Privacy

Privacy Notice

December 2021

 

1) What is the purpose and scope of this Privacy Notice?

Suominen is committed to protecting the privacy and security of your personal data. This privacy notice explains how we collect and use personal data about you and what rights you have under the applicable laws, particularly under the EU's General Data Protection Regulation (GDPR).

This Privacy Notice applies to the processing of personal data by any Suominen Group company in the EU with respect to: 

  • contact persons and representatives of Suominen's prospective, current and former customers, suppliers and other business partners
  • persons who visit our websites or submit their contact information e.g. to subscribe to our publications, leave an inquiry, request information, fill out a survey, participate in a competition or attend an event
  • other stakeholders who interact with us such as prospective investors or analysts

This Notice does not apply to processing undertaken by a local Suominen entity entirely outside of the EU.

 

2) Who is the data controller?

Data controller, i.e. the legal entity responsible for collection and use of personal data under this Privacy Notice, is Suominen Corporation whose registered address is Karvaamokuja 2 B, 00380 Helsinki, Finland. Our Privacy Team can be contacted via email at data.protection(at)suominencorp.com.

In limited circumstances, other companies of the Suominen Group may also operate as data controllers, either independently or jointly with Suominen Corporation, for their own purposes and under the same principles as defined in this Notice.

 

3) Why do we process your personal data?

The main purposes for processing your data relate to your professional relationship with us and include the following: 

  • delivery or purchase of products and services
  • managing customer, supplier and business partner relations
  • marketing and development of our products and services
  • providing you information you have requested from us
  • facilitating communication between you and us, including customer and supplier feedback and satisfaction surveys
  • improving customer experience and developing our customer insight
  • operating and improving our websites
  • analyzing, profiling, reporting, and statistics for the purposes explained above

 

4) What is the legal basis for processing your data?

We will only process your personal data when the law allows us to. Our legal basis for processing your data is: 

  • the performance of a contract between us and a customer, supplier or another business partner as well as taking steps prior to entering into a contract, e.g. to manage requests for information or quotation;
  • legitimate interest of Suominen based on a business or other relationship, which includes e.g. relationship management and marketing of our products and services;
  • your consent; or
  • compliance with a legal obligation.

5) What kind of personal data do we process about you?

We may process the following information about you for the purposes described above: 

  • Basic information about you, e.g. name, title, your employer or the organization you represent, your industry, as well as contact details such as postal address, phone number and email address
  • Information on the business relationship, e.g. your product and application interests and the use of Suominen's products and services
  • Information relating to your use of our digital services, e.g. registration data for a digital account such as username and password; information about the service use; information collected using cookies and other online technologies, such as type of web browser you use, the device type you use, your web browsing history on our websites, your IP address, links you have clicked in an email or on a website, materials you have downloaded or the websites from which you have arrived at our websites
  • Information related to contacts, meetings and communication, e.g. feedback and contact requests, digital forms, marketing efforts performed, or meetings and events you have participated
  • Profile and analysis data, e.g. marketing segments and profiles derived from the data described above

 

6) What are the sources of your personal data? 

The personal data that we process about you is:

  • given to us by yourself e.g. when using our websites, registering as a user of our services, sending a request for information, filling a form, purchasing, ordering or offering products and services, participating events, or otherwise interacting with us personally, by phone or digitally;
  • given to us by your employer or the organization you represent in connection with the business or other relationship between us and your employer/organization;
  • collected automatically through electronic means, including cookies, e.g. when you engage in an online marketing campaign or use our websites or other digital services; or
  • collected from other legitimate sources, e.g. public and private company and business registers, public authorities, postal operators, public telephone directories, direct marketing and other data brokers, and other similar public and private registers.

 

7) What are cookies?

Cookies are text files that are saved on the hard drive of your device by means of your browser when you visit a Suominen website, enabling us to recognize your browser for purposes such as saving your preferences and directing relevant content to you. These technologies are used to analyze trends, administer and improve the website, enable features on the website, track users' movements around the website and to gather demographic information about our users. We use technology created by third parties to enable such technological features. Most of the currently available browsers give you the option of managing cookies by, for example, disabling them entirely, accepting them individually, and deleting saved cookies from your hard drive. We would like to remind you that if you completely disable cookies on your browser, you might not be able to use some features of the website.

 

8) Who has access to your personal data?

We may share your data with service providers and business partners that operate and process personal data as data processors on our behalf. These data processors may include IT and technology providers hosting and maintaining our data as well as possible market research partners or other professional service providers.

Such service providers are only allowed to process your personal data to the extent necessary for them to provide the service we have requested from them. We require that all our service providers keep the personal data we provide them confidential and adequately secure. They are also required to comply with the applicable data protection laws, our privacy and information security policies, and the relevant service and other agreements.

In limited circumstances, Suominen may also make your personal data available to other third parties when required by law or if we have a legitimate interest to do so.

