Privacy policy
Privacy policy and information document in accordance with the Data Protection Act.
Our customer service tries to answer questions and feedback about the register within a week, but no later than 30 days later.
This Privacy Statement defines how the joint registrars listed below collect and process personal data in the joint register for joint purposes.
1. Controllers and their contact details
1.1 Professio Group Oy
Business ID FI20207199
Keilaranta 1 A
02150 ESPOO
1.2 Management Institute of Finland MIF Oy
Business ID FI24602815
Mannerheimintie 15
00260 HELSINKI
1.3 Tieturi Oy
Business ID FI17436302
Mannerheimintie 15
00260 HELSINKI
in the future together as ”Controllers” or ”Professio Group”.
2. Contact person in register matters
Contact person
Jenni Laine, rekisteri@professio.fi
3. Register name
Professio Group Oy and its subsidiaries Management Institute of Finland MIF Oy and Tieturi Oy’s personal data register.
4. The register’s purpose of use
The primary basis for processing personal data is the customer relationship between Controller’s customer and Controller, the customer’s consent, a commission issued by the customer or other professional context.
Personal data can be processed for the following purposes of use:
- Managing, implementing, developing and tracking the customer relationship and customer services as well as communications and marketing related to them.
- Analysing, grouping and reporting of customer relationships, implementing a customer programme and other purposes of use related to the development of the overall account management and Controller’s business operations.
- Collecting and processing customer feedback and customer satisfaction information.
- Implementing market research and surveys.
- Recording the phone calls of the customer service centre to verify service transactions, ensure legal protection and security, train the customer service, personnel and improve the quality of customer service.
Profiling purposes, which have been specified in section 11 of this privacy policy.
These processing assignments can be outsourced to Controller’s companies and/or external service providers in accordance with the data protection legislation and to the extent it allows.
5. Basics of data use
We process personal data on different legal bases, depending on the situation and purpose of use.
- AGREEMENT: We process your data based on the contractual relationship when you order, purchase or use our services. We only process the information that is necessary in the particular case. Typically contact information, purchase history and other information mentioned in section 6.
- CONSENT: Based on your consent, we will process your data when sending electronic marketing messages when you have given your permission.
- LEGAL OBLIGATION: We retain certain information to comply with our legal obligations. For example, we store invoicing data for the time required by legislation for taxation and accounting purposes. We keep the diplomas forever.
- LEGITIMATE INTEREST: With legitimate interest, we refer to our company’s need to process information for direct marketing of our products and services, as well as business management and development. E.g., for product and service development, customer service and business reporting.
When using a legitimate interest, we carefully evaluate the benefits of the processing and the possible disadvantages for the processed. The person being processed has the right to object to processing based on a legitimate interest.
6. Register’s data content
Among other information, the following categories of data can be saved to the register, concerning the data subject:
- Official and commonly used names, customer number, gender, language, address, phone number, email address and other necessary contact information.
- The services’ user and purchase information, the level and term of validity of the valid loyal customer’s bonus programme, and the marketing and communication methods in different service channels, such as the online services and automated services, including recorded phone calls with the customer service centre.
- Content produced by the data subject, such as customer feedback, and additional information given by the data subject, such as any wishes concerning the customer relationship, customer satisfaction, interests and other similar information.
- Services requested and used by the data subject and their payment information.
- Information of people who have served the data subject. Other wishes or notes concerning professionals, services, operational units and other matters.
- Choices made by the data subject, such as prohibitions, restrictions and consent.
- Other data related to the customer relationship, e.g., information concerning the website use that can be linked back to the customer, such as their IP address, time of their visit, visited pages, the type of the browser used (e.g., Internet Explorer, Firefox), the internet address through which the user accessed the website and the server through which the user accessed the website.
- Necessary data related to the use of authorisation and verification devices and services.
- Information related to data processing such as the date the data was saved and the data source.
7. Storage period of personal data
The company will store the personal data in its customer register until the customer relationship between the data subject and Controller’s can be considered having ended. The end date is determined by the data subject’s last service contact or contact request, plus eight years.
