Register description and privacy statement of Encrypted Email Finland Ltd

1. Controller of personal data

Encrypted Email Finland Ltd (Suomen Turvaposti Oy), Tekniikantie 14, FI-02150 ESPOO, FINLAND, tel. +358 9 43910 200

2. Contact person

Markku Vettenniemi, tel. +358 500 553 663, antispammarkku.vettenniemi@suomenturvaposti.fi

3. Purpose of processing personal data

Personal data is used for (legal grounds in parentheses)

  • the implementation and verification of the data transfer of the Securedmail and Securedlink services (contractual relationship or its preparation),
  • concluding customer contracts (contractual relationship or its preparation),
  • invoicing (contractual relationship or its preparation),
  • customer support and the sending of user bulletins (legitimate interest),
  • using our website and improving the user experience of our other services and monitoring user traffic (consent),
  • marketing of services, statistics, market research and direct marketing (legitimate interest, consent),
  • processing complaints and handling court and official procedures (compliance with legal obligations),
  • to prevent and investigate abuses, as well as to ensure data security, the safety of persons and property (legitimate interest),
  • to comply with other statutory obligations (e.g. activities related to accounting and taxation)

4. Data contents of the register

4.1. Securedmail's communication register

The register stores personal data provided by the user of the Securedmail service, processed in the messaging: the email address and mobile telephone number of the sender and recipient of the encrypted message and, in the case of a messaging involving strong electronic identification, the personal identification number of the communicating party.

The data is provided and processed to implement encrypted messaging and, when necessary, to implement customer service and verify the use of the service. The email addresses and mobile phone numbers will be transferred to countries required for the technical implementation of data communication, which may also include countries outside the EU and the EEA.

In addition, personal data about the use of the communication service is stored automatically in the register. Such data includes for example the type of the user’s terminal equipment, the operating system and its version, the IP address, the time and duration of the use, and information about the use of the service’s functions. The data is used to implement customer service and verify the use of the service.

4.2. Securedmail's customer register

The register stores the customer’s name, email address, telephone number, job title and employer.

The data is used for the marketing, customer service, invoicing and contract management of the Securedmail service.

4.3. Processing and storage of registers

The personal data is processed and stored with care. The processors of personal data, including subcontractors, are committed to non-disclosure. The information systems in which personal data is located are protected by firewalls, access rights and other technical and administrative measures that meet the high security standards required by the nature of the service.

The personal data will be stored in accordance with section 11 of this register description and privacy statement.


5. Cookies

Cookies are small text files that are sent to and stored on the user's computer. Securedmail and Securedlink services only send cookies, that are necessary for the operation and secure use of the the secure data transmission service of Encrypted Email Finland Ltd. Cookies do not harm the user's computer or files.

In most browsers, cookies can be disabled. Disabling cookies may mean that Encrypted Email Finland Ltd's services cannot be used.

6. Regular sources of data

The sources of data include Encrypted Email Finland Ltd's customer organisations, data subjects, marketing service providers and website.

7. Recipients of data

Various service providers and other third parties may also be used in the processing of personal data, such as providers of technical solutions or server space or accounting and financial administration service providers. We take care of the agreements required by data protection legislation with the entities we use in processing personal data.

Personal data can be handed over to third parties in situations required by legislation or authorities, or to investigate abuses, and to ensure security. In addition, personal data may have to be disclosed in connection with legal proceedings or similar legal procedures.

8. Transfer of data outside the EU or the European Economic Area (EEA)

Data will not be transferred outside the EU or the EEA unless the technical implementation of the data transfer requires it (see section 5.1.)

9. Principles of protection of the register

The personal data will be processed and stored carefully in accordance with Encrypted Email Finland Ltd's data security management system.

The information systems in which the digital personal data are contained are protected with a firewall, access rights and other technical and administrative measures.

The physical documents that contain personal data are protected with access rights and other technical and administrative measures.

10. Storage period of data

Within the period of validity of the customer agreement, personal data related to the implementation of data transmission services will be deleted when the service version-specific storage period (five or ten years) ends.

When the customer agreement expires, personal data related to the implementation of data transfer services will be deleted within six months.

Personal information related to the implementation of the data transfer services is backed up to an offline write-once media. The backup is destroyed 5 years after creation.

Data related to the customer agreement generation, invoicing, customer support and customer communication will be erased no later than five years after the customer relationship has ended and any open receivables have been settled.

Accounting records containing personal data will be stored for a period no less than as required by law.

11. General rights of data subjects

Registrants have rights to their own personal data in accordance with data protection legislation. However, the application of rights in each individual situation depends on the purpose and situation of use of personal data.

  • The right to access personal data. The registered person has the right to receive confirmation as to whether the registered person's personal data is processed and other information on the processing of personal data in accordance with data protection legislation. The registered person has the right to receive a copy of the personal data.
  • The right to rectification of personal data. Subject to certain restrictions, the registered person has the right to demand the correction or deletion of incorrect or inaccurate information.
  • The right to delete personal data. The registered person has the right, in accordance with the requirements of data protection legislation, to request the deletion of his personal data. Upon request, we will delete personal data, unless the legislation or another applicable exception in accordance with data protection legislation requires us to keep personal data.
  • The right to restrict processing. In accordance with the requirements of the data protection legislation, the registered person has the right to request the restriction of the processing of personal data in certain situations.
  • The right to transfer personal data. The registered person has the right to request the transfer of his personal data to another controller. The right to transfer basically applies to personal data that the data subject has provided to the controller in a structured and machine-readable format, and whose processing is based on the consent or agreement of the data subject, and/or for which the processing is carried out automatically.
  • The right to object to processing. The registered person has the right, in accordance with the requirements of data protection legislation, to object to the processing of personal data based on legitimate interests, including profiling. We can refuse the request if the processing is necessary to fulfill the compelling and legitimate interests of the controller or a third party. However, the registered person always has the right to object to the processing of personal data for direct marketing purposes and profiling related to direct marketing.
  • The right to withdraw consent. If the processing of personal data is based on the data subject's consent, the data subject has the right to withdraw his consent to the processing of his personal data. Withdrawal of consent has no effect on the processing carried out prior to the withdrawal.

Using rights

We hope that you will contact us if you have any questions regarding the processing of your personal data. You can send a request regarding the rights of the registered person by e-mail to the address https://www.turvaposti.fi/strongid/asiakaspalvelu@turvaposti.fi or by letter to the address Suomen Turvaposti Oy, Tekniikantie 14, 02150 Espoo, Finland.

The identity of the person making the request may be checked before the request is processed. The request will be answered within a reasonable time and basically within one month from the time the request is submitted and the identity is checked. If the request cannot be agreed to, the refusal will be notified separately.

12. The right to file a complaint with the supervisory authority

he data subject has the right to file a complaint with the competent data protection authority, if the data subject considers that his personal data has been processed in violation of data protection legislation. You can find the contact information of the Finnish Data Protection Authority here.