Privacy Statement
This is a statement on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).
Data Controller
Mikkelin Seudun Uusyrityskeskus ry
Business ID: 2251229-3
Address: Maaherrankatu 9-11, 50100 MIKKELI
Phone: 050 350 2055
Email: mikkeli@uusyrityskeskus.fi
Contact for Data Protection Matters
Heli Tavasti
Phone: 050 350 2055
Email: heli.tavasti@uusyrityskeskus.fi
For all questions related to the processing of personal data and the exercise of your rights, please contact the above-mentioned contact person.
Name of the Personal Data Register
Customer and Stakeholder Register
Basis and Purpose of Processing Personal Data
The legal basis for processing personal data is:
- The consent given by the data subject for the processing of personal data
- The legitimate interest of the data controller
Personal data is collected for maintaining customer and stakeholder relationships, developing services, analyzing (grouping and reporting), and mapping customer experiences/satisfaction. The data is also used for communicating about services and events.
Regular Sources of Information
The personal data processed is regularly obtained from the following sources:
- From the data subject themselves
- From the Trade Register
We collect information at the start of the customer relationship, during registration, when using our services, or during events we organize. We primarily collect personal data from the data subject themselves. Personal data may also be obtained from other registers and public sources within the limits allowed by law.
Processed Personal Data
The data controller collects only such personal data about the data subjects that is relevant and necessary for the purposes described in this privacy statement.
The following data is processed about the data subjects:
- General contact information: name, organization, address, email, and phone number, as well as date of birth for customers receiving startup advice
- Additional information provided by the customer (e.g., gender, nationality, work and study history)
- Service event information
- Information related to customer feedback and surveys
- Information related to the implementation of direct marketing and customer communication
- Service usage information across different transaction channels
Disclosure of Personal Data
Data is not regularly disclosed to other parties.
However, contact information may be disclosed to the extent necessary to event co-organizers and public project funders or other similar public administration representatives. Data may be disclosed to authorities, experts, financial institutions, etc., based on the customer’s consent for actions related to the customer’s service needs.
Data is not disclosed to third parties for marketing purposes.
Transfers of Personal Data to Third Countries
Personal data is not transferred outside the EU and the European Economic Area.
Protection of Personal Data
The data controller processes personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized processing and accidental loss, destruction, or damage.
The data controller uses appropriate technical and organizational safeguards to ensure this goal, including the use of firewalls, encryption techniques, and secure facilities, proper access control, careful management of user IDs for information systems, and instructing personnel involved in the processing of personal data.
All employees processing personal data are bound by confidentiality obligations based on the Employment Contracts Act (55/2001) and supplementary confidentiality agreements regarding the processing of personal data.
Retention Period of Personal Data
Personal data is retained as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable legislation. After this, the personal data is deleted.
The retention of personal data complies with statutory obligations, taking into account, among other things, accounting legislation. Upon termination of the contractual relationship, the retention period of the data is determined by the purpose of use and existing legislation.
Profiling
Personal data is not used for profiling or other automated decision-making.
Rights of the Data Subject
Right to Access Personal Data
The data subject has the right to obtain confirmation as to whether personal data concerning them is being processed, and if so, the right to access their personal data.
Right to Rectification
The data subject has the right to request the correction of inaccurate and incorrect personal data concerning them. The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.
Right to Erasure
The data subject has the right to request the deletion of personal data concerning them if: a. the personal data is no longer needed for the purposes for which it was collected; b. the data subject withdraws the consent on which the processing is based, and there is no other legal basis for the processing; or c. the personal data has been processed unlawfully.
Right to Restrict Processing
The data subject has the right to restrict the processing of personal data concerning them if: a. the data subject disputes the accuracy of their personal data; b. the processing is unlawful, and the data subject opposes the deletion of their personal data and requests instead the restriction of its use; or c. the data controller no longer needs the personal data for the original purposes of processing, but the data subject needs it for the establishment, exercise, or defense of legal claims.
Right to Object
The data subject has the right to object to the processing of personal data concerning them at any time on grounds relating to their particular situation.
The data controller may no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling to the extent that it is related to such direct marketing.
Right to Withdraw Consent
The data subject has the right to withdraw their consent to the processing at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Data Portability
The data subject has the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format and the right to transmit those data to another data controller.
Right to Lodge a Complaint with a Supervisory Authority
The national supervisory authority for personal data matters is the Office of the Data Protection Ombudsman, operating in connection with the Ministry of Justice. You have the right to bring your matter to the supervisory authority if you believe that the processing of personal data concerning you violates the applicable legislation.
Changes to Privacy Practices
The data controller continuously develops its operations and may therefore need to change and update its privacy practices as necessary. Changes may also be based on changes in data protection legislation.
If the changes include new purposes for processing personal data or otherwise significantly change, the data controller will notify them in advance and request consent if necessary.