Data protection policy

Updated 25th May 2018

Multim Ltd processes your personal data under the conditions of the GDPR while also taking into account the current Personal Data Act (523/1999) or any effective data protection legislation. This data protection policy may be updated from time to time by releasing a new version, so please check this data protection policy regularly on our website.

Registry controller’s details

Registry controller

Multim Oy
Asiakaspalvelu
Isolinnankatu 24
28100 Pori
0600 301 030 (99snt/min)
tuki@shellit.org

Person responsible for registry matters

Jani Rajala, CEO

Definitions

  • – ”GDPR” means the regulation 2016/679 of the European Parliament and the Council on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) combined with any national data protection regulation that is effective in the member state of our main establishment.
  • – Other terms shall be defined as in Article 4 of the GDPR.

Processing of your personal data

We collect and process your personal data to be able to conduct business and to provide the services you have ordered, to target marketing and to otherwise serve you. The personal data we collect may be used for managing customer relationships, for keeping statistics on the usage of our services, for enhancing and researching the user experience and for other re-search with the aim of improving our website or services. We may also analyse customer feedback. The personal data may also be used for customer relationship communications and for managing marketing and contacts. We may also use the data for the purposes of conversion tracking and targeted marketing.

We process your personal data according to the requirements of the GDPR. Processing is legitimate, reasonable and transparent. Processing of your personal data may be based on a contract, your consent, our legitimate inter-ests or legal obligations. Our legitimate interests may include, but are not restricted to, communication with you, direct marketing including direct marketing after the customership has ended and targeted marketing.

Your personal data is only processed for the purpose it has been collected. Personal data collected for the same purposes may be combined and personal data may be connected to other pieces of data gathered through the means of analytics for being able to e.g. target marketing.

We try to keep the amount of personal data we store about you as small as possible. We also try to make sure the personal data is accurate. We do not disclose your personal data to other parties, unless we have an appropriate reason to do so, for example while registering a domain name for you, marketing purposes or other activities relevant to running our business.

Personal data we collect and our sources of data

We may collect the following data:

  • – Personal information, e.g. name, address, phone number, email address
  • – Social security number or birth date, if the order contains a .fi domain
  • – Company ID or VAT code, organisation name, contact person, if the order is made by a company, association or other organisation
  • – Usernames and passwords related to the service
  • – IP address from which the services are used
  • – Data related to providing the services, e.g. billing and payment data, mandates, authorizations, messages or other information related to communicating with you, emails, phone call details, chat logs
  • – Marketing permissions, subscriber data of newsletters and equivalents
  • – Cookies
  • – Other data necessary for producing the services

We also collect data that is created using the services. This may include:

  • – Order and billing history
  • – Data related to maintaining the services, e.g. logs
  • – Tracking data related to marketing and using our websites
  • – Data gathered through analysing customers
  • – Other data created while using our services

Additionally, we may collect other data we have received from you based on your consent.

Our sources of data may include yourself, e.g. when you are in dealing or in contact with us, use our services, use our website or subscribe to our news-letters. We may also collect data about you by observing the usage of our services. Sources of data may also include, but are not restricted to, email, contact form, customer service chat or logs.

Our external sources of data may include e.g. publicly available registers, commercial marketing registers or equivalents and different kinds of services, e.g. Facebook, Twitter, Google AdWords, Google AdSense and LinkedIn.

We may also utilize data deduced from other data collected about you, e.g. observations, conclusions and deductions, that may include e.g. your likely areas of interests.

Recipients of the personal data

We may disclose data from our registers to e.g. partners or subcontractors within the limits allowed and obliged by the legislation currently in effect.

Data may also be disclosed to e.g. investigate a suspicious payment transaction with our payment intermediaries. Additionally, ordering a domain name personal data (name, contact person, organisation, phone number, email, company ID, VAT code or equivalent, social security number, birth date) needs to be disclosed to third parties as required by the domain name regis-tries as domain names are, by default, registered to direct ownership of the customer. The data may also be to transmitted to third party services for the purposes of conversion tracking and targeted marketing.

