Name: Mellano Oy
Address: Kivistöntie 36, 73100 Lapinlahti
Phone number: 020 770 7700
E-mail address: [email protected]
Contact person in matters concerning the register
Name: Janne Lehtonen
Phone number: 050 408 7575
Email address: [email protected]
Mellano Oy’s customer and marketing register
Purpose and basis of processing personal data
Personal data is processed for the company’s advertising, marketing and sales needs with the data subject’s consent in order to acquire new customers.
Personal data is processed in accordance with the law for the implementation of customer contracts, assignments and orders, as well as for the needs of customer communication.
The basis for processing is the customer relationship prevailing at any given time on the basis of agreements, orders or assignments.
Personal data processed and their respective retention periods
First and last name
Address, postal code, city
Quote and purchase history
Conversations and other information saved by the chat
Company contact person
Company address and contact information
Company billing information
Quote and purchase history
Conversations and other information recorded by chat
Customer data is stored for 25 years. The storage period is based on the fact that home furnishings are renewed every 15–25 years.
Regular sources of information
Public registers and/or the persons to be registered themselves.
The information in the marketing register is collected when registering for the newsletter list or starting other communication, such as a chatbot conversation. Personal data can also be collected, for example, through social media channels and various marketing events. As a rule, the register is maintained by manual updating.
The information in the customer data register is recorded manually and is maintained by manual updating.
The controller considers it important that personal data is always up-to-date, which is why personal data may be obtained from external sources, such as public registers.
Regular disclosure of data
The controller does not disclose customers’ personal data to third parties, except when required to do so by Finnish authorities.
However, information may be disclosed to a third party in connection with mergers and acquisitions if the business is restructured or sold.
Data transfers outside the EU and EEA
The data is transferred outside the EU/EEA for the purpose of financial administration and the controller has in force the appropriate contractual terms for the transfer of personal data required by the Data Protection Regulation, the purpose of which is to ensure the implementation of privacy protection.
Principles of register protection
Manual material is stored in locked premises and separately lockable storage cabinets or drawers, which can only be accessed by persons whose work tasks require the processing of the material. The premises are equipped with access control. The information is treated as confidential and the statutory confidentiality obligations are complied with.
Electronic material is stored centrally on servers protected by a firewall. Access to files and personal data records are protected by a username and password, and access is restricted according to processing needs. The information is treated as confidential and the statutory confidentiality obligations are complied with.
Personal data processors are required to have at least the same level of security principles and, in addition, to implement the instructions and security requirements specified separately in the processing agreement.
Right of Access
Everyone has the right to be informed of what information about them is stored in the register. In order to provide information, it is required that the request is submitted in writing and, if necessary, accompanied by sufficient information to ensure the identity of the requester. The request must be addressed to the contact person of the controller mentioned in section 2 above. The inspection request is free once a calendar year, otherwise a reasonable compensation (50 €+ VAT) may be charged for the request.
Right to request rectification of data
The data subject has the right to demand the rectification of inaccurate data concerning him or her. The controller may also, on their own initiative, correct information that they find to be incorrect. The request for rectification must be made in writing and, if necessary, it must be accompanied by sufficient information to verify the identity of the person making the request. The rectification request must be addressed to the controller’s contact person mentioned in section 2 above.
Right to request removal
The data subject has the right to demand the erasure of data concerning him or her. Deletion may be limited by legal or technical reasons for retaining the data. The request must be made in writing and, if necessary, accompanied by sufficient information to verify the identity of the person making the request. The request must be addressed to the contact person of the controller mentioned in section 2 above.
Leadoo chatbot – user tracking
Read more: https://legal.hubspot.com/privacy-policy