1. Data controller
Mitta Group Oy
Person in charge of the register
2. The registered
- Potential customers
3. The purpose for the processing of personal data
The personal data stored in Mitta’s customer register is used to make services available to you, manage and improve our day-to-day operations, for marketing purposes and to personalise your Mitta experience as well as contact and interact with you.
4. Content of the register
The register may include, but is not limited to the following information:
- Company name
- Business ID or date of birth
Information about purchases (services or products)
5. Data subject’s rights related to data processing
We know how important it is to protect and manage your personal data. You have the right to see the personal data we hold about you. Also, the data controller only collects and processes information that is necessary for its operations. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Your principal rights under data protection law are:
The right to access
You have the right to access your own information we have stored.
The right to rectification
You have the right to ask for rectification of false or missing data about you.
The right to object to processing
You have the right to object to the processing of your personal data, that is, request the controller not to process it at all, if the’re are grounds for objection through for example legal reasons.
The right to forbid direct marketing
You have the right to forbid information use for direct marketing purposes.
The right to erasure
The registered person has the right to request the deletion of data if data processing is not necessary. We process the deletion request, after which we either delete the data or provide a justified reason why the data cannot be deleted.
It should be noted that the controller may have a statutory or other right not to delete the requested information. The registrar is obliged to keep the accounting material in accordance with the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, accounting-related material cannot be deleted before the deadline expires.
The right to withdraw consent
If the processing of the data subject’s personal data is based only on consent, and not on e.g. customership or membership, the data subject can withdraw the consent.
The registered person can appeal the decision to the Data Protection Commissioner
The registered person has the right to demand that we limit the processing of disputed data until the matter is resolved.
The right to complain to a supervisory authority
You have the right to complain to the Data Protection Ombudsman if you suspect your information is being prosessed against the Data Protection Legislation. The contact information to the Ombudsman: https://tietosuoja.fi/en/contact-information
6. Sources of information for the register
We collect information from you when you submit it to us, for example, when you request services or information from us. Registers are purchased for marketing purposes.
7. Disclosure information
Your personal data may be disclosed within the organisation of the data controller and its subsidiaries and sister companies and to our collaboration partners for the realisation of the purposes described herein. Otherwise, data is only disclosed to the extent permitted or required by law.
8. Information gathered through the Whistleblowing-channel
Mitta Group Oy’s Whistleblowing channel is maintained by external service providers, HH Partners, Asianajotoimisto Oy and Lantero AB. The channel is subject to data protection legislation. Content data is recorded and retained only as long as necessary and proportionate. System data is not part of the stored content data, and system data is deleted when the processing of your report in the Whistleblowing channel ends.
9. Duration of processing
As a general rule, personal data is processed as long as the customership is valid. The registrant can unsubscribe from our marketing list via the link in each of our marketing e-mails or by sending a message to:
10. Personal data processors
The data controller and its employees process personal data. We can also partially outsource the processing of personal data to a third party, in which case we guarantee through contractual arrangements that personal data will be processed in accordance with valid data protection legislation and otherwise appropriately.
11. Data transfer outside the EU
Personal data is not transported outside the EU or European economic region.
12. Automatic decisions making and profiling
We do not use information for automatic decision making or profiling.
13. Utilisation of cookies and similar techniques
We collect information about the user’s terminal device using cookies and other similar technologies, such as the browser’s local data storage. A cookie is a small text file that the browser saves on the user’s terminal device. Cookies often contain an anonymous, unique identifier that allows us to identify and count the browsers that visit our site.
Our website uses the Google Analytics service.
Our pages also have links to other sites and services. We are not responsible for the privacy practices or content of these third-party sites. Third parties can set cookies on the user’s terminal device when the user visits our services in order to keep statistics on the number of visitors to different sites.
Google Signals is activated in the Google Analytics service. Google signals is data from users who sign in to Google. When Google signals data is available, Analytics associates event data it collects from users with the Google accounts of users who are signed in and consented (by enabling Ads Personalization) to share this information. The service can be used for remarketing audiences. Data is stored for a maximum of 26 months.