Privacy Policy

We value your privacy

Your privacy is important for us. However, being able to serve you as we best can requires us to collect and process some information concerning you. This privacy policy includes information about what personal data we collect, what principles we apply to processing them, and what rights and possibilities to influence you have pertaining to your data. We are committed to processing your personal data in accordance with this privacy policy and applicable data protection legislation.

This privacy policy describes how the joint controllers listed below collect and process personal data in a joint register, for joint purposes.

Every controller listed in this privacy policy may also have other personal data files that they maintain in accordance with their own privacy policies. Read these privacy policies also, if necessary.

If our operation or legislation changes, we may update this privacy policy, so we ask you to read this policy from time to time.

Joint controllers and their contact details

This privacy policy pertains to the joint personal data file of the following joint controllers:

  • Mtech Digital Solutions Oy
    Urheilutie 6
    01301 Vantaa, Finland 

Mtech Digital Solutions Oy is responsible for the IT maintenance of the personal data file described in this document and also acts as the centralized contact point in questions related to data protection.

  • Association of ProAgria Centres, and its members:
  • ProAgria Southern Ostrobothnia
  • ProAgria Southern Savo
  • ProAgria Southern Finland
  • ProAgria Kainuu
  • ProAgria Central Ostrobothnia
  • ProAgria Central Finland
  • ProAgria Lapland
  • ProAgria Western Finland
  • ProAgria Oulu
  • ProAgria Northern Karelia
  • ProAgria Northern Savo
  • ProAgria Svenska lantbrukssällskapens förbund r.f., and its members:
  • Finska Hushållningssällskapet r.f.
  • Nylands Svenska Lantbrukssällskap r.f.
  • ProAgria Ålands Hushållningssällskap r.f.
  • Österbottens Svenska Lantbrukssällskap r.f.
  • Rural Women’s Advisory Organisation
  • Faba Osk
  • Emovet Oy
  • ProEventus Oy
  • Bisnes+ Oy

Contact person for register-related matters

Customer service will answer questions concerning the customer register within two business days, at the latest. 
The e-mail address for customer service is: tuki@mtech.fi
Tel. +358 (0)9 85665959, selection 5
Mtech Digital Solutions Oy
P.O. Box 25
01301 Vantaa, Finland

Mtech’s data protection officer directly answers questions related to data protection.
The data protection officer’s e-mail address is: tietosuoja@mtech.fi

Name of the register

The customer register of Mtech Digital Solutions Oy and the joint controllers described above.

How do we use your personal data?

The joint controllers process personal data concerning you only for pre-determined purposes. The principal joint purposes are:

Identification of customers and management of users. Identification, authentication and authorization of customers with regard to the provision of services. Information security of services, and management of access rights and access.

Serving of customers, and operational handling, management and development of customer relationships. Management of customer information, and customer and contact history. Arrangement of support and advisory services for customers, and ensuring the management and quality of service measures. Ensuring the quality and security of the operations. development and reporting of the business operations of the joint controllers.

Prevention and resolution of abuse and problematic situations. Ensuring the legal protection of customers and Mtech, and management of obligations based on the law and orders issued by the authorities. Recordings of phone calls with customers are used for verifying service transactions, to ensure the legal protection of customers and Mtech, for training purposes, to develop service quality, and to prevent abuse and for security reasons.

Marketing and communication. We may process personal data within the limits permitted by law to carry out marketing and communication measures, for direct marketing purposes, and to send letters to customers. This can also include processing and analysis of personal data for the purpose of targeting marketing efforts.

Fulfilment of agreements and statutory obligations. Information about you may also be collected and processed for the fulfilment of agreements or statutory obligations.

On what grounds do we process your data?

We ensure that we always have grounds required by law for processing your personal data. We may process data on several different grounds, but we make sure that we always have at least one prerequisite for processing required by the law in place.