Additionally, we may disclose and transfer your personal data within the Suominen group of companies to Suominen employees who need access to such information to perform their duties.

 

9) Where is your personal data processed? 

As Suominen is a global group of companies with affiliates and service providers both within and outside the EU, your personal data may be processed, transferred, or made accessible across country borders. If your data is transferred outside of the EU, we rely on adequacy decisions, data transfer agreements, or other EU-approved mechanisms for such transfers.

We contractually require recipients to only use personal data for the intended purpose of the disclosure, and to destroy or return it when it is no longer needed.

Transfers of personal data from within the EU to Suominen affiliates outside of the EU are primarily done on the basis of intra-group agreements, which are based on the EU's standard contractual clauses for export of personal data to third countries.

 

10) How long do we keep your personal data for? 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for or as required by applicable legislation. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data, the time limits on legal claims, and the applicable legal requirements.

 

11) What are your rights, and how can you exercise your rights?

You have certain rights over your personal data, including the following:

  • Information and access: You may request to access your personal data, be provided with supplementary information, and be provided with a copy of your personal data.
  • Rectification: You may request that inaccurate or out-of-date personal data about you be rectified and/or updated.
  • Erasure: You may have the right to have your personal data erased.
  • Restriction: You may have the right to restrict the processing of your personal data. This restriction means that your personal data is only stored by us, and not processed further. This restriction on processing is typically only temporary and may be lifted once we have dealt with your complaint.
  • Objecting to processing: You may have the right to object to specific types of processing. These types are direct marketing, processing for research or statistical purposes, and processing based on legitimate interests. The right to object to processing based on legitimate interests may be subject to demonstration by us of grounds that override your right to object.
  • Data portability: You may have the right to data portability. Data portability means the right to receive personal data about you in a structured, commonly used and machine-readable form so that it may be transferred by you or by us to another company easily.
  • Right not to be subject to decisions based solely automated decision making: You may have the right not to be subject to decisions based solely on automated processing (i.e. without human intervention), if those decisions produce legal effects or significantly affect you. Automated processing is processing of your personal data by automated means.

These rights are not absolute: they do not always apply, and there may be restrictions or exemptions. For example, your right to access data about you may be denied in the case of repeated access requests within a short time interval, or where providing such access could compromise the privacy of another person or unreasonably expose sensitive company information.

If you want to review or verify personal data about you, or to have it corrected or request its erasure, or to restrict or object to the processing of your personal data, or to request that we transfer a copy of such data to another party please submit your request via the contact details provided above in the section "Who is the data controller?".

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the data or to exercise any of your other rights. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

 

12) Withdrawal of consent

In cases where your consent is the legal basis for processing your personal data, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us via the contact details provided above in the section "Who is the data controller?". Once we have received notice that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legal basis for doing so.

 

13) Complaints 

If you are not satisfied with the response you have received or if you feel that we have not dealt correctly with your personal data, you have the right to make a complaint at any time to the relevant data protection regulator, also known as a "supervisory authority." The relevant supervisory authority is likely to be the supervisory authority of the country where you are located or where the alleged infringement took place.

 

14) Changes to this Privacy Notice 

We reserve the right to update this Privacy Notice at any time. The current version can always be found from our website. We recommend that you revisit this Privacy Notice from time to time to review any possible changes.

Privacy Notice for Job Applicants

 

December 2021

 

1) What is the purpose of this Privacy Notice?

Suominen is committed to protecting the privacy and security of your personal data. This Privacy Notice explains how we process personal data about you in our online recruitment system, as well as what rights you have under the applicable laws, particularly under the EU's General Data Protection Regulation (GDPR).

The term "personal data" means any data that directly identifies or can be used indirectly (e.g. in combination with other information) to identify an individual. Possible identifiers include name, address, date of birth, photo, personal identification number, work history, online identifiers (e.g. IP address), etc.

We encourage you to read this Notice carefully so that you are aware of why and how we process personal data about you. The term "processing" is used in this Notice to cover all activities involving personal data, including collecting, handling, updating, storing, deleting, sharing, accessing, using, transferring, and disposing of the data.

By submitting your personal data into our online recruitment system, you consent to our processing of your information in accordance with this Privacy Notice. Without your consent, we will be unable to process your data and your online application.

 

2) What is the scope of this Privacy Notice?

This Privacy Notice applies to the personal data we process about you in our online recruitment system.

 

3) Who is responsible for the processing of your personal data?

Decisions on why and how personal data is processed are made by the data controller, who is also responsible for the lawfulness of the processing and the accuracy and integrity of the data.

The data controller for our online recruitment system is Suominen Corporation, the parent company of the Suominen Group. Our registered address is Karvaamokuja 2 B, 00380 Helsinki, Finland.

 

4) Why do we process your personal data?

We collect your data to identify, evaluate and select candidates for current or future positions at Suominen, and may use your data for purposes relating to recruitment and organizational planning, including for example to set up and conduct interviews and tests, evaluate and assess the results thereof and as is otherwise reasonably necessary in the recruitment processes.

