This is a privacy notice in accordance with the European Union’s General Data Protection Regulation (EU 2016/679). This Privacy Policy describes the processing of personal data collected through the KiertoaSuomesta.fi and circularfinland.fi online services and the rights of the data subject. KiertoaSuomesta.fi is a digital marketplace promoting the circular economy.
The personal data of a natural person using the online service will be processed in accordance with this Privacy Policy. The Central Union of Agricultural Producers and Forestry Producers (MTK) is the data controller responsible for the processing of data. We respect the privacy of our users and are committed to protecting personal data in accordance with applicable legislation. The KiertoaSuomesta.fi web service will be developed in stages. Initially, the service will not collect or process all the information described in this Privacy Policy.
Controller
The Federation of Finnish Agricultural Producers MTK ry. Simonkatu 6, 00101 Helsinki Business ID 0215194-5 Riina Kärki e-mail: etunimi.sukunimi@mtk.fi Data Protection Officer: tietosuojavastaava(at)mtk.fi
Purpose and grounds for processing personal data
Personal data is collected and processed in order to provide the service in accordance with the contract with the data subject.
In addition, personal data is collected and processed on the basis of our legitimate interest to monitor the use of services, respond to requests for contact, newsletter subscriptions and event registrations, conduct research and development with partners, plan or develop business or other activities, and provide personalised customer service for marketing, opinion and market research and services. We believe that these purposes are necessary for our business and therefore in our legitimate interest. Taking into account the purposes of the processing, the nature of the data processed and the information provided to the data subject, we consider that the processing does not violate the fundamental rights or freedoms of the data subject. The data subject may object to the processing in the ways described below if he or she wishes to do so.
Direct-to-consumer electronic marketing and the setting of non-voluntary cookies, as well as some surveys, are also based on the consent of the data subject.
The data is also used to fulfil obligations under legislation and government regulations and guidelines, such as user identification, risk management and security, and to prevent and investigate misuse. This processing is based on our legitimate interests or legal obligations.
Data content of the register and data sources
- contact information, such as name, address, telephone number, email address, provided by the user or personally identifiable information on online services.
- registration information required for the digital account, such as username, username, password and any other unique identifier.
- Language
- customer relationship information, such as notification data, customer feedback and contacts
- profiling and interest data provided by the user
- authorisations and consents
- information provided in response to surveys and inquiries
- information provided through a request for contact, such as name, name of the organisation represented and contact details such as telephone number or email address
- information provided when subscribing to the newsletter, such as your e-mail address, name and municipality of residence
- personal data stored when registering for an event, such as name and contact details such as telephone number and/or email address
- other data collected with the user’s consent
In addition, we use cookies on the Service and process the information collected through them as described in more detail below.
Cookies and other technical tracking
We and our selected partners store information, such as cookies and device identifiers, on the user’s terminal device and use the information for the purposes presented to the user. Cookies and other similar technologies can be used to collect information about how and when the online services are used, so that the services can be further developed to make them more user-friendly.
A cookie is a file that is stored in the user’s browser. Among other things, technologies based on the use of cookies allow users to avoid having to re-enter their usernames and passwords every time they want to. The cookie file contains an anonymous identifier that is used to identify the browser and track the use of services. Cookies may remain on the user’s terminal device until they are deleted. There are also session cookies, which expire at the end of the user’s visit (i.e. session).
The so-called first-party cookies are mainly set by the website displayed in the address bar. In addition to these, our services may use cookies from so-called third-party providers, such as measurement service providers. Below are examples of our partners:
- Google Analytics: we use Google Analytics, a web analytics service provided by Google Inc., to help us analyse the use of our websites and to improve our websites to better serve our users. The information stored in the cookies used by Google’s tools is sent to Google for further storage on servers around the world. As a result, this information may be processed on servers located in countries other than the country where you live. Google uses this information to evaluate your browsing habits and to compile aggregate reports on website activity. In addition, Google will compile reports on the services provided in connection with the websites and produce statistics on internet usage. Google may also transfer data to third parties where required to do so by law, or where such third parties process the data on Google’s behalf. Read more: https://policies.google.com/privacy?hl=fi
- Google Ads: we may use Google’s remarketing cookies. This allows us to display targeted banner ads to website visitors when they browse other websites. With remarketing cookies, we can control settings so that visitors are not overwhelmed by our ads.
- YouTube: we may embed YouTube videos on certain pages of our website. YouTube (owned by Google) sets certain cookies when a visitor clicks the YouTube button on a video player.
- Social media: the website may contain links and connections to third party websites and so-called social media plugins (e.g. Facebook, Twitter, Instagram, LinkedIn). The use of social media plug-ins may send identifiable information to these social media service providers. By opening a social media plug-in, you may allow cookies from third-party websites to be stored on your computer, allowing their administrators to track your use of the page if you are logged in to that provider’s social media. These third-party services on these sites and services or third-party mediated applications are subject to the third party’s privacy, terms of use and other terms and conditions.
