Tietosuoja

Effective date: May 3, 2018

Promeco Group Oy (FI21752500) as the parent company of Promeco Oy (FI18640129) and VM-Group Oy (FI07851860), (also “Promeco”, “we”, “us”, “our” above and below), places the highest priority on protecting the integrity of your data, whether about you, your company, your transactions, your products or your service. We collect and process your personal data always in accordance with all applicable laws and regulations.

This Website Data Protection Statement (the “Statement”) describes collection and processing of personal data in connection with your use of Promeco websites (the “Site”, any public internet page of Promeco).

Most of the pages on the Site are provided mainly for information purposes and generally we do not, automatically or otherwise, collect or process any personal data (i.e. any data identifying you directly or indirectly such as your name, address or email address) about you as you visit our Site. However, we may collect and process your personal data e.g.:

– When it is provided by you in connection of any specific function of our Site. Examples of such special functions include submitting a feedback form or job application as well as registering to our commercial services; and

– Through use of cookies (as explained below) if you use our services as a registered user.

If we collect and process your personal data, we will inform you about it explicitly and in detail. Please visit our Data Protection Pages for further information.

From time to time, Promeco may place information on your computer which allows Promeco to recognize your computer. This information is commonly known as a “cookie”. Information we collect by using cookies is in anonymous form except when we use cookies with our registered and therefore identified users. Please visit our Cookie Statement which explains our cookies in detail.

Other Websites

Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites are separate from our Sites and do not operate under this Statement, but have their own privacy policies, data protection statements or similar announcements/devices. We do not accept any responsibility or liability for these policies, statements and announcements/devices or the lack of them or your use of such websites. Please check these policies, statements and announcements/devices before you submit any personal data to these websites.

Changes to this statement

From time to time, Promeco may change or amend this Statement. In addition, Promeco may modify or revoke access to the Site at any time with or without notice. It is the recommendation of Promeco that you revisit this Statement periodically to review any changes to this Statement.

Contact us

If you want to contact Promeco in data protection related matters, please send us an e-mail at data.protection(at)promeco.fi

Effective Date: 17 October 2017

Protecting the integrity of your data, whether about you, your company, your transactions, your products or your service, is our highest priority. The commitment to keep your personal data confidential and secure at all times and the personal data processing practices in our business activities are explained below. Your personal data is processed in accordance with all applicable laws and regulations.

When you are representing our customer or vendor company and engaged with us (e.g. using or buying the services, or selling products or services to us) (“Business Activity”), this Contact Data Protection Statement (“Statement”) is intended to provide you with general information on the processing of your personal data (“Contact Data”).

We arrange and process the Contact Data we collect in two data files, one for our customer contacts and another for our vendor contacts. Additional and more detailed data protection information applicable to each of these data files and Contact Data processed in the context of them is available in:

(each “Description”, further references to this Statement below include also the contents of the relevant Description or both Descriptions unless otherwise stated case by case).

In case of possible discrepancy, the information provided in the relevant Description prevails over the information presented in this Statement.

Please read this Statement carefully prior to accessing or participating in any Business Activity. By accessing or participating in the Business Activity and/or submitting (directly or indirectly) your Contact Data in connection with the Business Activity, you express your understanding to the processing of your Contact Data in the manner provided in this Statement. Otherwise, we expect you will immediately discontinue accessing or participating in the Business Activity, and you will not provide or will cease to provide your Contact Data to us. However, please note that absence of your Contact Data might fully or partially prevent us from fulfilling or executing the Business Activity.

Our Data Collection Methods

Accessing or participating in some Business Activities may require you to register personally for a user account in which you will need to provide us with certain basic Contact Data. Depending on the Business Activity, it is also possible that all or certain Contact Data is collected interactively from you (e.g. in a sales meeting or by phone) without subjecting you to any computerized data collection method.

In addition to collecting Contact Data from you personally, we may collect your Contact Data from your employer (or your colleagues or superiors) or from our own employees and other persons providing services for us.

