Mantsinen Group LTD OY
processes personal data; what kinds of personal data we collect, for which purposes the personal
data is used and to which parties the personal data can be disclosed. Mantsinen is committed to
being transparent about how we collect and use personal data and how we meet our data
Personal data refers to any information relating to a natural person (“data subject”) that can identify them directly or indirectly. Personal data, data subject, controller and other key terms are defined in the General Data Protection Regulation (2016/679, “GDPR”). Mantsinen complies with the GDPR in all processing of personal data in conjunction with other applicable national data protection legislation.
Controller: Mantsinen Group Ltd Oy
Address: Välikankaantie 3,
FI–80400 Ylämylly, Finland
PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
Personal data will be processed for the following purposes:
Registration to use our products and services (such as Mantsinen Insight service) and user
account management based on contract or its preparation including verification of
• Provision of our products and services based on contract or its preparation.
• Invoicing (including debt collection), customer service, feedback and related
communications based on contract or its preparation or company’s legitimate interest.
• Management and administration of our relationship with our business partners based on
company’s legitimate interest.
• Provision of information and materials related to our products and services, for example by
newsletters and direct marketing based on company’s legitimate interest or consent.
• Identifying potential customers who are using our services for the
purposes of targeting relevant marketing to such persons based on company’s legitimate
• Registrations for our events, trainings and webinars based on company’s legitimate interest.
• Market and customer analysis and surveys based on company’s legitimate interest.
• Analyzing use of our products and services, and product and service development based on
company’s legitimate interest.
• Complying and fulfilling our legal duties and obligations such as tax law and accounting
related obligations based on statutory obligation.
• Establish, exercise or defend against legal claims based on statutory obligation or company’s
• Ensuring security of our products and services and preventing abuses based on statutory
obligation or company’s legitimate interest.
• Ensuring security of our IT environments and protection of data based on statutory obligation
or company’s legitimate interest.
• based on company’s legitimate interest to send you promotional material
about products and services you might be interested in.
The data subject has the right to refuse personal data being used for direct marketing and may at any time recall prior consent.
For processing activities that are based on a legitimate interest, we have carefully balanced such
legitimate interest with the data subjects right to privacy and concluded that our interest outweighs
the data subjects’ rights and freedoms.
WHAT DATA IS COLLECTED, STORED AND PROCESSED?
Mantsinen collects only such personal data from the data subject that is relevant and necessary for
The following personal data from the data subjects will be processed:
• Name and contact information, such as email address, phone number, fax number, employer name and address and job title / position.
• Information related to service accounts such as user names and passwords, security login details and customer ID.
• Machine data if using a vehicle equipped with Mantsinen Insight service, such as machine location, engine RPM, average fuel consumption, instantaneous yield, target population, as–
applied rate, and fault codes (to the extent such data will be deemed personal data).
• Location data if the data subject has enabled location–based functions.
• Consents and objections related to direct marketing.
• Other information necessary for maintaining the business partner relationship, such as billing information and credit card details, purchase history, offers, contracts, payments and interests, service requests, feedback, other message history and marketing preferences.
• Electronic identification and behavior data such as IP address, device type, operating system, browser type and settings, language settings, dates and times of connecting to a website, application usage statistics, application settings, dates and times of connecting to the application, aggregate statistical information and other technical communications information necessary for the operation of the relevant website or application).
The personal data is mainly collected directly from the data subjects themselves, for example, at the time of registration or use of our services, purchase of our physical products, in connection with preparing or signing of a contract or during a customer relationship or customer service.
The personal data may also be collected automatically when the data subject uses our products and services e.g when using our online services and visiting our website.
In addition, and with the permission of the data subject, data may be collected in other ways in a marketing context.
Personal data may be updated and supplemented by collecting data from private and public sources.
RETENTION OF PERSONAL DATA
In respect of billing information, the data will be stored, at a minimum, for the period of time required by the Finnish Accounting Act.
Detailed retention times can be provided upon requests.
We evaluate the necessity and accuracy of the personal data on a regular basis and endeavor to ensure that the incorrect and unnecessary personal data are corrected or deleted.
WHO HAS ACCESS TO THE PERSONAL DATA?
List of the processors and other recipients can be provided upon a request.
In addition, the company may share the personal data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other
The personal data is also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the products and services as well as to guarantee the safety of the products and services.
IS DATA TRANSFERRED OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN
The company does not, as a rule, transfer personal data outside the European Union (EU) or the
European Economic Area (EEA).
In case personal data is transferred outside EU/EEA, such transfers are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or transfers are carried out by using appropriate safeguards such as standard data protection clauses adopted or otherwise approved by the EU Commission or competent data protection authority in accordance with the GDPR.
HOW IS THE DATA PROTECTED?
Securing the integrity and confidentiality of personal data is important to Mantsinen. We have taken adequate technical and organizational measures in accordance with industry standards in order to keep personal data safe and to secure it against unauthorized access, loss, misuse or alteration by third parties, such as by physical and digital security measures and access controls. Nevertheless, considering the cyber threats in modern day online environment, we cannot give full guarantee that our security measures will prevent illegally and maliciously operating third parties from obtaining access to personal data or absolute security of the personal data during its transmission or storage on our systems.
RIGHTS OF DATA SUBJECTS
The data subject has a number of rights under applicable data protection laws.
RIGHT OF ACCESS AND RIGHT OF INSPECTION
The data subject has the right to obtain confirmation as to whether or not personal data concerning them is being processed.
The data subject has the right to inspect and view data concerning them and, upon a request, the right to obtain the data in a written or electric form. This applies to information that the data subject has provided to the company insofar the processing is based on a contract/consent.
RIGHT TO RECTIFICATION AND RIGHT TO ERASURE
The data subject has the right to demand the rectification of inaccurate personal data concerning them and to have incomplete personal data completed.
RIGHT TO DATA PORTABILITY
The data subject has the right to receive the personal data that they have provided to Mantsinen in a structured, commonly used and machine–readable format and, if desired, transmit that data to another controller. The right to data portability applies on the processing of the personal data based on consent or a contract.
RIGHT TO RESTRICTION OF PROCESSING
The data subject has the right, under conditions defined by data protection legislation, to request the restriction of processing of their personal data. In situations where personal data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, the company will limit the access to such data.
RIGHT TO OBJECT TO PROCESSING
The data subject has the right to object to the processing of data where Mantsinen is relying on its legitimate interests as the legal ground for processing. For example, the data subject may object to their personal data being used for marketing purposes.
RIGHT TO WITHDRAW CONSENT
In cases where the processing is based on the data subjects’ consent, the data subject has the right to withdraw their consent to such processing at any time.
Identity will be checked before the information is given out, which is why we may have to ask for additional details. The request will be responded to within a reasonable time and, where possible, within one month of the request and the verification of identity.
If the data subject’s request cannot be met, the refusal shall be communicated to the data subject in writing. The company may refuse a request (for example erasure of data) due to a statutory obligation or a statutory right of the company, such as an obligation or a claim relating to our services.
The data subject may exercise the aforementioned rights by sending a written request to .
If you have any questions relating to our data protection policies or wish to exercise your rights, please do not hesitate to contact us.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
The data subject has the right to lodge a complaint with a competent data protection authority if the data subject considers that the processing of personal data relating to the data subject infringes current legislation.
However, we request that the matter be deal with Mantsinen in the first instance.
The relevant authority in Finland is the Data Protection Ombudsman (www.tietosuoja.fi).