Last updated 22 May 2018.
|1. Data controller||Mint of Finland Ltd
01741, Vantaa, Finland
|2. Contact person in matters involving the register||Eeva Kukkonen; José Velasco
Mint of Finland Ltd
Tel. (09) 898 274
|3. Name of register||Customers and marketing register|
|4. Purpose and basis of processing personal data||The Mint of Finland collects and processes information on registered persons in following purposes:
The legal basis for direct marketing for consumers is based on consumer’s explicit consent. The legal basis for processing other marketing and customer data are the consent of the data subject, legitimate interests of Mint of Finland as well as contractual obligations.
In addition, we may be required to retain some of the personal data in order to comply with accounting or other mandatory legislation even after the termination of co-operation or termination of other basis for processing of personal data. In this case, the processing is based on compliance with the statutory obligation.
We will not use the information for any other purposes.
|5. Processed data contents||For the purposes described above we process the following information of the data subject:
|6. Regular sources of data||Personal data is collected from the data subject, for example in a communication situations via telephone or e-mail, or by joining Mint of Finland’s mailing list on the Mint of Finland’s website or by marketing campaigns or similar.
Mint of Finland’s employees record the contacts that are relevant to the sales projects in the active marketing phase to the company’s marketing database.
Personal data may also be collected and updated by the Data Controller and its affiliated companies form other registers within Mint of Finland group based on the legitimate interest of the Data Controller or based on the consent of the data subject.
|7. Regular disclosure of data||Some of the personal data may be accessible and processed by Mint of Finland’s subsidiaries, subcontractors and other service providers, to the extent needed in connection with the above said purposes. Mint of Finland ensures that such third parties are always bound by contracts, which sufficiently address data protection and confidentiality requirements. We are using external service providers for certain parts of business operations, e.g. IT system maintenance.|
|8. Transfer of data to countries outside the EU or EEA||In general we do not transfer personal data outside the EU or European Economic Area (EEA). If we do transfer personal data outside the EU or EEA, we will guarantee the sufficient level of data protection by among other things agreeing on matters related to confidentiality and processing as required by the legislation, e.g. by using model clauses adopted by the European Commission.|
|9. Retention period||The retention period of personal data depends on the information concerned and its purpose of use. The controller retains personal data at least as long as they are needed for the execution of the informed purposes of use, such as in the performance of the controller’s contractual obligations or in managing the contractual relation with the customer. The retention period of personal data is typically tied to the term of a contract with the data subject or an organization represented by the data subject. Statutory retention periods may also apply to personal data. For instance, the accounting regulation requires that the information included in the accounting materials are retained for six or even ten years depending on the laws applicable to controller at a given time.
When personal data are no longer needed, the data is destroyed in a secure way or irrevocably anonymized.
|10. Your rights||The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situation himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Mint of Finland to the extent Mint of Finland acts as the controller to the personal data of the data subject in question.
– Right of access: The data subject has the right to obtain a confirmation from the controller on whether the controller processes personal data concerning the data subject and the right to access such data. The data controller may ask the data subject to specify his/her access request, amongst others, with regard to the details of the data to be delivered.
– Right to rectification: The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him/her processed by the controller, or to have incomplete personal data processed by the controller to be completed.
– Right to be forgotten: The data subject has the right to obtain from controller the erasure of personal data related to him/her and the controller has the obligation to erase such data in case there is no longer a legal ground for the processing of such data or, where the legal or contractual obligation binding the controller related to the storing of the personal data has ended or, where the data subject has withdrawn his/her consent to the processing of his/her personal data.
– Restriction of processing: In certain cases, where so prescribed by law, the data subject may have the right to obtain from the controller restriction of processing of his/her personal data.
– Right to data portability: The data subject may, subject to certain conditions prescribed by law, have the right to receive the personal data concerning him/her processed by the controller in a commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the original controller.
– Right to object to processing of his/her personal data: In certain cases, the data subject may have the right to object to processing of personal data concerning him or her. The right to object is applicable in such situations in particular where the processing of personal data is based on the controller’s legitimate interest. In such situations the controller has to follow the data subject’s request, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Additionally, data subjects have the right to object direct marketing communications from Mint of Finland. Data subject may choose to stop receiving direct marketing communications from Mint of Finland at any time by sending notice to Mint of Finland using the contact details above under section 2. Data subject can also withdraw their consent to our marketing messages by clicking the ‘unsubscribe’ link at the bottom of each marketing email
To the extent the processing of personal data has been based on the data subject’s unambiguous consent, the data subject has, at any time, the right to withdraw his/her consent regarding the processing.
In certain cases the data subject can access and rectify his/her data through electronic services provided by Mint of Finland. In cases where the data subject has no such services in use, the requests, including requests concerning the erasure, portability or the objection to processing shall be directed to email@example.com.
Mint of Finland will take measures based on the data subject’s request without delay, and provide the data subject with the information concerning the measures related to the use of the data subject’s rights primarily within one month from receiving the data subject’s request.
In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, in Finland to the Data Protection Ombudsman, in accordance with its instructions. The website of the Data Protection Ombudsman can be found here: www.tietosuoja.fi/en.
|11. Data security||Manual material:
Manually processed documents including information on data subjects are stored in locked up spaces so that unauthorized access is prevented.
Electronically processed data:
Databases, in which the register data is stored, are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked up spaces.
The controller will make sure that access to data is permitted only to those of its employees and only to those employees of the companies acting on be-half of him who have the need to access the data for the execution of the tasks assigned to them.
|12. Amendments to the privacy statement||This privacy statement may be amended from time to time. You can tell when changes have been made to the statement by referring to the “Last Updated” date on top of this page. We encourage you to familiarize yourself with the privacy statement regularly for any amendments.
If we materially change the ways in which we use and disclose personal data, we will inform of it separately.