1. Data Controller
Masser Oy
Norvatie 4
96910 Rovaniemi
Finland
+358 400 904 500
masser@masser.fi
Contact person responsible for the register:
Antti Uurtamo
+358 40 592 3762
antti.uurtamo@masser.fi
2. Data Subjects
- Customers
- Potential customers
- Partners and suppliers
- Website users
3. Purpose of Processing and Legal Basis
Personal data is processed only to the extent necessary for the following purposes and based on the following legal grounds:
- Managing customer relationships and delivering services
(processing is based on a contract)
- Customer communication and marketing related to existing customer relationships
(processing is based on legitimate interest)
- Newsletters and other direct marketing
(processing is based on consent)
- Business development and analytics
(processing is based on legitimate interest)
- Managing supplier and partner relationships and purchasing activities
(processing is based on a contract)
- Compliance with legal obligations (e.g. accounting)
(processing is based on legal obligation)
4. Personal Data Collected
The register may contain the following personal data:
Contact information:
- Name
- Address
- Email address
- Phone number
Customer and business information:
- Information about purchased products and services
5. Rights of the Data Subject
The data subject has the following rights:
- Right of access to personal data
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to object to processing
- Right to data portability
- Right to withdraw consent
Requests should be sent to:
masser@masser.fi
The data subject has the right to lodge a complaint with the supervisory authority:
https://tietosuoja.fi
6. Sources of Data
Personal data is collected:
- directly from the data subject
- when a customer or supplier relationship is established
- via website forms
- from public sources or service providers to ensure data accuracy
7. Disclosure of Data
Personal data is not disclosed to third parties without a valid reason, except:
- to authorities when required by law
- to service providers (e.g. IT and hosting services) acting on behalf of the controller
All processors are bound by data processing agreements.
8. Data Retention
Personal data is retained only as long as necessary:
- for the duration of the customer or supplier relationship
- up to 5 years after the relationship ends
- accounting data is retained for 10 years as required by law
9. Data Processors
Personal data is processed by:
- the data controller
- employees of the controller
- selected service providers (e.g. hosting, analytics, email services)
We use Microsoft 365 / Outlook for email communication. The service provider acts as a data processor and processes personal data on behalf of the controller in a secure manner.
10. Data Transfers Outside the EU/EEA
Personal data is generally not transferred outside the EU or EEA.
If transfers occur (e.g. via analytics services), they are carried out in accordance with applicable law using appropriate safeguards, such as standard contractual clauses approved by the European Commission.
11. Automated Decision-Making
Personal data is not used for automated decision-making or profiling.
12. Cookies and Website Tracking
We use cookies and similar technologies to collect information about users’ devices. A cookie is a small text file stored on the user’s device and may contain an anonymous unique identifier.
We use cookies to ensure the proper functioning of the website and to analyze website usage.
Non-essential cookies are used only with the user’s consent. Users can manage their cookie preferences via the cookie banner.
We use Google Analytics to collect information such as website usage, device information, and approximate location based on IP address.
Our website may contain links to external websites. We are not responsible for the privacy practices or content of such external sites. Third parties may place cookies on users’ devices when visiting our services.
