Skip to main content

Privacy Policy

In this statement we will tell you how we process the personal data of our clients and those who visit our website. First, a summary of the central points. For those of you who have a passion for data protection (like we do!) we have included a longer and more detailed text version below.

N.B. If you are using a mobile device you can scroll the chart horizontally.

Data controller: Molemmat Oy, y-tunnus 3242728-7

Contact details for checking data and for other uses of your data protection rights: info@molemmat.fi

Supervisory authority: The Data Protection Ombudsman, www.tietosuoja.fi/en/home

What data Where we get the data from When it will be deleted Will it be transferred outside of the EU What the data is used for
The web server’s log data: IP address, User-Agent, requested document, timestamp, server response code, referral website, the potential tracking URL From you/your device when you visit our website. The data on opening the tracking URL is only saved if you open a link tailored to you. After 2 years No The technical functioning of the website, cyber security and user count. The tracking URL is used to develop sales
The contact form data (name, email address, company, what you are contacting us about, whether you want a quote, message and timestamp) From you when you send the data to us through our website’s contact form. When the query has been answered, or when the customer relationship has ended No To reply to your contact request, to follow the customer relationship
The company’s name, business ID, address* From the client company or from public sources (e.g. the Finnish Trade Register) 3 years after the client relationship has ended or according to the record retention period required by accounting (after 5 or 10 years) No Managing the customer relationship and the contract, accounting and invoicing
The name, contact details and position of the contact person From the client company 3 years after the client relationship has ended No Managing the customer relationship and the contract
The needs and interests of the client company* From the client company 3 years after the client relationship has ended No Managing the customer relationship and the contract
The services bought by the client company* From the client company 3 years after the client relationship has ended No Managing the customer relationship and the contract
The decision-makers and owners of the company (name, position) From the client company or from public sources (e.g. the Finnish Trade Register) 3 years after the client relationship has ended or according to the record retention period required by accounting (after 5 or 10 years) No Managing the customer relationship and the contract, accounting and invoicing
The signatories of the contract (name and position) From the client or seller company According to the record retention period required by accounting (after 5 or 10 years) No Creating a contract, accounting and invoicing
The invoice breakdown which states the person who carried out the work, the contact person, the phone number as well as other contact details From the client or seller company According to the record retention period required by accounting (after 5 or 10 years) No Creating a contract, accounting and invoicing

* The data marked with an asterisk is personal data when it applies to a one-person company. Otherwise we deem it business data (i.e. not personal data).

Website

We use the services of German Hetzner to run our website. When you visit our website we get the following log data from the web-server:

  • IP address (your computer or mobile device’s unique identifier that can be traced back to you)
  • Your browser’s User-Agent
  • Requested document (i.e. the part of our website that you have clicked or looked at)
  • Timestamp
  • Server’s HTTP Response Code
  • Referrer
  • The potential tracking URL (i.e. the identifier of the marketing etc. material that we have shared with you)

This data will be kept on our server for two (2) years, after which it will be permanently deleted.

We use the data to resolve potential technical issues on our website, to ensure the cyber security of the site and to count the visits to our site. With the data we can estimate how many visits we get within a certain timeframe, how many times a document has been requested within a certain timeframe, what devices are used to access the website (User-Agent), how many and which documents each visitor has requested as well as which websites the visitors are coming from.

We get the data directly from you (or rather from your device) when you visit our website. We do not disclose data to outside parties, and we do not transfer data outside of the EU/ETA area. We also do not use your data for automated decision-making or profiling. We do not use tracking cookies or tracking software that could be used to follow you after you have left our website.

We process your data according to the EU’s General Data Protection Regulation’s (GDPR) article 6.1 section b): “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”. In practice this means that the website has to process your data for its technical functioning. Otherwise you would not be able to access our website at all.

However, the technical functionality does not require saving the log data for a longer period of time. This longer processing time is based on the GDPR’s article 6.1 section f): “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child”. Molemmat Oy has a legitimate interest in storing data to ensure cyber security, in order to e.g. resolve hostile attacks or misconduct. We also have a legitimate interest in getting to count the amount of visits on our site and seeing which parts of our site get the most traffic in order to develop our website. We also have a legitimate interest to know how often our marketing material is viewed in your organization, so that we can better target our marketing to just those who are interested in our products. Since we do not process much data on you and since the data we process cannot be deemed as very sensitive, we are of the opinion that in this case your rights according to data protection legislation do not weigh more than our legitimate interest to process your data.

The Website’s Contact Form

Our website also has a contact form which you can use to contact us. When you use the form we get the following data on you:

  • Name
  • Email address
  • Phone number
  • Your message

This data is saved on our website’s server. We are only left with the data that you yourself have put into the form. Please note that your visit to our website also creates log data, which we have discussed in more detail above. After you have filled in the form, we can use the data you gave us to call you back or send you an email. If you do not wish to work with us after we have gotten back to you, we delete the data related to your contact immediately. If, on the other hand, you do wish to work with us, we can save your data into our own client folder. In this case, too, your data will be deleted from our website’s server after we have gotten back to you. Below you can find more information on how we process client data and what other data we might gather on you as a result of us working together.

