RateMyBody operates in Finland and complies with the General Data Protection Regulation (GDPR) and Finnish Data Protection Act. This privacy policy explains how we collect, use, and protect your personal data in accordance with EU law.
Data Controller: RateMyBody, Finland
Legal Basis for Processing: Consent, contract performance, legal obligations, and legitimate interests
1. Information We Collect
1.1 Account Information
- Username and display name
- Email address
- Password (encrypted)
- Date of birth
- Gender and country
- Profile information and bio
1.2 Uploaded Content
- Photos and images you upload
- Photo titles and descriptions
- Category selections
- Upload timestamps
1.3 Activity Data
- IP addresses
- Browser type and version
- Device information
- Pages visited and actions taken
- Ratings and votes given
- Login times and session data
2. How We Use Your Information
- To provide and maintain our service
- To verify age requirements
- To prevent fraud and abuse
- To enforce our Terms of Service
- To comply with legal obligations
- To improve user experience
- To communicate with you about your account
3. Data Retention
We retain your data:
- Account data: Until you delete your account
- IP logs: For security and legal compliance (typically 90 days to 1 year)
- Deleted content: May remain in backups for up to 90 days
- Legal hold data: Retained as required by law or valid legal process
4. Data Sharing
We may share your information only in the following circumstances:
- Law enforcement: When required by valid legal process
- Safety: To prevent harm or illegal activity
- CSAM reports: Required reporting to NCMEC and authorities
- Service providers: Trusted partners who assist in operating our service
5. Your Rights Under GDPR
As an EU-based service, we provide you with comprehensive data protection rights:
5.1 Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether your personal data is being processed and, if so, access to that data and information about the processing.
5.2 Right to Rectification (Art. 16 GDPR)
You have the right to obtain the rectification of inaccurate personal data and to have incomplete data completed.
5.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)
You have the right to request deletion of your personal data without undue delay where:
- The data is no longer necessary for the purposes collected
- You withdraw consent and there is no other legal ground for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- The data must be erased for compliance with a legal obligation
Note: This right may be limited where retention is necessary for legal compliance, establishment of legal claims, or other lawful purposes.
5.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to restrict processing of your personal data in certain circumstances.
5.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
5.6 Right to Object (Art. 21 GDPR)
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
5.7 Right to Withdraw Consent (Art. 7(3) GDPR)
Where processing is based on consent, you have the right to withdraw consent at any time.
5.8 Right to Lodge a Complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, workplace, or where an alleged infringement occurred.
Finnish Data Protection Authority:
Office of the Data Protection Ombudsman
Website: tietosuoja.fi
Email: tietosuoja@om.fi
How to Exercise Your Rights
To exercise any of these rights, contact us at: dpo@ratemybody.net or privacy@ratemybody.net
We will respond to your request within one month as required by GDPR (extendable by two additional months for complex requests).
6. Security
We implement industry-standard security measures including:
- Encrypted passwords using Argon2ID
- Secure HTTPS connections
- Regular security audits
- Access controls and monitoring
7. International Data Transfers
Data Location: Your data is primarily stored on servers located in Finland (EU).
If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the EU Commission
- Adequacy decisions by the EU Commission
- Your explicit consent where required
Currently, data processing occurs within the EU and we do not routinely transfer data outside the EEA.
8. Cookies and Tracking Technologies
Cookie Consent: In compliance with the EU ePrivacy Directive (Cookie Law), we obtain your consent before placing non-essential cookies.
We use cookies for:
- Strictly Necessary Cookies: Session management, authentication, security (no consent required)
- Functional Cookies: User preferences and settings (consent required)
- Performance Cookies: Analytics and site improvement (consent required)
You can manage your cookie preferences at any time through your browser settings or our cookie consent banner.
9. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
- Consent (Art. 6(1)(a) GDPR): For optional features and marketing communications
- Contract Performance (Art. 6(1)(b) GDPR): To provide our service to you
- Legal Obligations (Art. 6(1)(c) GDPR): For age verification, CSAM reporting, and compliance with Finnish/EU law
- Legitimate Interests (Art. 6(1)(f) GDPR): For security, fraud prevention, and service improvement
10. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee GDPR compliance:
Email: dpo@ratemybody.net
Privacy Requests: privacy@ratemybody.net
11. Contact Us
Data Controller: RateMyBody, Finland
For privacy concerns, contact:
- Privacy inquiries: privacy@ratemybody.net
- Data Protection Officer: dpo@ratemybody.net
- GDPR requests: privacy@ratemybody.net
Postal Address:
RateMyBody
[Your Company Address]
Finland