1. The controller

MDS Finland Oy
Business ID: 2712303-5

Contact information:
Lars Sonckin Kaari 14
02600, Espoo, Finland

Contact information for matters concerning the register

MDS Finland Oy
Lassi Nurminen
+358 50 535 1237
lassi@mdsfinland.com

2. Data subjects

Customers, potential customers

3. Purpose of use of personal data

Grounds for keeping the register:

• Personal data are processed on the basis of the customer relationship of the data subject
• Personal data are processed on the basis of consent

Purpose of the processing of personal data and use of the register

Personal data are processed only for the following predefined purposes:

• Customer relationship management
• To inform about our services

4. Personal data to be recorded in the register

The customer register contains the following data:
Contact details
• Name
• Address
• email address
• telephone number

Customer details
• details of products/services purchased

5. Rights of the data subject

The data subject has the following rights, the requests exercise which should be addressed to

+358 50 535 1237 – lassi@mdsfinland.com

Right of access

The data subject may check the personal data we have stored.

Right to rectification

The data subject may request the rectification of inaccurate or incomplete data concerning him/her.

Right to object

The data subject may object to the processing of personal data if he or she considers that the personal data have been processed unlawfully.

Direct marketing ban

Data subjects have the right to object to the use of their data for direct marketing.

Right of withdrawal

The data subject has the right to request the erasure of data if the processing is no longer necessary. We will process the request for erasure, after which we will either delete the data or provide a reasoned justification why the data cannot be deleted.

Please note that the controller may have a legal or other right not to delete the requested data. The controller is obliged to keep the accounting records for the period specified in the Accounting Act (Chapter 2, Section 10) (10 years). Therefore, accounting records cannot be deleted before the expiry of this period.

Withdrawal of consent

If the processing of personal data concerning a data subject is based solely on consent and not, for example, on customer or membership, the data subject may withdraw consent.

The data subject may appeal against the decision to the Data Protection Officer

The data subject has the right to request that we restrict the processing of the disputed data until the matter is resolved.

Right of appeal

The data subject has the right to make a complaint with the Data Protection Officer if he or she considers that we are in breach of the applicable data protection legislation when we process personal data.

Contact the Data Protection Officer:

www.tietosuoja.fi/fi/index/yhteystiedot.html

6. Regular sources of information

The information stored in the register is obtained from the customer through messages sent via web forms, e-mail, telephone, contracts, customer meetings and other situations where the customer provides his/her information. It may also be collected from information systems when a person registers for and uses the services, and from social media related to the activities of the controller. Personal data may also be collected, stored and updated from the registers of the controller providing the address, update or similar service.

Customer data is obtained on a regular basis:

• From the customer at the time of the establishment of the customer relationship.
• From the customer himself via an online form.
• Through marketing campaigns.
• Information systems and registers

7. Regular data disclosures

As a rule, data will not be disclosed for marketing purposes outside MDS Finland Oy.

We have ensured that all our service providers comply with data protection legislation.

8. Duration of processing

• As a general rule, personal data will be processed for 10 years from the date of receipt of the documents.
• The data subject can unsubscribe from our marketing list via a link in each marketing email we send.

9. Processors of personal data

The customer register is processed by employees of MDS Finland Oy.

Personal data are processed by the controller and its employees. We may also outsource part of the processing of personal data to a third party (IT support), in which case we will ensure through contractual arrangements that the personal data is processed in accordance with the applicable data protection legislation and otherwise appropriately.

10. Transfer of data outside the EU

Personal data will not be transferred outside the EU or the European Economic Area.

11. Automated decision-making and profiling

We do not use data for automated decision-making or profiling.