Privacy policy
PRIVACY STATEMENT
Personal Data Act (523/1999), Section 10
EU General Data Protection Regulation (GDPR, 2016/679)
Document date 24 May 2018
CONTROLLER
Kauppakeskus Mylly Oy
Myllynkatu 1
21280 RAISIO
Tel. 02 332 3000
NAME OF DATA FILE
Kauppakeskus Mylly Oy’s marketing data file.
Customer data file for Kauppakeskus Mylly Oy’s website.
PERSON IN CHARGE OF DATA FILE MATTERS
Contact person:
Mira Färm
Kauppakeskus Mylly Oy
Myllynkatu 1
21280 RAISIO
Tel. 040 778 5515
Email: mira.farm@kauppakeskusmylly.fi
PURPOSE OF DATA FILE
The marketing data file includes newsletter subscribers:
- management, renewal and development of customer relationships
- customer and direct marketing
- delivering newsletters
- delivering contests and rewards
- opinion and market research
- business development
The website’s customer data file includes contact and feedback forms as well as personal
data obtained via the rental of promotional spaces:
- management, renewal and development of customer relationships
- feedback processing and communication
- business development
- user analysis for the website
- responding to customer enquiries and job applications
Data processing in the marketing data file and the website’s customer data file is based on
customer relationship management, the data subject’s consent or implementation of the
controller’s legitimate interests.
CONTENTS OF THE DATA FILE
Data which are necessary for the purpose of the data file are processed in the marketing
data file:
- Name
- Gender
- Year of birth
- Address
- Email address
- Telephone number
- Areas of interest
The marketing data file includes the following usage data:
- Date of registration
- Winners
Basic personal data obtained via contact and feedback forms and the rental of promotional
spaces:
- Name
- Telephone number
SOURCES OF PERSONAL DATA
The legal basis for processing personal data is consent or the controller’s legitimate
interest. Personal data are collected from data subjects themselves when the customer
registers on the Mylly newsletter’s mailing list, participates in Mylly’s contests, sends
feedback, contacts Mylly in some other way or rents a promotional space at Mylly. It is also
possible to send feedback anonymously. In addition, cookies are used to collect
information on the use of the website.
DISCLOSURE AND TRANSFER OF DATA
Data are not disclosed without the data subject’s consent except within the limits permitted
by and obligatory under law or as required by authorities.
Subcontractors may be used to manage the tasks related to the purpose of the data file,
and data may be transferred outside the EU/EEA area if such is necessary in order to
implement the service. In such cases, the controller ensures a sufficient level of data
protection through agreements, as required by legislation.
DATA STORAGE PERIODS
The controller stores the data that are in the marketing data file only for as long as is
necessary for the purpose of the data file. A data subject my unsubscribe from a
newsletter and erase all data collected on them at any time via the link that can be found
at the end of the newsletter.
Personal data in the website’s customer data file are stored for five (5) years, after which
the data are erased.
PROTECTION OF DATA FILES
Databases containing stored data are technically and physically protected such that
outside parties cannot access them. Only persons who require the data to take care of
their work tasks have access to the data. Mylly’s information network and equipment in
which the data file is located are protected with firewalls and other technical measures,
such as encryption, taking the costs of the measures into account.
RIGHT TO INSPECT AND RECTIFY, AND RIGHT TO ERASURE OF DATA
The data subject has the right at any time to cancel their newsletter subscription, inspect
their data and have their data erased (‘right to be forgotten’). These measures can be
taken via the link that can be found at the end of the newsletter or by sending a written
request to the controller.
A data subject has the right to inspect the data that have been saved on them in the data
file, the right to demand that incorrect personal data be rectified and the right to have their
data erased from the data file. Please note that you have the right to be forgotten only if
we do not have a legal obligation to continue processing your personal data. A data
subject also has the right to restrict the processing of their personal data (the accuracy of
the personal data is contested or the processing is unlawful), the right to object (direct
marketing or processing based on some other legitimate interest), the right to withdraw
consent and the right to be notified about a personal data breach. A data subject also has
the right to lodge a complaint with the supervisory authority if they believe the processing
of their personal data is in violation of the applicable data protection regulation.
A signed request for inspection, rectification or erasure must be submitted in writing to the
person in charge of data file matters. With this signed letter, a data subject may obtain
data concerning them free of charge once a year.
OTHER RIGHTS
The contents of web pages and the newsletter may contain links to third-party websites.
The company has no control over linked websites, nor is it liable for the contents of or links
within third-party websites. Anyone who goes to a linked website must read that website’s
privacy policy, cookies policy and other applicable user terms and conditions for themself.
RIGHT TO TRANSFER PERSONAL DATA AND RIGHT TO RESTRICT PROCESSING
The data subject has the right to receive the personal data concerning them, which they
have provided to the controller, in a structured, commonly used and machine-readable
format if the processing is based on consent or an agreement and the processing is
carried out by automated means.
Under Article 18 of the GDPR, the data subject has the right restrict the processing of their
personal data.
AMENDMENT OF THE PRIVACY STATEMENT
The controller reserves the right to update and amend the privacy statement.
