Drafted on 30.04.2020
Business ID: 0115003-5
2. Contact person for register-related issues
Markku Kuismin, Director, Client relations & Sales
3. Register name and data subjects
Client and Marketing Register
In the Register, we process the personal data of our potential clients, as well as our existing clients and their representatives.
4. How do we use your personal data?
We use your data for the marketing and development of the services provided by Meconet Oy. We collect, store and process personal data only for pre-defined purposes.
5. What personal information do we collect?
Data such as the following can be stored about data subjects:
- The descriptive information provided by the individuals themselves (e.g. interests)
- IP address data or another identifier
- Customer feedback information
- Order, billing and delivery information
- Data collected via cookies
- Data collected from social media channels
- Other data collected with the client’s consent.
- Data we collect from our online service
- Company’s and/or individual’s first and last name, address, e-mail address, phone number, publicly available descriptive information, and information on marketing authorisations and prohibitions.
6. Which sources do we collect personal data from?
We collect personal data about you mainly from yourself, when you contact us or when you use our services at a later time. We can also collect contact information from public sources.
7. What is our basis for processing your data?
We ensure that we always have a legal basis for processing your personal data.
We process personal data stored in the marketing register either on the basis of our legitimate interest (e.g. direct marketing to our potential clients and developing our services) or on the basis of your consent.
8. Will your data be transferred or disclosed?
As a general rule, your personal data is processed by our staff members in the course of their work.
In some cases, your data may be disclosed confidentially to our business partners or subcontractors, who process personal data under a written mandate agreement. These include data centre and cloud services meant for data storage, the suppliers of the IT systems we use, and external services purchased to support sales and marketing.
Our subcontractors and business partners process personal data in an agreed manner, in accordance with our written instructions, and only to further the agreed, lawful purposes.
9. Will your data be transferred outside the EU or the EEA?
As a general rule, we do not transfer your personal data outside the EU or the EEA.
The website analytics service we use (Google Analytics) might transfer analytical data outside the EU. However, Google is committed to the Privacy Shield framework, which guarantees an adequate level of data security as approved by the European Commission.
Likewise, the social media channels we use might transfer your data outside the EU and the EEA, but they are also committed to the Privacy Shield framework.
10. For how long will your personal data be stored?
We will only store your personal data for the time necessary to fulfil the purposes described in this statement. Unnecessary data is deleted regularly, at least once a year.
11. How is your data secured?
We respect the confidentiality of your personal data.
Personal data is protected from third parties by firewalls, anti-virus software, personal usernames and passwords. Only the persons authorised by us, whose work requires the processing of personal data, have access to personal data. We only disclose personal data confidentially and to a limited extent, based on the agreements with our contracting partners, such as our subcontractors. Our contracting parties must implement adequate data security and process personal data lawfully in all respects. The people who process personal data are bound by an obligation of confidentiality.
Our website uses a TLS-encrypted HTTPS connection, which means that all personal data is protected electronically. In your browser, you can see it from a lock on the left side of the address bar. If data is in a manual format, it is stored in locked premises not accessible to third parties, and destroyed securely.
The cookies we use are related to our marketing automation system (Active Campaign), Google Analytics and the social media channels we use, i.e. LinkedIn and the services of Facebook companies.
13. What rights do you have?
13.2 The right to access data (the right of inspection)
You have the right to know which of your personal data is stored on the register. You can review your stored personal data as described in this statement.
13.3 The right to have the data corrected or removed (the right to be forgotten)
We will delete, correct or supplement data that is inaccurate, unnecessary, incomplete or outdated for processing, either on our own initiative or at the data subject’s request.
13.4 The right to restrict processing
The data subject has the right to demand that the active processing of their personal data is restricted, for example when the data subject disputes the accuracy of their personal data and requests that their personal data is corrected or removed. In this case, such personal data may only be stored, not processed otherwise. Restrictions on processing are ensured by technical measures.
We will notify the data subject before lifting the processing restriction.
13.5 The right to object to the processing of personal data
You have the right to object to the processing of your personal data to the extent that there is no compelling reason for the processing that would supersede your rights or the processing is not necessary for fulfilling a legal requirement.
13.6 The right to transfer data from one system to another
To the extent that the data subject has provided data for the customer register, processed with the consent or mandate of the data subject, the data subject has the right to obtain such data in a mainly machine-readable format and the right to transfer this data to another registrar.
13.7 Withdrawal of consent
If personal data is processed based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying us. You can withdraw your consent as described in Section 14 of this statement.
13.8 The right to appeal to the supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the registrar has not complied with the applicable data protection regulation in its activities.
14. Where can I submit requests regarding my rights?
Any queries and requests related to the register can be submitted either in person on site by presenting an identity document, or by sending a message via our contact form. We may then contact you by telephone, if necessary, to verify to identity.
We will send the requested data to your e-mail address as a password-protected document, and the password will be sent to your phone by text message.
We will respond to requests within one (1) month of submitting the request, unless there are special reasons for extending the response time. We may also refuse to comply with your request on the grounds provided by the applicable legislation.
The exercise of the rights is, in principle, free of charge.
15. Mandatory disclosure of information