Language

Privacy policy

This is a statement of the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).

Controller and contacts
Melina Näätänen
Address: Suokrouvintie 2 B, 02700 Kauniainen
Email: melina.naatanen@gmail.com

For all questions related to the processing of personal data and in situations related to the exercise of their own rights, the data subject is advised to contact the controller.

Name of the personal register
Mellu's campaign website

Basis and purpose of processing personal data
The legal basis for the processing of personal data is the consent given by the data subject to the processing of personal data. Consent to the processing of personal data can be withdrawn at any time. Consent to the processing of personal data is given by subscribing to the newsletter on the controller's website and providing the personal data requested when subscribing.

The purposes of processing personal data include communication and communication related to election campaigns and parliamentary work. The information is used for campaign information and communication and interaction related to parliamentary work.

Regular sources of information
The personal data processed are regularly obtained from the data subject.

Personal data to be processed
The controller collects from data subjects only those personal data that are relevant and necessary for the purposes described in this data protection declaration. Data subjects process the following data:

First name and surname
Locality
E-mail
Phone number
Possible participation information in the speech and discussion event

Disclosure of personal data
Personal data will not be disclosed to third parties unless the law imposes an obligation to do so. Thus, in exceptional cases, information may be disclosed to authorities, for example, as required by law.

Transfers of personal data to third countries
Personal data will not be transferred outside the EU and the European Economic Area.

Protection of personal data
The controller processes personal data in a manner designed to ensure the proper security of personal data, including protection against unauthorised processing and against accidental loss, destruction or damage. The controller shall employ appropriate technical and organisational safeguards to ensure this objective, including the use of firewalls, encryption technologies and secure device facilities, appropriate access controls, careful management of information system usernames and the guidance of personnel involved in the processing of personal data.

On the basis of the Employment Contracts Act (55/2001) and the supplementary confidentiality agreements, all employees who process personal data have a duty of confidentiality in relation to the processing of registered personal data.

Data retention period
The controller processes the personal data of the data subject for as long as its retention is necessary to fulfill the purposes described in this data protection declaration or until the reason for processing the personal data ends. The controller deletes the personal data within one month after the end of the need for processing in accordance with the deletion processes it has followed. The controller may be obliged to process some of the personal data included in the register for longer than stated above in order to comply with legislation or regulatory requirements.

Profiling
Personal data is not used for profiling or other automated decision-making.

Rights of the data subject

Right to access personal data
The data subject has the right to obtain confirmation of whether personal data concerning him or her are processed and, if processed, the right to receive a copy of his or her personal data.

Right to rectification of data
The data subject has the right to request that inaccurate and inaccurate personal data concerning him or her be corrected. The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.

Right to erasure of data
The data subject has the right to request the erasure of personal data concerning himself/herself if the personal data are no longer required for the purposes for which they were collected; the data subject withdraws the consent on which the processing of the personal data was based and there is no other lawful basis for the processing; or the personal data have been processed unlawfully.

 • personal data are no longer required for the purposes for which they were collected;

 • the data subject withdraws the consent on which the processing of personal data was based and there is no other legal basis for the processing; or

 • personal data have been processed unlawfully.


Right to restriction of processing
The data subject has the right to restrict the processing of personal data concerning himself/herself if

 • the data subject disputes the accuracy of his personal data;

 • the processing is unlawful and the data subject objects to the erasure of his or her personal data and instead demands that their use be restricted; or

 • the controller no longer needs personal data for the original purposes of processing, but the data subject needs them in order to establish, present or defend a legal claim.

Right to withdraw consent
The data subject has the right to withdraw his consent to the processing at any time without prejudice to the lawfulness of the processing carried out on the basis of the consent.

Right to transfer data from one system to another
The data subject has the right to receive personal data concerning him/her and provided by him/her in a structured, commonly used and machine-readable format and the right to transfer such data to another controller.

Right to lodge a complaint with the supervisory authority
The National Supervisory Authority for Personal Data Matters is the Office of the Data Protection Supervisor in connection with the Ministry of Justice. You have the right to refer your case to a supervisory authority if you consider that the processing of personal data concerning you is in breach of the relevant legislation.

Change of Privacy Policies
The controller is constantly developing its operations and may therefore need to amend and update its data protection policies as necessary. Changes may also be based on changes in data protection legislation. If the changes involve new purposes for the processing of personal data or otherwise significantly change, the controller will notify them in advance and, if necessary, request the consent of the data subject.

The privacy policy has been updated on 26 February 2024.