Privacy statement for Valio’s corporate customer and stakeholder register
In this privacy statement, we describe how Valio Ltd (hereinafter “Valio” or “we”) processes your personal data when you interact with us as a representative of one of Valio’s corporate customers, partners or other stakeholders (includ-ing potential corporate customers and partners).
We can update this privacy statement from time to time, when legislation changes, for example.
1. Data controller
Valio Ltd (Business ID: 0116297-6)
2. Contact information
If you wish to exercise your rights under this privacy statement or if you have questions about the processing of your personal data, please contact us by email at firstname.lastname@example.org or by calling +358 10 381 2185.
3. For what purposes and on what basis do we process your personal data?
We process your personal data for the following purposes:
- Managing and maintaining the customer or cooperation relationship between Valio and the organisation that you represent
- Conducting customer satisfaction surveys, market research or other studies that enable us to better serve our cus-tomers
- Sending event and campaign invitations and organising events and campaigns
- Responding to contact requests and product enquiries
- Managing and maintaining Valio’s electronic services
- Selling and marketing Valio’s products and services (including sending newsletters and other marketing materials).
We also process your feedback for statistical purposes and for the purposes of the Valio Group’s product and service development and other business development in order to better understand our customers and develop our opera-tions in response to their needs. In these contexts, we anonymise your personal data so that you can no longer be identified based on the data.
The processing of your personal data is based on 1) Valio’s legitimate interests in line with the purposes mentioned above or 2) the implementation of an agreement (to the extent that you are under a contractual relationship with Valio).
4. What personal data do we process?
- Your first name and last name
- Your email address and phone number
- Your IP address (if you have visited one of Valio’s websites)
- The organisation that you represent and its location (country) and your title or position in the organisation
- Customer call recordings
- Information about your participation in an event/campaign organised by Valio and the information you have pro-vided in this context (including dietary requirements and food allergies)
- Photos and videos of Valio’s events
- Information about your newsletter subscriptions and any brochures or other materials you have ordered
- Information about whether you have prohibited direct marketing messages
- Your username and password for electronic services
- Your job title and professional registration number to the extent that you are a healthcare professional using Valio’s professional services.
5. Where do we collect your personal data?
We collect your personal data 1) directly from you when you submit a contact request or place an order through our website, for example, 2) from the organisation that you represent (and that is one of Valio’s customers or partners) and 3) from public sources (e.g. the website of the organisation that you represent). In addition, we collect personal data concerning potential customers, partners and stakeholder representatives from Taloustutkimus and other data controllers by means of personal data transfer.
6. Who processes your personal data and to whom do we disclose your data?
We process your personal data within the Valio Group. Your personal data is only processed by employees who need such data to perform their duties. In addition, your personal data is processed by subcontractors working for us and on our behalf, such as service providers delivering newsletters and marketing materials, organisers of events and IT service providers. Subcontractors process personal data for Valio and on Valio’s behalf.
We do not regularly transfer your personal data to other data controllers. On a case-by-case basis, we disclose your personal data to restaurants, hotels and similar partners that organise Valio’s events and process your personal data on their own account. In addition, we disclose your personal data, if necessary, to auditors to process personal data on their own account or on our behalf, depending on the case. On a case-by-case basis, we also disclose your personal data to the authorities if there are legal grounds for doing so.
7. Do we transfer your personal data outside the EU or the EEA?
Some of our subcontractors have access to your personal data from outside the EU and the EEA. In such situations, we will ensure that your personal data is transferred lawfully in one of the following ways:
- By verifying whether the European Commission has issued a decision on the adequacy of data protection in the country in question (e.g. Canada)
- By ensuring appropriate safeguards as required by law, such as by signing the standard contractual clauses ap-proved by the European Commission
- By ensuring the lawfulness of the transfer in other ways, such as requesting your express consent for transferring your personal data.
8. How long do we store your personal data?
As a rule, we store your personal data 1) for the duration of the contractual relationship or other cooperation rela-tionship between you and Valio, 2) for the duration of the contractual relationship or other cooperation relationship between the organisations that you represent and Valio or 3) for as long as you serve in a position to which our prod-uct or service is related.
We store personal data related to subscriptions to newsletters or other materials until you cancel your subscription. If you prohibit the processing of your personal data for direct marketing purposes, we will store information about the fact that you have refused to receive direct marketing messages. With regard to events and prize draws, we store your personal data for the duration of the event or prize draw, after which we will erase the data without undue delay and no later than one year after the event has been organised.
We will store your personal data for longer to the extent that this is required by mandatory legislation (e.g. accounting obligations), a legal requirement concerning us or a statute of limitations or complaint period based on the law or an agreement. In such a case, we will only store the data required by the legislation, statute of limitations or complaint period or the data required to process a legal claim and will erase any other data.
9. How do we ensure the security of your personal data?
We ensure the information security of your personal data through appropriate administrative and technological safe-guards. We have restricted the processing of personal data to those persons whose duties include the processing of such data. The systems containing your personal data can only be accessed using personal user identifiers and pass-words issued separately.
10. What rights do you have?
In accordance with the applicable data protection legislation, you have, at any time, the right to:
- Object to direct marketing
- Access your personal data (right of inspection)
- Require any inaccurate or incorrect personal data to be rectified or completed
- Object to the processing of your personal data to the extent that Valio processes your personal data on the basis of a legitimate interest
- Require your personal data to be erased
- Require the processing of your personal data to be limited (e.g. while you are waiting for a response to a request concerning the rectification of your personal data).
You must submit a request to exercise your rights in accordance with section 2. With regard to electronic marketing messages such as newsletters, the easiest way to refuse to receive such messages is through the link provided at the end of the message. If you refuse to receive a newsletter or other electronic marketing messages, we will no longer send you such messages.
If you object to the processing of your personal data, you must specify in your request the purpose or purposes of processing that you oppose. In addition, if you object to the processing of your personal data for purposes other than direct marketing, you must specify in your request the grounds on which you object to the processing of your personal data (e.g. you no longer work for one of Valio’s corporate customers or partners).
We may ask you to verify your identity or further specify your request before implementing your request. We may also refuse to implement your request on grounds set out in data protection legislation, in which case we will inform you of such grounds.
11. Your right to file a complaint with the supervisory authorities
You have the right to file a complaint with the appropriate supervisory authorities if you believe that we have not processed your personal data in accordance with the applicable data protection legislation. You can file a complaint with the supervisory authorities in the EU member state where your permanent place of residence or employment is located or where the alleged personal data breach has occurred.
Version 1.2, updated on 14 February 2022
Changes to the privacy statement:
February 2022: The following amendments have been made to the privacy statement: we have updated the contact in-formation and removed the reference to the Privacy Shield arrangement.
January 2020: The following changes have been made to the privacy statement: we have added a mention of personal data disclosure based on auditing of the accounts and the law, updated the privacy statement with regard to personal data transfer, added a mention of longer personal data storage periods due to the law, a legal claim, a complaint period or a statute of limitations, combined the description of data subjects’ rights under one paragraph, simplified the language used and made the content more concise to make the privacy statement easier to read.