This is Make X Media's GDPR-compliant register and privacy statement.
Prepared on 27.1.2025.
1. Data controller
Make X Media (Capefinn Oy), Kahdeksas huvilatie 10 B, 02730 ESPOO, Y-tunnus: 2232520-1
2. Contact person in matters related to the filing system:
Mari Righini
Kahdeksas huvilatie 10 B, 02730 Espoo
mari@makexmedia.fi, 040 5831538
3. Name of filing system: Make X Media Customer register
4. Legal basis and purpose of processing personal data
The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) is the contract to which the data subject is a party or the legitimate interest of the data controller. Make X Media collects and processes personal data to fulfill its contractual obligations and to comply with legal requirements. Make X Media also processes personal data based on legitimate interest to maintain and develop its business and services. The purpose of processing personal data is to establish and maintain customer relationships, sell and market Make X Media's services, send newsletters, announcements, and invitations, and conduct marketing research.
5. Content of the register and retention period
The information stored in the register includes the person's name, company/organization, contact details (phone number, email address, address).Make X Media retains information only for as long as necessary to fulfill the purposes defined above, in accordance with the applicable legislation in force at any given time.
6. Regular sources of information
The information stored in the register is obtained:
● Directly from the customer via phone, online, email, meetings, or other means
● From public sources such as websites or directory services, e.g., Profinder Business Database, Suomen Asiakastieto, Taloustutka Oy
7. Regular disclosures and transfer of data
Data is not disclosed to other parties.
8. Principles of register protection
Care is taken in the handling of the register, and data processed through information systems is appropriately protected. When register data is stored on servers, the physical and digital security of the equipment is properly managed. The data controller ensures that stored data, access rights to the servers, and other critical information related to the security of personal data are handled confidentially and only by employees whose job responsibilities include such tasks.
9. Right of access and the right to request correction of data
Every individual listed in the register has the right to review their stored data and request the correction of any inaccurate information or the completion of incomplete information. If a person wishes to review their stored data or request corrections, the request must be sent by email to the data controller. The data controller will respond within the time frame specified in the EU General Data Protection Regulation (typically within one month), and the information will be updated in the register.
10. Other rights related to the processing of personal data
Individuals listed in the register have the right to request the deletion of their personal data from the register ("right to be forgotten"). Additionally, data subjects have other rights under the EU General Data Protection Regulation, such as the right to restrict the
processing of their personal data in certain situations. Requests must be submitted in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller will respond within the time frame specified in the GDPR (typically within one month), and the data will be deleted from the register.