Privacy Notice - Stora Enso s Customer and Sales Register. 1 Controller

Similar documents
Privacy Notice - Stora Enso s Supplier and Stakeholder Register. 1 Purpose

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Rights of Individuals under the General Data Protection Regulation

PRIVACY POLICY OF THE WEB SITE

Cognizant Careers Portal Privacy Policy ( Policy )

Islam21c.com Data Protection and Privacy Policy

1 About GfK and the Survey What are personal data? Use of personal data How we share personal data... 3

Online Ad-hoc Privacy Notice

Jefferies EMEA Privacy Notice

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

RECRUITMENT DATA PROTECTION NOTICE. AImotive Ltd.

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

What personal data or information do we collect? The personal information we collect may include:

Creative Funding Solutions Limited Data Protection Policy

GLOBAL DATA PROTECTION POLICY

PRIVACY POLICY SECTION 1 CONTACTS

KSi Malta Privacy Policy

SCALA FUND ADVISORY PRIVACY POLICY

Personal Data collected for the following purposes and using the following services:

PRIVACY NOTICE Olenex Sarl

WE ARE COMMITTED TO PROTECTING YOUR PERSONAL DATA

Technical Requirements of the GDPR

Subject: Kier Group plc Data Protection Policy

INFORMATIVE NOTICE ON PERSONAL DATA PROCESSING

Legal basis of processing. Place MODE AND PLACE OF PROCESSING THE DATA

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

CEM Benchmarking Privacy Policy

GLOBAL DATA PROTECTION POLICY

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

Talenom Plc. Description of Data Protection and Descriptions of Registers

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Privacy Policy of

Data Protection Policy

The Park Hotel Privacy Statement

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

PRIVACY POLICY PRIVACY POLICY

Vistra International Expansion Limited PRIVACY NOTICE

Name: Aho Terhi Title: ecommerce Manager. Phone: terhi.aho(at)finavia.fi Name: Närvänen Carita Title: Development Manager

Wonde may collect personal information directly from You when You:

Privacy Policy. Full name and contact details (including your contact number, and postal address).

Data processing policy

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

the processing of personal data relating to him or her.

Personal Data Privacy Policy Updatedt: December 2018

DISCLOSURE PURSUANT TO ART. 13 EU REGULATION No. 2016/679 (GDPR) Customers and prospects

Privacy Statement for Use of the Certification Service of Swisscom (sales name: "All-in Signing Service")

PS Mailing Services Ltd Data Protection Policy May 2018

PRIVACY POLICY. Valid as of

POMONA EUROPE ADVISORS LIMITED

UM General Privacy Statement

GDPR Data Protection Policy

1. Data Controller Metsäliitto Cooperative ( Metsä Wood ) registered address of the head office at Revontulenpuisto 2, Espoo, Finland

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

General website Privacy

Privacy Policy. Company registry number: Budapest, Gönczy Pál utca em. Homepage: contact: Phone:

INNOVENT LEASING LIMITED. Privacy Notice

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

Privacy Policy CARGOWAYS Logistik & Transport GmbH

PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS

You can find a brief summary of this Privacy Policy in the chart below.

UWTSD Group Data Protection Policy

Motorola Mobility Binding Corporate Rules (BCRs)

Haaga-Helia University of Applied Sciences Privacy Notice for Urkund Plagiarism Detection Software

PRIVACY POLICY. Introduction:

All data subjects whose personal data is collected, in line with the requirements of the GDPR.

Wesley House data protection statement and privacy notice (short-course delegates)

Please note that throughout this Privacy Statement the word "website" refers to any web page hosted under the walkersglobal.com domain.

It is the policy of DMNS Networks PTE LTD (the Company ) to protect the privacy of the users of our Website and Services.

Website and Marketing Privacy Policy

Privacy Notice. General Information Protection Regulation ( GDPR )

Data Protection Policy

This Privacy Policy governs our processing of all personal data provided to us at Environmental Essentials in relation to our E-learning services.

