Privacy Policy of MSK Group Oy

This Privacy Policy describes how MSK Group Oy and its subsidiaries MSK Cabins Oy, MSK Plast Oy, MSK Matec GmbH, Junkkari Oy and Juncar Oy process personal data. Hereinafter the term MSK Group will be used to refer to all the companies in the Group. The Group processes data concerning our customers, leads and their employees as well as our employees.

Download Privacy Policy (pdf)

In this Policy, we explain

  1. The contact information of the controller and data protection officer
  2. What data we collect
  3. What the rights of the data subject are and how to exercise these rights
  4. How we use the data and on what legal basis we process the data
  5. How long we store the data
  6. The recipients of the data and data transfer to third countries
  7. What kind of risks are involved in processing the data and how we protect the data

The contact information of the controller and data protection officer

MSK Group:

MSK Group Oy
Pohjanmaanväylä 1661
62375 Ylihärmä

Controller's representative: Tuukka Niinimäki
E-mail: tuukka.niinimaki@msk.fi
Controller's street address: Pohjanmaanväylä 1661, 62375 Ylihärmä.

What data do we collect and for what purposes?

Collected personal data can be categorised as follows:

  • Data concerning identification and communication, such as name, phone number, e-mail address and, in terms of contracts and credit investigations, personal identity numbers.
  • Work related data: title, job description or area of responsibility.
  • Data concerning the use of our website: cookies, IP addresses, equipment identification and customer identification.
  • Data concerning job applications and recruitment, such as name, address, other contact information, date of birth, information on the job the data subject is interested in; data related to job applications and curriculum vitae, such as qualifications, work experience, language skills, skills, positions of trust, photographs of the data subject, data on interviews and tests; other potential information submitted by the applicant, such as salary request, how the applicant heard about the job opportunity; as well as data concerning the processing and status of the application.
  • We use cookies to enable a smooth user experience, to monitor and analyse visitor behaviour, and to develop the quality of our services. Cookies are also used to analyse the number of users and the entry and exit pages of the service.
  • The use of cookies is secure, and the collected data remain anonymous. Cookies can be turned off from the browser settings. Our website uses the Google Analytics tool, which stores data on the use of our website into the cookies.
  • The data will be used to analyse how users browse our website and to compile reports on the events on our website. By using our website, you agree to the above-mentioned use of cookies.

Personal data collected straight from the data subject:

  • Mainly we collect data straight from the data subject during customer service events or the customers submit the data themselves via an online form, chat or e-mail. The data will be used for communication to offer or provide services to the customer. Website user analytics data are also generated by the actions of the data subject during their visit to the website.

Personal data collected from third parties:

  • Data collected from third parties include information on the creditworthiness of a consumer (Suomen Asiakastieto). We also collect data from other public sources, such as company registers, e.g. YTJ and the trade register of PRH, in order to verify the authority to sign of the signatory to a contract.

What are the rights of the data subject and how can these rights be exercised?

The data subject has rights to the personal data obtained by MSK Group. The data subject has the following rights:

a) The right to access their personal data

The data subject has the right to view the personal data we hold. The right to access the data may be limited due to legislation and the privacy protection of other individuals.

b) The right to the rectification of data

The data subject has the right to have inaccurate or insufficient data rectified.

c) The right to the erasure of data

The data subject has the right to have their personal data erased. The data can be erased for example in the following situations:

  • The data subject withdraws their consent, and no further bases for data processing exist.
  • The data subject objects to the processing of their personal data, and no further bases for continuing the data processing exist.
  • The data are processed illegally

d) The right to restrict the processing of data

The data subject has the right to restrict the processing of their personal data.

e) The right to object 

The data subject has the right to object to the processing of their personal data.

f) The right to the transferability of data 

The data subject has the right to receive the submitted personal data in a machine-readable form. The right applies to personal data processed automatically on the basis of a contract or consent.  The right to transfer data from one system to another does not apply to the contact information of professionals processed as part of the business connections of companies, when the processing is not based on consent given by the data subject or on a contract to which the data subject is party.

g) The right to withdraw consent

The data subject has the right to withdraw their consent at any time. The withdrawal does not affect the legality of data processing performed prior to the withdrawal, when the processing is based on consent. The withdrawal of consent may affect our ability to offer services.

h) The right to complain to supervisory authorities

In addition, the data subject has the right to file a complaint to supervisory authorities in case they suspect their personal data are being used inappropriately or illegally.

