Privacy statement of the company’s customer and supplier register

Controller

Premico Group Oy
Eteläesplanadi 20, FI-00130 Helsink
i
info@premico.fi
(hereinafter “we” or “Premico”)

Contact person for register matters

Premico Group Oy / register matters, Essi Stolt
Eteläesplanadi 20, FI-00130 Helsinki
+358 44 746 8779
essi.stolt@premico.fi

Name of data register

CUSTOMER AND SUPPLIER REGISTER

What is the purpose and legal grounds for processing personal data?

Legitimate grounds for collection and processing of personal data can be customer care, fulfilment of agreements or statutory obligations, and implementation of the legitimate interests of Premico or a third party. Personal data can also be processed for marketing, sales, communication or recruitment purposes, or with the consent of the person to whom the data belongs.

What data is processed?

In connection with the customer account, we process the following kinds of customer data or other registered personal data:

  • Contact details, including name, email address, postal address, telephone number
  • Task-related information, such as task description, job title, area of responsibility
  • The employer’s contact information and background information
  • Event information, such as participation registration
  • Contact information for customer service and sales
  • The usage data of a company’s website(s) and services, such as time of use, pages visited and duration of the visits
  • Data on marketing messages, and how they are sent, open and clicked on
  • Ordering and download information for guides and other materials
  • Cookies
  • Lead points that describe subjects of interest and content usage activity
  • Separately identified consent or permission for personal data processing

Without the necessary personal data, we cannot provide our services or maintain our relationships with customers or partners or other cooperative relationships.

Where do we get personal data from?

We collect personal data from the data subjects themselves, for example through website visits, phone calls, emails, social media, logins to digital services, and visits in person. If persons do not provide the personal data requested in order to enable their use of the services, we will be unable to fulfil that service without the consent of the person in question.

In some cases, it is necessary to collect personal data on the basis of our customer relationship from someone other than the person themselves, for example from the person’s employer or from a public source. Such collection of personal data may be needed by Premico or a third party, e.g. the data subject’s employer, in order for Premico or the third party in question to fulfil their statutory obligations or to provide their services.

In addition, personal data may also, on the basis of the applicable laws, be collected and updated for the purposes described in this privacy statement from publicly available sources, from information received from authorities, or from other third parties. Such updating of data is carried out manually or automatically.

Automatic collection of personal data and cookies

We track visitor visits to our websites, and we automatically collect non-identifying statistics on the use of our online services. Some of this information is collected through the use of cookies. A cookie is a small text file that is sent to and stored on a user’s computer, enabling the website administrator to identify frequently visitors to the site, to facilitate logging in to the site, and to enable visitor data to be combined. A cookie is not a programme, and cannot contain or spread viruses or other malware. We use cookies to provide our customers with information and services tailored to their individual needs. This feedback enables us to continually improve the content of our pages.

The primary purpose of using cookies is to improve and customise visitor experiences on the site, and to analyse and improve site functionality and content. Data collected through cookies can also be used for targeting communication and marketing, and for optimising marketing measures. Visitors cannot be identified by cookies alone. However, information provided through cookies can, if necessary, be linked with any information that may be obtained from other users, for example when filling out a form on our website.

We automatically record the following data on visitors to our website:

  • IP address and email server
  • geographical details
  • login time
  • browser type and language
  • operating system
  • screen resolution
  • last site visited before our site

We also collect data on how actively each visitor uses our site, for example on the pages visited, the keywords used, and whether the visitor’s device or browser has visited our site before. The data collected by cookies is stored on servers in the EU/EEA.

Premico uses services provided by Google Analytics. The service generates anonymous statistics on our users and processes cookie data in order to help us identify the number of visits, the number of users, the browsers visitors use, and the country, city, town or region from which a given visitor is using our website.Read more about Google Analytics:.

To whom and where is date disclosed and transferred outside the EU or EEA?

Premico may, if necessary, transfer personal data collected through its websites and services to its parent company, Premico Group Oy, or to subsidiaries of this group, and/or to associated companies belonging to the same group, or to sub-consultants or subcontractors of subsidiaries of the same group, or to other contractual partners, in situations where this is required for fulfilment of the relevant contractual obligations or other processing criteria.

Personal data transfers to customers, suppliers and other external parties are agreed in accordance with the terms of the European Union’s General Data Protection Regulation 2016/679 (GDPR) for processing of personal data. Transfers of personal data to countries outside the EU/EEA require appropriate safeguards to be put in place and compliance with the applicable data protection legislation, such as the use of standard contractual clauses from the European Union, or the EU–US Privacy Shield, and compliance with the obligations of data protection legislation. Premico does not hand over or disclose personal data to any parties other than those mentioned above, unless there is some compelling reason for doing so based on applicable legislation.

We use the services of subcontractors to process personal data on our behalf. We have outsourced IT administration to an outside service provider that manages and stores the personal data in protected servers.

How do we protect personal data, and how long do we keep it for?

We implement and maintain appropriate technical and organisational protection measures to protect personal data from unauthorised or unlawful destruction, loss, damage, alteration, unauthorised disclosure, misuse, or other unlawful processing.

Our privacy policy covers locking and other physical security measures and security procedures. Our privacy policy also covers access control (e.g. usernames, firewalls and digital encryption technologies), login entries, measures to deter and deal with viruses and other malicious software, denial-of-service attacks, and other security measures.

Personal data is confidential, and the right to access it is restricted to persons who need access to it in order to carry out their work duties. We store personal data in identifiable form only for as long as it is considered necessary and/or the data subject demands that their personal data be removed from the system. When the personal data is no longer needed for the purpose in question, or at the request of the data subject, we will delete the personal data unless applicable legislation requires us to retain personal data for a lawful purpose. We regularly reassess the need for storing data based on the applicable legislation. In addition, we take reasonable measures to ensure that the register does not contain information the data subject that is incompatible, obsolete or incorrect with respect to the purposes for which the data is processed. We will rectify or destroy any such information without delay.

What are your rights as a data subject?

As a data subject, you have the right to inspect the data relating to you that is stored in the personal data register, and you have the right to demand correction or destruction of incorrect information if you have legal grounds for doing so. You also have the right to withdraw or modify your consent.

Under the GDPR, which comes into force on 25 May 2018, every data subject has the right to object to or request the restriction of processing of their own personal, and to file a complaint against the processing of their personal data with the supervisory authority.

For specific personal reasons, data subjects also have the right to object to profiling and other processing actions affecting him or her, insofar as the processing of the data in question is based on our customer relationship with the data subject. In connection with your request, you will need to specify the particular situation on which your objection to the processing of your personal data is based. We can refuse to apply to comply with your request only if there are legal grounds for doing so.

Who can I contact in this regard?

All contacts and requests concerning this report must be made in writing or in person to the designated contact person specified above. According to the GDPR, every person has the right to check what information about them is stored in a data register. These requests for inspection cannot be made by telephone – they must be made in writing and signed by the data subject himself or herself. Written request for inspection should be sent to the address Premico Group Oy / register matters, Eteläesplanadi 20, FI-00130 Helsinki. When submitting a request to inspect your personal data, please indicate your name, address and personal identity code, and the scope of your request, i.e. whether you want to check for a particular item of personal data, or all the personal data, or data for a specific period of time.

Changes to the privacy statement

If we make changes to this data statement, they will be made visible in the statement, with the date of the changes specified. If the changes are significant, we can also inform you of these in some other way, such as by email or by posting a notice on our website. We recommend that you regularly visit our website and take note of any changes we may make to the privacy statement.