Privacy Notice - Stora Enso s Supplier and Stakeholder Register. 1 Purpose

Similar documents
Privacy Notice - Stora Enso s Customer and Sales Register. 1 Controller

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Jefferies EMEA Privacy Notice

Rights of Individuals under the General Data Protection Regulation

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

1 About GfK and the Survey What are personal data? Use of personal data How we share personal data... 3

Islam21c.com Data Protection and Privacy Policy

Creative Funding Solutions Limited Data Protection Policy

Online Ad-hoc Privacy Notice

GLOBAL DATA PROTECTION POLICY

RECRUITMENT DATA PROTECTION NOTICE. AImotive Ltd.

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

Vistra International Expansion Limited PRIVACY NOTICE

INFORMATIVE NOTICE ON PERSONAL DATA PROCESSING

PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS

Subject: Kier Group plc Data Protection Policy

Cognizant Careers Portal Privacy Policy ( Policy )

PRIVACY POLICY OF THE WEB SITE

Technical Requirements of the GDPR

Talenom Plc. Description of Data Protection and Descriptions of Registers

What personal data or information do we collect? The personal information we collect may include:

SCALA FUND ADVISORY PRIVACY POLICY

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

Data Protection Policy

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

GLOBAL DATA PROTECTION POLICY

GDPR Data Protection Policy

Kährs Group s Privacy Policy

PRIVACY POLICY SECTION 1 CONTACTS

At Oatly we believe in the importance of protecting personal information and an individual s right to privacy and integrity.

the processing of personal data relating to him or her.

Privacy Policy of

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

KSi Malta Privacy Policy

Privacy Statement for Use of the Certification Service of Swisscom (sales name: "All-in Signing Service")

VISTRA (CYPRUS) LTD. PRIVACY NOTICE

Motorola Mobility Binding Corporate Rules (BCRs)

Privacy Policy. Company registry number: Budapest, Gönczy Pál utca em. Homepage: contact: Phone:

UWTSD Group Data Protection Policy

Wonde may collect personal information directly from You when You:

PRIVACY POLICY PRIVACY POLICY

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

Personal Data Privacy Policy Updatedt: December 2018

VISTRA MONACO PRIVACY NOTICE

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

PS Mailing Services Ltd Data Protection Policy May 2018

POMONA EUROPE ADVISORS LIMITED

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

Privacy Policy CARGOWAYS Logistik & Transport GmbH

WE ARE COMMITTED TO PROTECTING YOUR PERSONAL DATA

Wesley House data protection statement and privacy notice (short-course delegates)

All data subjects whose personal data is collected, in line with the requirements of the GDPR.

1. Data Controller Metsäliitto Cooperative ( Metsä Wood ) registered address of the head office at Revontulenpuisto 2, Espoo, Finland

PRIVACY STATEMENT. The Island with Bear Grylls (the Programme ) Introduction and main purposes

VISTRA ZURICH AG - PRIVACY NOTICE

Element Finance Solutions Ltd Data Protection Policy

Personal Data collected for the following purposes and using the following services:

EU GDPR: The General Data Protection Regulation

PRIVACY POLICY. 1. Introduction

Name: Aho Terhi Title: ecommerce Manager. Phone: terhi.aho(at)finavia.fi Name: Närvänen Carita Title: Development Manager

CEM Benchmarking Privacy Policy

Data processing policy

The Park Hotel Privacy Statement

Legal basis of processing. Place MODE AND PLACE OF PROCESSING THE DATA

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

Privacy Notice. Lonsdale & Marsh Privacy Notice Version July

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us.

