Privacy policy

This statement is the register and privacy policy statement of Mantsinen Group LTD, in accordance with the Finnish Personal Data Act (Sections 10 and 24) and EU’s General Data Protection Regulation (GDPR). The statement was drawn up on 15 May 2018 and last modified on 20 November 2018.

1. Data controller

Mantsinen Group Ltd Oy
9081659-8
Välikankaantie 3
FI-80400 Ylämylly

2. Contact person

Any questions and requests for modifications and deletions should be sent to register@mantsinen.com.

3. Register name

The company’s customer and supplier register

4. Legal basis and purpose of data processing

EU’s General Data Protection Regulation (GDPR) defines the following as appropriate legal basis for processing personal data:

  • consent by the person (documented, informed, freely-given, specific, plainly-worded, and unambiguous)
  • a contract where the registered person is a contractual party
  • law (accounts)
  • The purpose of processing personal data is to contact the customers and suppliers, maintain customer relationships, and invoicing.

The data will not be used for automatized decision-making or profiling.

5. The register’s data content

The data stored in the register include: a person’s name, job title, company/organisation, contact details (telephone number, e-mail address, address), website addresses, Internet connection IP address, subscribed services and associated changes, invoicing information, and any other information related to the customer relationship and subscribed services. The data may be used to develop the company’s operations, for statistic purposes, and for the production of personalised content to be used in sales, marketing, and technical support.

In respect of invoicing, the data will be stored, at a minimum, for the period of time required by the Finnish Accounting Act. In respect of customer relationships, the data will be stored for as long as the customer relationship exists. For other registered persons, the data will be stored until they request the deletion of their personal data.

6. Regular data sources

The data stored in the register is obtained from customers (registered), in, for instance, messages sent via online forms, e-mail, telephone calls, social media services, contracts, customer meetings, and other occasions where registered customers give their personal data.

7. Regular disclosure and transfer of data outside the EU or EEA

The data will not be regularly disclosed to third parties, except to comply with the customer’s and data controller’s rights and duties, or when required by the Finnish authorities. The data may be published to the extent that has been agreed with the customer (registered).

The data controller may also transfer data outside the EU or EEA.

8. Register protection principles

The register will be protected with care and all electronically processed data will be secured appropriately. When register data is stored on Internet servers, the physical and digital security of the server hardware will be ensured appropriately. The data controller ensures that the stored data, as well as server access rights details and any other data that is critical for the security of personal data, are always handledconfidentially and only accessed by employees whose job description requires them to do so.

9. Right of access and right to rectification

A person included in the register has the right to check their personal information stored in the register and request that any incorrect information is corrected or that incomplete information is completed. Requests to check or correct a person’s stored personal data should be made in writing and addressed to the data controller at the e-mail address mentioned in this document. The data controller may ask a person making the request to prove their identity, if necessary. The data controller will provide the customer with a reply within the time period specified in EU’s General Data Protection Regulation (GDPR) (usually within a month).

10. Other rights related to the processing of personal data

A person included in the register has the right to request the deletion of their personal data from the register ("the right to be forgotten"). Registered persons also have all other rights specified in EU’s General Data Protection Regulation (GDPR), such as the right to limit the processing of their personal data in certain circumstances. These requests should be made in writing and addressed to the data controller at the e-mail address mentioned in this document. The data controller may ask a person making the request to prove their identity, if necessary. The data controller will provide the customer with a reply within the time period specified in EU’s General Data Protection Regulation (GDPR) (usually within a month).