Data protection
Mafy Oy takes its customers’ data protection extremely seriously. Below you will find our data protection policy and the contact information of the data protection officer.
What personal data does Mafy collect?
Information provided by the user himself
- name
- contact information, incl. address or billing contact information, email address, mobile phone number, and other electronic address information
- interest and hobby information
Information related to the use of the service and the customer
- user ID or customer number
- the information required by cooperation agreements between the controller and other companies at any given time
- transaction and usage information
- Mafynet usage information
- Mafynet task history
- Mafynet working hours
- Using Mafynet hints
- Device identifiers with which Mafynett has been used
Feedback left on Mafynet with sender identifiers
Order information
- subscriber and recipient information
- product information
- offer information
- price information (for paid licenses)
- billing information
- delivery information
- payment method information
- cancellation information
- return information
- supply ban codes
- complaint information
- other data collected with the consent of the user
Consent information
- consent to direct marketing sent by email, text message, and other automatic systems
- electronic marketing prohibition codes
- details on how to obtain the address
- Online service usage information
- the user’s entry method to the website
- browser and device information
- cookie identifier,
- time spent in service,
- geographic location based on IP address
- web service browsing data, advertisement display data
- information about clicking ads
The recordings
- recorded customer service calls, as well as recorded chat conversations
- In addition, we save changes to this information. We may also store or use data locally on your device. For example, we may store data in a local cache so that you can open the application and view its contents more quickly.
Which personal information is processed?
Mafy collects information about the users of its products and online services. In addition to this, third parties can also collect data using cookies. Third parties can be, for example, service providers cooperating with MAFY-Valmennus, as well as various measurement service providers.
In our online services, we use, e.g., Google Analytics to measure the use of our online services. Third parties, such as Google Analytics, can set cookies on the user’s device to collect information on, for example, the number of visitors to websites.
You can read more about the terms of Google Analytics here.
Our online services may use community plugins such as Facebook, Twitter, or Instagram Like or Share buttons. Such community plugin buttons may appear on our services, but their content comes directly from the controller’s source.
The community plugin in our service recognizes that the user is logged in to that service, so the page displays customized content in the plugin.
Community plugins do not display customized content if the user is not logged in to the service. The services of community affiliates can collect information about the visitor’s visit by their valid privacy protection terms. The services in question will not hand over the information they have collected to Mafy unless the user has consented to this separately.
Our online services can also display content using iFrame technology.
The data is stored in server rooms located in the EU. These storing services include:
- Dropbox
- G Suite
- Google Cloud
- Mailchimp
- Active Campaign
How do we use the collected personal data?
What do we do with the information we collect? The short answer is: We produce incredibly great learning materials and services for you, and we constantly improve them. Here are some examples:
- We develop, use, improve, deliver, maintain and protect our products and services.
- We also send you messages by e-mail. We can use e-mail, for example, to respond to support requests or to inform you about products, services, and campaign offers that may interest you.
- We monitor and analyze trends and usage.
- We improve the safety of our products and services.
- We confirm your identity and prevent fraud or other unauthorized or illegal activity.
- We use the information we collect with cookies and other technologies to improve our services and your experience.
- We monitor compliance with our terms of service and other rules of use
Who do we share the personal data?
We may share information with the following third parties:
- With service providers and our partners.
- As service providers, we use entities that take care of their data protection, whose equipment rooms and systems meet the legislation requirements.
- The following information is stored in connection with the use of Mafynet in the Google Firebase system for the EU region. More details about Firebase data protection are here.
- Device identifier id
- Device operating system version and browser type and version
- User feedbacks
- User progress
- User work hours
- User id
- User password in a hash format.
- User vacations
- Users’ name and school.
- Users groups and group memberships
- Users’ answers are provided with a rich text editor.
- User ratings
- The storage utilizes cookies that can be placed on the user’s computer to facilitate login and identify the individual browser in the system.
- The anonymous data obtained with cookies is used in the further development of the user interface and quality improvement, as well as to enable the use of Mafynet.
- With third parties for legal reasons.
- We may share information about you if we have a sufficient reason for disclosing the information, such as:
- To comply with a valid legal action or official request or to comply with applicable law, rule, or regulation.
- To investigate, correct, and monitor possible violations of the terms of service.
- To ensure the rights, property, or safety of us, our users, or others.
- To detect and resolve fraud and security issues.
- We may share information about you if we have a sufficient reason for disclosing the information, such as:
- As part of a merger or acquisition.
- Suppose Mafy Oy is the subject of a business acquisition. In that case, the sale of assets, liquidation or liquidation, or all or part of its business is sold to another company; we may share your information with the other company before and after the operation.
We may also share information with advertisers that are aggregated, cannot be linked to an individual, or has been de-identified.
How long the data is kept
We keep the information we collect for two years after the end of your customer relationship. The databases of potential customers and partners are updated annually, and they store data for a period of five years.
How data is protected and stored
The data is stored on encrypted storage media and is processed only on password-protected terminals. Terminal data protection and virus protection are monitored centrally. Data is backed up to both local storage media and cloud backups. In cloud backups, data can end up outside the EU in encrypted form, e.g., via Dropbox and Google Drive. Data is transferred encrypted between MAFY and service providers.
Who processes the data?
Only a limited group of Mafy staff will process your data. Mafy’s information systems are designed to keep a log of the persons handling the information and limit the use of the information to only necessary persons.
What rights do I have?
The right to receive information about the collection and processing of personal data (Art 13, Art 14)
Mafy is obliged to provide you with information about processing personal data.
The right to access information (Art 15)
The registrant has the right to receive confirmation from MAFY that personal data concerning them is processed or not processed, and if this personal data is processed, the right to access it.
Right to rectification of data (Art 16)
The registrant has the right to demand that MAFY correct inaccurate personal data concerning the registrant without delay.
The right to delete data, i.e., the right to be forgotten (Art 17)
The registrant has the right to have MAFY delete personal data concerning the registrant without undue delay.
The right to transfer data from one system to another (Art 20)
The registered person has the right to receive the personal data concerning him, which he has submitted to MAFY, in a structured, commonly used. Machine-readable format and the right to transfer the data in question to another data controller without the hindrance of the data controller to whom the personal data has been delivered if the processing is based on consent or an agreement and the processing is carried out automatically.