Privacy policy

MEOM OY (INC.) PRIVACY POLICY

IN ACCORDANCE WITH THE PERSONAL DATA ACT (523/1999) SECTIONS 10 AND 24 & GDPR (679/2016) ARTICLES 13, 14 AND 30

1) DATA CONTROLLER

Name: MEOM Oy
Business ID: 2504972-4
Address: Kivääritehtaankatu 6 C, 40100 Jyväskylä, Finland

In this privacy policy, the data controller may also be referred to as “we”.

2) PERSON RESPONSIBLE FOR DATA PROTECTION

Name: Janne Puustinen
Email: moi@meom.fi

3) CATEGORIES OF DATA SUBJECTS

MEOM’s privacy practices apply to the following categories of data subjects:

3.1) Individuals who contact MEOM via email or through the website;
3.2) Individuals who work at MEOM or apply for a job at MEOM;
3.3) Individuals who have consented to receive marketing communication from MEOM.

In this privacy policy, data subjects may also be referred to as “you”.

4) CATEGORIES OF PERSONAL DATA

Files concerning the data subjects mentioned in sections 3.1–3.3 may include the following categories of personal data:

• Contact details such as full name, address, phone numbers and email addresses;
• Information about the device used, such as device type, browser, IP address, and other device data;
• Any other data collected with the data subject’s consent.

Files relating to those in section 3.1 may also contain:

• Username;
• Nationality, age, gender, job title, company, and native language.

Files relating to those in section 3.2 may also contain:

• Nationality, age, gender, job title, work history, and native language.

5) PURPOSE OF PROCESSING PERSONAL DATA

The personal data of data subjects mentioned in sections 3.1–3.3 may be processed for the following purposes:

• Customer service;
• Developing customer experience;
• Analytics and statistics.

Additionally, for section 3.1:

• Managing and developing customer relationships;
• Marketing, marketing surveys, and research.

Additionally, for section 3.2:

• Recruitment;
• Employee information may be used for the performance of necessary company tasks.

Additionally, for section 3.3:

• Marketing, marketing surveys, and research.

Personal data may also be processed by MEOM’s potential Finnish partners in accordance with the Finnish Personal Data Act, the EU General Data Protection Regulation (GDPR), and the Finnish Data Protection Act.

6) USER TRACKING

Leadoo Chatbot and Forms
We use Leadoo tracking to monitor how users navigate our website and link this data to the user’s personal information collected via, for example, chat interactions. Leadoo uses ETag tracking, which technically differs from cookie-based tracking but is subject to the same legal principles as cookies.
See Leadoo Marketing Technologies Oy’s privacy policy (https://leadoo.com/privacy-policy/) for more information.
MEOM acts as the controller and Leadoo as the processor of the data. If you do not wish to be tracked, you can clear your browser cache. More info: https://leadoo.com/privacy-policy-processor/

Matomo Analytics
When you visit our website, we collect first-party data in our CMS analytics: the referring site or traffic source, pages viewed, browsing activity, visit date and duration, fully anonymised IP address, device data (type, OS, screen resolution, language, country, and browser type), and more.
We use this usage data in Matomo Analytics (self-hosted in our WordPress system) for statistical purposes, improving the site, and detecting and preventing abuse.
Matomo Analytics does not set cookies in your browser or associate your visit with identifiable personal data. However, you may still opt out of tracking entirely.

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

The tracking opt-out feature requires cookies to be enabled.

7) LEGAL BASES FOR PROCESSING

The data controller is entitled to process personal data on the following bases:

• The data subject has given consent;
• Processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject—particularly if the data subject is a child.

8) REGULAR SOURCES OF INFORMATION

Data is regularly collected:

• Directly from individuals through site forms (HubSpot, Gravity Forms);
• Via cookies and similar technologies.

9) RETENTION PERIOD

The controller does not retain personal data longer than necessary for the purposes of processing.

If a job applicant is not selected, we will not retain their data without consent. If consent is not granted, the data will be destroyed immediately. If consent is given, data may be stored for six (6) months, after which it will be deleted.

Data retention is reviewed monthly.

10) CATEGORIES OF DATA RECIPIENTS

Recipients of personal data may include:

• MEOM’s Finnish partners;
• Third-party cloud service providers;
• Third-party audit, marketing, and review service providers;
• Third parties assisting MEOM in fulfilling its legal obligations.

Any data concerning individuals other than those in section 3.2 may be disclosed for marketing purposes with the data subject’s consent and in compliance with the Finnish Personal Data Act and GDPR.

11) TRANSFER OF DATA OUTSIDE THE EU OR EEA

Data may be transferred to or stored on a server outside the EU or EEA, either by the controller or by a partner acting on its behalf, in compliance with the Finnish Personal Data Act, GDPR, and Finnish Data Protection Act.

12) RIGHTS OF THE DATA SUBJECT

The data subject has the right to exercise all rights listed below.

Requests must be directed to the person named in section 2. Rights can only be exercised once the identity of the data subject has been reliably verified.

Right of access:
Upon request, the data subject is entitled to know what data the controller holds or whether any data is held at all. Once information is provided, the controller must also disclose regular sources and use of data, and to whom it is regularly disclosed.

Right to rectification and erasure:
The data subject may request correction of inaccurate or incomplete data or erasure if:

• The data is no longer necessary;
• Consent is withdrawn;
• Data has been processed unlawfully; or
• Deletion is required by law.

If the request is denied, a written decision with reasons must be provided. The data subject can escalate the matter to the Data Protection Ombudsman.
The controller must inform recipients of the data (or sources) about the correction or deletion unless this is impossible or unreasonable.

Right to restrict processing:
The data subject may request restriction of processing if:

• Data accuracy is contested;
• Processing is unlawful and deletion is opposed;
• Data is no longer needed by the controller but required by the data subject for legal claims.

The controller must inform the data subject before lifting any restriction.

Right to object:
The data subject may object at any time to processing for direct marketing or related profiling.

Right to data portability:
The data subject has the right to receive their data in a structured, commonly used, machine-readable format and transfer it to another controller.

Right to withdraw consent:
If processing is based on consent, the data subject may withdraw that consent at any time.

13) RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITY

The data subject may file a complaint with a supervisory authority if they believe processing violates the GDPR. The complaint can be made in the EU member state where the data subject resides, works, or where the alleged violation occurred.

14) MERGERS AND ACQUISITIONS

In the event of mergers, acquisitions, or forced transfers of MEOM’s business operations, the acquiring entity and its partners may access MEOM’s records, which may include personal data. In such cases, confidentiality agreements will be established to cover any disclosure of personal data.

15) DATA PROTECTION PRINCIPLES

MEOM employs all reasonable means to protect personal data physically, electronically, and administratively from unauthorised and improper processing. However, we note that the internet is not always a secure communication channel.
Access to data is limited to MEOM staff who need it, for example to respond to queries or requests.