Controller
Controller: Propria Oy
Business ID 0801155-6
Address: Konetie 25, 90630 Oulu, Finland
Phone: +358207450800
Email: meka@meka.eu
General information
We store and process personal data in accordance with applicable Data Protection Legislation. Data protection legislation refers to applicable data protection legislation, such as the General Data Protection Regulation of the European Union (GDPR, 2016/679) and the Personal Data Act (523/1999). Any data protection concepts not defined in this Privacy Policy shall be interpreted in accordance with the Data Protection Legislation.
In our group, the controller is the parent company Propria Oy. Our group companies are Meka Pro Oy and Unipro Oy, and in Sweden Meka Pro AB.
Our privacy policy is common to the rest of our group. Propria Oy is responsible for the Group’s common registers and for describing the processing of personal data.
The rights of the data subject and the processing of personal data are described in this Privacy Policy.
As a registrant, you can be either our customer, a potential customer, their contact person, our employee, a potential employee or another member of our stakeholders whose contact is important or necessary for us.
In all matters relating to the processing of personal data and in situations where the data subject wishes to exercise his or her rights, he or she is invited to contact the controller at the following address.
Propria Oy stores information about the contact persons of customers, companies and organisations, as well as contact partners and contact persons of potential customers and contact partners. Personal data is used to manage customer and partner relationships. It is also used to manage contacts or similar information regarding the websites and related services of Propria Oy and its group companies.
Purposes and legal grounds for processing personal data
The processing of personal data is based on:
- Consent given by the data subject
- A contract to which the data subject is a party
- The controller’s legal obligations or the law.
- The legitimate interest of the controller
- The legitimate interest is based on the customer relationship between the data subject’s employer and the controller.
- Protecting vital interests
The purpose of processing personal data is recruitment, employment management, marketing, maintaining customer relations and partnerships, developing activities, and organising events.
The controller only collects personal data from data subjects that are relevant and necessary for the purposes of use described in this Privacy Policy.
The following information about data subjects is processed:
- Name
- Employer
- Phone number
- A person’s relationship with their employer
- The country where the person works
Retention of personal data
Personal data will be kept only for as long as necessary to fulfil the purposes set out in this Privacy Policy. When we are no longer required by law, our rights or obligations, or the rights or obligations of an individual to retain personal data, we will destroy that personal data. For example, where an individual requests the deletion of his or her data from our records, the personal data will be destroyed without undue delay. For technical reasons, in such situations, personal data will be kept in our backups for a maximum of one year before being destroyed.
We strive to keep the personal data we hold accurate and up to date by removing unnecessary information and updating outdated information.
As a registered user, you have several rights in relation to your personal data. Please contact us in writing if you wish to take any action or have any questions about your rights.
Recipients of personal data
Personal data may be transferred between companies belonging to the same group as the controller in accordance with the conditions of data protection legislation for the purposes described in this Privacy Policy.
Various service providers and other third parties, such as providers of technical solutions or server space, may also be used to process personal data. Group companies may also process personal data on behalf of another group company.
Personal data may be disclosed to third parties in situations required by law or by a public authority, or for the purpose of investigating misconduct or ensuring security. In addition, personal data may need to be disclosed in connection with legal proceedings or similar legal proceedings.
Protection of personal data
We take care of the technical security of data centres and systems, as well as the security of processes. Servers are protected against data breaches and denial of service attacks. Only the controller and those persons whose work is strictly necessary for the purposes of the controller’s duties have access to the data in the register. Registry data are backed up securely and can be restored if necessary. Appropriate technical and administrative measures shall be taken to ensure the security of the register and the confidentiality, integrity and availability of personal data.
Right to inspect and obtain information
At your request, we will provide you with all the personal data we hold about you in our records. We will provide you with the information in a structured, commonly used and machine-readable format.
Right of rectification
At your request, we will correct inaccurate and incorrect personal data collected in our register.
Right of withdrawal
At your request, we will delete all personal data concerning you from our register, unless we have a specific legal basis for retaining the data.
Right to restriction of processing
You can restrict our processing of your personal data if you have a legal ground to do so (e.g. inaccuracy).
Right to object
You have the right to object to the processing of your personal data for direct marketing purposes. If we contact you, the approach is likely to be by email. At the end of each of our direct marketing emails, there is a button that allows you to easily remove yourself from our direct marketing list.
Right of appeal
You have the right to refer your case to the supervisory authority if you believe that the processing of personal data concerning you is in breach of the relevant legislation. The national supervisory authority for personal data matters is the Data Protection Ombudsman, attached to the Ministry of Justice.