We do not disclose data to outside parties from you contacting us, and we do not transfer data outside of the EU/ETA area. We also do not use your data for automated decision-making or profiling.

We process the data you put in to the contact form according to the EU’s General Data Protection Regulation’s (GDPR) article 6.1 section b): “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”. In practice this means that since you have requested for us to be in contact with you, we have to be able to process the data you have given us. Otherwise we would not be able to answer your contact request.

Client Data

We collect data on our clients’ representatives through our contact form as well as through communication with our clients. Some data we get from public sources such as the Finnish Trade Register. The processing of the data from our contact form is explained above in The Website’s Contact Form -section. We process the following data on our clients:

  • The name of the company, Business ID, address (this is counted as personal data when it applies to a one-person company; in the case of larger companies it is deemed business data)
  • The name and contact details of the contact person, such as (work) telephone number and (work) email address, as well as position
  • The needs and interests of the client company (this is counted as personal data when it applies to a one-person company; in the case of larger companies it is deemed business data)
  • The services bought by the client company and the data related to them (this is counted as personal data when it applies to a one-person company; in the case of larger companies it is deemed business data)
  • The decision-makers and owners of the company (name and position)

We use the data to improve our sales and customer service so that we can offer you the services that are best suited to the specific needs of your company. In addition we use the data for the maintenance and daily upkeep of the customer relation.

We do not disclose data to outside parties, and we do not transfer data outside of the EU/ETA area. We also do not use your data for automated decision-making or profiling.

We check our register annually and delete the data that is no longer valid (such as if the client company has closed down or the contact person has changed, or if the client company has not bought our services in the last two years). In this way we ensure that all data is deleted at least 2 years after the data has expired, or 3 years after the last purchase. We will naturally delete the data earlier at the client’s request or announcement.

We process client data according to the EU’s General Data Protection Regulation’s (GDPR) article 6.1 section b): “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”. In practice this means that we need the data in order to make offers and fulfill the contractual relationship between us.

Accounting and Contracts

We have outsourced our accounting and we are using a digital accounting and invoicing system. Our accounting and contracts hold some personal data:

  • The signatories and contact persons, as well as their positions in the client company
  • The possible breakdown in the invoices which states the person who carried out the work, the contact person, the phone number as well as the other contact details, which might be personal

We get the data from the client and seller companies or from public sources such as the Business Information System. The data is used to create contracts as well as in invoicing and accounting. We do not use the data for other purposes. The data may be disclosed to an auditor or to the authorities. We do not transfer data outside of the EU/ETA area. We also do not use your data for automated decision-making or profiling.

We process the data in our accounting and contracts according to the EU’s General Data Protection Regulation’s (GDPR) article 6.1 section c): “processing is necessary for compliance with a legal obligation to which the controller is subject”. This means that the data processing is based on tax and accounting legislation. We store the data for as long as the legislation requires, which is generally 5 or 10 years when it comes to accounting records.

Advertising (Google Ads)

We use the Google Ads -service for advertising. We buy advertising space in Google’s ad network on the internet so that Google shows our ads to the target groups we request or when someone uses specific words in a Google search. Google targets the advertisements through the information it owns as well as through following its users. Google charges us according to how many people visit our website through a Google ad. Thus, if you come to our website through a Google ad, Google Ads adds a cookie to your browser, from which it can then tell that you have visited our website thanks to a Google ad.

At Molemmat Oy we do not process personal data with our advertising and we are not the controllers i.e. the ones responsible for the information that Google uses to target its advertisements. Moreover, we do not have Google’s or any other third party’s cookies on our website.

You can find more information about the data that Google processes on you and how Google targets ads for you on Google’s own site https://policies.google.com/privacy?hl=en. On the same website you can also find information on how you can affect the data that Google gathers on you and how your data is used.

Your Rights and the Contact Details of the Data Protection Ombudsman

You have the right to check the data we hold on you, the right to ask for correcting the data, deleting it, for limiting the processing of your data, as well as the right to oppose the processing of your data. You also have the right to ask to have your data moved from one system to another. Please note, that we cannot always fulfill your request of e.g. deleting your data if we have a legal or other obligation to store the data (e.g. the data required by the Accounting Act).

Make a request about your personal data by sending an email to info@molemmat.fi. In the email please state which data you wish to check or any other right you wish to exercise, and tell us your name and any other information that we can use to help find your data on our registers. When submitting the request you do not need to give us any more data than what we already have.

You have the right to make a complaint to the Data Protection Ombudsman, if you suspect that we are using your data in a way that goes against data protection legislation. The Data Protection Ombudsman will also advise you on your data protection rights. The contact details for the Office of the Data Protection Ombudsman are:

Office of the Data Protection Ombudsman

Website: www.tietosuoja.fi/en/home

Visiting Address: Lintulahdenkuja 4, 00530 Helsinki

Postal Address: PL 800, 00531 Helsinki

Email: tietosuoja(at)om.fi

Switchboard: +358 (0)29 566 6700

General guidance for private persons: +358 (0)29 566 6777