MTB-SIIVOUSPALVELU OY CUSTOMER REGISTER
Personal Data Act (523/99) Section 10
EU General Data Protection Regulation 2016/679 (GDPR)
Prepared on 18.5.2018/updated on 1.4.2025
This is the privacy statement of MTB-Siivouspalvelu Oy’s (later MTB) customer register. MTB is committed to protecting individuals’ rights and keeping personal data secure. The personal data in the customer register is important to us for maintaining customer agreements, such as handling orders, purchases, and billing. The customer register data is not shared with external parties. MTB reserves the right to update and change the privacy statement, but changes will be communicated to the registered individuals as required by law.
Data Controller
MTB-Siivouspalvelu Oy (0680535-2) Sinikalliontie 5A 02630 Espoo 09 42 43 5036
[asiakaspalvelu@mtb.fi](mailto:info@mtb.fi)
Person in charge of register matters: Riku Backström [riku.backstrom@mtb.fi](mailto:riku.backstrom@mtb.fi)
Requests related to the rights of the registered: [info@mtb.fi](mailto:info@mtb.fi) / 09 42 43 5036
Purpose of Personal Data Processing
Personal data is collected from the customer during contact, registration, and/or purchase of services and is processed based on the customer relationship or other relevant connection within the limits allowed and required by the Personal Data Act Section 8. Personal data is processed for customer communication, maintaining the customer register, managing, administering, and developing the customer relationship, fulfilling the rights and obligations of the customer and MTB, analyzing, and statistical purposes. The data contained in the register can be used for MTB’s direct marketing if the customer has given permission for direct marketing. Already registered personal data can be updated based on feedback or request from the registered individual. Personal data can be deleted at the request of the registered individual or due to the termination of the customer relationship, if there is no legal or technical obstacle to this (see the rights of the registered).
Content of Data Collected in the Register
The customer register may contain the following information about the registered individual: customer number, company name, company industry and person category, contact person’s title, company address, company phone number, work email address, marketing permission/prohibition, newsletter reading and click history, order information permissions/prohibitions, customer feedback, and other information provided by the customer and purchase history of services. For corporate customers, the names and contact details of the contact person and other company contact persons may be provided. MTB’s customer register does not process special personal data.
Groups of Data Recipients
MTB may disclose personal data in the register within the limits allowed and required by current legislation. Personal data may be disclosed to other parties, such as authorities, service providers, and subcontractors. Data from MTB’s customer and marketing register is not regularly disclosed outside the company. However, the data controller may disclose the customer’s name and necessary contact details to third parties, such as subcontractors, resellers, or suppliers, to enable the requested service or order to be fulfilled. These third parties provide the necessary information, products, or services to the customer on our behalf. MTB always ensures before disclosing data that the agreed relevant confidentiality obligations are always followed.
Transfer of Personal Data Outside the EU or EEA
Data is not transferred outside the EU or EEA. If the transfer of data outside the EU/EEA area becomes necessary for the implementation of the service, MTB will ensure the adequate level of data protection required by law through agreements, and separate evaluations will be made before the transfer.
Retention and Deletion Period of Personal Data
The personal data in the register is kept confidential. MTB retains the data as long as it is needed for the purpose for which it was collected and processed, or as long as the law and regulations require the retention of the data. If MTB retains the registered individual’s data for purposes other than the execution of the contract (for example, retention periods required by procurement, accounting, and advance collection laws), the data will only be retained if it is necessary for the specific purpose and/or required by law and regulations.
Protection of Personal Data
MTB ensures the general security of the processing of customers’ personal data and the confidentiality, integrity, and availability of personal data through appropriate technical and administrative measures. The databases where the data is stored are technically and physically protected so that there is no access from outside the company. The electronic customer register is protected by passwords. The user rights of all individuals using the register are limited according to the person’s roles. Regular backups of the register are taken to the cloud service. The register is stored on a secure server with backup. Manually processed documents containing the registered individuals’ data are stored in locked premises so that only authorized users have access to them.
Processors of Personal Data
The processing of data follows current legislation, which is guaranteed through agreements between organizations. Only those employees of the data controller and employees of companies acting on behalf of the data controller have access to the data, for whom it is necessary for the performance of their duties.
Rights of the Registered
The registered individual has the rights under the EU General Data Protection Regulation:
Request access to their personal data from the data controller and inspect what data has been stored about them in the customer register. Also, the right to request the correction, deletion, or restriction of the processing of such data. If the data is incorrect or incomplete, the registered individual has the right to request the correction of the data, unless legislation restricts this.
The right to restrict and oppose the processing of data if there is no acceptable reason for continuing the processing or the processing of data is unlawful. The registered individual always has the right to prohibit the processing and disclosure of their data for direct marketing, distance selling, or other direct marketing, as well as opinion and market research.
The registered individual has the right to receive the personal data they have provided to the data controller in a commonly used and machine-readable format, and if desired, transfer the data to another data controller.
If the registered individual feels that the data controller has not processed personal data lawfully, they can file a complaint with the supervisory authority.
A request for inspection, correction, or other can be made by contacting the person in charge of register matters.