Register description and privacy statement of Encrypted Email Finland Ltd

1. Controller of personal data

Encrypted Email Finland Ltd (Suomen Turvaposti Oy), Tekniikantie 14, FI-02150 ESPOO, FINLAND, tel. +358 9 43910 200

2. Contact person

Markku Vettenniemi, tel. +358 500 553 663, antispammarkku.vettenniemi@suomenturvaposti.fi

3. Names of the registers

Securedmail's register of communication data.
Securedmail's customer register.

4. Purpose of processing personal data

Personal data is used for the implementation and verification of the messaging, as well as for invoicing, customer support and newsletters.

5. Data contents of the register

5.1. Securedmail's register of communication data

The register stores personal data provided by the user of the Securedmail service, processed in the messaging: the email address and mobile telephone number of the sender and recipient of the encrypted message and, in the case of a messaging involving strong electronic identification, the personal identification number of the communicating party. The abovementioned personal data is provided by the users of the Securedmail service.

The data is disclosed and processed to implement encrypted messaging and, when necessary, to implement customer service and verify the use of the service. The email addresses and mobile phone numbers will be transferred to countries required for the technical implementation of data communication, which may also include countries outside the EU and the EEA.

In addition, personal data about the use of the communication service is stored in the register. Such data includes for example the type of the user’s terminal equipment, the operating system and its version, the IP address, the time and duration of the use, and information about the use of the service’s functions. The data is used to implement customer service and verify the use of the service.

5.2. Securedmail's customer register

The register stores the customer’s name, email address, telephone number, job title and employer.

The data is used for the marketing, customer service, invoicing and contract management of the Securedmail service.

5.3. Processing and storage of registers

The personal data of both registers (register of communication data, customer register) are processed and stored with care. The processors of personal data, including subcontractors, are committed to non-disclosure. The information systems in which personal data is located are protected by firewalls, access rights and other technical and administrative measures that meet the high security standards required by the nature of the service.

The personal data will be stored in accordance with section 11 of this register description and privacy statement.

6. Cookies

Cookies are small text files that are sent to and stored on the user's computer. Securedmail and Securedlink services only send cookies, that are necessary for the operation and secure use of the the secure data transmission service of Encrypted Email Finland Ltd. Cookies do not harm the user's computer or files.

In most browsers, cookies can be disabled. Disabling cookies may mean that Encrypted Email Finland Ltd's services cannot be used properly.

7. Regular sources of data

The sources of data include Encrypted Email Finland Ltd's customer organisations, data subjects and website.

8. Recipients of data

Personal information is not received by outsiders. Subcontractors that have concluded a confidentiality agreement with Encrypted Email Finland Ltd have access to the personal data.

9. Transfer of data outside the EU or the European Economic Area (EEA)

No data will be transferred outside the EU or the EEA by any means or in any form.

10. Principles of protection of the register

The personal data will be processed and stored carefully in accordance with Encrypted Email Finland Ltd's data security management system.

The information systems in which the digital personal data are contained are protected with a firewall, access rights and other technical measures.

The physical documents that contain personal data are protected with access rights and other technical measures.

11. Storage period of data

Personal data related to the implementation of the communication services will be erased no later than two months after the agreement with the customer has ended.

Within the period of validity of the customer agreement, the log data of the communication services will be erased when the service version-specific storage period (five to ten years) ends.

When the customer agreement expires, the log data of the communication services will be erased after six months.

Data related to the customer agreement generation, invoicing, customer support and customer communication will be erased no later than five years after the customer relationship has ended and any open receivables have been settled.

Accounting records containing personal data will be stored for a period no less than as required by law.

12. General rights of data subjects

Everyone has the right to check their personal data contained in the registers of Encrypted Email Finland and, if they wish, to request its deletion. Written and signed requests for inspection/deletion should be sent to: Encrypted Email Finland Ltd (Suomen Turvaposti Oy), Tekniikantie 14, FI-02150 Espoo, Finland. The request may also be made in person at the above address. In the case of inspection of confidential data, the data subject’s identity will be verified.

The personal data specified in the request will be provided in writing, upon request in electronic format. If a request for inspection or deletion is refused, a written certificate of refusal will be issued to the requester.

13. Other rights of data subjects

Any erroneous data contained in the register will be rectified at the request of the data subject. If necessary, the identity of the person requesting the rectification will be verified. When requesting a rectification of erroneous data, the request must be specified. Requests for the rectification of erroneous data must be addressed to the controller, whose contact details can be found in section 1. If the controller refuses the rectification of erroneous data, it must issue a written certificate to this effect.