Data Protection Policy

Data Protection Policy

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

Privacy Policy GENERAL

VISTRA NETHERLANDS PRIVACY NOTICE

Data Processor Agreement

Privacy Notice. General Information Protection Regulation ( GDPR )

Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria

FIRSTBEAT TECHNOLOGIES OY DESCRIPTION OF PERSONAL DATA PROCESSING FOR PARTNERS - FIRSTBEAT LIFESTYLE ASSESSMENT

Privacy Policy November 30th, 2017

PRIVACY POLICY. Valid as of

INNOVENT LEASING LIMITED. Privacy Notice

Pathways CIC Privacy Policy. Date Issued: May Date to be Reviewed: May Issued by Yvonne Clarke

PRIVACY NOTICE (TIER 4)

Privacy Policy Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH 1. Definitions

DISCLOSURE PURSUANT TO ART. 13 EU REGULATION No. 2016/679 (GDPR) Customers and prospects

The Corporate Website and the Product Websites are together referred to hereafter as the website.

UWC International Data Protection Policy

Data Processing Agreement DPA

PRIVACY POLICY FOR WEB AND ONLINE TRADING PLATFORM

NIPPON VALUE INVESTORS DATA PROTECTION POLICY

You can find a brief summary of this Privacy Policy in the chart below.

Privacy Policy. 1. Definitions

DATA PROTECTION A GUIDE FOR USERS

Plus500UK Limited. Website and Platform Privacy Policy

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

UM General Privacy Statement

PRIVACY NOTICE Olenex Sarl

The General Data Protection Regulation

Transcription:

Privacy Notice - Stora Enso s Supplier and Stakeholder Register Date 29.1.2018 1 Purpose Purpose of this privacy notice is to provide the persons communicating with Stora Enso in the role of a supplier or other external stakeholder information about processing of their personal data. This Privacy Notices gives a general understanding of such personal data processing. However, the individual situations in which personal data is being processed may vary. Thus, all of the information provided in this privacy notice may not be applicable to each different data processing situation. If you want more detailed information in relation to how specifically your personal data is being processed, you should contact your own principal contact person in Stora Enso or use the contact information provided in section 2 of this Privacy Notice. 2 Controller In respect of each data subject s personal data, the controller is regarded to be the Stora Enso group company which has a contractual relationship or other co-operation relationship with the organisation the data subject is representing. To certain extent, Stora Enso group companies are sharing data systems. In these cases the technical provision of the data systems is managed centrally by Stora Enso Oyj. Thus the personal data recordied in these systems is controlled jointly by Stora Enso Oyj and each individual group company processing personal data in such systems. For the avoidance of doubt, in this privacy notice Stora Enso shall refer to the company acting as the data controller in each individual case, or in case of global data systems, Stora Enso Oyj and the applicable local group company together. Regardless of the applicable data controller in each situation, the data subjects can always use their rights by contacting their own principal or Stora Enso Oyj: Address Tietosuoja-asiat/Stora Enso Palvelutie 24, 55800 Imatra, Finland E-mail data.privacy@storaenso.com Phone +358 2046 111 3 Name of the File 4 Lawfulness of Stora Enso s Supplier and Stakeholder Register The grounds for processing of the personal data is usually either (i) fulfilment of an agreement concluded between Stora Enso group company and the data subject or an organisation the data subject is representing; or (ii) the legitimate interest of the data controllers. Such legitimate interests consist of managing and developing Stora Enso s business and communications to both Stora Enso s business partners and external parties (e.g. public). In certain cases Stora Enso collects and processes personal data in order to fulfil statutory obligations. Such situation include compliance matters e.g. anti-money laundering and counter terrorism regulation, market abuse regulation and auditing. In limited cases (usually where required by the local laws), Stora Enso may need to request consent for certain specific data collection or processing. Such consent can be at any time

