Last updated 9 March 2020.
|1. Data controller||Mint of Finland Ltd
01741, Vantaa, Finland
|2. Contact person in matters involving the register||Minna Toiviainen
Mint of Finland Ltd
Tel. (09) 898 274
|3. Name of register||Coin collector application development collaboration register. Data subjects include representatives of entities, mints and central banks participating in the collaboration in development of the application, including participating webinars or other events organised by Mint of Finland.|
|4. Purpose and basis of processing personal data||The Mint of Finland collects and processes information on registered persons following purposes:
The legal basis for processing the personal data are the legitimate interests of Mint of Finland as well as Mint of Finland contractual obligations or consent of the data subject.
In addition, we may be required to retain some of the personal data in order to comply with accounting or other mandatory legislation even after the termination of co-operation or termination of other basis for processing of personal data. In this case, the processing is based on compliance with the statutory obligation.
We will not use the information for any other purposes
|5. Processed data contents||For the purposes described above we process the following information of the data subject:
|6. Regular sources of data||Personal data is collected from Mint of Finland customer and marketing register or from the data subject, for example in communication situations via telephone or e-mail.
Personal data may also be collected and updated by the Data Controller and its affiliated companies from other registers within Mint of Finland group based on the legitimate interest of the Data Controller or based on the consent of the data subject.
|7. Regular disclosure of data||Some of the personal data may be accessible and processed by Mint of Finland’s subsidiaries, subcontractors and other service providers, to the extent needed in connection with the above said purposes. Mint of Finland ensures that such third parties are always bound by contracts, which sufficiently address data protection and confidentiality requirements. We are using external service providers for certain parts of business operations, e.g. IT system maintenance. In addition, the names and e-mail addresses of participants in webinars and other Mint of Finland meetings may be visible to other meeting participants.|
|8. Transfer of data to countries outside the EU or EEA||In general we do not transfer personal data outside the EU or European Economic Area (EEA). If we do transfer personal data outside the EU or EEA, we will guarantee the sufficient level of data protection by among other things agreeing on matters related to confidentiality and processing as required by the legislation, e.g. by using model clauses adopted by the European Commission.|
|9. Retention period||The retention period of personal data depends on the information concerned and its purpose of use. The controller retains personal data as long as they are needed for the execution of the informed purposes of use, i.e. collaboration concerning the application, including also the performance of the controller’s contractual obligations or in managing the contractual relationship. The retention period of personal data is typically tied to the term of a contract or other collaboration with the organization represented by the data subject. Statutory retention periods may also apply to personal data. For instance, the accounting regulation requires that the information included in the accounting materials are retained for six or even ten years depending on the laws applicable to controller at a given time.
When personal data are no longer needed, the data is destroyed in a secure way or irrevocably anonymized.
|10. Your rights||The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situations himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Mint of Finland to the extent Mint of Finland acts as the controller to the personal data of the data subject in question.
To the extent the processing of personal data has been based on the data subject’s unambiguous consent, the data subject has, at any time, the right to withdraw his/her consent regarding the processing.
In certain cases the data subject can access and rectify his/her data through electronic services provided by Mint of Finland. In cases where the data subject has no such services in use, the requests, including requests concerning the erasure, portability or the objection to processing shall be directed to firstname.lastname@example.org.
Mint of Finland will take measures based on the data subject’s request without delay, and provide the data subject with the information concerning the measures related to the use of the data subject’s rights primarily within one month from receiving the data subject’s request.
In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, in Finland to the Data Protection Ombudsman, in accordance with its instructions. The website of the Data Protection Ombudsman can be found here: www.tietosuoja.fi/en.
|11. Data security||Manual material: Manually processed documents including information on data subjects are stored in locked up spaces so that unauthorized access is prevented.
Electronically processed data: Databases, in which the register data is stored, are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked up spaces.
The controller will make sure that access to data is permitted only to those of its employees and only to those employees of the companies acting on be-half of him who have the need to access the data for the execution of the tasks assigned to them.
|12. Amendments to the privacy statement||This privacy statement may be amended from time to time. You can tell when changes have been made to the statement by referring to the “Last Updated” date on top of this page. We encourage you to familiarize yourself with the privacy statement regularly for any amendments.
If we materially change the ways in which we use and disclose personal data, we will inform of it separately.