Due to legal obligations, some data may have to be stored longer than this. Data can be erased upon the customer’s request or if the customer relationship is ended.
8. Regular data sources
The customer’s basic data will be regularly saved from training registrations, phone calls or other notifications made by the customer to the controller during the customer relationship. Name and address data and information about the data subject’s death will be received by the actions of the customers and their communities. Direct marketing prohibition and the prohibition to record purchase information will be recorded based on separate notifications made by the customer to the controller.
Personal data can also be collected and updated from publicly available data sources, such as company websites and through service providers (e.g., Suomen Asiakastieto Oy) and through public and private registers.
9. Transfers and transfers of information within the group
The service provider and its affiliated companies have the right to use and disclose the information in the personal data register for legitimate purposes (such as direct marketing, sales and market research) in accordance with data protection legislation. Data subjects have the right to object to the disclosure and processing of their data for marketing, sales and direct marketing purposes by notifying the controller.
The disclosure of personal data is based on a legitimate interest (Data protection regulation 6 art.) to conduct business and manage customer relationships effectively.
10. Regular data disclosure and data transfer outside EU or European Economic Area
Controller’s can disclose customer data to the extent allowed by the valid legislation. Controller’s can use subcontractors for data processing. Data will not be transferred outside the European Union or the European Economic Area, unless this is necessary in order to provide the service. In such cases, Controller’s will continue to ensure sufficient level of data protection as required by the law, for example by utilising the EU’s model clauses about data transfers to third countries. Controller’s can disclose its customers’ contact information for the use of studies ordered by the Controllers.
11. Register protection
Controller’s follows a strictly regulated confidentiality obligation. Information concerning an individual customer will only be reported due to a reporting obligation based on a law, for example upon the customer’s own request or due to a legal authority request.
Manual materials will be kept in locked facilities that only separately authorised people can access.
Digital materials can only be accessed with the personal login and password of an authorised employee or partner. There are different levels of user licences, and each user will be granted a sufficient licence for managing their work, but these rights will be kept as limited as possible. The system is protected with a firewall and other technical measures that secure system contacts coming outside Controller’s.
12. Profiling
As a part of processing measures of the personal data saved in the customer register, Controller’s can also utilise the data for profiling purposes. Profiling is done by creating a customer ID for the data subject, which is then used to link together the various sets of data that are created in connection to using the service. As described above, the created profile can then be compared with profiles of other data subjects, for example.
The purpose of profiling is to review demand for the services and customer behaviour.
13. Cookies
When you visit our site for the first time, you will be notified of the cookies we use and you can choose to enable optional cookies and tracking devices. Some cookies and tracking devices are necessary to the functionality of services and cannot be removed from use with a cookie acceptance tool/banner. If you want to remove these from use, you can do this via your browser settings.
Cookies are small files saved on your computer. Cookies help us:
- Understand the ways our website is browsed.
- Understand the visitor numbers of our website and the visited pages.
- Remember you when you return to our website so that we can provide you with a more customised experience.
Most of the cookies will be erased when you close your browser. These are referred to as session cookies. Other, permanent cookies will be saved onto your computer until you erase them or their validity ends.
Cookie classes in our use:
- Necessary cookies
These cookies are vital to the functionality of our website and cannot be removed from our systems. They are usually set in response to functions concerning service-related requests, such as determining data protection settings, logging in or filling in forms. You can set your browser to prevent these cookies or notify you of them, but this means that some website functionalities will not work. All these cookies come directly from our website or from data processors that work on behalf of data processors, such as Paytrail, which provides online payment services. All these cookies are counted as “first party cookies” even though they come from different internet domains. - Preference cookies
Preference cookies enable the website to remember information that change the behaviour or appearance of the website, such as preferred language or your geographical location. - Statistic cookies
Statistic cookies help us understand how visitors interact with websites by collecting anonymous data. - Marketing cookies
Marketing cookies are used to track website visitors. Their purpose is to show the visitor meaningful and interesting advertisements, which are more valuable to their publishers and third-party advertisers.
