Menu Close

Privacy statement

Statement on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).


ML International Oy AB
Social security number 3195225-8
040 142 0004
Mytvägen 7 B 28, 02400 Kyrkslätt
Osmussaarenkaari 10 A 4, 02480 Kirkkonummi


In all questions related to the processing of personal data and in situations related to exercising one's own rights, the data subject must contact the controller in writing by sending an email to customer service at [email protected].


The legal basis for processing personal data is:

  • Contractual relationship between the registered and the controller
  • The legitimate interest of the data controller based on the customer relationship between the data subject and the data controller

The purposes of personal data processing include recruitment, employment management, marketing, maintaining customer relationships and partnerships, and organizing events.


The registrar collects only such personal data from the registrants that are relevant and necessary for the purposes described in this privacy statement.

The following information is processed about the registered:

  • Name
  • Personal identification number
  • Date of birth
  • Telephone number
  • Email address
  • Home address
  • Technical identification information
  • Provided by the registrant
  • consents and prohibitions


The controller processes personal data in a way that aims to ensure appropriate security of personal data, including protection against unauthorized processing and accidental loss, destruction or damage.

The controller uses appropriate technical and organizational safeguards to ensure this goal, including the use of firewalls, encryption technologies and secure device spaces, appropriate access control, careful management of user IDs for information systems, and instructing personnel involved in the processing of personal data.

Based on the Employment Contracts Act (55/2001) and the confidentiality agreements supplementing them, all employees who process personal data have a duty of confidentiality regarding matters related to the processing of registered personal data.


The controller processes personal data for two (2) years after the end of the customer relationship. At the end of this period, the data controller deletes or anonymizes the data within 3 months in accordance with the deletion processes it follows.

The controller may have an obligation to process some of the personal data included in the register longer than stated above in order to comply with legislation or official requirements.


Personal data is not used for profiling or other automatic decision-making.


The right to access personal data

The registered person has the right to receive confirmation as to whether personal data concerning him or her is being processed, and if processed, the right to receive a copy of his or her personal data.

Right to rectification of data

The registered person has the right to request that inaccurate and incorrect personal data concerning him be corrected. The registered person also has the right to have incomplete personal information completed by submitting the necessary additional information.

The right to delete data

The registrant has the right to request the deletion of personal data concerning himself, if

a. personal data are no longer needed for the purposes for which they were collected; or

b. personal data has been processed illegally.

The right to restrict processing

The registrant has the right to restrict the processing of personal data concerning himself, if

a. the data subject denies the accuracy of his personal data;

b. the processing is against the law, and the data subject objects to the deletion of his personal data and instead demands the restriction of their use; or

c. the controller no longer needs the personal data for the original purposes of the processing, but the data subject needs them to prepare, present or defend a legal claim.

Right to object

The registered person has the right to object to the processing of personal data concerning him at any time on the basis of his personal special situation.

The controller may no longer process the data subject's personal data, unless the controller can demonstrate that there is a significantly important and justified reason for the processing that overrides the interests, rights and freedoms of the data subject, or if it is necessary to prepare, present or defend a legal claim.

If personal data is processed for direct marketing, the data subject has the right at any time to object to the processing of personal data concerning him for such marketing, including profiling when it is related to such direct marketing.

The right to transfer data from one system to another

The registered person has the right to receive the personal data concerning him and that he has provided himself in a structured, commonly used and machine-readable format and the right to transfer the data in question to another controller.

The right to file a complaint with the supervisory authority

The national supervisory authority for personal data matters is the Office of the Data Protection Commissioner operating in conjunction with the Ministry of Justice. You have the right to submit your case to the supervisory authority if you believe that the processing of your personal data violates the relevant legislation.


The controller is constantly developing its operations and may therefore have to change and update its data protection policies as necessary. The changes may also be based on changes in the legislation on data protection.

If the changes contain new purposes for the processing of personal data or otherwise change significantly, the controller will notify them in advance and, if necessary, request consent.