Privacy Policy

We value your privacy

Your privacy is important to us. However, in order for us to serve you in the best possible way, we are required to collect and process some data about you. This privacy policy contains information about what personal data we collect, the principles on which we process it, and the rights and influence you have over your data. We are committed to processing your personal data in accordance with this privacy policy and applicable data protection legislation.

This privacy policy outlines how the joint controllers listed below collect and process data on a shared data file for shared purposes.

Each controller listed in this privacy policy may also have other personal data files that they maintain in accordance with their own privacy policies. Please also read those privacy policies if necessary.

We may update this privacy policy from time to time if changes are made to legislation, or if our operations change, so we kindly request that you check the privacy policy now and again.

The joint controllers and their contact information

This privacy policy applies to the shared personal data file maintained by the following joint controllers:

 The customer register of Mtech Digital Solutions Oy and other joint controllers as described above

  • Mtech Digital Solutions Oy
    Urheilutie 6
    FI-01301 Vantaa 

Mtech Digital Solutions Oy is responsible for the data-technical maintenance of the data file described herein and also acts as a central point of contact for data protection inquiries.

  • Biocode Oy 
  • Emovet Oy
  • Faba Osk
  • Finska Hushållningssällskapet r.f.
  • Maa- ja kotitalousnaisten keskus ry
  • Nylands Svenska Lantbrukssällskap r.f.
  • ProAgria Keskusten Liitto ry and its members: 
  • ProAgria Etelä-Pohjanmaa ry
  • ProAgria Etelä-Savo ry
  • ProAgria Etelä-Suomi ry
  • ProAgria Keski-Pohjanmaa ry
  • ProAgria Keski-Suomi ry
  • ProAgria Länsi-Suomi ry
  • ProAgria Oulu ry
  • ProAgria Itä-Suomi ry
  • ProAgria Svenska lantbrukssällskapens förbund r.f. and its members: 
  • ProAgria Ålands Hushållningssällskap r.f.
  • Österbottens Svenska Lantbrukssällskap r.f.
  • ProEventus Oy

Contact person for data file inquiries

Customer service will respond no later than within 2 business days to questions concerning the customer register.  

Customer service can be contacted at tuki@mtech.fi, tel. +358 (0)9 85665959

Postal address; Mtech Digital Solutions Oy, Customer Service, PO Box 25, FI-01301 Vantaa.

Mtech’s data protection officer is directly responsible for matters relating to data protection.

The data protection officer can be contacted at tietosuoja@mtech.fi 

Name of data file

The customer register of Mtech Digital Solutions Oy and other joint controllers listed above.

How do we use your personal data?

Joint controllers will only process your personal data for predetermined purposes. The primary common purposes are:

Customer identification and user management. Identification, authentication and authorization of customers with regard to service provision. The data security of services, as well as user rights and access management.

Customer service and operative care, management and development of customer relations. Management of customer data, customer history and customer contact history. Organization of support and advisory services for the customer and the management of service procedures, as well as quality assurance and provision of various training services. Ensuring operational quality and safety. Development of joint controllers’ operations and related reporting.

Prevention of and investigation into misuse and problem situations. Ensuring customers’ and Mtech’s legal protection and taking care of legal obligations and obligations set by official regulations. Customer call recordings are used to verify service events, ensure customers’ and Mtech’s legal protection, for training purposes, to develop service quality, to prevent misuse, and for security reasons.

Marketing and communications. We may also process personal data for marketing and communications, direct marketing purposes, and to send customer letters, to the extent permitted by law. This may involve the processing and analysis of personal data for targeted marketing. 

Fulfilling contractual and legal obligations. Your data may also be collected and processed in order to meet contractual or legal obligations.

On what basis do we process your data?

We make sure that we always have a lawful basis for processing your personal data. We may process your data on several different bases, but we ensure that we always have at least one requirement for processing your personal data as defined by law.

We primarily process customer and marketing register data to fulfil and prepare contracts and on the basis of our legitimate interests, which are, in particular, the production and provision of our services, customer management, direct marketing, customer feedback processing, and training services.

If applicable legislation so requires, we may process some of your personal data on the basis of your consent. If we process your data based only on consent, you can withdraw your consent at any time.

We may also process your personal data in order to fulfil legal obligations. Personal ID numbers are processed to a limited extent in certain systems to e.g. identify a user. Personal ID numbers are stored on systems in an encrypted format.

What personal data do we collect? 

Mtech’s customer register primarily contains the following personal data:

  • First and last names
  • Personal ID number (limited use)
  • Address information
  • Telephone number(s), fax
  • E-mail address
  • Country and preferred language
  • Identification data (user name/password)
  • Objections and consent to direct marketing
  • Objections and consent to data disclosure
  • Services ordered by the customer and their history data
  • Service use, log and history data
  • Location data (limited use/in some services)

Mtech only collects and stores data that is necessary for Mtech’s operations and data use purposes, for which there is a lawful basis for processing and whose basis for processing is described in this privacy policy. 

Data which has become unnecessary or obsolete, or for which there is no longer a basis for processing, will be anonymized or destroyed in a data-secure manner.

Which sources do we collect data from?

Data relating to the customer is collected from the customer themselves when a contract is made, from the online service’s “my data” section, from the use of products and services, when the customer contacts customer service, and if the customer participates in product and service development projects and pilot projects.

Data relating to the customer can also be obtained and updated from other external sources of data in cases made possible by legislation for purposes of which the customer is informed.

Who processes the data and will it be disclosed to third parties?

Primarily, your personal data will be processed by controllers’ personnel when they perform their tasks in accordance with this privacy policy. Name and address information can be disclosed from the data file to the controllers specified in this privacy policy for direct marketing purposes to the extent permitted by law. 

Your data may in some cases be confidentially disclosed to our subcontractors, who process personal data on the basis of a written commission agreement. Our subcontractors process personal data in an agreed way in accordance with our written instructions and only for the purposes that are specified in this privacy policy. For example, we may use such subcontractors to carry out market and to maintain information systems used for saving personal data. Our subcontractors do not disclose data to other parties or use the data for their own marketing.

Data (only name and address data) may be disclosed in the manner permitted by the GDPR and Personal Data Act to joint controllers’ partners who are commissioned by the joint controllers and act on their behalf.    

Data is disclosed to authorities in cases where the law so requires, such as when investigating and preventing misuse.

Will personal data be transferred outside of the EU?

Your data will not be transferred outside of the European Union or the European Economic Area. 

If there is a need to transfer your data outside of the EU in order to fulfil the purposes defined in this privacy policy, we will ensure that the country has a sufficient level of data protection as specified by the EU commission, that the recipient holds Privacy Shield certification (US recipients), or that the transfer takes place utilizing the model clauses published by the EU commission. We will, therefore, always ensure that any data transfer is carried out on a lawful basis and with sufficient protection mechanisms.

How long will my personal data be stored for?

We do not store your personal data for any longer than is necessary for their purpose or longer than an agreement or law dictates. The period of time for which we store personal data may vary according to their purpose and the situation, however. The storage times for personal data may be based on legal requirements. We will update your data if necessary. 

How is personal data safeguarded and protected?

The data security of Mtech’s customer data file and the confidentiality, integrity and availability of personal data is ensured using appropriate technical and administrative procedures in accordance with general industry standards. Data is primarily stored in an electronic format. Data and services are protected using, among other things, a firewall, physical protection in the equipment space, access control, user access rights and restrictions, as well as encryption technology and the active monitoring of the aforementioned. Personal data is protected from unauthorized access and illegal or accidental processing.

Personal data is processed by named persons employed by the controller. These persons identify themselves to the systems using a personal user ID and password.

Is it mandatory to provide personal data, and what are the consequences if it is not provided?

The implementation of the purposes of our services described in this privacy policy may, at least partially, require that we process your personal data. This can relate to e.g. managing the customer relationship, fulfilling the contract and invoicing. However, some personal data can be provided voluntarily. If you do not wish to provide your personal data in such situations, it may mean that we are unable to fulfil all of the purposes specified in this privacy policy. 

What rights do you have?

Right to inspect

The customer has the right to receive confirmation that their data will be processed and to check what personal data about them has been saved on the data file. In addition, you also have the right to receive supplementary information concerning the bases for the processing of personal data. The customer can check some of their basic data when logged in to Mtech’s online service.

An inspection request can be made by submitting a written and signed request to the address: Mtech Digital Solutions Oy, Data protection officer, PO Box 25, FI-01301 Vantaa. The request to inspect must specify a name, personal ID number, postal address and telephone number. A response to the request to inspect will be sent to the customer’s address shown in the population information system.

Updating customer information

A customer can update and change their own data when logged in to Mtech’s online system, or by contacting customer service.

Withdrawing consent

If a customer’s personal data is processed on the basis of consent, the customer has the right to withdraw consent at any time without affecting the legality of the processes that took place on the basis of consent before the consent was withdrawn. Consent can be withdrawn by sending an e-mail to tietosuoja@mtech.fi

Right to rectify 

The customer has the right to request that the controller rectifies any inaccurate or erroneous personal data on the data file without undue delay. Considering the purposes for which the data is processed, the data subject has the right to have incomplete data supplemented, by e.g. providing additional clarification.

Restriction of processing

In certain situations the customer has the right to request that the processing of their personal data be restricted.

Right to object

If we process a customer’s personal data in accordance with a public task or our legitimate interest, the customer has the right to object to the processing of their personal data where there is no compelling reason that would sideline the customer’s rights, or if there is no need for the processing in order to take care of a legal claim.

Right to restrict

In certain situations, the customer has the right to request that we restrict the processing of their personal data.

Right to data portability

If a customer’s personal data is processed on the basis of consent or in order to fulfil a contract, the customer has the right to receive the data that they have submitted electronically in a generally usable format in order for their data to be transferred to another service provider..

The right to refuse direct marketing

The customer has the right to stop their personal data from being used for direct marketing purposes. This can be done by e.g. sending an e-mail to tietosuoja@mtech.fi.

How can you exercise your rights?

You can exercise your aforementioned rights by e.g. sending a request to inspect your personal data in the manner specified above or otherwise by contacting us using the contact details provided at the start of this privacy policy. Please note that exercising rights requires us to identify the customer. If you believe that the processing of your personal data is unlawful, you can also complain to the competent supervisory authority (the data protection ombudsman).

Objections and consent to direct marketing

The customer can update their consent or objection to direct marketing when logged in to the online service or by contacting customer service. Consent to marketing can be given either electronically or by telephone to customer services. 

Customers can give their consent to direct marketing by email, mobile telephone or post.

A customer can also object to direct marketing.

Once a customer has objected to direct marketing, Mtech’s direct marketing and sales will no longer be directed at them by telephone, post or e-mail. The customer will, however, always receive the necessary customer communications required to manage the customer relationship and to provide services.

Can this privacy policy be updated?

We may make changes to this privacy policy due to changes in our operations or data protection principles. Updates may also be made if legislation changes. The changes will come into effect once we have published the updated privacy policy. For this reason we request that you check the content of this privacy policy at regular intervals.

Our cookie policy

We use cookies on our website to improve the user experience. Cookies are small text files that the internet browser saves on the user’s device. Cookies can help us to e.g. obtain data that helps us to improve the user experience. Cookies can also be used to facilitate future use of the site by the user.

We may disclose data on our website’s users to e.g. our marketing partners in order for them to be able to better target the content of the website.

Cookies can be managed and cleared freely. More information about cookies, clearing and managing them can be found at the address http://www.aboutcookies.org or from the Help section in your browser’s menu.