The cookies our website uses, their purpose of use and storage period are described in more detail on our website.
14. The data subject’s right to object to processing their personal data and direct marketing (right to ban)
Based on personal, special circumstances, the data subject has the right to object to profiling targeted at them and other processing measures which Controller’s targets at their personal data, when the basis of processing the data is the customer relationship between Controller’s and the data subject.
The data subject can object to the processing of their data in accordance with section 15 of this privacy policy. When presenting this claim, the data subject must identify the special circumstances due to which they object to the processing. Controller’s may refuse the claim based on legal grounds.
The data subject may give their consent or prohibit Controller’s direct marketing operations channel-specifically, including profiling carried out for the purposes of direct marketing.
15. The data subject’s other rights related to personal data processing
15.1. The data subject’s right to access the data (inspection right)
The data subject has the right to inspect the data concerning them that have been saved in Controller’s customer register. The inspection request must be submitted in accordance with section 15 of this privacy policy. The inspection right can be declined based on legal grounds. Exercising one’s inspection right is principally free of charge.
15.2 The data subject’s right to demand the rectification or erasure of personal data or restrict the processing of personal data
After learning about an error or observing an error, the data subject or user should, to the extent they are able to act independently, rectify, erase or complement the erroneous, unnecessary, inadequate or outdated data in the register without delay.
The data subject can demand the rectification or erasure of the erroneous, unnecessary, inadequate or outdated data or restrict their processing. The rectification request must be submitted in accordance with section 15 of this privacy policy.
The data subject also has the right to request the controller to restrict the processing of their personal data, for example while the data subject is waiting for Controller’s response to a request concerning the rectification or erasure of their data.
15.3 The data subject’s right to transfer data between systems
To the extent the data subject has provided data for the customer register, which are processed based on the data subject’s consent or commission, the data subject has the right to receive such data for themselves, usually in a machine-readable format, and the right to transfer these data to another controller.
15.4 The data subject’s right to file a complaint with a supervisory authority
The data subject has the right to file a complaint with the competent supervisory authority if the controller has not adhered to the applied data protection regulations.
15.5 Other rights
If personal data are processed based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying Controller’s of this in accordance with section 13 of this privacy policy.
16. Contacts
In all questions concerning processing of personal data and situations for exercising one’s rights, the data subject should contact Controller’s.
Via email: rekisteri@professio.fi
By post: Management Institute of Finland MIF Oy / Asiakastietokanta, Mannerheimintie 15, 00260 Helsinki
By making an appointment in advance by e-mail or by calling the customer service number, found on the website and by coming to the company office at Mannerheimintie 15, 00260 Helsinki
When necessary, Controller’s may request the data subject to specify their request in writing and it has the right to verify the data subject’s identity, if necessary, before taking further measures.
Updated: 2.9.2024
Management Institute of Finland MIF Oy and Tieturi Oy’s temporary marketing register
Register name
Temporary marketing register of Professio Group Oy and its subsidiaries Management Institute of Finland MIF Oy and Tieturi Oy.
Personal data’s purpose of use
The personal data will be used for the communications of Controller’s and its group companies as well as electronic B2B direct marketing, based on the recipient’s area of responsibility within their company.
Register’s data fields
- Person’s name
- Person’s email address
- Person’s title/area of responsiblity
- Person’s telephone number
- Company’s name
- Company’s contact information
- Company’s business sector
- Company’s revenue
- Company’s personnel class
Register’s data sources
Suomen Asiakastieto Oy
Työpajankatu 10 A
P.O. Box 16, 00581 Helsinki
tel. +358 (0)10 270 7200 (companies)
tel. +358 (0)10 270 7300 (consumers)
asiakaspalvelu@asiakastieto.fi (companies)
omatieto@asiakastieto.fi (consumers)
Data disclosure
The service provider and its affiliated companies have the right to use and disclose the information in the personal data register for legitimate purposes (such as direct marketing, sales, and market research) in accordance with data protection legislation. Data subjects have the right to object to the disclosure and processing of their data for marketing, sales, and direct marketing purposes by notifying the controller.