Element Finance Solutions Ltd Data Protection Policy

PRIVACY POLICY. 1. Introduction

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

Data Processor Agreement

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

Kährs Group s Privacy Policy

If you have any questions about this notice, please contact the Head Master.

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018

GDPR Privacy Policy. The data protection policy of AlphaMed Press is based on the terms found in the GDPR.

EU GDPR: The General Data Protection Regulation

PRIVACY NOTICE (TIER 4)

UWC International Data Protection Policy

Data Processing Agreement DPA

NEWSLETTER DATA PROTECTION NOTICE. AImotive Ltd.

At Oatly we believe in the importance of protecting personal information and an individual s right to privacy and integrity.

NIPPON VALUE INVESTORS DATA PROTECTION POLICY

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us.

Privacy Policy GENERAL

Data Protection Privacy Notice

Data Protection Policy

Plus500UK Limited. Website and Platform Privacy Policy

Privacy and Cookies Policy EH Hotel 2018 Ltd

Data security statement Volunteers

DLB Privacy Policy. Why we require your information

VISTRA (CYPRUS) LTD. PRIVACY NOTICE

Transcription:

Privacy Notice - Stora Enso s Customer and Sales Register Date 29.1.2018 1 2 Purpose of this privacy notice is to provide the persons communicating with Stora Enso or otherwise registered in Stora Enso s personal data register in the role of a customer or potential customer about processing of their personal data. This Privacy Notices gives a general understanding of such personal data processing. However, the individual situations in which personal data is being processed may vary. Thus, all of the information provided in this privacy notice may not be applicable to each different data processing situation. If you want more detailed information in relation to how specifically your personal data is being processed, you should contact your own principal contact person in Stora Enso or use the contact information provided in section 2 of this Privacy Notice. In respect of each data subject s personal data, the controller is regarded to be the Stora Enso group company which has a contractual relationship or other co-operation relationship with the data subject or the organisation the data subject is representing. To certain extent, Stora Enso group companies are sharing data systems. In these cases the technical provision of the data systems is managed centrally by Stora Enso Oyj. Thus the personal data recordied in these systems is controlled jointly by Stora Enso Oyj and each individual group company processing personal data in such systems. For the avoidance of doubt, in this privacy notice Stora Enso shall refer to the company acting as the data controller in each individual case, or in case of global data systems, Stora Enso Oyj and the applicable local group company together. Regardless of the applicable data controller in each situation, the data subjects can always use their rights by contacting their own principal or Stora Enso Oyj: Address Tietosuoja-asiat/Stora Enso Palvelutie 24, 55800 Imatra, Finland E-mail data.privacy@storaenso.com Phone Stora Enso Kanavaranta 1 P.O. Box 309 FI-00101 Helsinki, Finland Tel: + 358 20 46 131 www.storaenso.com Legal information Business ID 1039050-8 VAT No FI 10390508