We process details in the customer and marketing register mostly to fulfil and prepare agreements and on the basis of our legitimate interests, which include, in particular, the provision and delivery of our services, management of customers, direct marketing, and processing of customer feedback.

If so required by applicable legislation, we may process some of your personal data on the basis of your consent. If we only process your data on the basis of consent, you can withdraw your consent at any time.

We may also process your personal data to fulfil statutory obligations.

What personal data do we collect about you? 

Mtech’s customer register mainly contains the following personal details:

  • Given and last names
  • Address details
  • Phone number(s), fax
  • E-mail address
  • Country and language of transaction
  • Identification details (username/password)
  • Direct marketing bans and consents
  • Data disclosure bans and consents
  • Services ordered by the customer and related history details
  • Use and log details on services, and history

Mtech only collects and stores data necessary for Mtech’s operation and the purposes of the data, where processing has lawful prerequisites and the purpose of such processing is described in this privacy policy. 

Details that have expired or become unnecessary, or details whose processing is otherwise unfounded, are anonymized or disposed in a secure manner.

From which sources do we collect data?

Details related to customers are collected from the customers themselves upon the signing of an agreement, in the online service’s “my details” section, when products and services are used, in the context of customer service, and when customers possibly take part in product and service development and pilot projects.

Details related to customers can also be acquired and updated in cases made possible by legislation, for purposes communicated to the customer, from other external sources of data.

Who processes the data, and are they disclosed to third parties?

As a rule, your personal data are processed by the controllers’ staff members, while performing their duties according to this privacy policy. Name and address details can be disclosed from the register for direct marketing purposes, to controllers described in this privacy policy, within the limits permitted by law. 

In some cases, your data may be confidentially disclosed to our subcontractors who process the personal data on the basis of a written assignment contract. Our subcontractors process personal data in the manner agreed upon, in accordance with our written instructions, and only to promote the purposes listed in this privacy policy. We may use such subcontractors for carrying out marketing efforts, for instance, and in the maintenance of information systems used for storing personal data. Our subcontractors do not disclose data to any other parties or use them for implementing their own marketing.

Data items (only name and address details) can be disclosed, as permitted in the Personal Data Act and the General Data Protection Regulation, to business partners mentioned in subsection 1 who act by our assignment and on our behalf.    

Data are disclosed to the authorities in cases required by the law, such as for resolving and preventing cases of abuse.

Are personal data transferred outside the European Union?

In principle, your data are not transferred outside the European Union (EU) or the European Economic Area (EEA). 

However, if it becomes necessary to transfer your data outside the EU to fulfil purposes specified in this privacy policy, we will ensure that the country is a country of adequate data protection as referred to by the European Commission, that the transferee has Privacy Shield certification (transferees located in the United States), or that the transfer takes place by the utilization of standard clauses published by the European Commission. In other words, we always make sure that any transfer of data is implemented on grounds required by the law and with adequate protection mechanisms.

How long are personal data stored?

We do not store your personal data any longer than necessary in terms of their purpose or if required by an agreement or the law. However, the storage periods of personal data can vary depending on the purpose and the situation. Storage periods of personal data can also be based on requirements imposed by legislation. We will update your data, if necessary.

How are personal data secured and protected?

The information security of Mtech’s customer register and the confidentiality, integrity and usability of personal data are ensured by appropriate technical and administrative measures, in accordance with the general standards of the industry. Data are primarily stored in an electronic format. Information and the service are protected by means of, for example, a firewall, protection of physical equipment facilities, access control, access rights and encryption techniques, and active supervision of the above. Personal data are protected against unauthorized access and unlawful of accidental data processing.

Personal data are processed by designated individuals who are employed by the controller. They identify themselves in the systems by means of a personal username and password.

Mandatory provision of personal data and consequences of failing to provide them?

The implementation of our services and the purposes described in this privacy policy may, at least in part, require us to process personal data concerning you. This may involve, for instance, management of the customer relationship, fulfilment of agreements, and invoicing. However, providing personal data can be partially voluntary. If you do not wish to provide your personal data in such a situation, it may mean that we are unable to fulfil all of the purposes specified in this privacy policy.

What rights do you have?

Right of verification

Customers have the right to receive confirmation that their data are being processed, and to verify what data concerning them are stored in the register. You also have the right to obtain supplementary information about the basis for the processing of personal data. Customers can also partially verify their basic details by identifying themselves in Mtech’s online service.

A verification request can be made by submitting a written, signed request for verification to the address: Mtech Digital Solutions Oy, Data Protection Officer, P.O. Box 25, 01301 Vantaa, Finland. The verification request must include the person's name, personal identity code, postal address, and phone number. A response to the verification request is delivered to the customer’s address confirmed from the Population Information System.

Updating of data

Customers can update and change their own data when they have identified themselves in Mtech’s online service, or by contacting customer service.

Withdrawal of consent

If a customer’s personal data are processed on the basis of consent, the customer has the right to withdraw such consent, at any time, without any effect on the lawfulness of the processing carried out before such withdrawal. Consent can be withdrawn by sending an e-mail to the address: tietosuoja@mtech.fi

Rectification of data 

Customers have the right to demand the controller to rectify any inaccurate personal data concerning the data subject without undue delay. Considering the purposes for which data were processed, the data subject has the right to have any deficient personal data supplemented by providing further information, for example.

Restriction of processing

In certain situations, a customer has the right to request the restriction of processing of personal data.

Objection to processing

If we process a customer’s personal data on the basis of public interest or our legitimate interests, the customer has the right to object to processing of personal data to the extent there are no compelling grounds for the processing which would override the rights of the data subject or for the management of legal claims.

Right to restrict processing

In certain situations, customers have the right to demand that we restrict the processing of their personal data.

Right to have data transmitted

If a customer’s personal data are processed on the basis of consent or to fulfil an agreement, the customer has the right to receive the data he or she has provided electronically in a commonly used format, so the data can be transmitted to another service provider.

Right to prohibit direct marketing

Customers have the right to prohibit the processing of their personal data for direct marketing purposes. This can be done by, for instance, sending an e-mail to the address: tietosuoja@mtech.fi.

How can you exercise your rights?

You can exercise your rights described above by, for example, sending a request concerning verification of data as described above, or by contacting us by using the contact details listed at the beginning of this privacy policy. Please note that exercising such rights requires us to identify the customer. If you find that the processing of your personal data is unlawful, you can also submit a complaint to the competent supervisory authority (Data Protection Ombudsman).

Direct marketing consents and bans

Customers are able to update direct marketing bans and consents once they have identified themselves in the online service, or by contacting customer service. A marketing consent can be given either electronically or by calling customer service. 

Customers can give their consent to direct marketing via e-mail, by mobile phone or by post.

Customers can prohibit direct marketing.

Once a customer has submitted a ban, Mtech does not target any direct marketing or sales at the customer by phone or post or via e-mail. However, customers always receive customer communication that is necessary for managing the customer relationship and for providing the services.

Can this privacy policy be updated?

We may make updates to this privacy policy as our operations or data protection principles change. Updates can also become necessary as legislation is amended. Any changes shall take effect once we have published the updated privacy policy. For this reason, we ask you to read the contents of this privacy policy at regular intervals.

Our cookie practices

Cookies

We use cookies on our website to improve the user experience of our site. Cookies are small text files that the Internet browser stores on the user’s device. Cookies provide us with information that helps us make the user experience more pleasant. Cookies can also be used for making it easier for the visitor to use the site in the future.

We can disclose information about users of our website to, for instance, our marketing partner so it can better target the contents of the sites.

Cookies can be managed and deleted freely. Further information about cookies and how to delete and manage them is available at http://www.aboutcookies.org/, or under section Help in the browser menu.