Home
Menevä Vastuu

Privacy Policy

Updated 1 April 2025

1. Data controller

Menevä Oy
Business ID: 0711979-2
Panimokatu 2, 00580 Helsinki, Finland
Email: support@meneva.fi

2. Purpose and legal basis for processing personal data

We process personal data for the following purposes:

  • Service provision — managing user accounts, authentication, and monitoring contractor liability documents (legal basis: contract).
  • Legal obligations — retaining contractor liability documents and audit logs to the extent required by law (legal basis: legal obligation).
  • Communication — document expiry reminders and service notifications (legal basis: contract / legitimate interest).

3. Personal data processed

We process the following data:

  • Name and email address (provided upon registration)
  • Company information: company name and Business ID (Y-tunnus)
  • Documents uploaded to the service and their metadata (document type, validity period)
  • Audit log: who did what and when (uploads, approvals, rejections)
  • Login timestamps and access logs (security monitoring)

4. Disclosure of data

Personal data is not shared with third parties for marketing purposes. Data is shared only in the following cases:

  • Contractor–subcontractor data sharing: the contracting company sees the document status of their subcontractors, and the subcontractor sees which contractors are monitoring their compliance. This data sharing is a core function of the service.
  • Technical sub-processors: we use Supabase (database and file storage, EU region) and Vercel (server infrastructure, EU region). These parties process data only to provide the service.
  • Legal requirements: we disclose data to authorities if we have a legal obligation to do so.

5. Transfer of data outside the EU

Data is not transferred outside the EU/EEA. All servers are located in the EU (London, United Kingdom / Europe).

6. Retention periods

  • Documents and audit log: the Contractor Liability Act (1233/2006) requires retention for at least two years after the end of the contract. We retain data beyond this period at the customer's request or to fulfil legal obligations.
  • User data: retained for as long as the account is active. After account closure, data is deleted within 90 days unless a longer retention period is required by law.
  • Email log: logs of sent reminder messages are retained for 12 months.

7. Rights of the data subject

Under the GDPR, you have the right to:

  • access the data we process about you (right of access)
  • request correction of inaccurate data
  • request erasure of your data, unless there is a legal basis for retention
  • object to the processing of your data
  • receive your data in a portable format (data portability)
  • lodge a complaint with the Data Protection Ombudsman (tietosuoja.fi)

Requests will be responded to within one month. Send your request to: support@meneva.fi

8. Data security

All communication with the service is encrypted using TLS. The database is protected by row-level security (RLS), ensuring each user only sees data that belongs to them. Uploaded files are stored in an encrypted object store. Access to server infrastructure is restricted to service provider personnel.

9. Cookies

The service uses only technically necessary session cookies required to maintain login state. No marketing cookies or third-party tracking tools are used.

10. Updates to this policy

This privacy policy is updated as needed. Users will be notified of significant changes by email at least 14 days before the change takes effect.

11. Contact

For privacy matters, contact us at: support@meneva.fi