In this privacy statement, we describe how Valio Ltd (hereinafter “Valio” or “we”) processes your personal data when you interact with us as a representative of one of Valio’s corporate customers, partners or other stakeholders (includ-ing potential corporate customers and partners).
We can update this privacy statement from time to time, when legislation changes, for example.
Valio Ltd (Business ID: 0116297-6)
If you wish to exercise your rights under this privacy statement or if you have questions about the processing of your personal data, please contact us by email at firstname.lastname@example.org or by calling +358 10 381 2185.
We process your personal data for the following purposes:
We also process your feedback for statistical purposes and for the purposes of the Valio Group’s product and service development and other business development in order to better understand our customers and develop our opera-tions in response to their needs. In these contexts, we anonymise your personal data so that you can no longer be identified based on the data.
The processing of your personal data is based on 1) Valio’s legitimate interests in line with the purposes mentioned above or 2) the implementation of an agreement (to the extent that you are under a contractual relationship with Valio).
We collect your personal data 1) directly from you when you submit a contact request or place an order through our website, for example, 2) from the organisation that you represent (and that is one of Valio’s customers or partners) and 3) from public sources (e.g. the website of the organisation that you represent). In addition, we collect personal data concerning potential customers, partners and stakeholder representatives from Taloustutkimus and other data controllers by means of personal data transfer.
We process your personal data within the Valio Group. Your personal data is only processed by employees who need such data to perform their duties. In addition, your personal data is processed by subcontractors working for us and on our behalf, such as service providers delivering newsletters and marketing materials, organisers of events and IT service providers. Subcontractors process personal data for Valio and on Valio’s behalf.
We do not regularly transfer your personal data to other data controllers. On a case-by-case basis, we disclose your personal data to restaurants, hotels and similar partners that organise Valio’s events and process your personal data on their own account. In addition, we disclose your personal data, if necessary, to auditors to process personal data on their own account or on our behalf, depending on the case. On a case-by-case basis, we also disclose your personal data to the authorities if there are legal grounds for doing so.
Some of our subcontractors have access to your personal data from outside the EU and the EEA. In such situations, we will ensure that your personal data is transferred lawfully in one of the following ways:
As a rule, we store your personal data 1) for the duration of the contractual relationship or other cooperation rela-tionship between you and Valio, 2) for the duration of the contractual relationship or other cooperation relationship between the organisations that you represent and Valio or 3) for as long as you serve in a position to which our prod-uct or service is related.
We store personal data related to subscriptions to newsletters or other materials until you cancel your subscription. If you prohibit the processing of your personal data for direct marketing purposes, we will store information about the fact that you have refused to receive direct marketing messages. With regard to events and prize draws, we store your personal data for the duration of the event or prize draw, after which we will erase the data without undue delay and no later than one year after the event has been organised.
We will store your personal data for longer to the extent that this is required by mandatory legislation (e.g. accounting obligations), a legal requirement concerning us or a statute of limitations or complaint period based on the law or an agreement. In such a case, we will only store the data required by the legislation, statute of limitations or complaint period or the data required to process a legal claim and will erase any other data.
We ensure the information security of your personal data through appropriate administrative and technological safe-guards. We have restricted the processing of personal data to those persons whose duties include the processing of such data. The systems containing your personal data can only be accessed using personal user identifiers and pass-words issued separately.
In accordance with the applicable data protection legislation, you have, at any time, the right to:
You must submit a request to exercise your rights in accordance with section 2. With regard to electronic marketing messages such as newsletters, the easiest way to refuse to receive such messages is through the link provided at the end of the message. If you refuse to receive a newsletter or other electronic marketing messages, we will no longer send you such messages.
If you object to the processing of your personal data, you must specify in your request the purpose or purposes of processing that you oppose. In addition, if you object to the processing of your personal data for purposes other than direct marketing, you must specify in your request the grounds on which you object to the processing of your personal data (e.g. you no longer work for one of Valio’s corporate customers or partners).
We may ask you to verify your identity or further specify your request before implementing your request. We may also refuse to implement your request on grounds set out in data protection legislation, in which case we will inform you of such grounds.
You have the right to file a complaint with the appropriate supervisory authorities if you believe that we have not processed your personal data in accordance with the applicable data protection legislation. You can file a complaint with the supervisory authorities in the EU member state where your permanent place of residence or employment is located or where the alleged personal data breach has occurred.
Version 1.2, updated on 14 February 2022
Changes to the privacy statement:
February 2022: The following amendments have been made to the privacy statement: we have updated the contact in-formation and removed the reference to the Privacy Shield arrangement.
January 2020: The following changes have been made to the privacy statement: we have added a mention of personal data disclosure based on auditing of the accounts and the law, updated the privacy statement with regard to personal data transfer, added a mention of longer personal data storage periods due to the law, a legal claim, a complaint period or a statute of limitations, combined the description of data subjects’ rights under one paragraph, simplified the language used and made the content more concise to make the privacy statement easier to read.