Furthermore, in the course of your participation in any Business Activity electronically, we may automatically track certain Contact Data concerning you, such as IP address, the source of visit and type of your web browser even prior to explicitly requesting any of your Contact Data.

The Data We Collect and Process

Basic Contact Data consists typically of your name, email address, street address, country of residence, telephone number and the name of your employing company (if applicable).

In addition, we may collect other types of Contact Data that are necessary for the Business Activity in question. Detailed information concerning the types and processing of Contact Data is available in the relevant Description.

Generally, to the extent permitted by applicable laws and regulations, we retain your Contact Data at most ten (10) years after the last Business Activity where you have been involved. Additionally, as the case may require, we may have to extend Contact Data retention on the grounds of establishment, exercise or defense of legal claims or execution of our internal investigations. This retention period is justified due to our obligations or needs related to e.g. product and service warranties, product liability statutes as well as burdens of proofs in possible litigation situations.

The Purposes of Data Collection and Processing

The primary purpose of collecting and processing your Contact Data is to make the Business Activity and related products and services available for you. Additionally, among other defined processing purposes, we may use your Contact Data to communicate with you.  For instance, we may provide additional information relating to our services or other similar topics. The information may contain advertising in the form of electronic direct marketing or otherwise. If direct marketing is included in the Business Activity, we take into account related special safeguard requirements, including consistently providing you with the option to unsubscribe from our marketing activities. We may also use your Contact Data for research and development purposes such as improving and developing our IT systems and business processes. All detailed purposes of processing of your Contact Data are available in the relevant Description.

At all times and independent of any single purpose of processing we strive for efficient and secure Contact Data processing. This includes continued development of the Business Activities to ensure high quality and a broader scope and availability of our services.

Lawfulness of Processing of Contact Data

Processing of your Contact Data is generally and primarily based on legitimate interest of the data controllers. Based on defined purposes of uses of Contact Data and relationship between data controllers and Contact Data subjects, the primary legitimate interest of the data controllers is the possibility to conduct justified and lawful business according to applicable legislation.

Secondarily, for certain Contact Data subjects, our processing of Contact Data is based on direct or indirect contractual relationship.

Disclosures and Transfers of Contact Data

Your Contact Data is generally not disclosed (to be independently processed for purposes other than ours) to third parties outside our affiliates. In some circumstances, we may have to disclose your Contact Data by law, because a court or the police or other law enforcement agency has asked us for it. Your Contact Data may, however, be transferred to our affiliates or to third parties (e.g. subcontractors) who process Contact Data on our behalf for the purposes described in this Statement and in the relevant Description. In this way, we do not release the Contact Data from our effective control.

Due to technical and practical requirements, your Contact Data may be processed in locations other than the country in which you are situated, including locations outside the European Union or European Economic Area (incl. Switzerland). Therefore, countries to which your Contact Data may be sent/accessed from may have a different standard of data protection than the country in which you are situated. However, in all such cases, the processing of Contact Data shall be in accordance with applicable legislations (e.g. justified by EU Commission standard contractual clauses) and our data processing policies and instructions.

We may also share your Contact Data with a purchaser or potential purchaser of our business.

We may provide aggregate statistics about our customers, sales, traffic patterns, and other related Business Activity information to reputable third parties, but these statistics are anonymized and will not include your Contact Data.

Security

Unfortunately, the transmission of information via the internet is not completely secure. We cannot fully guarantee the security of your Contact Data transmitted to us; any such transmission is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorized and illegal access, alteration and denial of use of your Contact Data.

Use of Cookies

From time to time, we may place information on your computer which allows us to recognize your computer. This information is commonly known as a “cookie”. Typically, cookies enable collection of certain information regarding your computer, including your internet protocol (IP) address, your computer’s operating system, your browser type and the address of any referring sites. Cookies are intended to improve availability and quality of the Business Activity. A separate Cookie Statement explains the cookies in detail (references to this Statement above and below include also the contents of the Cookie Statement unless otherwise stated case by case). In case of possible discrepancy, the information provided in the Cookie Statement prevails over information of this Statement and relevant Description.

