PRIVACY POLICY 
25.5.2018 
 
1. Register controller and contact information 
Froneri Finland Oy (2764409-2)
Keilasatama 5
02150 Espoo 
Puh. 0400 189353
laura.anttila@fi.froneri.com
 
2. Register name 
Froneri Finland Oy mediabank user register 
 
3. Basis and purpose of processing personal information 
The purpose of processing personal data is to enable the usage of the mediabank and/or project management with personal user account. It is not possible to use the service without the user account. The processing or personal data is based on Froneri Finland Oy privileged interest, agreement or other substantive connection. 
 
4. Data processor 
Grano Oy (business ID 2197935-0) 
Kuortaneenkatu 1 
00520 Helsinki 
tietosuoja@grano.fi 
 
5. Information contents of the register and regular sources of information. 
The register contains following user data collected from the user or entered on behalf of the user. Designated service admins can add or edit user information. 
 • Name 
 • E-mail address 
 • Company
 • Address
 • Relation
 • Purpose of use

Register does not have regular external sources of information. 
 
6. Regular disclosures of information and transfer of information outside the EU or the EEA 
Personal data is not regularly disclosed to external parties nor transferred outside the EU and EEA . However, information may occasionally be disclosed in accordance with Finnish law. 
Following user information can be transferred to external systems via APIs: First name, last name, e-mail address. 
The Media Bank has been integrated into Grano's Publishing order channel. The above information is transferred from the Publishing group identifiers to enable SSO.
 
7. Principles of protecting the register and retention time of the information 
Only employees whose job description entitles them to process customer information are entitled to use the system containing customer information. Each user has a personal username and password for the system. The information is collected into databases that are protected with firewalls, passwords and other technical means. The databases and their back-ups are located in locked facilities, and the information can only be accessed by certain persons designated in advance. 
Personal information is retained as long as necessary for its purpose, with retention times prescribed by laws such as the Consumer Protection Act, the Accounting Act and the Prepayment Act taken into consideration. 
 
8. Right of access and the right to have information corrected 
The registered person has the right to access and inspect his/her personal information recorded into the register, as well as the right to demand to have information corrected or removed. Requests concerning this matter must be submitted personally or in writing to the contact person mentioned in Section 2. 
 
9. Other rights related to processing personal information 
The registered person has the right to prohibit the register controller from processing his/her information. Such a prohibition can be submitted to the contact person mentioned in Section 2 at any time.