Privacy

1. Controller

Mathemedix Oy
Business ID: 2992035-3.
Contact details: Finnoonniitty 7, 02270 Espoo
Contact information for matters relating to the filing system: Riija Särkilahti, [email protected]

2. Data subjects

Mathemedix Oy maintains a file of its customers in the online store.

3. Grounds for and purpose of keeping the register

Personal data are processed based on a customer relationship.

Purpose of the processing of personal data and the filing system

Personal data will only be processed for pre-defined purposes, which are as follows:

  • customer relationship management
  • communicate about our services

4. Personal data to be stored in the filing system

The customer filing system contains the following data:

Contact details

  • First name
  • Last name
  • Name of the company
  • Address
  • E-mail
  • Telephone number

Customer information

  • Information about products and services that have been purchased

5. Rights of the data subject

The data subject has the following rights; to exercise these rights, you must requests it in writing to [email protected] or Mathemedix Oy, Finnoonniitty 7, 02270 Espoo.

Right of inspection

The data subject can check the personal data we have stored.

Right to rectification of data

The data subject may request the correction of incorrect or incomplete information concerning him.

Right to object

The data subject may object to the processing of personal data if he or she feels that the personal data has been processed unlawfully.

Prohibition of direct marketing

The data subject has the right to prohibit the use of the data for direct marketing.

Right to erasure

The data subject has the right to request the deletion of data if the processing of the data is not necessary. We will process the request to erase data, after which we will either delete the data or state a valid reason why the data cannot be deleted.

It should be noted that the controller may have a statutory or other right not to delete the requested data. Mathemedix Oy is obliged to retain accounting records in accordance with the period (10 years) specified in the Accounting Act (Chapter 2, Section 10). Therefore, data related to accounting cannot be deleted before the time limit.

The data subject may appeal against a decision to the Data Protection Supervisor

The data subject has the right to demand that we therefore limit the processing of the disputed data until the matter is resolved.

Right of appeal

The data subject has the right to lodge a complaint with the Data Protection Ombudsman if he or she feels that we are in breach of the applicable data protection legislation when we process personal data.

Contact information of the Data Protection Ombudsman: www.tietosuoja.fi/fi/index/yhteoduction.html

5. Regular sources of data

Customer data are obtained from the customer when a customer relationship is established, including when it is established by telephone, online ordering service and customer transactions.

6. Regular disclosures of data

As a rule, the information is not disclosed for marketing purposes outside Mathemedix Oy.

We will provide information to a debt collection agency if an invoice is not paid in spite of reminders. The debt collection agency is committed to complying with the requirements of the data protection regulation.

The name of the customer can be given to the companies servicing the equipment.

7. Duration of processing

As a general rule, personal data are processed for as long as the customer relationship exists. The retention period is also affected by the Accounting Act.

8. Processors of personal data

The controller and his or her employees process personal data. We may also partially outsource the processing of personal data to a third party, in which case we guarantee, by means of contractual arrangements, that the personal data will be processed in accordance with applicable data protection legislation and otherwise in an appropriate manner.

9. Data transfer outside the EU

If data are transferred outside the EU and the EEA, we will ensure an adequate level of protection of personal data, by, among other things, agreeing on issues related to the confidentiality and processing of personal data as required by law.