+358 2046 111 3 Name of the File 4 Lawfulness of 5 Purposes of 6 Content of the Register Stora Enso s Customer and Sales Register The grounds for processing of the personal data is either fulfilment of an agreement concluded between Stora Enso group company and an organisation the data subject is representing or the legitimate interest of the data controllers. Such legitimate interests consist of managing and developing Stora Enso s customer relationships, business functions and communications. In certain cases Stora Enso has a legal requirement to collect certain information of its customers. These situations relate e.g. to anti-money laundering and counter terrorism regulation, market abuse regulation and auditing. In limited cases (usually where required by the local laws), Stora Enso may need to request consent for certain specific data collection or processing. Such consent can be at any time cancelled by the data subject by using technological means or contacting Stora Enso in accordance with section 14. Providing certain personal data to Stora Enso is necessary in order for Stora Enso to be able to conclude an agreement with you or the organisation you are representing. If you refuse to give this personal data to Stora Enso, we may not be able to establish or continue the business relationship. Maintaining customer and sales register is necessary for Stora Enso to enable efficient and customer-oriented marketing, sales activities and delivery management as well as to establish and maintain good customer relationships. Customer and sales register is used also for more general communications purposes that do not directly relate to sales promotion. Stora Enso may use customer related personal data also to improve customer experience and to develop services by analysing the customer s interests. aggregated through customer communications and other customer interactions may be used to evaluate needs for customer satisfaction and sales interest related actions. This may include targeting of marketing, satisfaction surveys and as well as sales related communications. Certain data processing activities have been outsourced to carefully selected third party service provides to support Stora Enso s internal operations. In many cases the customers of Stora Enso group are legal entities and not natural persons. However, in order to establish and maintain a customer relationship, processing of the personal data of the natural persons representing and working for the customer companies and other legal entities is inevitable. Stora Enso may also collect personal data of prospective customer s representatives. Persons may be included in Stora Enso s customer and sales register in their private capacity when the business or other relationship (e.g. subscription to Stora Enso s newsletters and other communication materials and reports) is formed directly between the individual and Stora Enso. The personal data Stora Enso may collect and processes within the register includes the following personal data categories: 1) Contact information, including name, job title, e-mail address, phone number, and preferred contact language 2) Other necessary identification data such as ID number, birthdate, passport number 3) Contact information belonging to company s/organisation s representative 2 (5)

4) Additional info needed to efficiently manage the business contact, such as interests and activities, birthday, time zone, etc. 5) Marketing and communications information, e.g., campaign and other communications material delivery history, former topics the person has been interested in 6) Information if the data subject does not want to receive marketing messages or other communications 7) Information relating to the sales projects, opportunities, customer visits and lead sources the data subject is connected with as well as other project data and historical project information (including successful and un-successful projects) 8) Customer feedback and interview records as well as compliance breach notices received from customers 9) Event related information, such as rsvp data, diet related information and attendance confirmation 10) Sanctions screening data (as required and allowed by national laws) 11) Location data collected from customer s mobile devices or otherwise, however after taking care of necessary directions, receiving a request or data subject s consent for this, as required by the applicable laws. The register may also contain some other similar and relevant contact/business information for the purposes of managing customer relationship as described in section 5. Stora Enso does not collect data relating to sex life or sexual orientation, race, disability, ethnic or social origin, genetic or other biometric features, religion or belief, political or economic or societal opinion (notwithstanding situations where such information is related to the persons societal or economic public role and the information can be regarded as made public by the respective individual himself/herself) or membership of a national minority, unless this is required by law or necessary in order to fulfil a legal obligation Stora Enso is subject to. Furthermore, Stora Enso does not intentionally collect data relating to data subject s health, however in some rare cases such information may be inferred from the diet information a person has given in connection with an event registration. Furthermore, Stora Enso takes into account applicable local legislation when collecting personal data and ensures that personal data is always limited to information necessary for the said purposes as described in section 5. Thus, e.g. the data collected of a newsletter subscriber differs from the data collected of a long time representative of an established Stora Enso customer. 7 Regular sources of Information 8 Retention In most cases personal data is collected from the data subject s themselves or aggregated through the communications and other co-operation Stora Enso has with the data subject. Another typical source of information are the companies and other legal entities the data subject s represent as well as the web pages of these entities. Stora Enso may collect personal data also from other reliable public sources or third parties, such as the trade register. Stora Enso manages the personal data within the customer and sales register and regularly deletes and corrects unnecessary and outdated data when the customer relationship or other communications between the data subject and Stora Enso are active. After the relationship between the data subject and Stora Enso becomes passive, Stora Enso retains the personal data for pre-defined time periods. These time periods have been defined based on Stora Enso s genuine needs and the legislative requirements Stora Enso is subject to. As a ground rule, personal data that is not subject to any statutory retention requirements shall be deleted from the Customer and Sales Register managed within European Union after 5 years of passive retention, when the customer- or other relationship between Stora Enso 3 (5)

