Privacy policy 

This is MW-Kehitys Oy’s privacy policy in accordance with the EU General Data Protection Regulation (GDPR). Drawn up on 27 May 2021. Last revised on 29 October 2021. 

 

Controller 

MW-Kehitys Oy 

Seppälän puistotie 15
35800 Mänttä

 

Name of the register 

MW-Kehitys Oy’s customer register. 

 

Legal grounds and purpose of processing personal data 

The legal grounds for the processing of personal data pursuant to the General Data Protection Regulation is the data subject’s consent or an agreement which the data subject is party to. The purpose of processing personal data is communication with customers, maintaining customer relationships and marketing. The data is not used for automated decision-making or profiling. 

 

Content of the register 

The data stored in the register includes the data subject’s name, company/organisation, contact details (phone number, e-mail, address), website addresses, information on subscribed services and changes thereto, invoicing information and other information pertaining to the customer relationship and subscribed services. 

 

Cookies

Website visitors’ IP addresses and cookies that are strictly necessary for the functioning of the service are processed on the grounds of legitimate interests; for example, to ensure information security and collect statistical information on website visitors where such information can be considered to constitute personal data. Separate consent is requested for third-party cookies as necessary. 

 

Regular sources of data 

The data stored in the register is obtained from customers through, for example, messages sent via website forms, e-mail and telephone communications, social media services, agreements, customer meetings and other contexts in which customers disclose their data.  

Data on the contact persons of companies and other organisations can also be collected from public sources, such as websites, directory services and other companies.  

 

Regular disclosure of data and transfer of data outside the EU or EEA 

The data is not regularly disclosed to other parties. Data may be published insofar as this has been agreed upon with the customer. Data is not transferred by the controller outside the EU or EEA.    

 

Principles concerning the protection of the register 

Due care is observed in processing data in the register. Data processed with the help of information systems is appropriately secured. When register data is stored on servers connected to the Internet, the physical and digital information security of the equipment is appropriately managed. The controller ensures that the stored data, server access rights and other information that is critical with respect to the security of personal data are treated confidentially and only by employees whose job duties require it. 

 

The right to inspect the data and to request rectification of the data 

All data subjects have the right to inspect their data stored in the register and request that any inaccurate information be rectified or incomplete information be supplemented. In the event that a data subject wishes to inspect their data or request rectification, such requests must be sent to the controller in writing. Where necessary, the controller may request the data subject to verify their identity. The controller will respond to the customer within the time period specified in the GDPR, within one month as a rule. 

 

Other rights related to the processing of personal data 

Data subjects have the right to request the erasure of their personal data from the register (“the right to be forgotten”). Data subjects also have the other rights stipulated by the GDPR, including the right to restrict the processing of personal data in certain circumstances. Such requests must be sent to the controller in writing. Where necessary, the controller may request the data subject to verify their identity. The controller will respond to the customer within the time period specified in the GDPR, within one month as a rule.