Necessary cookies enable various functionalities, such as different site-specific settings. These essential cookies are always enabled, unless the user disables cookies through the browser settings. Other, so-called non-essential cookies are set with the user’s consent. For details of the non-essential cookies in use at any given time, please refer to the cookie settings of the web service. The user may change his/her cookie preferences, including withdrawing his/her consent, at any time.
Rights of the data subject
The collection and processing of data can often be influenced in different ways:
- Inspection, correction and deletion of data: the data subject has the right to inspect the personal data stored about him or her. At the request of the data subject, we will correct, delete or complete personal data which are inaccurate, unnecessary, incomplete or out of date for the purposes of the processing.
- Transfer of data from one system to another: the data subject may have the personal data he or she has provided transferred to him or herself or to another controller by contacting the address given at the beginning of this Privacy Policy. However, this is provided that the data concerned are those which the data subject has provided and are processed automatically on the basis of consent or a contract.
- Right to opt-out of direct marketing: the data subject may at any time object to the disclosure and processing of their data for direct marketing purposes by clicking on the link at the end of the electronic direct marketing message or by contacting us at the address given at the beginning of this Privacy Policy.
- Right to object and restriction of processing: the data subject may object on grounds relating to his or her personal situation to processing based on legitimate interests. For example, in such a situation, processing will be restricted for the time necessary to assess the grounds for objection. Processing may also be limited, for example, where the data subject contests the accuracy of the personal data, in which case processing is limited for a period of time during which we can verify the accuracy of the data.
- Withdrawal of consent: the data subject may withdraw his or her consent at any time by contacting the address at the beginning of this Privacy Policy or by any other means specifically provided. Withdrawal of consent does not affect processing carried out, for example, to comply with legal obligations.
- Right to lodge a complaint: the data subject has the right to lodge a complaint with a public authority if he or she considers that his or her data have been processed in breach of this Privacy Policy and the applicable legislation. The contact details of the Data Protection Ombudsman can be found at the end of this privacy statement.
Disclosures and transfers of data
We may disclose the data subject’s personal data to third parties in the following cases, among others:
- Authorities: we may disclose personal data as required by competent authorities or other bodies, in accordance with the applicable law.
- Research: we may disclose information for scientific or historical research, direct marketing, opinion polls and market research, unless the data subject has not consented.
- Legal claims: we may disclose personal data to third parties if we believe it is necessary for the performance of a contract, the investigation of possible infringements or the establishment, exercise or defence of legal claims.
- Consent: we may disclose the data subject’s data to other third parties if the data subject has given his or her consent.
We use subcontractors to process your data, whereby we have contractual arrangements in place to ensure that the data is processed in accordance with applicable law and this Privacy Policy. Subcontractors process the data for our purposes and are not allowed to process the data for their own purposes.
As a general rule, we do not transfer data outside the EU or EEA. If, exceptionally, we allow access to data from outside the EU or EEA, we will ensure an adequate level of protection of personal data by agreeing on confidentiality and processing issues as required by law, for example by using standard contractual clauses adopted by the European Commission.
Data retention period
We will keep your data for at least the duration of the customer relationship or newsletter subscription. After the end of the relationship or subscription, the retention period depends on the data and its purpose. For example:
- For marketing purposes, data is typically kept as long as the individual has not opted out of receiving marketing communications and the data is not otherwise out of date. If an individual opt-out of marketing, we will retain information about the opt-out and contact details to ensure compliance with the opt-out.
- In order to compile surveys, statistics and reports, we minimise the data so that the data subject is no longer personally identifiable.
- In order to comply with legal obligations, we keep the data for the period specified by law.
The data subject can also influence the period of data retention through the empowerment described in this Privacy Policy.
Data security and principles of register protection
The information we receive through traffic monitoring on our websites is protected by a TLS encrypted HTTPS connection. The data received through Google Analytics is stored and processed by Google Analytics. Login credentials are required to access the Google Analytics account linked to the websites, and only a very limited number of the controller’s staff and other potential processors of personal data have the required login credentials.
Our websites use a TLS-encrypted HTTPS connection, which means that all personal data is protected electronically. In your browser, you will notice this by the green lock on the left side of the address bar. Where data is in manual format, it is stored in a locked area and destroyed in a secure manner.
We use appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, destruction or other unlawful forms of disclosure.
against the treatment of. Access to the register is limited to specified persons who need the data for their tasks. Persons who process personal data are bound by the obligation of professional secrecy. The data are collected in databases which require a user name and password and are technically protected by a firewall.
If personal data is in manual form, it is stored in locked premises and is destroyed in a secure manner when it is no longer needed.
Amendments to the Privacy Statement
We are constantly evolving and therefore reserve the right to change this Privacy Policy by notifying you on our website. Changes may also be based on changes in legislation. We invite data subjects to consult the contents of this Privacy Policy on a regular basis.
Contact
Office of the Data Protection Ombudsman Email: tietosuoja(at)om.fi www.tietosuoja.fi
Any enquiries relating to this Privacy Statement can be sent to the person named at the beginning of this Privacy Statement.