Search

Privacy Policy

Privacy and Data Protection Notice

This Privacy and Data Protection Notice describes how House of MDR processes personal data in accordance with the EU General Data Protection Regulation (GDPR). This notice was last updated on
23 March 2026.

 

1. Controller
House of MDR
Kauksaarentie 15
13800 Katinala
Finland

 

2. Contact Person for Matters Relating to the Register
Heidi Taipale
Email: info@houseofmdr.fi
Tel: +358 40 450 9899

 

3. Name of the Register
The register maintained by House of MDR comprises customer, marketing, stakeholder, online service
user and personnel data.

 

4. Legal Basis and Purposes of Processing Personal Data
The processing of personal data is based on one or more of the following legal bases under the GDPR:

  • Consent of the data subject (documented, freely given, specific, informed and unambiguous)
  • Performance of a contract to which the data subject is party or in order to take steps at the
    request of the data subject prior to entering into a contract
  • Compliance with a legal obligation to which House of MDR is subject
  • Performance of a task carried out in the public interest
  • Legitimate interests pursued by House of MDR (for example, pre‑contractual customer
    relationships and employment relationships)
 

Personal data are processed for, inter alia, the following purposes: maintaining and managing customer relationships, providing and developing services, fulfilling contractual and statutory obligations, and carrying out marketing and customer communications.
Personal data are not used for automated individual decision-making or profiling within the meaning of the GDPR.

 

5. Categories of Personal Data and Retention
The register may contain, among others, the following categories of personal data:

  • Name
  • Position or role
  • Company/organisation
  • Contact details (telephone number, email address, postal address)
  • Website addresses
  • IP address of the network connection
  • Usernames/profiles in social media services
  • Information relating to ordered services and changes thereto
  • Billing details
  • Other information relating to the customer relationship or to the services ordered
 

Personal data that are necessary for the purposes described above are retained for at least the duration

of the customer, employment or service relationship.
After this, the retention period depends on the nature of the data and the purpose of processing, and data are retained only for as long as required by applicable legislation or for the establishment, exercise or defence of legal claims.
House of MDR endeavours to keep personal data accurate and up to date by updating data and erasing data that are no longer necessary.
IP addresses of visitors to the website and cookies that are necessary for the technical functioning and security of the service are processed on the basis of the legitimate interests of House of MDR, for example to ensure information security and to compile statistical information on visitors, in cases where such data can be regarded as personal data.
Where required, consent is obtained separately for the use of third‑party cookies.

 

6. Regular Sources of Data
Personal data are obtained primarily from the data subjects themselves, for example through:

  • Messages sent via online forms
  • Email and telephone communications
  • Social media services
  • Contracts and related documentation
  • Customer meetings and other interactions in which customers, stakeholder representatives or staff provide their information
 

Contact details of representatives of companies and other organisations may also be collected from publicly available sources, such as websites, directory services and other companies.

 

7. Regular Disclosures and Transfers of Data Outside the EU or EEA
Personal data are not regularly disclosed to third parties.
Data may be published or otherwise disclosed to third parties only to the extent separately agreed with the customer or another data subject, or where such disclosure is based on a legal obligation or lawful request of an authority.
House of MDR may transfer personal data outside the European Union (EU) or the European Economic Area (EEA).
Personal data will not be transferred to the United States without the explicit consent of the data subjects, unless an adequate level of data protection is otherwise ensured in accordance with the GDPR (for example, by means of standard contractual clauses or an adequacy decision).

 

8. Principles of Register Security
House of MDR processes the register with due care and uses appropriate technical and organisational measures to protect personal data.
When data are stored on internet servers, the physical and digital security of the equipment and environment is ensured in an appropriate manner.
House of MDR ensures that stored data, server access rights and other information critical to the security of personal data are processed confidentially and only by those employees for whom access is necessary for the performance of their work duties.

 

 

9. Right of Access and Right to Rectification

Each data subject has the right to obtain confirmation as to whether personal data concerning them are being processed, and, where this is the case, to access such personal data as provided in Articles 15 and 16 of the GDPR.
The data subject has the right to request the rectification of inaccurate personal data and the completion of incomplete data without undue delay.
Requests for access or rectification shall be submitted in writing to House of MDR using the contact details provided above.
House of MDR may, where necessary, request the data subject to provide proof of identity.
House of MDR will respond to the request within the time limits laid down in the GDPR (as a rule, within one month of receipt of the request).

 

10. Other Rights of the Data Subject
The data subject has the right, under the conditions laid down in the GDPR, to:

  • Request the erasure of personal data concerning them (“right to be forgotten”)
  • Request the restriction of processing
  • Object to the processing of personal data carried out on the basis of legitimate interests
  • Request the transfer of their personal data in a structured, commonly used and
    machine‑readable format, where the processing is based on consent or contract and carried out by automated means
  • Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
 

Requests relating to these rights shall be submitted in writing to House of MDR using the contact details provided above.
House of MDR may, where necessary, request the data subject to provide proof of identity, and will respond to the request within the time limits laid down in the GDPR (as a rule, within one month of receipt of the request).

1. https://gdpr.eu/privacy-notice/
2. https://www.freeprivacypolicy.com/blog/gdpr-privacy-policy-template/
3. https://www.dlapiperdataprotection.com/index.html?t=law&c=FI
4. https://www.termsfeed.com/blog/sample-gdpr-privacy-policy-template/
5. https://www.iubenda.com/en/blog/gdpr-privacy-policy-template/
6. https://www.sspfinland.fi/wp-content/uploads/2023/07/Finland-Employee-Privacy-Policy-and-Notice_Eng.pdf
7. https://www.linklaters.com/en-us/insights/data-protected/data-protected—finland
8. https://www.utu.fi/sites/default/files/public:/media/file/Privacy Notice – template.docx
9. https://www.linklaters.com/en/insights/data-protected/data-protected—finland
10. https://www.kielipankki.fi/support/privacy-notice-instructions-for-researchers/

Contact us