In order to exercise their right, the data subject must contact the data protection officer of MSK Group.

Controller's representative: Tuukka Niinimäki
E-mail: tuukka.niinimaki@msk.fi
Controller's street address: Pohjanmaanväylä 1661, 62375 Ylihärmä.

How do we use the data and on what legal basis do we process the data?

MSK Group processes personal data in order to fulfil their statutory and contractual obligations. Our legal bases for processing are:

The execution of contracts
Fulfilling contractual obligations is our principal legal basis for processing personal data. We process personal data to the extent necessary in order to produce products or provide services ordered from us.

Statutory obligation
In addition to contracts, our operations include statutory obligations based on which we process personal data. These obligations include:

  • Accounting legislation

Consent
In order to develop our website, we collect analytics data on the use of the website on the basis of consent. You consent to the collection of data by accepting the use of cookies when you enter the website.

In terms of data collected for marketing purposes, the data subject is asked for consent, which they can withdraw at any time.

How long do we store the data?

Personal data is only stored for the duration of the contractual relationship and for one year after the termination of contract in order to process potential complaints or repair requests, unless otherwise provided by legislation.

User analytics data from the website are stored for 26 months in order to monitor and develop marketing and customer service.

Depending on what the applicant wants, applications are stored for 3 to 24 months from the moment the application has been submitted.

The recipients of data and data transfer to third countries

The data will not be linked to other registers nor assigned to third parties unless provided by legislation.

Recruitment data can be transferred within the group companies and to the potential partners participating in the recruitment process, with which MSK Group has entered into a separate recruitment and personal data processing contract. In addition, personal data may only be transferred with the data subject's consent or when the recipient has a legal right to access the data.

As a rule, data will not be transferred or assigned to parties outside the EU or the European Economic Area (EEA).

What kind of risks are involved in processing the data and how do we protect the data?

No known risks are associated with the data of the data subjects, with the exception of proper care required by the processing of personal data concerning recruitment as well as the technical security of data transfer and storage. Special attention has been paid to the processing and protection of recruitment data, and their processing and protection is being developed according to the principles of continuous improvement.

Nevertheless, the data subject should note that the controller cannot assess the contents of the information submitted by the data subject in advance and thus take special security measures.

With the current level of protection, the above-mentioned risks do not threaten the rights or freedoms of the data subject, but the data subject should be aware of the risks. 

The party to the contract (contact person) will always be notified of extensive data leakages regardless of whether the issue is covered by the duty to report.

The objective of the security measures of MSK Group is to safeguard the availability of data and data systems, to ensure their confidentiality, to ensure the integrity of data and to minimise the damage caused by potential deviations. The security measures are based on a risk assessment of the operations, and they will be proportioned in order to manage the protected data and their risks. 

The measures taken to ensure information security and data protection include:

  • Measures increasing the availability and usability of data are meant to ensure the availability of relevant data when the data is needed. Such measures include ensuring the function of systems, backups, deputy systems and the filing of accurate data.
  • Data integrity will be secured with system reviews and monitoring. The purpose of security measures and guidelines is to prevent mistakes and neglect while processing information.
  • The confidentiality of data will be ensured with organisational and technical measures. Organisational measures include confidentiality agreements, specified operations, guidelines and training of personnel. Technical measures include protection against viruses and malicious software, encryption of data communications, strong identification, protection and encryption of data networks and data terminals, locking and monitoring of facilities and the use of a partner specialised in destroying hard copies.

Get to know our subsidiaries

Juncar Oy

A manufacturer of Finnish high quality trailers.

 

Junkkari

An experienced agriculture and forestry machine manufacturer.

 

MSK Cabins

A successful and international machinery cabin manufacturer.

 

MSK Plast Oy

A high technology company specialized in plastic manufacturing.

 

Specialized in development and production of complex and customized cabins.