Skip to content
Mondex

Privacy policy

MONDEX – PRIVACY POLICY

Mondex – Privacy Policy

This privacy policy complies with Section 10 and Section 24 of the Finnish Personal Data Act (523/1999), the EU General Data Protection Regulation (679/2016), and the EU Data Act (EU 2023/2854).
Updated on 18 February 2026.

  1. CONTROLLER

Mondex Oy (Business ID: 1769513-6 )
Kettukallionkatu 4
FI-84100 Ylivieska

info@mondex.fi
www.mondex.fi

  1. CONTACT PERSON IN CHARGE OF REGISTER MATTERS

Teppo Petäjistö
teppo.petajisto@mondex.fi
+358 50 467 7819

  1. NAME OF THE REGISTER

Mondex Oy’s customer, marketing, and IoT data processing register.

  1. GROUNDS FOR MAINTAINING A REGISTER

Personal data in the customer register is processed based on a sales contract, and personal data in the marketing register is processed based on consent. By downloading, installing, or using any Mondex product interface, you accept the terms of this privacy policy.

The legal basis for processing your personal data is your consent and the fulfilment of a contract. If you have given your consent for any processing of personal data, you may withdraw your consent at any time.

  1. PURPOSE OF USE

The customer and marketing registers are used for order archiving and processing, statistics, and customer relationship management. The marketing register is also used for communication, information distribution, and targeted direct marketing, such as newsletters, phone calls, or other contact methods requested by the data subject.

The customer register is also used to develop the online store and Mondex Oy’s services, produce statistics, and ensure service quality. Personal data is processed within the limits permitted and required by the Personal Data Act (523/1999) and the EU GDPR (679/2016).

IoT data is processed to deliver the service and fulfil user rights according to the Data Act—for device functionality, technical support, security, product development (excluding competitive use), and to provide the services requested by the user.

  1. THE REGISTER’S DATA CONTENT

The personal data register contains the following data:

  • Name of the company and/or first and last name of the person, visiting address and postal address, email address, telephone number, website address, publicly available classification data
  • Information about marketing permits and prohibitions
  • Classification data and additional information provided by individuals
  • IP address data or other telecommunications identification received through the service
  • Customer feedback information
  • Ordering, invoicing and delivery data
  • Data collected through cookies
  • The register also contains data or orders by the data subject and their stages.
  • IoT device identifiers (ID)
  • Usage and performance data
  • Log data (connection, error, and diagnostic logs)
  • Settings, profiles, and commands provided by the user
  1. REGULAR DATA SOURCES

Customer register of Mondex Oy. Public websites. Information produced by customer services with regard to the used services, also including data and sets of data standardised by an external system supplier. Data collected directly from the customer. 

  1. REGULAR DATA DISCLOSURE AND TRANSFER OUTSIDE THE EU OR THE EUROPEAN ECONOMIC AREA

Customer register data is used solely by Mondex Oy. Personal data is not disclosed to external parties or partners for their own use unless required by invoicing, debt collection, or legal obligations.

Personal data is not transferred outside the EU or EEA. The Data Act restricts data transfers to countries where there is a risk of unjustified governmental access. Mondex evaluates all transfers case-by-case and uses only EU‑compatible platforms.

  1. REGISTER SECURITY PRINCIPLES

Good data management practices and diligent protection obligations under data protection legislation are followed.

Technical and organizational measures are used to protect personal data from unauthorized access, accidental or unlawful destruction, alteration, disclosure, transfer, or any other unlawful processing.

Access to personal data is restricted to individuals who need the information to perform their work tasks.

Digitally stored and processed data is protected by firewalls, passwords, and other technical safeguards. Paper documents are stored in locked facilities.

All Mondex Oy personnel are bound by confidentiality obligations regarding all information.

  1. THE PERIOD OF TIME PERSONAL DATA WILL BE STORED AND STORING CRITERIA

Personal data will be stored only for as long as necessary for the purposes of processing. The timing and method of data disposal will be determined, and out-of-date and unnecessary personal data will be removed. The obligation to store personal data can also be based on legislation.

Mondex stores IoT data for the lifetime of the product or longer upon the user’s request.

  1. COOKIES AND PLUG-INS

We use cookies on our website. Cookies are small text files that are sent to and stored on the user’s computer. Cookies do not harm users’ computers or files.

The primary reason for using cookies is to improve and adapt the user’s experience of the site, and analyse and improve its functionality and contents.  The data collected with the help of cookies can also be used for targeting communications and marketing, and optimising marketing activities.

A visitor cannot be identified based on cookies alone. Data received through cookies can, however, be linked to other data received from the customer in a different context, for example when a user fills in a form on our website.

Cookies are used to collect the following data:

  • the visitor’s IP address
  • time of the visit
  • browsed pages and their viewing time
  • the visitor’s browser

A user visiting our site has the opportunity to prevent the use of cookies at any time by changing the settings of their browser. Most browsers enable cookies to be switched off and saved cookies to be deleted. Preventing the use of cookies may have an effect on the functionality of the site.

Social media plug-ins

Mondex Oy’s site may contain links to third party websites and social media plug-ins (such as Facebook’s social plug-ins). The use of social media plug-ins may send identifiable data to the service providers of the said social media. When you open the plug-in, you may allow cookies from third party websites to be saved onto your computer, which means that their administrators can follow the use of the page, if you have signed into that service provider’s social media. The third party’s privacy and use policies and other terms will be applied to the services or applications that are featured on the site and are provided by the third party. Mondex Oy has no authority over such third party websites and Mondex Oy is not responsible for any materials published on these sites or their use.

  1. THE DATA SUBJECT’S RIGHTS

The data subject has the right to inspect the personal data recorded in the register. The inspection request must be sent in writing, signed and with personal identity number attached, to the register’s contact person defined above or to the company’s official postal address. The inspection request can also be presented in person at the controller’s address listed above.

The data subject has the right to request the rectification of data concerning them.

The data subject has the right to access IoT data free of charge and without undue delay. Mondex Oy shares IoT data only at the user’s request, securely and in a standardized format, with the service provider chosen by the user.

The data subject has the right to delete all personal data concerning them from the register and request their transfer to another controller. This right does not apply to data, the storing of which is subject to other legal obligations.

The data subject has the right to prohibit the use of data for direct advertising, distance selling or other direct marketing, as well as opinion and market polls.

Electronic direct marketing can be addressed to the data subject, provided that the data subject has given their consent to this. The data subject has the right to withdraw their consent at any time.

Possible disputes will primarily be solved through negotiations with the data subject. The data subject has the right to submit the matter concerning the processing of personal data for examination by the data protection authorities.

© Mondex 2026