cancelled by the data subject by using technological means or contacting Stora Enso in accordance with section 14. Providing certain personal data to Stora Enso is necessary in order for Stora Enso to be able to conclude an agreement with you or the organisation you are representing. If you refuse to give this personal data to Stora Enso, we may not be able to establish or continue the business relationship. 5 Purposes of 6 Content of the Register Maintaining supplier and stakeholder register is necessary to enable fulfilment of contracts, organising of Stora Enso s business functions, delivery management, co-operation and business relationship management as well as public communications. The supplier and stakeholder data can also be used for marketing of Stora Enso s products and services, and for other communications. Stora Enso may use the personal data aggregated through supplier and stakeholder communications and other interactions for evaluating needs for business enhancement as well as for improvement of Stora Enso s products and services. In certain cases Stora Enso has a legal requirement to collect certain information of its suppliers and other stakeholders. In these cases personal data is used for fulfilment of these respective obligations. Stora Enso may also be required to collect certain information in order to be able to verify compliance with EU and international competition law requiements. Certain data processing activities have been outsourced to carefully selected third party service provides to support Stora Enso s internal operations. In many cases the suppliers and other stakeholders are legal entities and not natural persons. However, in order to establish and maintain a supply relationship or other cooperation relationship, processing of the personal data of the natural persons representing and working for these companies and other legal entities is inevitable. Also private forest owners are included in Stora Enso s supplier and stakeholder register. The personal data Stora Enso may collect and processes within the register includes the following personal data categories: 1) Contact information, including name, job title/other role, e-mail address, phone number, preferred contact language and possible other necessary information to enable efficient and timely contacting and communication 2) Other necessary identification data such as ID number, date of birth, passport number 3) Additional info needed to efficiently manage the deliveries 4) Private forest owner s bank account number and tax information 5) Contact information belonging to a company s/organisation s representative 6) Information collected in relation to procurement and other co-operation projects, opportunities, meetings, and other ongoing or planned projects 7) Historical information of prior contacts and co-operation, e.g., meeting history, event participation history, communications history, project and co-operation history as well as history of information of unrealised projects 8) Marketing and communications information, e.g., campaign and other communications material delivery history 9) Information if the data subject does not want to receive marketing messages or other communications 10) Feedback and interview records as well as compliance breach notices received from the data subjects 2 (5)

11) Event related information, such as rsvp data, diet related information and attendance confirmation 12) Sanctions screening data (as required and allowed by national laws) 13) Insider lists, including time of acknowledgement (of when the person first time received respective insider information) 14) Location data collected from customer s mobile devices or otherwise, however after taking care of necessary directions, receiving a request or data subject s consent for this, as required by the applicable laws. The register may also contain some other similar and relevant contact/business information for the purposes of managing deliveries and co-operation relationship as de-scribed in section 5. Stora Enso does not collect data relating to sex life or sexual orientation, race, disability, ethnic or social origin, genetic or other biometric features, religion or belief, political or economic or societal opinion (notwithstanding situations where such information is related to the persons societal or economic public role and the information can be regarded as made public by the respective individual himself/herself) or membership of a national minority, unless this is required by law or necessary in order to fulfil a legal obligation Stora Enso is subject to. Furthermore, Stora Enso does not intentionally collect data relating to data subject s health, however in some rare cases such information may be inferred from the diet information a person has given in connection with an event registration. Furthermore, Stora Enso takes into account applicable local legislation when collecting personal data and ensures that personal data is always limited to information necessary for the said purposes as described in section 5. 7 Regular sources of Information 8 Retention 9 Regular Disclosure 10 Transfers In most cases personal data is collected from the data subject s themselves or aggregated through the communications and other co-operation Stora Enso has with the data subject. Another typical source of information are the companies and other legal entities the data subject s represent as well as the web pages of these entities. Stora Enso may collect personal data also from other reliable public sources or third parties, such as the trade register. Stora Enso manages the personal data within the supplier and stakeholder register and regularly deletes and corrects unnecessary and outdated data when the supplier relationship or other communications between the data subject and Stora Enso are active. After the relationship between the data subject and Stora Enso becomes passive, Stora Enso retains the personal data for pre-defined time periods. These time periods have been defined based on Stora Enso s genuine needs and the legislative requirements Stora Enso is subject to. As a ground rule, personal data that is not subject to any statutory retention requirements shall be deleted from the Supplier and Stakeholder Register after 5 years of passive retention, when the supply or other relationship between Stora Enso and the data subject has ended. For more information regarding the retention times, please contact Stora Enso s Privacy Manager in accordance with section 14. data from the supplier and stakeholder registers is disclosed to Stora Enso s auditors, insurance companies and different governmental authorities/agencies (or similar) for the purposes of their regulatory tasks. data may be also disclosed to other companies within Stora Enso company group for purposes compatible with the processing purposes defined in Section 6 of this Privacy Notice. Some of the entities who receive personal data from Stora Enso or to whom Stora Enso has outsourced personal data processing functions are located outside of European Union and/or European Economic Area. In such situations, the data controller ensures that sufficient level of data protection is maintained with appropriate safeguards, e.g. by signing EU Commission s model clauses with the party receiving the data. Stora Enso group s 3 (5)

