This extract has been drafted on: 29.06.2017
This extract has been modified latest on: 11.03.2018
Emfit Oy (Business ID 0813747-4) (“Emfit”)
Address: Konttisentie 8, 40800 Vaajakoski, Finland
The contact details may be amended from time to time without your consent, and you can find current details in this extract.
2. Person in charge of register matters
Mr. Heikki Räisänen
The name and contact details may be amended from time to time without your consent, and you can find current details in this extract.
3. Name and purpose of register
Name of the register is Emfit Ltd’s website personal data register. In this extract, Emfit describes how it processes your personal data according to Finnish personal data legislation.
In addition, this extract describes how certain third parties process your personal data within and/or outside the European Economic Area.
If you do not provide the data marked as obligatory when the data are requested, Emfit might not be able to provide you with Emfit’s products or services. Some Emfit’s services might require specific terms for processing of personal data. You are informed of those terms and your consent is asked in connection with your usage of the services. You have the right to withdraw the consent given by you to the processing of your personal data by Emfit by at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
4. Processing of personal data of a child
By giving your consent to this extract, you declare that you are of legal age to give your consent validly to this extract. If this is not the case, your declare that your parent or custodian has validly given a consent on your behalf.
5. Content of register
The register includes the following personal data if asked and given by you:
- (a) email address;
- (b) first name(s) and last name(s);
- (c) postal address;
- (d) phone number;
- (f) if you are informed prior to the call, Emfit can record your phone calls with Emfit customer service, and the recordings can be used for quality management purposes, to handle reclamations, to train personnel and to document contracts between you and Emfit and to inspect the content of the contracts;
- (g) your feedback or your responses to or participation in customer opinion polls or competitions;
- (h) information given by you regarding your interests in Emfit’s products and services;
- (i) information given by you when you communicate with Emfit or when you communicate in Emfit’s social media (e.g. tweets, Emfit’s facebook pages etc.);
- (j) your subscription to mailing lists and newsletters; and
- (k) other personal data collected by third parties as explained in Section 7.
6. Purpose of use of register
The personal data are used for the following purposes:
- (a) responding to your contacts and questions;
- (b) marketing and marketing research;
- (c) direct marketing and newsletters based on your consents and in other situations allowed by law;
- (d) to develop products and services and Emfit’s operations;
- (e) when the processing is necessary for compliance with a legal obligation to which Emfit is subject;
- (a) when the processing is necessary for the purposes of the legitimate interests of Emfit, except where such interests are overridden by your interests or fundamental rights and freedoms;
- (b) when the processing is necessary in order to protect your vital interests;
- (c) to take care of regulated personal data obligations of Emfit; and
- (d) for the purposes as explained in Section 7, by third parties who collect personal data in connection with the Emfit website and/or otherwise in connection with the products and services of Emfit.
7. Personal data collected by third parties
- 7.1 Services by Google Inc. (“Google”)
- The Emfit website uses some services of Google. Please see the list of these services in Sections 7.1.2-7.1.4.
At the moment of the creation of this extract, Google announced to collect at least the following data: “Information you give us, Information we get from your use of our services, Device information, Log information, Location information, Unique application numbers, Local storage, Cookies and similar technologies.” (list shortened by Emfit)
- At the moment of the creation of this extract, Google announced to process personal information in many countries around the world:
“Google processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.”
- 7.1.2 Google Fonts
Google Fonts is a typeface visualization service provided by Google.
- 7.1.3 Google Analytics
Google Analytics is a web analysis service provided by Google.
- 7.1.4 YouTube video widget
YouTube is a video content visualization service provided by Google.
- 7.2 Mailgun (Mailgun, Inc.)
- At the moment of the creation of this extract, Mailgun Technologies Inc. announced to collect at least the following data:
“Personally Identifiable Information” is information that lets us know who you are, specifically. Information in this category includes the information you use when registering to use the Platform, like your name, company name, email address, postal address, other contact information, associated domain name and credit card information. Your login credentials are also Personally Identifiable Information. Finally, this category includes information tied to your identity that you provide us through other means, such as emails to our support service and comments on our blog.
