it only with your explicit consent. In addition, we may also collect and process your location data only with your permission. For our core features to function properly, such as route tracking, we need you allow us to track your device location when you are using the Services. This can be revoked from your device settings at any time.

In addition to the data received directly from you, we may collect data indirectly through your interaction with and use of our websites and social media pages. This other information may include, but is not limited to, anonymised browser and device information (both software and hardware), data collected through automated electronic interactions, application usage data, demographic or geographic information, statistical and aggregated information. Statistical or aggregated information does not directly identify a specific person, but it may be derived from personal data. If other data is combined with personal data, we will treat the combined information as personal data.

If you link a third-party service with the Services (such as your Apple, or Google account), we collect data from those providers for the purposes of enabling that linkage. In addition, you may choose to connect other apps and devices to Services(such as Garmin Connect, Suunto, Polar, Livolex or Strava) and data from these may be passed along to us. Please note that this Privacy Policy does not govern or cover the privacy practices of third parties. We encourage you to review their privacy policies to learn more about their practices.


Like most online services today, we and our partners may use various technologies, including cookies to process certain technical data when users use our Services. The purpose of using these technologies is to receive valuable data of our Services we can use for analysing and improving our Services as well as personalising the user experience and preventing fraud.

We may use session cookies on our Services that are retained in temporary memory as long as your online session lasts and erased when you close your browser. Please note that any possible third-party cookies or cookies set by third parties while linking their accounts to our Services are not covered by this Privacy Policy.


As the basic rule, we do not share, sell, or otherwise disclose your data to third parties. For the purposes of this Privacy Policy, your data may only be shared to following recipients:

  1. other users of our Services may, for example, see your name, username, and activities you wish to share with them.
  2. our authorized service providers who perform services for us (for example IT and infrastructure services and payment processing). We have legally binding agreements with these service providers to ensure their commitment to the privacy and security standards at least as stringent as the terms of this Privacy Policy.
  3. third parties if it is required for complying with applicable mandatory laws or necessary for detecting and preventing security issues, illegal activities, or frauds. In this case we will, if possible, inform you about such transfer.


We store all personal information within the European Union and European Economic Area to the extend it is possible. We have, however, service providers also located outside of the European Economic Area (meaning all European Union countries as well as Norway, Iceland and Liechtenstein, together the “EEA”), which means that we may transfer any personal data which to service providers located in territories outside the EEA.

We strive to ensure that when your personal data is transferred and/or processed outside of the EEA by our service providers and hosting providers, appropriate measures and controls are in place to protect that information in accordance with the applicable data protection regulation. In each case, such transfers are made in accordance with the requirements of the GDPR and may be based on the use of the standard contractual clauses approved by the EU Commission or other lawful safeguards.


We continuously develop and implement administrative, organizational, technical, and physical safeguards to protect your data from unauthorised access or unauthorised alteration, disclosure or destruction. These measures include for example, encryption, firewalls, secure facilities and access right systems. We regularly test our websites, data centres, systems, and other assets for security vulnerabilities.

Should despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform the you and the relevant authorities when required by applicable data protection laws, about the breach as soon as reasonably possible.


Our Services are not intended for, nor directed to, children under the age of 13 and should not be used without the consent of a parent or legal guardian. We use technical measures to prevent children under the age of 13 from creating an account and therefore do not knowingly collect personal data from such underaged persons. If we discover we are processing the data of a person under 13 years old, we will take appropriate measures to promptly delete the data from our records.


The personal information we process is retained only as long as your account is active and as necessary for the purposes set forth in this Privacy Policy unless longer retention is required by applicable law or where we have a legitimate and lawful purpose to do so.

When your account is inactive and the personal data is no longer needed, we will delete or de-identify all such data in our possession within a reasonable time. Your personal data may also be deleted upon your request unless the applicable law in force at the time of the request does not prevent deletion of such data.


If you wish to use your rights below, please send us an e-mail by using the controller’s contact information.

Right to access your data. You have a right to access your personal data processed by us and request a copy of such personal data.

Right to rectification. If your personal data changes, or if you find your personal data to be inaccurate, you may correct, update, or delete inaccuracies by making the change by contacting us.

Right to withdraw consent. You have a right to withdraw your consent regarding the processing of your personal data and require us to erase such data we have processed based on your consent. We will retain and use such data only if we have a legitimate and lawful purpose to do so, e.g. to comply with our legal obligation or resolve possible disputes.

Right to erasure. You have the right to have us erase your personal data if (a) such data is no longer necessary for the purposes for which it was collected or processed, (b) there is no justified reason for us to process your personal data or (c) your personal data has otherwise been processed unlawfully.

Right to restriction. You have a right to request us to restrict the processing of your personal data for example when you are waiting for our response for your request to access or erase your data.

Right to data portability. You have a right to receive your personal data you have provided us in a structured, commonly used and machine-readable format and, if you so desire, have your data transmitted to another controller, when technically feasible.

Right to lodge a complaint. If you feel our processing of your personal data is in breach of the GDPR or you are not satisfied for any other reason, you can contact us. You also have a right to lodge a complaint with a local supervisory authority.


If you have any questions or concerns about our data protection practices, or if you have any requests for resolving issues with your personal information, please contact us:

Orienteers Oy
Address: Lauri Mikonpojan tie 4 B, 00840 Helsinki, Finland
E-mail: petri(a)