Register description and privacy statement of Encrypted Email Finland Ltd

1. Controller of personal data

Encrypted Email Finland Ltd (Suomen Turvaposti Oy), Tekniikantie 14, FI-02150 ESPOO, FINLAND, tel. +358 9 43910 200

2. Contact person

Markku Vettenniemi, tel. +358 500 553 663, antispammarkku.vettenniemi@suomenturvaposti.fi

3. Names of the registers

Securedmail's communication register.
Securedmail's customer register.

4. Purpose of processing personal data

Personal data is used for the implementation and verification of the data transfer of the Securedmail and Securedlink services, invoicing, customer support and the sending of user bulletins, as well as for the marketing of the services.

5. Data contents of the register


5.1. Securedmail's communication register

The register stores personal data provided by the user of the Securedmail service, processed in the messaging: the email address and mobile telephone number of the sender and recipient of the encrypted message and, in the case of a messaging involving strong electronic identification, the personal identification number of the communicating party.

The data is provided and processed to implement encrypted messaging and, when necessary, to implement customer service and verify the use of the service. The email addresses and mobile phone numbers will be transferred to countries required for the technical implementation of data communication, which may also include countries outside the EU and the EEA.

In addition, personal data about the use of the communication service is stored automatically in the register. Such data includes for example the type of the user’s terminal equipment, the operating system and its version, the IP address, the time and duration of the use, and information about the use of the service’s functions.
The data is used to implement customer service and verify the use of the service.

5.2. Securedmail's customer register

The register stores the customer’s name, email address, telephone number, job title and employer.

The data is used for the marketing, customer service, invoicing and contract management of the Securedmail service.

5.3. Processing and storage of registers

The personal data of both registers (register of communication data, customer register) are processed and stored with care. The processors of personal data, including subcontractors, are committed to non-disclosure. The information systems in which personal data is located are protected by firewalls, access rights and other technical and administrative measures that meet the high security standards required by the nature of the service.

The personal data will be stored in accordance with section 11 of this register description and privacy statement.

6. Cookies

Cookies are small text files that are sent to and stored on the user's computer. Securedmail and Securedlink services only send cookies, that are necessary for the operation and secure use of the the secure data transmission service of Encrypted Email Finland Ltd. Cookies do not harm the user's computer or files.

In most browsers, cookies can be disabled. Disabling cookies may mean that Encrypted Email Finland Ltd's services cannot be used.

7. Regular sources of data

The sources of data include Encrypted Email Finland Ltd's customer organisations, data subjects and website.

8. Recipients of data

Personal information is not received by outsiders. Subcontractors that have concluded a confidentiality agreement with Encrypted Email Finland Ltd have access to the personal data.

9. Transfer of data outside the EU or the European Economic Area (EEA)

Data will not be transferred outside the EU or the EEA unless the technical implementation of the data transfer requires it (see section 5.1.)

10. Principles of protection of the register

The personal data will be processed and stored carefully in accordance with Encrypted Email Finland Ltd's data security management system.

The information systems in which the digital personal data are contained are protected with a firewall, access rights and other technical and administrative measures.

The physical documents that contain personal data are protected with access rights and other technical and administrative measures.

11. Storage period of data

Within the period of validity of the customer agreement, personal data related to the implementation of data transmission services will be deleted when the service version-specific storage period (five or ten years) ends.

When the customer agreement expires, personal data related to the implementation of data transfer services will be deleted within six months.

Personal information related to the implementation of the data transfer services is backed up to an offline write-once media. The backup is destroyed 5 years after creation.

Data related to the customer agreement generation, invoicing, customer support and customer communication will be erased no later than five years after the customer relationship has ended and any open receivables have been settled.

Accounting records containing personal data will be stored for a period no less than as required by law.

12. General rights of data subjects

Everyone has the right to inspect the personal information concerning them included in the registers of Encrypted Email Finland Ltd and, if desired, request removal of the information.

The inspection/removal request must be sent using strong identification via Securedmail at address:
https://www.securedmail.eu/strongid/asiakaspalvelu@turvaposti.fi
or in writing, signed by hand, to the address: Encrypted Email Finland Ltd (Suomen Turvaposti Oy), Tekniikantie 14, FI-02150 Espoo, Finland.

If the right to inspect or remove the information is denied, a refusal statement will be provided.

13. Other rights of data subjects

Any erroneous data contained in the register will be rectified at the request of the data subject. The identity of the person requesting the rectification will be verified. When requesting a rectification of erroneous data, the request must be specified. Requests for the rectification of erroneous data must be addressed to the controller, whose contact details can be found in section 1 and the electronic form in section 12.

A certificate is issued for any refusal to change or delete information.