Privacy Notice for the Stakeholder Register
Last updated: 8.1.2020
Musti Group Nordic Oy
Contact Person for Register Matters
Musti ja Mirri Oy
Customer service: 0800 305 305
Name of Register
The Basis for and Purpose of the Processing of Personal Data
The processing is based on our legitimate interest and/or for the performance of a contract.
The purpose of processing personal data is:
- taking care of, maintaining and developing our relationship
- direct marketing
- producing, offering and developing our services
- targeting advertising in our own and others’ online services
- organizing events
- opinion polling and market research.
The Data Content of the Register and the Groups of the Data Subjects
We process the following personal data of the stakeholders in connection with the stakeholders register:
- Business ID, name and address of the ecompany;
- Name and email address of the decision-maker and/or contact person;
- Information related to the contractual relationship or other relevant connection;
- Information of prohibitions and consents of direct marketing;
- Information of events and user data analysis;
- Billing and debt collection information;
- Information on desired communication modes and information of changes;
- Allocation information generated from information in the Trade Register and other registers.
From where do we receive data?
The data in the register is regularly collected when you enter on behalf of your company into contracts and/or events. Personal data may be collected and updated from publicly available sources, such as corporate websites, trade register, credit registers, and other public and private registers.
To whom do we disclose and transfer data to and do we transfer data outside the EU or EEA?
Generally, the personal data is not disclosed to third parties or transferred outside of the EU or ETA. Personal data may be processed by other companies in the concern such as parent company, Musti Group Holding Oy..
The processing of personal data is outsourced to selected service providers, such as companies handling deliveries or invoicing of the orders or companies carrying out direct marketing. Your data protection is taken care of in accordance of the law with these subcontractors, such as drawing up data processing agreements.
We transfer personal data outside the EU or ETA. When personal data is processed outside the EU or ETA, we take care of that the subcontractor has agreed to EU’s Commission Standard Contractual Clauses for the transfers of personal data and/or is a part of the Privacy Shield -protective system or the Commission has made an adequate safeguards decision considering that country.
Personal data can be disclosed otherwise in accordance with the extended permitted and required by the applicable law.
How do we protect the data and how long do we store them?
The data is collected into databases, that are secured with firewalls, passwords and other technical measures. The databases and their backups are in locked premises and can only be accessed by certain pre-designated persons. Only those of our employees, who on behalf of their work have the right to process personal data, are entitled to use the systems containing personal data. Each user has a personal username and password to the system.
We store data for as long as it is necessary for the purpose of use of the personal data. We take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
What are your rights as a data subject?
You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data if there are legitimate grounds.
As the data subject, you have the right, at any time and free of charge, to object or to demand the restriction of the processing of your data, including profiling, insofar as it is related to direct marketing, and to lodge a complaint with the supervisory authority.
On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
Who can you contact?
The contacts and requests concerning this privacy notice must be submitted in writing or in person. The contact details are in section two (2).
Changes in the Privacy Notice
Should we make amendments to this privacy notice we will indicate the amendments with date. If the amendments are significant, we may also inform you by other means such as by sending an email or placing a bulletin on our homepage. We recommend that you kindly review these privacy protection principles from time to time to ensure you are aware of any amendments made.