Privacy Statement

Updated: 10.6.2020
 

1. CONTROLLER
Oy Hedengren Ab
Lauttasaarentie 50
00200 Helsinki
Tel. +358 207 638 000

2. CONTACT DETAILS OF REGISTER AND RIGHTS OF THE DATA SUBJECT
tietosuoja@hedengren.fi

3. PERSONAL DATA TO BE PROCESSED
As part of its operations, Hedengren processes the personal data of contact persons of its customers and customer organizations, as well as persons otherwise connected to Hedengren (hereinafter the data subjects).
The following personal data regarding data subjects can be stored and processed:

  • First and last name
  • Date of birth
  • Contact, billing, and shipping information such as address, email address, and phone number
  • Customer number
  • Ordering and delivery information
  • Title and details of the company represented
  • Information related to communication between Hedengren and the customer, as well as other possible, customer-generated content recorded from contacts
  • In connection with training and events, the personal identity number and possible food allergies
  • Information related to recruitment in a CV and job application
  • Log information and network traffic credentials


4. PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA
Hedengren processes the personal data described above for the following purposes:

  • Establishing, managing and maintaining a customer relationship
  • Design, provision, production and delivery of Hedengren’s services
  • Implementation and development of customer service and related communications and marketing
  • Measuring customer satisfaction and analyzing e-commerce operations
  • Organization of Hedengren’s events and training sessions, and the related communications
  • Order, invoicing and financial management, as well as reporting
  • Recruitment


In accordance with Article 6 of the EU’s General Data Protection Regulation (2016/679), personal data is processed on the basis of the contractual relationship between Hedengren and the other party, such as a customer relationship or commission, or the data subject's consent.

5. REGULAR SOURCES OF DATA
Personal data is primarily collected from the data subject, or from events related to the data subject's customer relationships, communications and other transactions. Other regular sources of data are technical systems for automatic monitoring and control.

6. REGULAR HANDOVERS OF DATA
Hedengren may use external service providers or professionals to process personal data, and disclose personal data to such parties in accordance with and within the limits set by data protection laws, to the extent necessary to perform the outsourced tasks in question. Hedengren does not disclose customer data to countries outside the European Union or the European Economic Area.

7. PERIOD OF RETENTION OF PERSONAL DATA
Processed personal data shall be kept only for as long as, and to the extent, necessary for fulfilling the original purposes for which the personal data was collected as described in Section 4. Stored personal data will be deleted when there is no longer a legal basis for processing it.

8. PRINCIPLES OF PROTECTION OF REGISTER
Hedengren uses technical and organizational measures to protect the personal data it processes, at all stages of data processing. The data is protected from unauthorized viewing, alteration and destruction. Security is based on measures such as access control, personal user IDs, restriction of access rights, encryption technologies, and the instruction of persons involved in data processing. Backup and physical security procedures to protect data. Manual material is always stored in protected and supervised facilities. Information system servers are also located on secure and monitored premises.

Access to systems and the personal data they contain is restricted to Hedengren’s personnel who, based on their job description, have the need and right to process personal data. All persons processing personal data are contractually committed to keeping data confidential, and to the confidential handling of personal data.

Agreements on the processing of personal data have been drawn up with external processors involved in Hedengren's operations and the provision of services. Such agreements define the terms and responsibilities applicable to the processing of personal data.

9. RIGHTS OF THE DATA SUBJECT
The General Data Protection Regulation guarantees the data subject a number of rights, which they can exercise in certain situations to control the processing of personal data. The data subject may exercise the following rights in relation to Hedengren insofar as Hedengren acts as the controller of the data subject's personal data. The scope and exercise of the rights depend on the grounds on which the personal data is processed in accordance with data protection law.

Questions and requests regarding the exercise of rights should be addressed to Hedengren using the contact details mentioned in Section 2.

Right of inspection and rectification
The data subject has the right to inspect what information concerning them is stored in Hedengren's systems. The data subject has the right to correct or supplement any errors or omissions in the data.

Right of objection and right of restriction
In certain situations, the data subject has the right to object to the processing of their personal data in connection with their specific personal situation, i.e. to request that their data not be processed at all. The data subject also has the right to demand that Hedengren restrict the processing of the data subject's personal data, for example while the data subject is awaiting a response to a request to rectify or terminate processing.

Prohibition of direct marketing
The data subject has the right, at any time, to prohibit the use of their data for direct marketing.

Right to erasure of personal data
The data subject has the right to request the erasure of personal data from Hedengren's systems, within the limits set by the General Data Protection Regulation. When deletion is not possible, the data subject has the right to require that the controller provide justification for the retention of data.

Right of transfer
The data subject has the possibility to take possession of personal data concerning them, and to re-use such data for their own purposes in various services. This right may be exercised in respect of data which the data subject has provided for Hedengren and which is processed through automatic data processing, either with the data subject's consent or in fulfilment of the contract. The information shall be provided in a structured, commonly used and machine-readable form.

Right of appeal
If the data subject considers the processing of personal data concerning them to be unlawful, they have the right to file a complaint with the supervisory authority. In Finland, the competent authority is the Data Protection Ombudsman.