 

5) What is the legal basis for processing your data?

The processing of personal data is based on your consent. You may at any time revoke your consent. As processing of your personal data is necessary part of our recruitment process, revoking your consent may lead to a situation where we cannot proceed the recruitment process with you.

 

6) What kind of personal data do we process about you?

We may process the following information about you: 

  • Name
  • Contact details (such as address, phone number and email address)
  • CV, résumé, cover letter and any information contained therein, such as previous work experience, education, competences and skills

If you intend to provide us with details of a reference or any other third party as part of your CV, résumé or cover letter, it is your responsibility to obtain consent from such third party for providing such data.

Suominen selects the best applicants, irrespective of ethnic origin, gender, religion or belief, political affiliation, disability, age, marital status, or sexual identity. We do not require any unnecessary information from you that has nothing to do with the job or your professional profile.

The laws of certain countries require us to collect some sensitive personal data, for example, for equal opportunities purposes. If you provide us with any information of this nature you explicitly consent to it being processed in the manner described in this Notice.

 

7) What are cookies?

Cookies are small files that may be stored on your device when you visit Suominen website. We use cookies to obtain information on how and when you have used the online recruitment system and our website and to improve the system for a better service. Most of the currently available browsers give you the option of managing cookies by, for example, disabling them entirely, accepting them individually, and deleting saved cookies from your hard drive. We would like to remind you that if you completely disable cookies on your browser, you might not be able to use some features of the website.

 

8) What are the sources of your personal data?

We collect personal data directly from you as well as information sources that you provide to us. Subject to applicable national legislation, we may also collect personal data from public sources, and conduct background checks and assessments and store information from those during the recruitment process.

 

9) Who has access to your personal data?

We may disclose and transfer your personal data within the Suominen Group to recruiters and recruiting managers.

We also use third-party service providers (such as IT service providers and external recruiting partners) who may process your data on our behalf. Such service providers are only allowed to process your personal data to the extent necessary for them to provide the service.

In order to protect your privacy, we require that all our service providers keep the personal data we provide them confidential and adequately secure. They are also required to comply with the applicable data protection laws, our privacy and information security policies, and the relevant service and other agreements.

Suominen may also make your personal data available to other third parties, such as law enforcement agencies and other public bodies, when required to do so by mandatory legislation or in response to legitimate legal processes.

 

10) Where is your personal data processed?

As Suominen is a global group of companies with affiliates and service providers both within and outside the EU, your personal data may be processed, transferred, or made accessible across country borders. If your data is transferred outside of the EU, we rely on adequacy decisions, data transfer agreements, or other EU-approved mechanisms for such transfers.

We contractually require recipients to only use personal data for the intended purpose of the disclosure, and to destroy or return it when it is no longer needed.

Transfers of personal data from within the EU to Suominen affiliates outside of the EU are primarily done on the basis of intra-group agreements, which are based on the EU's standard contractual clauses for export of personal data to third countries.

 

11) How long do we keep your personal data for?

If your application is successful, we will retain your data throughout your employment at Suominen and may use such data for employment/work-related purposes subject to our employee privacy notice.

If your application does not lead to employment, we will keep your data for six months from when you submitted an open application or when the recruitment process for a listed position is closed.

We may delete your personal information from our online recruitment system at any time (including your CV or résumé), without any reason. Therefore, you should retain your own copy of the data and files provided to us.

 

12) What are your rights, and how can you exercise your rights?

You have certain rights over your personal data. These rights are not absolute: they do not always apply, and there may be restrictions or exemptions. Your rights may include the following: 

  • Information and access: You may request to access your personal data, be provided with supplementary information, and be provided with a copy of your personal data.
  • Rectification: You may request that inaccurate or out-of-date personal data about you be rectified and/or updated.
  • Erasure: You may have the right to have your personal data erased.
  • Restriction: You may have the right to restrict the processing of your personal data.
  • Objecting to processing: You may have the right to object to specific types of processing.

If you want to review or verify personal data about you, or to have it corrected or request its erasure, or to restrict or object to the processing of your personal data, or to request a copy of such data, you may exercise your rights by contacting us (see section "Questions and complaints" below).

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the data or to exercise any of your other rights. This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

 

13) Questions and complaints

If you have any questions or concerns over how Suominen processes your personal data, please contact Suominen's privacy team at data.protection(at)suominencorp.com.

If you are not satisfied with the response you have received or if you feel that we have not dealt correctly with your personal data, you also have the right to make a complaint at any time to the relevant data protection regulator, also known as a "supervisory authority." The relevant supervisory authority is likely to be the supervisory authority of the country where you are located or where the alleged infringement took place.

The local supervisory authority in Finland is the Office of the Data Protection Ombudsman (for contact details please see www.tietosuoja.fi).

 

14) Changes to this Privacy Notice

We reserve the right to update this Privacy Notice at any time and encourage you to review this Notice from time to time for any amendments.