Your Rights

At any time, you have the right to:

At any time, you have also the right to:

For more detailed description of your rights, please see the Description. In order to use these rights, contact us to the contact information provided below or in the Description.

Other Websites

Our Business Activity related information sources may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites are separate from our websites and do not operate under this Statement or any other data protection communication of us, but have their own privacy policies, data protection statements or similar announcements. We do not accept any responsibility or liability for these policies, statements and announcements or the lack of them or your use of such websites. Please check these policies, statements and/or any other data protection documents before you submit any Contact Data to these websites.

Changes to This Statement 

From time to time, this Statement may have to be changed or amended. In addition, the access to the Business Activity may be modified or revoked at any time with or without notice. It is therefore recommended that you revisit this Statement periodically to review any changes to this Statement.

Our Responsibility and Contacting Us

Promeco Group Oy (FI21752500) as the parent company of Promeco Oy (FI18640129) and VM-Group Oy (FI07851860), (also “Promeco”, “we”, “us”, “our” above and below), are the data controllers for your personal data. Promeco has the general responsibility and ultimate mastery on Contact Data and Promeco Group Oy is responsible for transfers of Contact Data outside EU/EEA, as well as centralized IT subcontracting. Other companies belonging to Promeco group of companies may act as data processors for your personal data on behalf of the data controllers.

If you want to contact us on data protection related matters, please send us an e-mail at data.protection(at)promeco.fi

Additional Business Activity data protection contact information (including mailing address and telephone numbers) is available in the relevant Descriptions.

EU GDPR Compliant version
Effective Date: 3 May 2018

EU GDPR Compliant version
Effective Date: 3 May 2018

Data Controllers:

Contact Email Address in Matters Related to Data File:

data.protection@promeco.fi
Mailing address and telephone number as above.

Data File Name:

Promeco Vendor Contact Data Protection Description (PRO1-1021027536-18)

Legal Basis for the Processing and Purposes of Use of the Personal Data:

Processing of personal data (“Contact Data”) is generally based on legitimate interest of the data controllers. Based on defined purposes of uses of Contact Data and relationship between data controllers and Contact Data subjects, the primary legitimate interest of the data controllers is the possibility to conduct justified and legitimate business according to applicable legislation.

Secondarily, for certain data subjects, the processing of Contact Data is based on direct or indirect contractual relationship between data subjects and data controllers.

Purposes of use:

1)     Business development and reporting;
2)     Quality management;
3)     Research and development of Promeco Group (Promeco Oy and its affiliated companies) IT infrastructure;
4)     Purchasing activities;
5)     Inventory management and activities;
6)     Manufacturing of products;
7)     Delivery of products;
8)     Vendor and subcontractor management (incl. access to Promeco Group digital channels and as appropriate to Promeco Group IT systems and products);
9)     Invoicing, taxation and related financial transactions; and
10)  Ensuring the integrity of Promeco Group business environment and processes (incl. eventual non-continuous system monitoring for the prevention or inspection of misuse as the case may require).

Data Subjects

Any natural persons representing vendor companies of Promeco Group.

Data Content

First name;
Last name;
Salutation;
Title;
Company (employer);
Job role;
Street Address;
Postal Code;
City;
State;
Country;
Contact Method;
Telephone number;
Mobile phone number;
Telephone extension;
Fax number;
Email address;
Miscellaneous business information (free text field);
Personal identification number (for some vendors only and only in certain countries: Spain, Portugal and U.S.)
Indicator of access to Promeco Group digital platforms;
Last data processing activity (time stamp);
Cookie consent;
Data request date (if any);

Regular Sources of Data:

Vendor contact persons themselves, other persons representing the vendor companies of the Promeco Group, employees and other persons working for or representing Promeco Group.

Regular Disclosures of Data and Transfer of Data to Countries Outside EU and/or EEA:

Contact Data are not disclosed (to another controller for independent use unless required by the law such as to authorities) regularly except within companies of Promeco Group and even then at all times in accordance with applicable laws.

