Messuille Oy Privacy Policy

Messuille Oy Nummi processes personal data in accordance with good personal data processing practices and in compliance with data protection legislation. This Privacy Statement provides the information required by the EU General Data Protection Regulation to the data subject and the Supervisory Authority (description of processing activities).

In this report, we explain how we collect and process our customers’ personal information and what kind of information and analytics we collect about the use of our website.

Data controller:

Messuille Oy
Laaksotie 3 A
00760 Helsinki
Business ID 2705964-3

Contact person dealing with registration matters

Mikko Nummi
puh. +358 50 3570112

Registry name

Messuille Oy customer register and Keymeets customer register

Use and legal basis of personal data

Personal data is collected and used for the management, administration, maintenance and development of the customer relationship between Messuille Oy and the customer, as well as for targeting, analysis, production, provision and development of services and business, as well as market research, website usage analysis and statistics and other statistical purposes.

Personal data can be used for marketing between Messuille Oy and the customer (incl. electronic direct marketing) and its targeting within the limits permitted by law. Marketing may also apply to the products or services of Messuille Oy’s partners. The customer has the right to restrict or completely prohibit direct marketing to him or her.

Personal data is processed on the basis of the contractual relationship and the measures prior to its conclusion, such as the processing of data for customer relationship management. In addition, personal data is processed based on the controller’s legitimate interest, such as processing data to target supply, business development and marketing research. In electronic direct marketing to b2b customers, personal data is processed on the basis of a legitimate interest. Data related to invoicing and accounting data are processed in order to comply with legal obligations.

Information contained in the register

The register contains the following information about the customers of Messuille Oy:

  • Customer’s basic information, such as name, employer, title/occupation, work address, telephone number, email address
  • Customer history, such as attendance at fairs organized by Messuille Oy, customer contacts, offer, order and contract information
  • Direct marketing authorisations and prohibitions
  • Billing method information, billing contact information and other billing related information
  • Additional information provided by the customer themselves or otherwise collected with the customer’s consent, such as customer feedback questionnaire
  • Other customer information compiled from the information contained in the register that is relevant to the purpose of the register

Source of personal information

Personal data is collected in connection with registration, use of the services or otherwise directly from the data subject themself or with the data subject’s consent. Personal data can be collected and updated from public sources and from other third-party registers, such as the exhibition organiser.

Cookies and use of analytics

Our website uses cookies to maintain the user session. By using the site, you give your consent to the use of cookies. If you do not want to accept the use of cookies, you can disable cookies by changing the settings in your browser. Our website uses Google Analytics to compile statistical analytics from web visits. Online analytics is used to collect statistical information about the use of the site and can be used to develop our website. However, the visitor data collected cannot be identified in principle. Google Analytics collects information about visitors’ interests, the duration of roaming and the movement on the website. Learn more about how Google uses cookies here.

Recipients of personal data and transfer of personal data outside the EU and the EEA.

Messuille Oy may disclose personal data within the limits permitted and mandatory by current legislation.

Messuille Oy uses subcontractors to process data, and the data can be transferred to a limited extent outside the EU or the EEA. If data is transferred outside the EU or the EEA, the transfer will take place using the European Commission’s contractual clause templates, or any other transfer mechanism permitted by law.

In the Keymeets service, customer data (name, contact details) can be disclosed, depending on the customer case, to companies and organizations located outside the EU / EEA area, where data protection legislation does not provide as comprehensive protection as the EU. In these situations, the transfer is necessary to implement the Keymeets service, as the service is based on the transmission of contact information to companies operating internationally. If the recipient of the contact details is located in a country where the Commission has taken a decision on an adequate level of data protection, the information will be transferred on the basis of that decision. If the recipient is located in a country where the above decision has not been taken, the data will be transferred on the basis of Article 49 of the Data Protection Regulation (the transfer is necessary to implement the agreement between the data subject and the controller).

Retention period of personal data

Personal data shall be kept only for as long as is necessary for the purpose for which the data are used. Personal data are stored at least for the duration of the customer’s relationship with the contract. The need for data is assessed and the data is regularly removed from the register on an annual basis. Data on potential customers will be kept in the register for up to two years.

Automatic decision making and profiling

Based on the information in the register, no automatic decision-making with legal or equivalent effects on the data subject is made. Personal data can also be used for profiling purposes.

Rights of the data subject

The data subject has the right to receive confirmation from the data controller as to whether or not the data subject’s personal data is processed or whether they have been processed. If the controller processes the data subject’s personal data, the data subject has the right to obtain the information in this document as well as a copy of the personal data being processed and which has been processed. If the data controller processes the data subject’s personal data on the basis of consent, the data subject has the right to withdraw his or her consent. The data subject also has the right to ask the controller to correct or delete personal data and may prohibit the processing of personal data for direct marketing purposes. Personal data shall be deleted if there is no legal obligation to preserve them.

The data subject also has the right in certain situations to request a restriction on the processing of his personal data or otherwise object to the processing. In addition, the data subject may request the transfer of the information he or she has provided in machine-readable form, based on the Data Protection Regulation. All requests mentioned here should be submitted to the above-mentioned contact person of the controller in writing or by doing business at the controller’s office to verify identity. If the data subject considers that the processing of his or her personal data is not lawful, he or she has the right to lodge a complaint with the Supervisory Authority.

Protection and confidentiality of the customer register

The data controller provides proper technical and organizational protection of personal data. The entire staff of Messuille Oy and third parties acting on its behalf have a duty of confidentiality in connection with all customer information. Access to personal data is limited and the use of the registry is protected by user-specific codes and passwords. The network and the hardware on which the registry is located are protected by the necessary technical measures.

We reserve the right to amend this Privacy Statement. Changes may also be based on changes in legislation. We recommend to consult the contents of this report regularly.