Privacy notice - Mobile Services User Register

Privacy notice – Mint of Finland Mobile Services User Register

Updated 2 December 2020

1.      Data controller Mint of Finland Ltd

Suokallionkuja 4

01741, Vantaa, Finland

 

2.      Contact person in matters involving the register Minna Toiviainen

Mint of Finland Ltd

Suokallionkuja 4

01741, Vantaa

Tel. (09) 898 274

E-mail: privacy@mint.fi

3.      Name of register Mint of Finland mobile application user register

 

4.      Purpose and basis of processing personal data We process your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to run, maintain and develop our business and to create and maintain customer relationships.

More specifically, we process your personal data for following purposes:

·        To provide Mint of Finland services and carry out our contractual obligations (legal ground: performance of a contract and legitimate interest): we process your personal data to be able to offer the Mint of Finland services to you under the contract between you and Mint of Finland. If you contact us, we will use the information provided by you to answer your questions or solve your complaint.

 

·        For our legal obligations (legal ground: compliance with a legal obligation) We process data to enable us to administer and fulfil our obligations under law. This may include data processed for complying with our bookkeeping obligations and providing information to relevant authorities, if applicable.

 

·        For claims handling and legal processes (legal ground: legitimate interest) We may process data for the prevention of misuse of our services and for data, system and network security.

 

·        For customer communication and marketing (legal ground: legitimate interest): Mint of Finland processes your personal data to contact you regarding the Mint of Finland services and to inform you of changes relating to them. Your personal data is also used for the purposes of marketing the Mint of Finland services to you.

 

·        For development of our services and quality improvement (legal ground: legitimate interest): We may also process information about your use of the Mint of Finland services to improve the quality of the Mint of Finland services e.g. by analyzing any trends in the use of the Mint of Finland services. In order to ensure that our services are in line with your needs, personal data can be used for things like customer satisfaction surveys. When possible, we will do this using only aggregated, non-personally identifiable data.

·        In some parts of the Mint of Finland services, you may be requested to grant your consent for the processing of personal data, including in case of direct marketing (Legal ground: consent). In this event, you may withdraw your consent at any time under your Profile Settings or by clicking the “Unsubscribe” button in any marketing e-mail.

5.      Processed data contents The personal data collected and processed by us can be divided into two general data categories: A) User Data and B) Analytics Data

A)     User data:

•        When registering via our mobile application, you provide us with certain information, including email, password, , name, and profile picture.

•        We register the information you provide when using the mobile application, including coin collections, your traffic on the Platform and your communication with us.

•        Our mobile application may ask for your permission to enable the collection of the location of your device/you. If you have given permission to collect your device location, we may use the location to show you certain offers available around your location as personalized marketing message. Location may also be used for analytics etc.

B)     Analytics Data:

Although we do not normally use Analytics Data to identify you as an individual, you can sometimes be recognized from it, either alone or when combined or linked with User Data. In such situations, Analytics Data can also be considered personal data under applicable laws and we will treat such data as personal data.

We may automatically collect the following Analytics Data when you visit or interact with the Mint of Finland Services:

Device Information. We may collect the following information relating to the technical device you use when using the Mint of Finland services:

  • device
  • country
  • IP address
  • browser type and version
  • operating system
  • Internet service providers
  • advertising identifier of your device

 

Usage Information. We may collect information on your use of the Mint of Finland services, such as:

  • time spent on the Mint of Finland Services
  • interaction with the Mint of Finland Services
  • information on your orders made through the Mint of Finland Services
  • the URL of the website you visited before and after visiting the Mint of Finland Services
  • the time and date of your visits to the Mint of Finland Services
  • the sections of the Mint of Finland Services you visited
  • the products you searched for while using the Mint of Finland Services

 

6.      Regular sources of data Personal data is collected from the data subject him/herself through the Mint of Finland mobile application.

In addition we collect data from your device, see above “Analytics data”.

In addition, the use of the mobile application and Mint of Finland website is analysed by using cookies. More information on cookies can be found at: www.rahapaja.fi/en/cookies/

In addition to the cookies the IP address that is used to monitor user statistics is stored of user’s website visits.

 

7.      Regular disclosure of data Some of the personal data may be accessible and processed by Mint of Finland’s subsidiaries, subcontractors and other service providers, to the extent needed in connection with the above described purposes. Mint of Finland ensures that such third parties are always bound by contracts, which sufficiently address data protection and confidentiality requirements. We are using external service providers for certain parts of business operations, e.g. IT system maintenance.

 

In addition we may provide advertisers and other business partners with anonymized reports about the kinds of people seeing or clicking their ads or using Mint of Finland services, but we don’t share information that personally identifies users.

 

8.      Transfer of data to countries outside the EU or EEA In general we do not transfer personal data outside the EU or European Economic Area (EEA). If we do transfer personal data outside the EU or EEA, we will guarantee the sufficient level of data protection by among other things agreeing on matters related to confidentiality and processing as required by the legislation, e.g. by using model clauses adopted by the European Commission.
9.      Retention period The retention period of personal data depends on the information concerned and its purpose of use. The controller retains personal data at least as long as they are needed for the execution of the informed purposes of use, such as in the performance of the controller’s contractual obligations.

When personal data are no longer needed, the data is destroyed in a secure way or irrevocably anonymized.

Most personal data relating to a User’s user account with the Mint of Finland Services will be deleted after the User has deleted its user account with the Mint of Finland mobile application. Please note that some information may remain in our records after your account has been deleted, and that we may only be able to delete this information later when updating our backups.

 

10.   Your rights The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situations himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Mint of Finland to the extent Mint of Finland acts as the controller to the personal data of the data subject in question.

–         Right of access: The data subject has the right to obtain a confirmation from the controller on whether the controller processes personal data concerning the data subject and the right to access such data. The data controller may ask the data subject to specify his/her access request, amongst others, with regard to the details of the data to be delivered.

–         Right to rectification: The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him/her processed by the controller, or to have incomplete personal data processed by the controller to be completed.

–         Right to be forgotten: The data subject has the right to obtain from controller the erasure of personal data related to him/her and the controller has the obligation to erase such data in case there is no longer a legal ground for the processing of such data or, where the legal or contractual obligation binding the controller related to the storing of the personal data has ended or, where the data subject has withdrawn his/her consent to the processing of his/her personal data.

–         Restriction of processing: In certain cases, where so prescribed by law, the data subject may have the right to obtain from the controller restriction of processing of his/her personal data.

–         Right to data portability: The data subject may, subject to certain conditions prescribed by law, have the right to receive the personal data concerning him/her processed by the controller in a commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the original controller.

–         Right to object to processing of his/her personal data: In certain cases, the data subject may have the right to object to processing of personal data concerning him or her. The right to object is applicable in such situations in particular where the processing of personal data is based on the controller’s legitimate interest. In such situations the controller has to follow the data subject’s request, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

 

To the extent the processing of personal data has been based on the data subject’s unambiguous consent, the data subject has, at any time, the right to withdraw his/her consent regarding the processing.

 

In certain cases the data subject can access and rectify his/her data through electronic services provided by Mint of Finland. In cases where the data subject has no such services in use, the requests, including requests concerning the erasure, portability or the objection to processing shall be directed to privacy@mint.fi.

 

Mint of Finland will take measures based on the data subject’s request without delay, and provide the data subject with the information concerning the measures related to the use of the data subject’s rights primarily within one month from receiving the data subject’s request.

 

In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, in Finland to the Data Protection Ombudsman, in accordance with its instructions. The website of the Data Protection Ombudsman can be found here: www.tietosuoja.fi/en.

 

11.   Data security We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include for example, where appropriate, encryption, pseudonymization, firewalls, secure facilities and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data. The databases and their backups are located in locked up spaces.

 

We make sure that access to data is permitted only to those of our employees and only to those employees of the companies acting on behalf of us who have the need to access the data for the execution of the tasks assigned to them.

12.   Amendments to the privacy statement This privacy statement may be amended from time to time. You can see when changes have been made to the statement by referring to the “Last Updated” date on top of this page. We encourage you to familiarize yourself with the privacy statement regularly for any amendments.

If we materially change the ways in which we use and disclose personal data, we will inform of it separately.