Contact Data are transferred outside EU and/or EEA (incl. Switzerland) only as allowed by and in accordance with applicable laws. In case of absence of EU Commission adequacy decisions, EU Commission standard contractual clauses (of type controller to processor, EU Commission decision C(2010)593) are used as appropriate or suitable safeguards for these data transfers. Copies of the standard contractual clauses will be available through the contact details mentioned above. Furthermore, if EU Commission adequacy decisions are applicable we may rely on them.

If Contact Data is transferred to external data processors (subcontractors or vendors), appropriate contractual arrangements (including EU Commission standard contractual clauses, as applicable), as required by the applicable laws, are executed to secure lawful and appropriate processing of personal data.

Contact Data can be transferred to following countries for processing:
o Finland
o Poland

Security Principles of Data File:

Contact Data is protected by technical and organisational measures against accidental and/or unlawful access, alteration, destruction or other processing including unauthorized disclosure and transfer of Contact Data.

Such measures include but are not necessarily limited to proper firewall arrangements, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) providing and implementing IT systems and services are retained.

Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Access to personal data is available only in the internal networks of Promeco Group. Personnel processing personal data as part of their tasks is trained and properly instructed in data protection and data security matters.

Right to Object Data Processing:

In accordance with the law the data subject has at any time the right to:

Object the processing of Contact Data for the purposes of direct marketing, market research and opinion polls; and
On grounds relating to his or her particular situation, object the processing of his/her Contact Data when lawfulness of processing is based on legitimate interest of the data controllers.

In order to use these rights, the data subject shall contact the above mentioned contact persons in writing (incl. e-mail). However, the request may be declined where allowed or required under the law.

Other Rights of Data Subject:

In accordance with the law the data subject has at any time the right to:

In order to use these rights, the data subject shall contact the above mentioned contact persons in writing (incl. e-mail). However, the request may be declined where allowed or required under the law.

Retention Period of the Contact Data:

Generally, to the extent permitted by applicable laws and regulations, data controllers retain Contact Data at most ten (10) years after the last business activity where the data subject has been involved. Additionally, as the case may require, data controllers may have to extend Contact Data retention on the grounds of establishment, exercise or defense of legal claims or execution of our internal investigations. This retention period is justified due to data controllers’ obligations or needs related to e.g. product and service warranties, product liability statutes as well as burdens of proofs in possible litigation situations.

Provision of Contact Data:

It is not statutory for the data subject to provide the Contact Data but certain Contact Data is required to execute or enter into a business activity (such as business contract) with Promeco Group. Lack of or failure to provide Contact Data prevents or may prevent the business activity (such as business contract) as the case may be.

Suostumus Henkilötietolain (523/99) 10§ mukaiselle Rekrytointi-tietokannalle

1. Rekisterinpitäjä
Promeco Group Oy (y-tunnus 2175250-0)
Mettälänkatu 91
38700 Kankaanpää
etunimi.sukunimi@promeco.fi

2. Rekisteriasioita hoitava yritys
Promeco Group Oy
Sähköposti: data.protection@promeco.fi

3. Rekisterin nimi
Promeco Group Oy:n Rekrytointi-tietokanta.

4. Henkilötietojen käsittelyn tarkoitus
Rekrytointi-tietokannan tietoja käytetään rekisterinpitäjän henkilöstönhankintaan, työhakemusten käsittelyyn ja työntekijöiden valintaan.

Työnhakijat antavat omalla suostumuksellaan henkilötietonsa rekisterinpitäjän Rekrytointi-tietokantaan. (Henkilötietolaki 8§.)

5. Rekisterin tietolähteet
Tietojen antaja on työnhakija itse.

6. Rekisterin tietosisältö
Tallennettavat tiedot ilmenevät hakulomakkeesta. Rekrytointi-tietokantaan tallentuvat tiedot, jotka työnhakija itse antaa itsestään.

