Privacy and data protection policy

This is Finnish Food Factory’s privacy and data protection policy in accordance with Sections 10 and 24 of the Personal Data Act and the EU General Data Protection Regulation (GDPR). Prepared on 28/1/2021 Most recent change 28/1/2021.

1. Data controller

Finnish Food Factory Oy (Business ID 2911058- 8)

2. Contact person in charge of register

Heidi Rantanen,
heidi.rantanen@finff.fi,
0407529774

3. Name of the register

Company’s customer register, marketing register, stakeholder register

4. Legal basis and purpose for processing personal data

The processing of the data included in the register is based on the corporate customers’ customer relations with Finnish Food Factory

Management and development of the customer relationship.
Customer relationship communications
Processing of personal data related to payment transactions, billing and invoice management and collection
Development of data controller’s business operations and customer service

5. Data content of the register

The register includes personal data of the contact persons of the data controller’s customers as well as the representatives of stakeholders that are necessary in terms of operations. The register includes data that is necessary in terms of specified purposes, expressly

first and last name
the company represented by the person
job title/position
contact details

6. Regular data sources

The data stored in the register are obtained from the customer on the basis of, e.g. messages submit-ted via web forms, e-mail, telephone, social media services, from agreements, customer meetings and other occasions where the customer hands over their personal information.

7. Transferring data outside the EU or the European Economic Area

Data shall not be regularly disclosed to other parties. Data can be published to the extent agreed with the customer.

8. Protection principles of the register

Data contained in the register is stored confidentially. The data controller’s employees whose tasks and positions involve the processing of register data have user and/or administrative rights to the register.

9. Right to review and right to demand the rectification of data

Each data subject has the right to review the data stored in the register about him/her and demand any errors to be rectified or and missing data to be added. If a person wishes to review the data stored about them, or wishes to demand the rectification of such data, a request must be made in writing and submitted to the data controller. If necessary, the data controller may request the re-questee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).

10. Other rights concerning the processing of personal data

The data subjects have the right to request any personal data concerning them to be removed from the register (“right to be forgotten”). The data subjects also have the rights set out in the EU General Data Protection Regulation, such as the right to limit personal data processing in certain situations. Requests must be made in writing and submitted to the data controller. If necessary, the data con-troller may request the requestee to prove his/her identity. The data controller shall respond to the customer within the time period defined in the EU General Data Protection Regulation (in principle, within one month).