Register description and privacy statement of Encrypted Email Finland Ltd

1. Controller of personal data

Encrypted Email Finland Ltd (Suomen Turvaposti Oy), Tekniikantie 14, FI-02150 ESPOO, FINLAND, tel. +358 9 43910 200

2. Contact person

Markku Vettenniemi, tel. +358 500 553 663, antispammarkku.vettenniemi@suomenturvaposti.fi

3. Name of the register

The personal data register of the Securedmail and Securedlink services.

4. Purpose of the processing of personal data

Personal data will be used by agreement to implement the communications related to the Securedmail and Securedlink services, and to implement related invoicing, customer support and the sending of user bulletins.

5. Data content of the register

The register includes the person's name, email address, mobile phone number and job title, and the name of their employer organisation. In communications involving strong electronic identification, the identification number of the party to communication will also be stored.

6. Cookies

The use of the Securedmail and Securedlink services involves cookies. Cookies are small text files that are sent to and stored on the user's computer. Securedmail and Securedlink services only send cookies, that are necessary for the operation and secure use of the the secure data transmission service of Encrypted Email Finland Ltd. Cookies do not harm the user's computer or files.

In most browsers, cookies can be disabled. Disabling cookies may mean that Encrypted Email Finland Ltd's services cannot be used properly.

7. Regular sources of data

The sources of data include Encrypted Email Finland Ltd's customer organisations, data subjects and website.

8. Recipients of data

Personal information is not received by outsiders. Subcontractors that have concluded a confidentiality agreement with Encrypted Email Finland Ltd have access to the personal data.

9. Transfer of data outside the EU or the European Economic Area (EEA)

No data will be transferred outside the EU or the EEA by any means or in any form.

10. Principles of protection of the register

The personal data will be processed and stored carefully in accordance with Encrypted Email Finland Ltd's data security management system.

The information systems in which the digital personal data are contained are protected with a firewall, access rights and other technical measures.

The physical documents that contain personal data are protected with access rights and other technical measures.

11. Storage period of data

Personal data related to the implementation of the communication services will be erased no later than two months after the agreement with the customer has ended.

Within the period of validity of the customer agreement, the log data of the communication services will be erased when the service version-specific storage period (five to ten years) ends.

When the customer agreement expires, the log data of the communication services will be erased after six months.

Data related to the customer agreement generation, invoicing, customer support and customer communication will be erased no later than five years after the customer relationship has ended and any open receivables have been settled.

Accounting records containing personal data will be stored for a period no less than as required by law.

12. General rights of data subjects

All data subjects have the right to access their personal data contained in the register as stipulated in Sections 26 to 28 of the Personal Data Act. Access requests must be sent in writing and personally signed to the following address: Encrypted Email Finland Ltd (Suomen Turvaposti Oy), Tekniikantie 14, FI-02150 Espoo, Finland. Access requests may also be made in person by visiting the above address. If the data to be accessed includes confidential data, the data subject's identity will be verified.

Upon request, the accessed data may be delivered to the data subject in writing. If the controller refuses to provide access to data, it must issue a written certificate to this effect. The right of access may be exercised free of charged and without limitation.

13. Other rights of data subjects

Any erroneous data contained in the register will be rectified at the request of the data subject in accordance with Section 29 of the Personal Data Act. If necessary, the identity of the person requesting the rectification will be verified. When requesting a rectification of erroneous data, the request must be specified. Requests for the rectification of erroneous data must be addressed to the controller, whose contact details can be found in section 1. If the controller refuses the rectification of erroneous data, it must issue a written certificate to this effect.