The disclosure of personal data is based on a legitimate interest (Data protection regulation 6 art.) to conduct business and manage customer relationships effectively.
Register protection and data storage period
The register is stored in a password-protected system, Suomen Asiakastieto Oy, which can only be accessed by authorised Professio Group personnel.
The register’s user licence requires a login granted by the database’s administrator. The administrator also determines the user licence level granted to the users. Launching the application requires a personal password. The use of and login to the register are controlled.
The data are saved in shared databases that are protected with firewalls, passwords or by other technical measures.
Personal data are stored as long as necessary for their purpose of use.
Right to prohibit and right to demand the rectification of data
The recipient has the right to prohibit the use of their data for direct advertising and other marketing purposes at any time. All direct mail sent by Controller’s and its group companies have a link required by law, through which the recipient can prevent such direct mail. The recipient may also prohibit direct marketing by contacting Contoller’s at:
Management Institute of Finland MIF Oy
Väliaikainen markkinointirekisteri
Mannerheimintie 15
00260 Helsinki
A notification of a mistake and rectified information should be sent to Controller’s (rekisteri@professio.fi), which will then inform the register administrator, Suomen Asiakastieto Oy.
With regards to matters not specified in detail in this privacy policy of a temporary marketing register, the regulations of the privacy policy of the customer register of Controller’s and its Finnish and Swedish group companies will be applied.
Updated: 2.9.2024
Alumni Register
Register name
The alumni register of MIF and Tieturi and Utbildning Infrormator Svenska AB, owned by Tieturi.
Personal data’s purpose of use
The registry collects participant information from the MIF and Tieturi systems as well as from the individual themselves upon registering for alumni activities. The collected information is used for communication and digital direct marketing. The use of the registry is based on an agreement.
Register’s data fields
- Person’s name
- Person’s email address
- Person’s title/area of responsibility
- Person’s telephone number
- Tutorial title
- Degree programme
- Date of completion
- Place of delivery
- Company’s name
- Company’s contact information
Register’s data sources
MIF and Tieturi ERP systems and the person’s own declaration.
Data disclosure
The service provider and its affiliated companies have the right to use and disclose the information in the personal data register for legitimate purposes (such as direct marketing, sales, and market research) in accordance with data protection legislation. Data subjects have the right to object to the disclosure and processing of their data for marketing, sales, and direct marketing purposes by notifying the controller.
Register protection and data storage period
The register is stored in password-protected customer relationship management software, accessible only to authorised persons within MIF and Tieturi.
Access to the register requires a user ID issued by the database administrator. The administrator also determines the level of access to be granted to users. A personal password is required to start the application. Access to the register and log-in is controlled.
The data is stored in shared databases protected by firewalls, passwords or other technical means.
Personal data are kept for as long as necessary for the purpose for which the personal data are used or for as long as the person wishes to leave the register.
Right to prohibit and right to demand the rectification of data
The recipient has the right to prohibit the use of their data for direct advertising and other marketing purposes at any time. All direct mail sent by Controller’s and its group companies have a link required by law, through which the recipient can prevent such direct mail. The recipient may also prohibit direct marketing by contacting Contoller’s at:
Management Institute of Finland MIF Oy
Alumnirekisteri
Esa Lahtela
Mannerheimintie 15
00260 HELSINKI
Information about the error and the corrected information should be communicated to the Data Controllers either by email to info@mif.fi or to the address above.
To the extent not further provided in this Alumni Register Privacy Policy, the provisions of the Privacy Policy of the Controllers and their Finnish and Swedish companies’ customer registers shall apply.
Updated: 29.4.2024
Recording camera surveillance
Register name
Recording camera surveillance system of MIF and Tieturi.
Personal data’s purpose of use
The personal data are used to protect the assets of MIF and Tieturi, prevent us from becoming the victims of a crime as well as for investigating crimes that have already occurred and incidents that have taken place in our locations or close by.
The processing is based on legitimate interest. Processing personal data is allowed when it is necessary for realising the legitimate interests of the controller or a third party. MIF and Tieturi considers data processing for the aforementioned purposes to be necessary to protect Controller’s assets and the employees’ personal safety, and the same interests cannot be achieved via other, lighter measures.
Register’s data sources
The register consists of time- and place-bound video recordings of a camera surveillance system. These comprise the register’s data content in its entirety. The camera surveillance system is in use in MIF and Tieturi’s office, in the yards and in the immediate vicinity at Mannerheimintie 15, 00260 Helsinki.
The personal data categories to be processed include the customers and employees of MIF and Tieturi. In addition to these categories, other building users are included in the personal data categories to be processed.
The data subjects will be informed of the recording camera surveillance at the locations with highly visible “recording camera surveillance” signs and/or stickers.
Data processors
The data can be processed by MIF and Tieturi’s employees whose job description includes the maintenance and development of the camera surveillance system or people whose assignments include handling criminal or damage investigations.
Data disclosure
Personal data are disclosed to the police and other authorities that have a legal right to process the camera recordings. Personal data will also be disclosed to authorities in situations where processing them is necessary in order to draft, submit or defend a legal claim. Furthermore, personal data will be disclosed to insurance companies for processing and solving insurance cases.
Personal data will not be disclosed outside the EU or EEA.
Register protection and data storage period
The register is saved in a password-protected camera surveillance system, which only authorised MIF and Tieturi’s people can access.
The register’s user licence requires a login granted by the database’s administrator. The administrator also determines the user licence level granted to the users. Launching the application requires a personal password. The use of and login to the register are controlled.
The data are saved in shared databases that are protected with firewalls, passwords or by other technical measures.
The camera recordings will be stored for two weeks counting from the moment of recording or as long as necessary for the personal data’s purpose of use when used for handling criminal or damage investigations.
The data subject’s other rights related to personal data processing
The data subject’s right to access the data (inspection right)
The data subject has the right to inspect the data concerning them that have been saved in MIF and Tieturi’s camera surveillance register. The inspection request must be submitted in accordance with this privacy policy. The inspection right can be declined based on legal grounds. Exercising one’s inspection right is principally free of charge.
The data subject’s right to demand the rectification or erasure of personal data or restrict the processing of personal data
After learning about an error or observing an error, the data subject or user should, to the extent they are able to act independently, rectify, erase or complement the erroneous, unnecessary, inadequate or outdated data in the register without delay.
The data subject can demand the rectification or erasure of the erroneous, unnecessary, inadequate or outdated data or restrict their processing. The rectification request must be submitted in accordance with this privacy policy.
The data subject also has the right to request the controller to restrict the processing of their personal data, for example while the data subject is waiting for MIF and Tieturi’s response to a request concerning the rectification or erasure of their data.
The data subject’s right to transfer data between systems
Primarily, the data subject has the right to receive their personal data in an organised, commonly used format that the data subject can use to transfer their data to the controller of another personal data register.
Due to the nature of the camera recordings, other people and their personal data may be included in the recordings. The data controller has the right to erase the possibility of identifying other people as well as their personal data from these data and files in a manner of their own choosing, and give the edited recordings to the data subject.
The police or other authorities may issue orders and prohibitions that prevent transferring the data to another system or disclosing them to the data subject, for example in connection to a criminal investigation.
The data subject’s right to file a complaint with a supervisory authority
The data subject has the right to file a complaint with the competent supervisory authority if the controller has not adhered to the applied data protection regulations.
Contacts
In all questions concerning processing of personal data and situations for exercising one’s rights, the data subject should contact the address below.
Via email: security@mif.fi
By post: Management Institute of Finland MIF Oy/ Kameravalvonta, Mannerheimintie 15, 00260 HELSINKI
By making an appointment in advance by e-mail or by calling the customer service number found on the website and by coming to the company office at Mannerheimintie 15, 00260 Helsinki
Updated: 12.12.2022
Follow us on Social Media