and the data subject has ended. For more information regarding the retention times, please contact Stora Enso s Privacy Manager in accordance with section 14. 9 Regular Disclosure 10 Transfers from EU/EEA 11 Security 12 Subject s Right to Object data from the customer and sales registers is disclosed to Stora Enso s auditors, insurance companies and different governmental authorities/agencies (or similar) for the purposes of their regulatory tasks. data may be also disclosed to other companies within Stora Enso company group for purposes compatible with the processing purposes defined in Section 5 of this Privacy Notice. Some of the entities who receive personal data from Stora Enso or to whom Stora Enso has outsourced personal data processing functions are located outside of European Union and/or European Economic Area. In such situations, the data controller ensures that sufficient level of data protection is maintained with appropriate safeguards, e.g. by signing EU Commission s model clauses with the party receiving the data. Stora Enso group s internal data transfers are governed with a contractual framework based on the EU Commission s model calueses. For more information regarding personal data transfers, please contact Stora Enso in accordance with section 14. Stora Enso s IT systems are protected against unauthorised access with various data protection functions. Each user has a personal user ID and password for entering the systems and access to personal data is granted only to such persons who need the access in order to fulfil the tasks and duties relating to their role within Stora Enso. Stora Enso and the ICT service providers of Stora Enso are monitoring the safety and integrity of the ICT environment and have implemented technical measures to prevent and detect any safety breaches that may threaten the personal data. The integrity of personal data is also ensured when transferring or disclosing the data. Applied safety measures vary based on the sensitivity of the data and may include e.g. strong identification of the recipient and encryption of the transferred information. Manual data shall always be stored in locked-up premises. Such data may be processed only by such persons who have a justified reason for such processing as a part of his/her duties. On grounds relating to his/her particular situation, data subject residing within European Union is entitled to object processing of personal data concerning him/her, provided that the processing is based on the data controller s legitimate interest. subject may send his/her request to restrict the processing in accordance with section 14 of this privacy notice. In this request, the data subject shall define the particular situation based on which data subject is objecting the data processing. Stora Enso may decline the request on statutory grounds. 4 (5)

13 Subject s Other Rights 14 Contacting the The following data subject s rights are primarily enforced in data processing operations taking place within European Union. In case data processing takes place outside EU, Stora Enso will consider on a case by case basis and after reviewing the local data privacy laws, whether it will fulfil the data subject s request. Access to information subject is entitled to obtain information of the personal data concerning him/her which Stora Enso is processing and obtain a copy of such personal data. We kindly ask the data subjects to use the template provided at the end of this privacy notice for such request. The request may be then presented to Stora Enso in accordance with section 14 of this privacy notice. Right to rectification, erasure and restriction subject is entitled to have any such personal data that is inaccurate, outdated, unnecessary or contrary to the purposes of data processing corrected or erased. Requests concerning rectification and erasure may be presented in accordance with the instructions in section 14 of this privacy notice. subject is also entitled to have the data controller to restrict processing of the data subject s personal data for example when data subject is waiting for the data controller s answer to data subject s access or erasure request. Portability Private forest owner is entitled to receive an electronic copy of the personal data that has been collected directly from him/her for the purposes of performance of the contract made between the forest owner and Stora Enso. Furthermore, the data may be transmitted directly to another data controller on the forest owner s request, if this is technically feasible. Right to lodge a complaint If the data controller does not follow the applicable data protection regulation, a data subject is entitled to lodge a complaint with competent data protection authority. In all questions and matters relating to personal data processing or rights of the data subject, data subjects should contact the data controller. subjects may use their rights by sending e-mail to data.privacy@storaenso.com. As a general rule, Stora Enso does not charge the data subject for using his/her rights presented in sections 12 and 13. However, Stora Enso may, at its sole discretion, (a) refuse to fulfil; or (b) charge a reasonable fee for fulfilling of several similar consecutive requests or requests that are manifestly unfounded or excessive. Stora Enso is also entitled to decline requests on statutory grounds. Stora Enso shall inform the data subject of such decline including the grounds for the decline. Change summary Version 1.0 6.4.2018 5 (5)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback