Privacy notice - Web site and web services user register - Mint of Finland

Privacy notice - Web site and web services user register

Last updated 22 May 2018.

1.     Data controller Mint of Finland Ltd

Suokallionkuja 4

01741, Vantaa, Finland

2.     Contact person in matters involving the register Minna Toiviainen

Mint of Finland Ltd

Suokallionkuja 4

01741, Vantaa

Tel. (09) 898 274

E-mail: privacy@mint.fi

3.     Name of register Web site and web services user register
4.     Purpose and basis of processing personal data The Mint of Finland collects and processes information on registered persons to develop our website and to answer people who have contacted us through our website. The Mint of Finland collects information also to:

  • develop its services and to increase supply of its services;
  • to collect and study user statistics (e.g. what parts of the website the users visit and how much time they spend).

We do not use the data for other purposes. The legal basis for processing such data are the legitimate interests of Mint of Finland.

5.     Processed data contents For the purposes described above we process the following information of the data subject:

  • Name of the person
  • Contact details (such as address, phone number and e-mail address)
  • IP address
  • Data on the title and name of the company, if the person is representing a company
  • Contents of the communication between data subject and Mint of Finland
6.     Regular sources of data Personal data is collected only from the data subject him/herself, e.g. in certain communication situations by phone, email or chat. A limited amount of personal data is also collected when a person visits the website of Mint of Finland.

In addition the use of the Mint of Finland website is analysed by using cookies. More information on cookies can be found at: www.rahapaja.fi/en/cookies/

In addition to the cookies the IP address that is used to monitor user statistics is stored of users website visits.

7.     Regular disclosure of data Some of the personal data may be accessible and processed by Mint of Finland’s subsidiaries, subcontractors and other service providers, to the extent needed in connection with the above said purposes. Mint of Finland ensures that such third parties are always bound by contracts, which sufficiently address data protection and confidentiality requirements. We are using external service providers for certain parts of business operations, e.g. IT system maintenance.
8.     Transfer of data to countries outside the EU or EEA In general we do not transfer personal data outside the EU or European Economic Area (EEA). If we do transfer personal data outside the EU or EEA, we will guarantee the sufficient level of data protection by among other things agreeing on matters related to confidentiality and processing as required by the legislation, e.g. by using model clauses adopted by the European Commission.
9.     Retention period The retention period of personal data depends on the information concerned and its purpose of use. The controller retains personal data at least as long as they are needed for the execution of the informed purposes of use, such as in the performance of the controller’s contractual obligations or in managing the contractual relation with the supplier. The retention period of personal data is typically tied to the term of a contract with the data subject or an organization represented by the data subject. Statutory retention periods may also apply to personal data. For instance, the ac-counting regulation requires that the information included in the accounting materials are retained for six or even ten years depending on the laws applicable to controller at a given time.

When personal data are no longer needed, the data is destroyed in a secure way or irrevocably anonymized.

10.  Your rights The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situation himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Mint of Finland to the extent Mint of Finland acts as the controller to the personal data of the data subject in question.

–       Right of access: The data subject has the right to obtain a confirmation from the controller on whether the controller processes personal data concerning the data subject and the right to access such data. The data controller may ask the data subject to specify his/her access request, amongst others, with regard to the details of the data to be delivered.

–       Right to rectification: The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him/her processed by the controller, or to have incomplete personal data processed by the controller to be completed.

–       Right to be forgotten: The data subject has the right to obtain from controller the erasure of personal data related to him/her and the controller has the obligation to erase such data in case there is no longer a legal ground for the processing of such data or, where the legal or contractual obligation binding the controller related to the storing of the personal data has ended or, where the data subject has withdrawn his/her consent to the processing of his/her personal data.

–       Restriction of processing: In certain cases, where so prescribed by law, the data subject may have the right to obtain from the controller restriction of processing of his/her personal data.

–       Right to data portability: The data subject may, subject to certain conditions prescribed by law, have the right to receive the personal data concerning him/her processed by the controller in a commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the original controller.

–       Right to object to processing of his/her personal data: In certain cases, the data subject may have the right to object to processing of personal data concerning him or her. The right to object is applicable in such situations in particular where the processing of personal data is based on the controller’s legitimate interest. In such situations the controller has to follow the data subject’s request, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

To the extent the processing of personal data has been based on the data subject’s unambiguous consent, the data subject has, at any time, the right to withdraw his/her consent regarding the processing.

In certain cases the data subject can access and rectify his/her data through electronic services provided by Mint of Finland. In cases where the data subject has no such services in use, the requests, including requests concerning the erasure, portability or the objection to processing shall be directed to privacy@mint.fi.

Mint of Finland will take measures based on the data subject’s request without delay, and provide the data subject with the information concerning the measures related to the use of the data subject’s rights primarily within one month from receiving the data subject’s request.

In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, in Finland to the Data Protection Ombudsman, in accordance with its instructions. The website of the Data Protection Ombudsman can be found here: www.tietosuoja.fi/en.

11.  Data security Manual material:

Manually processed documents including information on data subjects are stored in locked up spaces so that unauthorized access is prevented.

Electronically processed data:

Databases, in which the register data is stored, are protected by firewalls, passwords and other technical means. The databases and their backups are located in locked up spaces.

The controller will make sure that access to data is permitted only to those of its employees and only to those employees of the companies acting on be-half of him who have the need to access the data for the execution of the tasks assigned to them.

12.  Amendments to the privacy statement This privacy statement may be amended from time to time. You can tell when changes have been made to the statement by referring to the “Last Updated” date on top of this page. We encourage you to familiarize yourself with the privacy statement regularly for any amendments.

If we materially change the ways in which we use and disclose personal data, we will inform of it separately.