PRIVACY AND PERSONALISATION INFORMATION
THIS IS MYLLYN PARAS FINLAND OY'S PRIVACY STATEMENT DRAWN UP IN ACCORDANCE WITH THE EU'S GENERAL DATA PROTECTION REGULATION (2016/679) AND THE DATA PROTECTION ACT (5 DECEMBER 2018/1050).
Drawn up on:
Myllyn Paras Finland Oy
PO Box 5
Contact person for matters concerning the data file
Myllyn Paras Finland Oy
PO Box 5
FI-05801 Hyvinkää, Finland
2. Register name:
Privacy statement for the Myllynparas.com online service
3. Purpose of personal data processing:
Myllyn Paras Finland Oy uses personal data for customer management, provision and delivery of services, product development and marketing and communications, and to fulfil its statutory obligations.
4. Data content and data sources of the register:
Our registry contains information provided by the user: name, email address, phone number, position and organisation, marketing consents and bans, order, delivery and invoicing details, memos, any classification information (such as interests), social media activity, customer feedback and chat conversations. Via cookies, it also contains the user's IP address information or other similar identifier as well as the user's actions in the company's online service.
We collect information through the website using various forms, such as newsletter subscriptions, surveys or contests.
5. Basis for the processing of personal data:
We always ensure that we have a statutory basis for processing personal data. We process personal data on several grounds, but always with at least one processing condition determined by law.
We process customer and marketing register data to comply with agreements and on the basis of our legitimate interest to produce and deliver our services, manage our customers, develop our services, market and communicate about our services and process customer feedback. We may also process personal data on the basis of consent, in which case such consent may be withdrawn at any time by the person in question if it is our only condition for processing such data.
6. Regular disclosure of data:
Data may also be disclosed outside the EU or the EEA. If data is transferred outside the EU, we will ensure that the country complies with the provisions required by the EU Commission, or the transferee is Privacy Shield certified, referring to US-based parties using model clauses issued by the EU Commission. Any data transfer is always carried out under legal grounds and with sufficient protection mechanisms.
8. Protection principles of the register:
The data will be stored in electronic form, protected and encrypted according to best practices in the industry. Our registry is located in the systems managed by Myllyn Paras Finland Oy and are protected by strong personal passwords, two-factor identification and role-based access restrictions. Data is stored in locked spaces, and all our devices are locked automatically. The register data is collected in systems to which employees of Myllyn Paras Finland Oy have personal IDs and the company's subcontractors have contractual and personal access, as necessary, limited to the scope of the assignment agreement.
9. Rights of the data subject:
The EU General Data Protection Regulation (2016/679) gives the data subject the following rights:
• The right to withdraw consent, i.e. the data subject may withdraw their consent at any time.
• The right to know what data has been stored about the data subject in the register or to find out whether the data subject is in the register.
• The right to correct information, i.e. the data subject has the right to demand the correction of any incorrect information about them in the register. A request for data correction must be made in writing.
• The right to the deletion of data, i.e. the data subject has the right to request the deletion of their personal data if one of the following is true:
- Personal data is no longer needed for the purposes for which they were collected or for which they were otherwise processed
- The data subject withdraws their consent and there is no other legal basis for processing
- The data subject objects to the processing of their data and there is no valid reason for the processing
- Personal data has been processed illegally
- Personal data must be deleted in order to comply with a legal obligation applicable to the controller under EU law or the law of a Member State.
• The right to restrict processing, i.e. the data subject has the right to restrict processing if one of the following is true:
- The data subject contests the accuracy of the personal data, in which case processing is limited until the controller can verify its accuracy
- The processing is unlawful and the data subject opposes the deletion of personal data and demands the restriction of its use instead
- The controller no longer needs the personal data in question for the purposes of processing, but the data subject needs it in order to prepare, present or defend a legal claim
- The data subject has objected to the processing of personal data under Article 21 pending verification whether the controller's legitimate grounds override the data subject's grounds.
• The right to transfer data from one system to another, i.e. the data subject has the right to receive, in machine-readable form, any personal data concerning them which they have submitted to the controller, provided that the processing is based on consent and the processing takes place automatically.
10. Automatic decision-making:
Data shall not be processed automatically to serve as a basis for decisions.