- “Non-personally Identifiable Information” is information that doesn’t let us determine your identity. This generally comes from your use of the Services after registering. For instance, our web server logs may show us that someone with a certain Internet Protocol (“IP”) address visited the Site using a certain web browser, but we can’t use that information alone to say whether the visitor was you or someone else. Non-personally Identifiable Information also includes information that could personally identify you in its original form, but that we have modified to remove or hide (for instance, by aggregation) any Personally Identifiable Information. This collection of information occurs automatically when you use the Services.
- Information we collect by automated means. Each time you visit the Site, view a Mailgun advertisement on a third party-owned website, or read our marketing email, we may automatically collect information about you via cookies, web beacons and other similar technologies. These are small files associated with information that your browser or our servers will save and return as part of your use of the Site and the Services for purposes such as saving your login session between visits, remembering your display preferences and tracking your use of the Site. Such information includes standard information from your web browser (such as browser type and browser language), your IP address, and your activities on the Site (such as the web pages viewed and the links clicked, number of visits, access time), the URL of the site from which you came and the site to which you are going when you leave the Site.
- At the moment of the creation of this extract, Mailgun Technologies Inc. announced to transfer data outside of EU: ”Mailgun is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Mailgun complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
- With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Mailgun is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
- U.S. – Swiss Safe Harbor Framework
- Mailgun complies with the U.S. – Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from Switzerland. Mailgun has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Mailgun’s certification, please visit https://safeharbor.export.gov/swisslist.aspx.”
8. Regular sources of personal data
- (a) data given by you when contacting Emfit;
- (b) when you use the website;
- (c) data from third parties listed in Section 7;
- (d) data from Emfit’s cooperation partners to the extent required to provide, develop and troubleshoot the website. The cooperation partners are IT subcontractors and other similar third parties who enable the provision, development and troubleshooting website; and
- (e) when you subscribe to mailing lists or newsletters;
- (f) data through contact and other forms and when you give answers to polls or competitions; and
- (g) data collected through cookies.
9. Regular transferees of data
Personal data are transferred to following third parties for the following purposes:
- (a) to Emfit’s cooperation partners, who process personal data on behalf of Emfit, to the extent required to provide, develop and troubleshoot the website. The cooperation partners are IT subcontractors and other similar third parties who enable the provision, development and troubleshooting website;
- (b) Emfit can also provide data to third parties, who process personal data on behalf of Emfit, such as IT-service providers and marketing services providers;
- (c) personal data can be transferred if they are necessary to comply with legislation or requirements of authorities, to supervise and enforce Emfit’s legitimate interests or to detect, defend against or repair fraud or security or technical problems; and
- (d) transferees as explained in Section 7, regarding the data collected by third parties defined in Section 7.
10. Transfer to countries outside EEA
Emfit does not itself transfer your personal data to countries outside the European Economic Area (EEA) and European Union (EU) (“Third Country”).
The third parties defined in Section 7 might transfer your personal data to Third Countries, according to their privacy policies.
If there is no legally based right to transfer the data to a Third Country*), the basis of the transfer is your consent to the transfer, in which case you are hereby informed of the risks of such transfers. Such risks may include that the level of protection of individuals arising out of the EU laws is not necessarily guaranteed in those Third Countries, which can include e.g. that third parties or authorities can have access to the data to wider extent than according to EU laws, the security methods might not be at the level as regulated under EU laws and the users might not have effective remedies to inspect their data, rights to access their data or get their data corrected at the level as regulated under EU laws.
*) A legally based right to transfer the data to a Third Country can be the following: A transfer may take place where either: (i) the EU Commission has decided that the Third Country or a territory or a processing sector within that Third Country ensures an adequate level of protection, (ii) the transferee has concluded standard data protection clauses adopted by the EU Commission, or (iii) there is other legal basis for the transfer, such as so called safe harbor or privacy shield approved by the EU Commission.
11. Processing by third parties
The Website can include links to third party websites or services, and third parties defined in Section 7 may also process your data according to their terms. Emfit is not liable for processing of data by third parties, unless the third parties are processing data on behalf of Emfit as Emfit’s subcontractors based on Emfit’s instructions.