7. Rekisterin käyttöoikeus
Työnhakijan tietoja käyttävät ja käsittelevät Promeco Group Oy:ssä ja sen tytäryrityksissä työskentelevät työntekijät, jotka osallistuvat rekrytointiprosessiin sekä valtuutetut kolmannet osapuolet, jotka avustavat rekrytointiprosesseissa, kuten rekrytointi- ja tietotekniset palveluntarjoajat.

8. Tietojen säilyttäminen
Tallennettuja tietoja säilytetään kaksitoista (12) kuukautta työhakemuksen jättämisajankohdasta.

9. Tietojen luovutus ja tietojen siirto EU:n tai Euroopan talousalueen ulkopuolelle
Työntekijän Rekrytointi-tietokanta toimii palveluntarjoajan ulkoisessa tietokannassa, johon tallennetut tiedot on rajoitettu vain rekisterinpitäjän sisäiseen käyttöön.

Promeco Group Oy toimii Suomessa ja Puolassa, minkä vuoksi tietoja voidaan käyttää molemmissa maissa.

Promeco Group Oy ei luovuta tietoja EU:n tai Euroopan talousalueen ulkopuolelle.

10. Rekisterin suojauksen periaatteet
Rekrytointi-tietokantapalvelun tarjoaja (Sympa Oy) vastaa rekisteriin tallennettavien tietojen teknisestä suojauksesta ja tietoturvasta.

11. Lisätietoja
Promeco Group Oy ei vastaa mistään työnhakijalle aiheutuneista vahingoista, jotka ovat syntyneet henkilötietojen sähköisen tiedonsiirron yhteydessä (mukaan lukien tiedonsiirron virheet tai viiveet tai sen epäonnistuminen).

12. Työnhakijan hyväksyntä
Hyväksyn-painikkeen valinnalla työnhakija hyväksyy tämän rekisteriselosteen ja vahvistaa, että hänen luovuttamansa tiedot eivät sisällä virheellistä, epätäsmällistä, puutteellista tai harhaanjohtavaa tietoa. Työnhakija hyväksyy myös sen, että Promeco Group Oy voi olemassa olevan lainsäädännön mukaisesti ja lain sallimissa puitteissa ryhtyä varmistamaan työntekijän rekrytointiprosessin aikana luovuttamien tietojen oikeellisuuden. Tietoja voidaan tarkistaa työnhakijan edelliseltä työnantajalta, oppilaitoksesta ja muilta toimijoilta.

Henkilötietolain (523/99) 10§ mukainen rekisteriseloste Rekrytointi-tietokannalle

1. Rekisterinpitäjä
Promeco Group Oy (y-tunnus 2175250-0)
Mettälänkatu 91
38700 Kankaanpää
Sähköposti: etunimi.sukunimi@promeco.fi

2. Rekisteriasioita hoitava yritys
Promeco Group Oy
Sähköposti: data.protection@promeco.fi

3. Rekisterin nimi
Promeco Group Oy:n Rekrytointi-tietokanta.

4. Henkilötietojen käsittelyn tarkoitus
Rekrytointi-tietokannan tietoja käytetään rekisterinpitäjän henkilöstöhankintaan, työhakemusten käsittelyyn ja työntekijöiden

Työnhakijat antavat omalla suostumuksellaan tietonsa rekisterinpitäjän Rekrytointi-tietokantaan. (Henkilötietolaki 8§.

5. Rekisterin tietolähteet
Tietojen antaja on työnhakija itse.

6. Rekisterin tietosisältö
Tallennettavat tiedot ilmenevät hakulomakkeesta. Rekrytointi-tietokantaan tallentuvat tiedot, jotka työnhakija itse antaa itsestään.

Työnhakijasta kerättävät tiedot ovat:

 7. Rekisterin käyttöoikeus
Työnhakijan tietoja käyttävät ja käsittelevät Promeco Group Oy:ssä ja sen tytäryrityksissä työskentelevät työntekijät, jotka osallistuvat rekrytointiprosessiin sekä valtuutetut kolmannet osapuolet, jotka avustavat rekrytointiprosesseissa, kuten rekrytointi- ja tietotekniset palveluntarjoajat.

