MH-Rakenne Oy (“we”, “us”, “our”) is committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and applicable Finnish data protection laws. This Privacy Policy explains how we collect, use, disclose, and protect personal data as the controller of the processing.
1. Controller
MH-Rakenne Oy
Business ID: 2359243-2
Address: Savonkatu 2 A 2, 57100 Savonlinna
Phone: +358 44 022 0300
Email: mikko.hirvonen@mh-rakenne.fi
For data protection matters:
MH-Rakenne / Data Protection
Email: mikko.hirvonen@mh-rakenne.fi
2. Register Name
MH-Rakenne Customer and Marketing Register and Website User Register.
3. Purposes and Legal Basis of Processing
We process personal data for the following purposes:
Managing and maintaining customer relationships
Responding to inquiries and preparing quotes
Entering into and fulfilling contracts
Invoicing, accounting, and fulfilling statutory obligations
Developing services and the website
Customer communications and direct marketing (within legal limits)
Legal bases:
Contract performance or pre-contractual measures
Legal obligation (e.g., Accounting Act)
Our legitimate interests (customer relationship management, service development, limited direct marketing)
Your consent (e.g., newsletter or certain cookies)
4. Data Content
The register may contain:
Basic information: name, company/organization, position/title
Contact details: address, email, phone number
Contract and order data: quote requests, orders, contracts, project details
Billing and payment information
Communication data: inquiries, emails, feedback
Website usage data: IP address, device/browser info, visit timestamps, viewed pages, cookie data (based on consents)
We do not collect special categories of personal data (e.g., health data) unless exceptionally necessary for project execution and permitted by law; such processing is minimized and protected accordingly.
5. Regular Data Sources
Data subject themselves (e.g., contact forms, email, phone, contracts)
Data subject’s employer or represented entity
Public registers and authorities (as permitted by law)
Website technical logs and analytics (e.g., cookies, analytics tools)
6. Cookies and Analytics
The website may use cookies and similar technologies for functionality, user experience improvement, and traffic statistics.
Necessary cookies are always used for technical operation.
Analytics and marketing cookies require your consent (e.g., via cookie banner).
You can manage settings via browser or site cookie controls.
7. Data Retention
Data is retained only as long as necessary for the purposes described or required by law:
Customer/contract data: at least as required by the Accounting Act
Marketing data: while you are a customer or potential customer, unless you object
Website logs/analytics: reasonable period for statistics and development
Unnecessary data is securely deleted or anonymized.
8. Recipients and Transfers Outside EU/EEA
Data may be disclosed to:
Accounting and financial service providers
IT and cloud service providers (e.g., email, hosting)
Authorities if required by law
Transfers outside EU/EEA use GDPR-compliant mechanisms (e.g., Standard Contractual Clauses). No data is sold to third parties. Details on specific transfers available upon request.
9. Security of Processing
Data is processed securely with appropriate technical and organizational measures:
Access limited to necessary personnel
Systems protected by passwords, firewalls, and security technologies
Physical documents stored in locked premises
Data breaches are handled per law, with notifications to authorities and data subjects as required.
10. Your Rights
Under GDPR, you have rights including:
Access and copy of your data
Rectification of inaccurate/incomplete data
Erasure (in certain cases)
Restriction or objection to processing (in certain cases)
Objection to direct marketing
Withdrawal of consent
Data portability (for consent/contract-based automated processing)
Submit requests in writing/email to the controller above. Identity may be verified. You may also complain to the Data Protection Ombudsman (Finland).
11. Automated Decision-Making and Profiling
We do not make significant decisions based solely on automated processing or profiling without your explicit consent or legal basis.
12. Changes to This Policy
We may update this policy due to operations or law changes. The current version is available on our website. Significant changes may be notified via website or email. Last updated: December 16, 2025.