Youtube Facebook-f Instagram Linkedin
Youtube Facebook-f Instagram Linkedin

Privacy policy

Privacy policy

This is a statement on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).

Controller

Menumat Oy
Business ID: 1498298-1
Address: Varpukalliontie 2 B, 01530 Vantaa, Finland
p. 020 796 1550
e-mail: asiakaspalvelu@menumat.fi

Contact for data protection issues

Data Protection Officer
Kenneth Selén
p. 0505733879
e-mail: kenneth.selen@menumat.fi

For all questions relating to the processing of personal data and in situations where the data subject wishes to exercise his or her rights, he or she is invited to contact the Data Protection Officer.

Grounds for and purposes of the processing of personal data

We process personal data for the purpose of processing and delivering the order for the performance of the contract (Article 6(1)(b) GDPR). In addition, we may use your data for customer relationship management and marketing purposes on the basis of our legitimate interest (Article 6(1)(f) GDPR), unless you object. We also retain data in accordance with our legal obligations, such as accounting regulations (GDPR Article 6(1)(c)).

 Contract enforcement (Article 6(1)(b) GDPR)

Processing of personal data is permitted if it is necessary for the performance of a contract or for the performance of pre-contractual measures.
Example.
 Legitimate interest (Article 6(1)(f) GDPR)

An organisation may process personal data if it has a legitimate and legitimate interest to do so which does not override the fundamental rights and freedoms of the data subject.
Example. In this case, the company’s interest in promoting its business is often considered a legitimate interest as long as the data subject can object to the marketing.
 Compliance with legal obligations (Article 6(1)(c) GDPR)

The processing of personal data is permitted if it is necessary for compliance with a legal obligation to which the controller is subject.
Example.
Personal data processed

The controller will only collect personal data from data subjects that are relevant and necessary for the purposes of the use described in this Privacy Policy.

The following data of data subjects are processed:

Name
E-mail address
Telephone number
Address
Data retention period

The controller will process personal data for as long as they are necessary for the services provided to the customer or other similar activities. Billing data will be kept in the accounting records in accordance with the Accounting Act for the next 10 years. At the end of this period, the controller will delete or anonymise the data within one year in accordance with the deletion processes it follows.

The controller may be obliged to process some of the personal data in the register for longer than stated above in order to comply with legal or regulatory requirements.

Rights of the data subject

Right of access to personal data

Data subjects have the right to obtain confirmation as to whether personal data concerning them are being processed and, if so, to obtain a copy of their personal data.

Right to rectification

The data subject has the right to request that inaccurate or incorrect personal data concerning him or her be corrected. The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.

Right to erasure

The data subject has the right to request the erasure of personal data concerning him or her where

a. the personal data are no longer necessary for the purposes for which they were collected;

b. the data subject withdraws the consent on the basis of which the personal data were processed and there is no other lawful basis for the processing; or

c. the personal data have been unlawfully processed.

Right to restriction of processing

The data subject has the right to restrict the processing of personal data concerning him or her where

a. the data subject contests the accuracy of his or her personal data;

b. the processing is unlawful and the data subject opposes the erasure of his or her personal data and requests instead the restriction of their use; or

c. the controller no longer needs the personal data for the purposes for which they were originally processed, but the data subject needs them for the establishment, exercise or defence of legal claims.

Right to withdraw consent

The data subject has the right to withdraw his or her consent to processing at any time, without prejudice to the lawfulness of the processing carried out on the basis of that consent.

Right to data portability

The data subject has the right to receive personal data relating to him or her and supplied by him or her in a structured, commonly used and machine-readable format and to have those data transferred to another system.

Right to lodge a complaint with a supervisory authority

The national supervisory authority for personal data matters is the Office of the Data Protection Ombudsman, attached to the Ministry of Justice. You have the right to refer your case to the supervisory authority if you consider that the processing of personal data concerning you infringes the relevant legislation.

Changes to data protection practices

The controller is constantly evolving and may need to amend and update its privacy policy as necessary. Changes may also be based on changes in data protection legislation.

If the changes involve new purposes for processing personal data or otherwise change significantly, the controller will give prior notice and, where necessary, obtain consent.