Register policy in accordance with section 10 of the Personal Data Act (523/1999)
25 May 2018
1. REGISTER CONTROLLER
Mylab Oy, business ID 0653367-6
Hatanpään Valtatie 26
33100 Tampere, FINLAND
Tel. 010 678 6000
2. CONTACT PERSON FOR REGISTER ISSUES
Mylab Oy’s Data Protection Officer:
Timo Pellinen, tel. +358 50 5713 300
3. NAME OF REGISTER
Mylab Oy’s Customer and Stakeholder Register
4. PURPOSE OF PROCESSING PERSONAL DATA
The purpose of data processing is to create and manage customer relationships or other equivalent relationships, to target advertising, to direct marketing and electronic marketing, to conduct research and develop business operations. The grounds for processing data is Mylab Oy’s legitimate interest based on a customer relationship or any other legitimate connection, in conjunction with consent given by registered persons. We utilise subcontractors to process personal information and to store data on their servers. However, we do not share personal data with third parties for marketing or other purposes. We do not use automatic decision-making or profiling when processing personal data.
5. THE REGISTER MAY CONTAIN THE FOLLOWING DATA ABOUT CUSTOMERS AND OTHER STAKEHOLDERS
- First and last name
- Job title
- Email address
- Mobile and/or other phone number
- Organisation, position and area or responsibility
- Address of organisation and/or person
- Direct marketing permissions and bans
- Information related to marketing and sales promotion
- Information related to contacting and managing the customer relationship
6. REGULAR DATA SOURCES OF THE REGISTER
The register is compiled from Mylab Oy’s customer information system, publicly available internet resources, information received from customers in connection with commercial projects, along with other public sources. Personal data is also collected directly from customers and other stakeholders when they use different services, such as when they subscribe to a newsletter, and in connection with various marketing actions such as campaigns, fairs and events. Personal data can also be collected and updated from companies that provide services related to personal data.
7. REGULAR DISCLOSURE OF DATA
The registry controller does not disclose any personal data of customers or other persons in the register to outsiders, unless Finnish authorities require it.
8. TRANSFER OF DATA OUTSIDE THE EU OR EEA
Personal data will not be disclosed to parties outside of the European Union (EU) or European Economic Area (EEA).
9. STORING, DELETING AND THE RIGHT TO ACCESS DATA
Personal data is stored for as long as is necessary for the purpose of its use, such as for the duration of a customer relationship. The necessity of storing information is assessed regularly, taking current legislation into consideration. A registered individual has a right to access and inspect what personal data of theirs has been recorded in the register. For this, a written request for access must be sent to the contact person for registry issues. The registered individual must provide proof of identity. Personal data can be deleted when an individual demands it or a customer relationship ends.
10. DIRECT MARKETING BAN AND RIGHT TO HAVE DATA RECTIFIED
A registered individual has a right to object to the processing of their data for direct marketing purposes. To do this, the individual must get in touch with the contact person for registry issues. The registered individual also has a right to have their personal data rectified if it is incorrect, incomplete or inaccurate. The register controller is obliged to rectify that data as soon as possible. The written request for rectification must be sent to the contact person for registry issues.
11. REGISTER PROTECTION PRINCIPLES
Data in the register is stored in databases that are protected with firewalls, passwords and other technical measures. The databases and their backups are located in locked spaces. Manually processed documents that contain data about registered individuals are stored in locked spaces, so that unauthorised persons are blocked from accessing them. The register controller ensures that only such employees of the register controller or the companies working for the register controller whose work duties require it have access to the data.