Flows of personal data to countries outside the union

The data may be transmitted outside the European Union and the European Economic Area if required for the purposes of providing the services and for the purposes of marketing and communications. The data that may be transmitted includes name, organisation name and email address. Prior to disclosing the data, we confirm the processor meets the requirements set in the GDPR. Registering domain names data disclosed may also include other pieces of data in addition to the aforementioned, to the extent required to provide the services you have ordered. In certain cases the controller of the domain name registry may be located outside the Union in a country data protection regulation of which does not meet the requirements of the GDPR. In these case the data needs to be disclosed to the controllers of the domain name registries given you have ordered a top-level domain registration of which requires this.

Deletion of the personal data

We delete your personal data either automatically or manually when the personal data is not relevant for the purposes presented in this data protection policy. For example, personal data processed based on your consent is stored and processed as long you have not withdrawn your consent. Personal data processed based on legal obligations is stored and processed as long as those legal obligations require (e.g. accounting data). Accordingly, personal data stored and processed based on a contract is deleted after a reasonable amount of time, usually about three months, after the contract or the contracts have been terminated, when those data is not anymore necessary for the purposes of billing, for being able to continue contract or for other purposes. Data processed based on our legitimate interests is stored and processed as long as the legitimate interests are valid.

Protection of the data

Personal data in other forms than electrical is stored in locked cabinets. Only persons, whose work assignments so require, have access to the cabinets.

Personal data in digital form is protected using passwords, by limiting access and by using encrypted connections and email. Personal data is only pro-cessed in unencrypted email if you provide us data that way. By default, we request you to provide personal data securely through our control panels.

We only store intact and reliable personal data. Intactness and coherency is ensured by the means of maintaining backups.

Rights of the data subject

Right to access your personal data

You have the right to get a copy of the personal data we have stored about you. You may request this copy from the control panel or by contacting us. We may require you to proof your identity to execute the request. If you make a new request in less than a year from the previous one, we may charge a fee based on our price list for executing the request.

Right to rectification of your personal data

You can update your basic per-sonal data by logging in to our control panels. If needed, you may send a rectification request using the contact methods found on our website. If the rectification request is sent by other means than by directly through our ser-vice, you will need to provide us information so that we can reliably identify you. This information may include your name, address, phone number, email address and customer number. Right to give or cancel your consent: if we are processing your personal da-ta based on a consent you have given, you have the right to give a new con-sent or cancel the consent you have given anytime.

Right to give or cancel content

If we are processing your personal data based on a consent you have given, you have the right to give a new consent or cancel the consent you have given anytime.

Right to be forgotten

You have the right to ask us delete the personal data we have stored about you if 1) there is no need for the data considering the original purpose of collection 2) you cancel the consent, in which case the personal data processed based on that will be deleted 3) your personal data has been processed illegally 4) the personal data has to be removed to com-ply with a legal obligation 5) the personal data has been collected to offer in-formation society services to a child.

Right to object the processing of your personal data

You may have to right to object the processing of your personal data when the processing is done for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by us. If the personal data is processed for the purposes of direct marketing, you have the right to object the processing for this purpose anytime.

Right to restrict processing of your personal data

You may have to right to restrict the processing of your personal data in situations mentioned in Article 18 of the GDPR.

Right to portability of your personal data

You have the right to receive the personal data you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller if the data is processed based on a consent or a contract.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority if you believe the processing of your personal data to be against the GDPR.

Use of cookies

A cookie is a small text file sent to the user’s browser by the server. The cookie is saved on the user’s hard drive. Cookies are used to ensure proper functioning of the service and they are needed e.g. to enable login function-ality. Additionally, cookies are used to for marketing purposes, to generate traffic statistics, to research the usage of, track and enhance the user inter-face, the user experience and the service. Cookies are used to ensure user-friendliness of the service. They may also be used by services run by third parties, including e.g. user tracking and marketing.

The user can allow or disallow the usage of cookies by configuring browser’s settings. The use of cookies is considered to be allowed unless the user has configured the browser to disallow them. If the use of cookies is not allowed by the user, the proper functioning of the service cannot be ensured. Without cookies, it won’t be possible to order services or to login to the control panel. Further information on disallowing cookies can be found from your browser ven-dor’s website.