Privacy Policy

Register and data protection description

This is Monti Oy’s register and data protection description required by the EU General Data Protection Regulation (GDPR). Drafted 13 April 2022. Last updated 21 June 2022.

1. Controller

Monti Oy, Linnoitustie 6, 02600 Espoo, Finland monti@monti.fi

2. Contact person for the register

Henri Paalasmaa, henri@monti.fi, +358 50 5567 816

3. Name of register

Contact form

The purpose of the register is to enable processing contact requests submitted via the contact form on Monti Oy’s website.

The legal basis of the processing is the legitimate interest for creating and maintaining customer relationships. The legitimate interest is the basis for contacting our clients for customer relationship management, processing feedback, service sales and marketing, for example.

The personal data collected is not used in automated decision-making or profiling.

5. Register data content

The data saved in the register includes the name, email address, company name, phone number and message entered on the contact form.

Our website uses cookies necessary for the functioning of the website and for collecting visitor IP addresses based on a legitimate interest to ensure information security and to create statistics on website traffic, which may include data considered personal data. If any third-party cookies are used, consent for their use is requested separately.

6. Regular data sources

All data saved in the register is collected from the customers who complete and send the online form.

7. Regular disclosures of personal data and transfer to outside the EU or the EEA

Personal data is not regularly disclosed to third parties. Data can be disclosed in the extend separately agreed with the client. All client data is processed within the EU/EEA.

8. Principles of register data protection

The data saved in the register is processed with care, and the data processed with information systems is appropriately protected. If register data is stored on an internet server, the physical and digital data security of the hardware is appropriately ensured. The controller ensures that the data stored, the user rights to the related servers, and other information critical to the protection of personal data are handled with care and only by employees for whom access must be granted due to their duties.

9. Right of access and right to rectification

Data subjects have the right to access their personal data saved in the register and the right ask the controller to correct inaccurate personal data and to complete incomplete data. Data subjects can exercise their right of access or ask for rectification by notifying the controller in writing. The controller may ask the data subject to verify their identity if necessary. The controller must reply to the data subject within the deadline laid down in the GDPR (generally within one month).

10. Other rights of data subjects

Data subjects have the right to request their personal data to be erased from the register (‘right to be forgotten’). Data subjects also have all other rights provided in the GDPR such as the right to restriction of processing in certain situations. These rights can be exercised by notifying the controller in writing. The controller may ask the data subject to verify their identity if necessary. The controller must reply to the data subject within the deadline laid down in the GDPR (generally within one month).