Privacy policy

Privacy policy

This is a statement on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).


Menumat Oy
Business ID: 1498298-1
Address: Tikkurilantie 140 B, 01530 Vantaa, Finland
p. 020 796 1550

Contact us regarding data protection issues

Data Protection Officer
Kenneth Selén
p. 0505733879

For all questions relating to the processing of personal data and in situations where the data subject wishes to exercise his or her rights, he or she is invited to contact the Data Protection Officer.

Grounds for and purposes of the processing of personal data

The legal basis for the processing of personal data is the consent of the data subject to the processing of personal data.

The purposes for which personal data are processed include the supply of a product or service ordered by a customer, responding to a customer request or sending a marketing e-mail.

Personal data processed

The controller only collects personal data from data subjects that are relevant and necessary for the purposes of use described in this Privacy Policy.

The following data of data subjects are processed:

E-mail address
Telephone number
Data retention period

The controller will process personal data for as long as they are necessary for the services provided to the customer or other similar activities. Billing data will be kept in the accounting records in accordance with the Accounting Act for the next 10 years. At the end of this period, the controller will delete or anonymise the data within one year in accordance with the deletion processes it follows.

The controller may be obliged to process some of the personal data in the register for longer than stated above in order to comply with legal or regulatory requirements.

Rights of the data subject

Right of access to personal data

Data subjects have the right to obtain confirmation of whether personal data concerning them are being processed and, if so, to obtain a copy of their personal data.

Right to rectification

The data subject has the right to request that inaccurate or incorrect personal data concerning him or her be corrected. The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.

Right to erasure

The data subject has the right to request the erasure of personal data concerning him or her where

a. the personal data are no longer necessary for the purposes for which they were collected;

b. the data subject withdraws the consent on the basis of which the personal data were processed and there is no other lawful basis for the processing; or

c. the personal data have been unlawfully processed.

Right to restriction of processing

The data subject has the right to restrict the processing of personal data concerning him or her where

a. the data subject contests the accuracy of his or her personal data;

b. the processing is unlawful and the data subject opposes the erasure of his or her personal data and requests instead the restriction of their use; or

c. the controller no longer needs the personal data for the purposes for which they were originally processed, but the data subject needs them for the establishment, exercise or defence of legal claims.

Right to withdraw consent

The data subject has the right to withdraw his or her consent to processing at any time, without prejudice to the lawfulness of the processing carried out on the basis of that consent.

Right to data portability

The data subject has the right to receive personal data relating to him or her and supplied by him or her in a structured, commonly used and machine-readable format and the right to transfer such data to another controller.

Right to lodge a complaint with a supervisory authority

The national supervisory authority for personal data matters is the Office of the Data Protection Ombudsman, attached to the Ministry of Justice. You have the right to refer your case to the supervisory authority if you consider that the processing of personal data concerning you infringes the relevant legislation.

Changes to data protection practices

The controller is constantly evolving and may need to amend and update its privacy policy as necessary. Changes may also be based on changes in data protection legislation.

If the changes involve new purposes for processing personal data or otherwise change significantly, the controller will give prior notice and, where necessary, obtain consent.