This privacy policy describes how Mekry Oy (Business ID 3011635-4) processes personal data in the MekryPro service (MekryPro).
1. Data controller
The data controller is Mekry Oy, Business ID 3011635-4. Address: Kissalakuja 7, 21800 Kyrö.
2. Contact for privacy matters
For questions about privacy and personal data processing, contact: info@mekrypro.fi.
3. Purposes and legal bases
We process personal data for the purposes below on the following legal bases (EU GDPR, Article 6):
- Service agreement and customer relationship (contract, Art. 6(1)(b)) — user accounts, company accounts, projects, offers, work hours, billing and subscription management.
- Security and fraud prevention (legitimate interests, Art. 6(1)(f)) — login, sessions, logs, access control and technical maintenance.
- Legal obligations (Art. 6(1)(c)) — e.g. accounting and tax obligations where applicable to the controller.
- Consent (Art. 6(1)(a)) — optional cookies (analytics, marketing) and other consent-based features. You may withdraw consent in cookie settings.
4. Personal data we process
Depending on use of the service, we may process:
- Identity data: name, email, phone number, username.
- Company and role data: employer, role, permissions, invites and team information.
- Customer and project data: jobsites, rooms, offers, purchases, subcontractors and other content entered into the service.
- Work time and tracking: work hours, vehicles and location-based tracking if your company has enabled the feature.
- Technical data: IP address, browser, device, log data and cookies.
- Payment and subscription data: plan and payment reference data via payment provider (we do not store card numbers).
- Support and communication: support requests and related messages.
We do not aim to process unnecessary special categories of data. If you enter sensitive data into the service (e.g. health-related data in moisture readings), you are responsible for ensuring an appropriate legal basis.
5. Sources of data
Data is collected mainly from you, your company users or your customers representatives when using the service. Some technical data is collected automatically.
6. Disclosure of data
We do not sell your personal data. We may disclose data to:
- technical subprocessors (e.g. hosting, cloud, email, payment services) processing data only on our instructions;
- authorities when required by law;
- other MekryPro users in the same company or project who have access rights in the service.
7. Transfers outside the EU/EEA
We aim to process personal data mainly within the EU/EEA. If data is transferred outside that area, we ensure appropriate safeguards (e.g. standard contractual clauses or other approved mechanisms).
8. Retention
We retain personal data only as long as needed for the purposes above or to comply with legal obligations. When an account is deleted or the agreement ends, we delete or anonymise data within a reasonable time unless law requires longer retention.
9. Your rights
Under the GDPR you have the right to:
- access your data and obtain a copy;
- request rectification or erasure;
- restrict or object to processing in certain situations;
- data portability where processing is based on consent or contract;
- withdraw consent at any time (without affecting prior lawful processing);
- lodge a complaint with a supervisory authority (in Finland the Office of the Data Protection Ombudsman).
To exercise your rights, contact: info@mekrypro.fi.
10. Cookies
We use cookies and similar technologies for service operation, security and optional analytics. Read more in our cookie policy.
11. Security
We protect personal data with appropriate technical and organisational measures (e.g. encryption, access control, backups and logging). No system is completely risk-free; we notify significant breaches as required by law.
12. Changes to this policy
We may update this policy as the service evolves. Material changes will be communicated in the service or by email. The current version is always available at https://mekrypro.fi/legal/privacy.