1. The controller
MDS Finland Oy
Business ID: 2712303-5
Lars Sonckin Kaari 14
02600, Espoo, Finland
Contact information for matters concerning the register
MDS Finland Oy
+358 50 535 1237
2. Data subjects
Customers, potential customers
3. Purpose of use of personal data
Grounds for keeping the register:
• Personal data are processed on the basis of the customer relationship of the data subject
• Personal data are processed on the basis of consent
Purpose of the processing of personal data and use of the register
Personal data are processed only for the following predefined purposes:
• Customer relationship management
• To inform about our services
4. Personal data to be recorded in the register
The customer register contains the following data:
• email address
• telephone number
• details of products/services purchased
5. Rights of the data subject
The data subject has the following rights, the requests exercise which should be addressed to
+358 50 535 1237 – firstname.lastname@example.org
Right of access
The data subject may check the personal data we have stored.
Right to rectification
The data subject may request the rectification of inaccurate or incomplete data concerning him/her.
Right to object
The data subject may object to the processing of personal data if he or she considers that the personal data have been processed unlawfully.
Direct marketing ban
Data subjects have the right to object to the use of their data for direct marketing.
Right of withdrawal
The data subject has the right to request the erasure of data if the processing is no longer necessary. We will process the request for erasure, after which we will either delete the data or provide a reasoned justification why the data cannot be deleted.
Please note that the controller may have a legal or other right not to delete the requested data. The controller is obliged to keep the accounting records for the period specified in the Accounting Act (Chapter 2, Section 10) (10 years). Therefore, accounting records cannot be deleted before the expiry of this period.
Withdrawal of consent
If the processing of personal data concerning a data subject is based solely on consent and not, for example, on customer or membership, the data subject may withdraw consent.
The data subject may appeal against the decision to the Data Protection Officer
The data subject has the right to request that we restrict the processing of the disputed data until the matter is resolved.
Right of appeal
The data subject has the right to make a complaint with the Data Protection Officer if he or she considers that we are in breach of the applicable data protection legislation when we process personal data.
Contact the Data Protection Officer:
6. Regular sources of information
The information stored in the register is obtained from the customer through messages sent via web forms, e-mail, telephone, contracts, customer meetings and other situations where the customer provides his/her information. It may also be collected from information systems when a person registers for and uses the services, and from social media related to the activities of the controller. Personal data may also be collected, stored and updated from the registers of the controller providing the address, update or similar service.
Customer data is obtained on a regular basis:
• From the customer at the time of the establishment of the customer relationship.
• From the customer himself via an online form.
• Through marketing campaigns.
• Information systems and registers
7. Regular data disclosures
As a rule, data will not be disclosed for marketing purposes outside MDS Finland Oy.
We have ensured that all our service providers comply with data protection legislation.
8. Duration of processing
• As a general rule, personal data will be processed for 10 years from the date of receipt of the documents.
• The data subject can unsubscribe from our marketing list via a link in each marketing email we send.
9. Processors of personal data
The customer register is processed by employees of MDS Finland Oy.
Personal data are processed by the controller and its employees. We may also outsource part of the processing of personal data to a third party (IT support), in which case we will ensure through contractual arrangements that the personal data is processed in accordance with the applicable data protection legislation and otherwise appropriately.
10. Transfer of data outside the EU
Personal data will not be transferred outside the EU or the European Economic Area.
11. Automated decision-making and profiling
We do not use data for automated decision-making or profiling.