Personal Data Processing Terms
Personal Data Processing Terms.
M-Brain group will process personal data in accordance with the GDPR requirements directly applicable to M-Brain Group´s provision of services. Effective 25 May 2018, the terms set below will come to force between you and M-Brain Group.
• ” Data subject” refers to identified or identifiable person to whom Personal Data relates.
• “GDPR” means General Data Protection Regulation (EU) 2016 /679
• “Personal Data” means any information relating to identified or identifiable natural person.
• “Sensitive Personal Data” means racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, health data, sex life or sexual orientation, past or spent criminal convictions.
• “Processing,” means any operation or set of operations, which is performed upon the personal data.
• “M-Brain Group”, “We”, “our”, “us” means M-Brain legal entities engaged in processing personal data.
• “M-Brain Customer”, “You”, “Your” means parties who have signed contracts with M-Brain Group for M-Brain services. M-Brain services and privacy notices are available at www.M-Brain.com.
• “Person Identifiable information” means name (surname, family name, middle name, calling name) and e-mail address supplied by you.
• “duly handled” means applied procedures to cover all the rights of the Data subject including the right to request for providing the data electronically in a commonly used format and deletion of data.
• “Commonly used format” means in PDF format.
• “Rights of the Data subject “means
1) Right to be informed 2) The right to access 3) Right to rectification
4) Right to restrict processing 5) Right to erasure 6) Right to data portability
7) Right to Object
8) Right not to be subject to automated decision-making including profiling.
• “Data processor “means any entity other than the data controller who processes the data on their behalf.
• “Data controller” means is a person or an entity which decides what data is collected, how it is used, and whom it is shared with.
• “Online identifiers” means IP addresses, Mobile device IDs, Browser Fingerprints, RFID tags, MAC addresses, cookies, telemetry, user account IDs, any other system generated data which identifies a natural person.
2. Purpose for Processing Personal Data (lawful basis)
a. M-Brain technology solutions are built with access control, user management and email communication. M-Brain handles personal identifiable information such as surname and given name, email address of any natural person for the use of M-Brain services.
b. Legal entities of M-Brain Group collect data actively and knowingly provided by the individuals and stores professional contact details for Business to Business relationship.
c. M-Brain Group works with inferred data and derived data for Business purposes. This may constitute processing sensitive personal data
3. M-Brain Customer
M-Brain customer shall have sole responsibility for the accuracy and legality of personal data and by the means in which M-Brain received this data.
We will process your data as per your documented instructions.
In general, you authorise us to
• Group the personal identifiable information under the respective service solution.
• Update user data when an individual joins
• Remove user data when an individual optout or leave.
• Communicate via email
• Collect online identifiers for security processing purposes.
• Analyze user interaction with third party tools.
• Invite individuals for trainings and events.
4. M-Brain Personnel
M-Brain group will ensure that its personnel engaged in processing personal data have appropriate training to carry out the responsibilities with confidentiality and reliability by means of agreement and adequate controls and procedures. M-Brain Group will ensure limited access rights on the personal data as appropriate in accordance to the agreement with the Customer.
5. Data Protection Impact Assessment
Upon customer´s request, M-Brain Group will provide reasonable cooperation and assistance to the
Customer to fulfil the obligations of GDPR.
6. Rights of the Data subject
Users of our products and services shall contact us by following the instructions at www.m-brain.com\privacy.
Upon request, rights of the Data subject will be duly handled. M-Brain Group may refer the data subject´s request to the relevant customer and cooperate in handling the request.
7. Consent to process Personal Data.
M-Brain Group will use person identifiable information for user management, respond to inquiries, send marketing or subscription related information and notices regarding M-Brain products and services. M-Brain carries out these activities either based on legitimate interests in operating M-Brain Business or based on consent.
A list of products and services we provide and the data we choose to collect and process are available at www.m-brain.com\privacy.
8. Data incident and management
a. We will maintain appropriate as (deemed fit) organizational, technical and physical measures to protect against accidental, unlawful destructions, loss, alteration or disclosure of information that we collect or process.
b. M-Brain Group will notify customer without undue delay after becoming aware of any incidents involving personal data.
c. If the incident constitutes to a data breach, the lead data protection authority (Data protection Ombudsman Finland / Tietosuojavaltuutetun toimisto) will be informed within 72 hours.
d. M-Brain Group shall take reasonable efforts to identify the cause, mitigate and apply remediation to the incident.
9. Personal Data transfers and mechanisms
M-Brain Group will ensure adequate controls for data transfer within the EU and EEA. For transfers involving any third country, the process will be duly communicated to the affected parties.
10. Hosting partners and cloud service providers
Our hosting partners may transfer data (including personal data) outside of the EEA. Subject to certain limitations, engagement with hosting partners and cloud service providers, M-Brain Group will ensure by audits and inspections that the respective partners and providers adhere to the GDPR requirements.