from EU/EEA 11 Security 12 Subject s Right to Object 13 Subject s Other Rights internal data transfers are governed with a contractual framework based on the EU Commission s model clauses. For more information regarding personal data transfers, please contact Stora Enso in accordance with section 14. Stora Enso s IT systems are protected against unauthorised access with various data protection functions. Each user has a personal user ID and password for entering the systems and access to personal data is granted only to such persons who need the access in order to fulfil the tasks and duties relating to their role within Stora Enso. Stora Enso and the ICT service providers of Stora Enso are monitoring the safety and integrity of the ICT environment and have implemented technical measures to prevent and detect any safety breaches that may threaten the personal data. The integrity of personal data is also ensured when transferring or disclosing the data. Applied safety measures vary based on the sensitivity of the data and may include e.g. strong identification of the recipient and encryption of the transferred information. Manual data shall always be stored in locked-up premises. Such data may be processed only by such persons who have a justified reason for such processing as a part of his/her duties. On grounds relating to his/her particular situation, data subject residing within European Union is entitled to object processing of personal data concerning him/her, provided that the processing is based on the data controller s legitimate interest. subject may send his/her request to restrict the processing in accordance with section 14 of this privacy notice. In this request, the data subject shall define the particular situation based on which data subject is objecting the data processing. Stora Enso may decline the request on statutory grounds. The following data subject s rights are primarily enforced in data processing operations taking place within European Union. In case data processing takes place outside EU, Stora Enso will consider on a case by case basis and after reviewing the local data privacy laws, whether it will fulfil the data subject s request. Access to information subject is entitled to obtain information of the personal data concerning him/her which Stora Enso is processing and obtain a copy of such personal data. We kindly ask the data subjects to use the template provided at the end of this privacy notice for such request. The request may be then presented to Stora Enso in accordance with section 14 of this privacy notice. Right to rectification, erasure and restriction subject is entitled to have any such personal data that is inaccurate, outdated, unnecessary or contrary to the purposes of data processing corrected or erased. Requests concerning rectification and erasure may be presented in accordance with the instructions in section 14 of this privacy notice. subject is also entitled to have the data controller to restrict processing of the data subject s personal data for example when data subject is waiting for the data controller s answer to data subject s access or erasure request. Portability Private forest owner is entitled to receive an electronic copy of the personal data that has been collected directly from him/her for the purposes of performance of the contract made between the forest owner and Stora Enso. Furthermore, the data may be transmitted directly to another data controller on the forest owner s request, if this is technically feasible. Right to lodge a complaint 4 (5)

If the data controller does not follow the applicable data protection regulation, a data subject is entitled to lodge a complaint with competent data protection authority. 14 Contacting the Controller In all questions and matters relating to personal data processing or rights of the data subject, data subjects should contact the data controller. subjects may use their rights by sending e-mail to data.privacy@storaenso.com. As a general rule, Stora Enso does not charge the data subject for using his/her rights presented in Sections 12 and 13. However, Stora Enso may, at its sole discretion, (a) refuse to fulfil; or (b) charge a reasonable fee for fulfilling of several similar consecutive requests or requests that are manifestly unfounded or excessive. Stora Enso is also entitled to decline requests on statutory grounds. Stora Enso shall inform the data subject of such decline including the grounds for the decline. 5 (5)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback