Contents of this Data protection policy

  • For which purpose is my personal data collected, and on what grounds do we process data?
  • What kind of data about me is collected?
  • From which sources is my data collected?
  • Do these pages use cookies, and what are those?
  • How is my personal data protected?
  • Who processes my personal data?
  • Will my personal data be disclosed to others?
  • Third parties
  • For how long will my data be retained?
  • How can I influence the information concerning me that is collected?
  • Is the providing of information mandatory, and, what are the consequences if I do not submit my personal data?
  • Does Nordic Moneta use my location data?
  • Can this data protection policy be changed?
  • Whom can I contact?

1. For which purpose is my personal data collected, and on what grounds do we process data?

We use personal information for predefined legitimate purposes only. We also ascertain that we have at least one legitimate ground for processing. Central purposes of and grounds for processing include:

Offering and delivering products and services. We use the personal data in the client register for normal client care, delivering products and services and fulfilling other contractual obligations and rights, invoicing and collection and for handling legal claims. For the above purposes our lawful grounds for processing are preparation and fulfilling of contracts and our legitimate interest. For improving services, marketing, customer relations management and development and development of corresponding services and customer relations associated with the web shop.

Customers paying by invoice are require to submit their identity code. The right to collect and store this information is based upon credit assessment, invoicing and, where applicable, collection. We store the identity code for as long as it is reasoned for the business operations.

Marketing and customer communications. We use personal data also for direct marketing, targeting contents in digital marketing channels and e-mail marketing. The implementation of our customer communication is based on our legitimate interest. The implementation of our direct marketing by mail, as well as our marketing by e-mail to existing customers, is based upon our legitimate interest. Our marketing by e-mail to potential consumer customers is based upon the consent of each person. Irrespective of whether direct marketing is based upon consent or not, a person may prohibit direct marketing directed at him or her. We may also profile our customers and use these profiles for purposes of direct marketing and targeting messages and content. A person has the right to withdraw his or her consent to marketing at any time. This does not influence the lawfulness of the processing preceding the withdrawal of consent.

Developing our products and services We constantly develop our business operations relating to the collection of Nordic Moneta coins and medals, and we may thus use personal data for this purpose on the basis of our legitimate interest.

The data subjects are typically customers or potential customers of Nordic Moneta, or they have provided their contact information on their own initiative for other purposes, e.g. when ordering the customer magazine free of charge.

2. What kind of data about me is collected?

  • Contact data such as name, address, telephone number, e-mail address, etc.
  • Demographic data such as date of birth, sex, title or profession, native language, etc.
  • Subjects of interest, such as product groups etc. declared by the customers themselves.
  • Purchase data, such as purchase dates, product data, etc.
  • Marketing history, such as dates of bulletins, prohibitions against and consents to marketing, participations in competitions, etc.
  • Internet history, such as information on sites visited, etc.
  • Permissions and consents
  • Information given in answers to questionnaires
  • Other information collected with the consent of the user

3. From which sources is my data collected?

The person him- or herself is the main source of information. The contact information and other profiling data is mainly provided by the customers themselves through campaigns and in connection with ordering that creates a customer relation. Data on the use of web sites is collected through software performing technical maintenance of the sites and other software. Certain personal data may be collected from external sources. Firstly, customers’ name and address data may be updated through the Population Information System. Secondly, we reserve the right to check the customer’s creditworthiness of the customer using the system of Avarda Oy 

We reserve the right to record customer calls in order to document orders and for purposes of training and quality control. The recordings ae stored for six months.

We also collect information on the use of our web site using Google Analytics and possibly other analytics services.

Besides basic data also derived data is created. Derived data is information deduced using analytics from the observed usage of our service and/or information provides by the customer, such as the subjects of interest the customer might have or through segmenting into categories of collectors.

Derived information is used for the benefit of our customers e.g. in product development and targeting of marketing efforts. The analyses mentioned above are business data that will not be disclosed.

4. Do these pages use cookies, and what are those?

When you visit our web shop, cookies are automatically stored on the hard drive of your device. Without these, the services of the web shop do not work. You get more information on cookies through this link.

5. How is my personal data protected?

PRINCIPLES OF PROTECTION OF THE REGISTER FILE

The information content of the register is stored in an encrypted format on a server in facilities that are guarded 24/7 and access control.

Only those employees that in the course of their work are authorised to process customer data are authorised to use the system containing customer data and to change customer data. They are bound by an obligation of secrecy. Each user has a unique username and password to the system. Movements in the work facilities is monitored through passage control The data is collected into databases which are protected by firewalls, passwords and other technological methods. The databases and their backup copies are located in locked, guarded facilities and only certain designated persons have access to them. Data is disclosed to third parties only when compelled by a legal obligation, such as the request of the customer or a legally binding request by a competent authority.

6. Who processes my personal data?

Only those employees that in the course of their work are authorised to process customer data are authorised to use the system containing customer data and to change customer data. Processing digital personal data requires that the processor has a username and a password. These, as well as those processing manual data, are bound by an obligation to secrecy.

7. Will my personal data be disclosed to others?

Data may be used and disclosed for marketing purposes in compliance with the legislation on data protection and this data protection policy. Data is retained and processed mainly in electronic formats. We also use subcontractors in certain matters relating to the processing of personal data. These include, among others, direct marketing, e-mail marketing, data storage services, accounting and online payment services. If we outsource part of the processing of personal data, we ascertain by contractual means that personal data is processed in compliance with the legislation on data protection and otherwise in a proper manner.

We shall, if need be, have the right to disclose the identity code of our customer e.g. to an external financing or collecting party. In such cases we make sure that the recipient has a legal right to process the identity code, and that processing is necessary for the purpose of use.

As a rule, we do not transfer data outside the EU or the EEA. If we transfer data to countries outside the EU or the EEA, we see to it that personal data are adequately protected by, among other methods, agreeing on matters relating to the confidentiality and processing of data in a manner required by law, e.g. (1)  by using template forms approved by the  European Commission, (2) by transferring the data to EU-US Privacy shield certified enterprises (transferees in the USA only, (3) by transferring the data to so-called countries with an adequate level of data protection according to a list maintained by the European Commission and also otherwise in such a manner that the processing of personal data complies with this data protection clause.

The customers of Nordic Moneta have the right to prohibit the use and disclosure of their personal data for marketing purposes by informing Nordic Moneta in writing e.g. by e-mail to webmaster@suomenmoneta.fi.

Data may be disclosed to third parties also otherwise in the manner described under 8. below

8. Third parties

  • We may disclose data on a data subject to third parties in a manner compliant with this Data protection policy and applicable law. 
  • To our advertisers we may disclose segment information on observed data subjects. Advertisers may not combine this information with the personal data of identified users without the consent of the data subject.
  • We may disclose personal data of a data subject in compliance with requests from competent authorities or other parties in a manner based on the then current legislation.
  • We may disclose data for scientific or historic research provided that the data is converted into a format making it impossible to identify the subject of the information.
  • If we sell, buy, merge or otherwise arrange our business operations, the personal data of data subjects may be disclosed to the buyers and their advisors.
  • Data may be disclosed for direct marketing purposes and for polls, market research and other studies in compliance with the legislation on data protection.
  • If a data subject has given their consent to electronic direct marketing by business partners of Nordic Moneta, data of that data subject may be disclosed to be used for marketing purposes by selected business partners.

9. For how long will my data be retained?

We retain your personal data for as long as it is necessary for the purpose of use or for the customer relation, or as long as required by law. Some data may be retained for a longer time to the extent that it is necessary in view of legal obligations relating to e.g. bookkeeping and consumer transactions, and for the appropriate documentation of such transactions.

