en

Privacy policy

Registry and Data Protection Statement


This is the GDPR-compliant registry and data protection statement of MI Field Oy, in accordance with the EU General Data Protection Regulation.
Prepared on: 08.04.2025. Last updated: 08.04.2025.

1. Data Controller

MI Field Oy (3408738-6)
Tikanmaankatu 14–16
21210 Raisio, Finland

2. Contact Information

For all data protection inquiries, please contact us by email at palacsinta.sk@gmail.com.

3. Name of the Register

MI Field Oy Customer and Stakeholder Register

4. Legal Basis and Purpose of Processing Personal Data

The legal basis for processing personal data under the EU General Data Protection Regulation is:

  • customer relationship

  • employment relationship

  • recruitment

  • or in some cases, the individual's explicit consent.

Purposes for processing personal data include:

  • development of operations and services

  • customer communication and relationship management

  • marketing and general information

  • communication and management related to employment and recruitment

  • compliance with legal obligations (e.g. under the Finnish Accounting Act)

Personal data is not used for automated decision-making or profiling.

5. Data Content of the Register

The register may include the following types of personal data:

  • name of the individual

  • company or organization (if applicable)

  • contact details (email address, phone number, possible postal address)

  • content of the message or any communication related to the customer relationship

  • customer feedback and potential reviews

  • recruitment-related information (e.g. CV and work history, if submitted)

  • website visitor IP address and cookie data

  • billing details (if applicable, for example in future franchise agreements)

Data is stored only for as long as necessary to fulfill the purposes of the register or as required by law (e.g. under accounting regulations).

IP addresses of website visitors and cookies essential for technical functionality are processed based on legitimate interest, for example to ensure data security and collect site statistics. Consent will be requested separately for third-party cookies when necessary.

6. Regular Sources of Information

Personal data stored in the register is obtained from the customer via, for example:

  • contact forms on the website

  • email

  • phone

  • social media channels

  • face-to-face meetings

  • or other situations where the customer voluntarily provides their data.

Contact details of representatives from companies or organizations may also be collected from public sources such as websites, directories, or partner companies.

7. Regular Disclosures and Transfers Outside the EU or EEA

Personal data is not disclosed to third parties for marketing purposes.

If necessary to deliver a product, provide a service, or comply with legal obligations, data may be disclosed to the following third parties:

  • financial administration partners (e.g. accounting services)

  • providers of digital services (e.g. website hosting or form tools)

  • recruitment partners or platforms (if used)

  • authorities in cases required by law

Some data, such as customer feedback or reviews, may be published with the customer's explicit consent.

Data is not transferred outside the EU or EEA by the data controller without appropriate legal safeguards (e.g. EU Standard Contractual Clauses).

8. Principles of Data Security

Personal data is handled with care and protected using appropriate technical and administrative measures. If data is stored on internet servers, both the physical and digital security of the equipment is ensured.

The data controller ensures that all personal data, access rights, and other critical information are handled confidentially and only by persons whose job requires such access.

9. Right to Access and Correct Data

Every individual has the right to inspect what personal data has been stored about them and to request the correction or completion of any incorrect or incomplete information.

Requests for inspection or correction must be submitted in writing to the data controller. The data controller may request additional information to verify the identity of the requester.

The controller will respond to requests in accordance with the GDPR, typically within one month.

10. Other Rights Related to Personal Data Processing

Individuals have the right to request the deletion of their personal data from the register ("the right to be forgotten"). They also have other rights under the GDPR, such as the right to restrict processing of their data in certain situations.

All requests must be submitted in writing to the data controller. The controller may request identity verification before disclosing or deleting data.

The data controller will respond to all requests in accordance with the GDPR, typically within one month.