8. Tietojen säilyttäminen
Tallennettuja tietoja säilytetään kaksitoista (12) kuukautta hakemuksen jättämisajankohdasta.

9. Tietojen luovutus ja tietojen siirto EU:n tai Euroopan talousalueen ulkopuolelle
Työnhakijan Rekrytointi-tietokanta toimii palveluntarjoajan ulkoisessa tietokannassa, johon tallennetut tiedot on rajoitettu vain rekisterinpitäjän sisäiseen käyttöön.

Promeco Group Oy toimii Suomessa ja Puolassa, minkä vuoksi tietoja voidaan käyttää molemmissa maissa.

Promeco Group Oy ei luovuta työnhakijan henkilötietoja EU:n tai Euroopan talousalueen ulkopuolelle.

10. Rekisterin suojauksen periaatteet
Rekrytointi-tietokantaa käyttävät rekisterinpitäjän työntekijät tunnistetaan käyttäjätunnuksen ja salasanan ja/tai verkkotunnistuksen perusteella. Käyttöoikeudet annetaan niille Promeco Group Oy:n työntekijöille, jotka tarvitsevat tietoa rekrytointiin liittyvien työtehtäviensä hoitamiseksi. Näihin henkilöihin voi kuulua myös rekrytointiprosessiin liittyvien ulkopuolisten palveluntarjoajien työntekijöitä.

Rekrytointi-tietokantapalvelun tarjoaja (Sympa Oy) vastaa rekisteriin tallennettavien tietojen teknisestä suojauksesta ja tietoturvasta.

11. Tarkastusoikeus
Rekrytointi-tietokantaan rekisteröityneellä työnhakijalla on oikeus tarkastaa itseään koskeva tiedot. Tarkastuspyyntö esitetään kirjallisesti ja omakätisesti allekirjoitettuna rekisterin pitäjälle (Promeco Group Oy).

12. Oikeus vaatia tiedon korjaamista
Rekrytointi-tietokantaan rekisteröityneellä työnhakijalla on oikeus vaatia häntä koskevan virheellisen, epätäsmällisen, puutteellisen tai vanhentuneen tiedon korjaamista. Rekisterinpitäjä oikaisee nämä tiedot ilman aiheetonta viivytystä. Pyyntö esitetään kirjallisesti ja omakätisesti allekirjoitettuna rekisterin pitäjälle (Promeco Group Oy).

13. Lisätietoja
Promeco Group Oy ei vastaa mistään työnhakijalle aiheutuneista vahingoista, jotka ovat syntyneet henkilötietojen sähköisen tiedonsiirron yhteydessä (mukaan lukien tiedonsiirron virheet tai viiveet tai sen epäonnistuminen).

Työnhakija vastaa siitä, että luovutetut tiedot eivät sisällä virheellistä, epätäsmällistä, puutteellista tai harhaanjohtavaa tietoa.

Promeco Group Oy voi olemassa olevan lainsäädännön puitteissa ryhtyä varmistamaan luovutettujen tietojen oikeellisuuden rekrytointiprosessin aikana. Tietoja voidaan tarkistaa työnhakijan edelliseltä työnantajalta, oppilaitoksesta ja muilta toimijoilta lain sallimissa puitteissa.

14. Työnhakijan hyväksyntä
Hyväksyn-painikkeen valinnalla työnhakija hyväksyy tämän rekisteriselosteen ja vahvistaa, että hänen luovuttamansa tiedot eivät sisällä virheellistä, epätäsmällistä, puutteellista tai harhaanjohtavaa tietoa. Työnhakija hyväksyy myös sen, että Promeco Group Oy voi olemassa olevan lainsäädännön mukaisesti ja lain sallimissa puitteissa ryhtyä varmistamaan työntekijän rekrytointiprosessin aikana luovuttamien tietojen oikeellisuuden. Tietoja voidaan tarkistaa työnhakijan edelliseltä työnantajalta, oppilaitoksesta ja muilta toimijoilta.