Privacy Policy

This combined privacy notice and information document complies with the Finnish Data Protection Act and the General Data Protection Regulation of the European Union (2016/679/EU).

Controller

Company: Metropolia University of Applied Sciences
Business ID: 2094551-1
Address: Myllypurontie 1, 00920 Helsinki, Finland

Contact person for data protection matters:

1. Legal basis for processing personal data

1.1 General information on the processing of personal data

To the extent that the customer register contains personal data, the processing is carried out in accordance with the Data Protection Act and any other applicable laws, regulations and official guidelines. Personal data refers to information relating to an identified or identifiable natural person. This privacy notice describes the procedures for collecting, processing and disclosing personal data, as well as the rights of the customer (data subject).

1.2 Purpose of collecting personal data

The purpose of the customer register is to enable necessary customer service contacts and to maintain the customer relationship.

1.3 Purpose of use

Personal data stored in the customer register may be used for the following purposes: customer relationship management and development; provision, offering, development, improvement and protection of services; invoicing, debt collection and verification of customer transactions; targeted advertising; analysis and statistics related to services; customer communication; fulfilment of the controller’s statutory obligations; and other corresponding purposes.

2. Data content of the customer register

The assignment diary and its attachments include, or may include, the following categories of data: basic customer information such as name or company, address, email address and telephone number; and information related to invoicing and debt collection.

3. Data retention

Personal data is primarily processed for as long as the customer agreement for which the data is needed remains in force. Data is recorded as provided by the data subject and updated based on the information the data subject supplies to the controller. Other personal data is deleted once there is no longer a need to retain it. If the collection and retention of personal data is based solely on the customer’s consent, the data will be deleted upon request.

4. Regular sources of data

Information concerning potential customers is obtained with their consent during website visits or through other personal or digital interaction.

5. Disclosure and transfer of data

Personal data is not disclosed for marketing purposes. Data is not regularly transferred outside the European Union or the European Economic Area. However, data may be transferred or disclosed outside the EU or EEA in accordance with applicable legislation if the destination country has been deemed to provide an adequate level of data protection by the European Commission or if appropriate contractual safeguards are in place. Temporary transfers may also occur when using cloud services such as OneDrive, Google Analytics, iCloud or Dropbox. Data may be disclosed to authorities when required by law.

6. Data protection and security

This page uses Koko Analytics that operates with no cookies for anonym user count but restores no user information.

Access to the register requires a user account granted by the main administrator, who also defines the access levels for other users. Only employees of the controller and employees of subcontractors who need access to the data for work-related purposes are permitted to access personal data.

7. Rights of the customer

7.1 Right of access, data portability and obtaining information

The customer has the right to know what data concerning them has been stored in the customer register. The request must be submitted to the controller in writing, either signed by hand or in a similarly verified format, or by email. The controller will provide the requested information within 30 days. The customer also has the right to receive the personal data they have provided in a structured, commonly used and machine-readable format and to transmit this data to another controller. The controller will retain the data in accordance with this privacy notice.

7.2 Right to rectification

The customer has the right to request the correction of inaccurate personal data concerning them.

7.3 Right to object, restrict processing and request erasure

The customer has the right to object to the processing of their personal data for direct marketing, distance selling, other direct marketing activities, market or opinion research and the development of the controller’s business. The customer also has the right to request the restriction of processing or the deletion of personal data stored for these purposes, even if other legal grounds for processing remain valid.

7.4 Withdrawal of consent

If the processing of data is based on the customer’s consent, the consent may be withdrawn at any time by notifying the controller. Upon withdrawal, all data that is not required to be retained by law or on any other basis described in this notice will be deleted.

7.5 Exercising rights

Requests related to access, rectification or other rights may be submitted by contacting the controller’s customer service using the contact details provided in this notice.

7.6 Disputes

The customer has the right to lodge a complaint with the Office of the Data Protection Ombudsman if the controller does not comply with a request concerning personal data.