By the request of customers, personal data relating to them may be erased from or anonymised in the system, and the data will not be used for the purposes mentioned in this policy, provided that we do not have other grounds for processing that would entitle or require us to retain the personal data.

For part of the data, legislation requires longer retention of data for, among others, the following purposes:

  • The Bookkeeping Act determines longer retention times for data, irrespective of whether the material includes personal data or not.
  • The log data of the systems is collected and stored in the manner prescribed by law to make it possible to offer our clients a lawful and secure webstore.
  • Sufficient backup copies of the shop’s databases will be made to secure the data, repair fault situations and ensure data protection and continuity.

If needed, we may also update information and correct possible errors in them.

10. How can I influence the data concerning me that is collected, and what rights do I have?

A person has the right of access to personal data concerning him or her, and to receive a copy of these. The request for access should be submitted signed an in writing to the person responsible for register-related matters or by making an appointment with our office in Helsinki. Make an appointment through our customer service, you will have to verify your identity at the meeting.

If you consider the processing of your personal data unlawful, you may appeal to a competent supervisory authority (the Data Protection Ombudsman).

Cancelling a consent
If we process your data on the basis of your consent, you can cancel your consent at any time by letting us know.

Access to data and making requests for access
You are entitled to a confirmation from us as to whether we process personal data concerning you, and information on what personal data concerning you we do process. You are also entitled to receive complementing information on the grounds for the processing of your data.

Right to have errors rectified
You are entitled to requesting that we rectify erroneous or obsolete or otherwise deficient personal data concerning you.

Right to prohibit direct marketing
Even if we would not process your personal data for direct marketing purposes on the basis of your consent, you can prohibit the use of your personal data for direct marketing purposes at any time.

Right to object to processing
If we process your personal data on the basis of the public interest or our legitimate interest, you have the right to object to the processing of your personal data to the extent that there is no significant reason for processing that would override your right or the processing is not necessary for the handling of a legal claim. Please note that we probably cannot be of service to you in such a situation.

Right to limit processing
In certain situations you have the right to demand that we limit the processing of your personal data.

Right to have data transferred
If we have processed your data on the basis of your consent or to fulfil a contract, you have the right to receive from us the data you have submitted to us in an electronic format in a structured, commonly used, machine-readable and interoperable format, to be able to transmit it to another controller.

11. Is the providing of information mandatory, and, what are the consequences if I do not submit my personal data?

Providing personal data is to a large extent voluntary, this is especially true for potential customers. Providing and processing certain personal data for contractual purposes is, however, mandatory in a customer relationship: we must be able to verify the identity of the person entering into the contract to be able to fulfil our contractual obligations, and also to safeguard our own rights. Providing information is mandatory mainly in relation to entering into and executing contracts.

We require that customers paying by invoice provide their identity code – this request is in compliance with credit legislation. If we do not receive the identity code of the customer, or if the prerequisites for extending credit are not fulfilled, we may, at our discretion, deny the customer the option of paying by invoice. We retain the identity codes, and all other personal data submitted to us very carefully, in the manner prescribed by law.

12. Does Nordic Moneta use my location data?

Nordic Moneta does neither collect nor use the location data of Internet/mobile devices.

13. Can this data protection policy be changed?

The data protection policy will be revised in compliance with legislation, and as required by developments in our services or operations.

14. Whom can I contact?

Primarily, please contact Nordic Moneta, Customer service.

Customer service, 24/7:
Tel. 010 80 80 40 *)
Personal service weekday 0900-1700
*) Call charge from landline phones 0.0835 €/call + 0.0655 €/min and through a mobile network 0.0835 €/call + 0.1805 €/min.
info@suomenmoneta.fi
www.suomenmoneta.fi

Controller:
Oy Nordic Moneta Ab/Suomen Moneta
P.O. Box 770
00101 Helsinki

Business ID 1611712-3

Contact person responsible for matters relating to data protection
Elina Petäjäniemi, Tel. 010 80 80 40
Suomen Moneta