12. Methods how register is secured
The personal data processed by Emfit are secured by using the following methods and principles:
- (a) locks at Emfit’s premises;
- (b) electrical surveillance systems of Emfit’s premises and equipment;
- (c) firewall, anti-malware and spam filtering systems of Emfit’s communication networks and other software and hardware that protect the security of communication networks;
- (d) professional knowledge of Emfit’s personnel;
- (e) training of Emfit’s personnel;
- (f) the content of the register is in electronic form except for temporary special occasions; and
- (g) Emfit’s policies and guidelines relating to personal data matters.
13. Right of access
After having supplied sufficient search criteria, you have the right to get information on which personal data on you are being processed by Emfit or information that no such personal data are being processed.
Where such personal data are being processed by Emfit, Emfit shall provide you a copy of the data and the following information:
- (a) the purposes of the processing;
- (b) the categories of personal data concerned;
- (c) the recipients or categories of recipients to whom the personal data are to be or have been disclosed, in particular to recipient in Third Countries;
- (d) the period for which the personal data will be stored;
- (e) the existence of the right to request from Emfit rectification or erasure of personal data concerning you or to object to the processing of such personal data;
- (f) the right to lodge a complaint to the supervisory authority and the contact details of the supervisory authority;
- (g) communication of the personal data undergoing processing and of any available information as to their source;
- (h) the significance and envisaged consequences of such processing, at least in the case of measures which produce legal effects concerning the person or significantly affects this person and which are based solely on automated processing intended to evaluate certain personal aspects relating to this natural person or to analyse or predict in particular the natural person's performance at work, economic situation, location, health, personal preferences, reliability or behaviour; and
- (i) information on the regular sources of personal data.
For any further copies requested by you, Emfit may charge a reasonable fee based on administrative costs.
14. Rectification, period for which personal data will be stored and right to lodge complaint to supervisory authority
Emfit shall, at your request, without undue delay correct, erase or supplement your personal data contained in its personal data register in case of erroneous, unnecessary, incomplete or obsolete data taking into account the purpose of the processing, including by way of supplementing a corrective statement.
If Emfit does not take such action on your request, Emfit shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. Please note that you may bring the matter to be handled by the Data Protection Ombudsman. The personal data will be stored during the time period for which is necessary in relation to the purposes for which they are processed.
You have the right to lodge a complaint to the supervisory authority. The contact details of the supervisory authority: http://www.tietosuoja.fi/en/index/yhteystiedot.html
Office of the Data Protection Ombudsman
P.O. Box 800
Ratapihantie 9, 6rd floor
Tel: +358 29 56 66700 (exchange)
Fax: +358 29 56 66735
15. Right to prohibit processing
You have the right to prohibit Emfit to process your personal data for purposes of direct advertising, distance selling, other direct marketing, market research, opinion polls, catalog on persons or genealogical research.
You have the right not to be subject to a measure which produces legal effects concerning you or significantly affects you, and which is based solely on automated processing intended to evaluate certain personal aspects relating to you or to analyse or predict in particular your performance at work, economic situation, location, health, personal preferences, reliability or behaviour.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data which is based on either of the following grounds for processing: (i) when processing has been found necessary for the purposes of the legitimate interests of Emfit or (ii) when processing has been found necessary in order to protect your vital interests. You however do not have the right to object, if Emfit demonstrates compelling legitimate grounds for the processing which override your interests or fundamental rights and freedoms.
16. Right to be forgotten and to erasure
You shall have the right to obtain from Emfit the erasure of personal data relating to you and the abstention from further dissemination of such data, especially in relation to personal data which are made available by you while you were a child, where one of the following grounds applies:
- (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- (b) you withdraw consent on which the processing is based according your consent, or when the storage period consented to has expired, and where there is no other legal ground for the processing of the data; or
- (c) the processing of the data does not comply with lawful requirements for other reasons.
- (d) Instead of erasure, Emfit shall restrict processing of personal data where:
- (i) their accuracy is contested by you, for a period enabling Emfit to verify the accuracy of the data;
- (ii) Emfit no longer needs the personal data for the accomplishment of its task but they have to be maintained for purposes of proof; or
- (iii) the processing is unlawful and you oppose their erasure and you request the restriction of their use instead.
In cases of restriction of processing of personal data in cases defined above, the personal data may, with the exception of storage, only be processed for purposes of proof, or with your consent, or for the protection of the rights of another natural or legal person or for an objective of public interest.