PRIVACY POLICY

WE HAVE UPDATED OUR PRIVACY PRACTICES: 30 APRIL 2018

ARNON is committed to protecting the privacy of the users of its services in accordance with the Personal Data Act (523/1999), the Information Society Code (917/2014) and other applicable legislation. The user accepts the terms and conditions of this privacy statement by using our services.

1. WHAT TYPES OF DATA WILL BE COLLECTED ABOUT ME?

We collect the necessary personal data from our users with regard to the processing described in Section 3 of this privacy statement.

  • The user’s personal data, such as contact details, including name, address, phone number and email address
  • The registration information required for a digital account, such as a user ID, screen name, password and other potential identifiers
  • Demographic data, such as age, sex, title and mother tongue
  • Information concerning the customer and stakeholder relationship, such as invoicing and payment details, product and order details, customer feedback and contact, prize draw and competition response details and cancellation details
  • Recorded customer service phone calls
  • Profiling and interest details provided by the user
  • Permissions and consents
  • Marketing prohibition details
  • Other data collected with the user’s consent
  • Data that describes the use of the service: service-related data for an identified user, such as the use of service features and browsing data. The identifier assigned to a user identified via a digital account is typically a randomly generated series of numbers.
  • Data collected using cookies and equivalent technologies, such as the pages browsed by the user and the page from which the user transferred to our site, the device model, a unique device and/or cookie identifier, the channel (web browser, mobile browser, app), the browser version, IP address, session identifier, session time and duration, display resolution and operating system
  • Location data, such as the coordinates calculated with the help of GPS, Wi-Fi access points or mobile phone base stations, if the user has expressly consented to this.

We process the user’s personal data and data describing the use of the service in separate databases connected to various identifiers. The user can obtain additional information about data collection, the identifiers we use and our cookie procedures if desired.

We save data on our marketing file about the user’s name, title, age, sex and mother tongue, one piece of identifying data connected with the user, and contact details for the purpose of contacting the user. We also save data concerning the customer and stakeholder relationship on our marketing file.

2. WHICH SOURCES ARE MY DETAILS COLLECTED FROM?

Primarily, personal data is collected from the user personally in conjunction with an order or registration or later on in the customer relationship. Using the technologies described hereafter, we are also able to collect data on how the user uses our services. In addition, we collect data from the Robinson prohibition register maintained by the Data & Marketing Association of Finland, the population information system and other corresponding public or private registers.

3. FOR WHICH PURPOSES IS MY PERSONAL DATA COLLECTED?

We only process personal data for predetermined purposes, which are primarily as follows:

  • Products and product personalisation: we may personalise some of our services and recommend content that may interest the user.
  • Product development: we are constantly developing the user interfaces and user experience of our products and services. We conduct surveys and consumer research and we write reports to support business decision-making.
  • Products, purchasing and customer service: we help the user to identify interesting products, we deliver the products and services that the user has purchased, and we strive to offer the user customer service that is as personal as possible.
  • Targeted digital advertising: we show the user adverts that are likely to interest the user.

4. HOW LONG WILL MY DATA BE RETAINED?

We only retain the user data for as long as is necessary for the purposes specified in Section 3 above in compliance with applicable legislation.

If a user does not sign in to any digital account that they have for a typical period of eighteen (18) months, the user is requested to renew their access rights. If the user does not renew their access rights or the user’s customer relationship or other grounds for personal data processing has ended, the user’s personal data will mainly be erased, transferred to the permanent marketing register or converted into such a form that the data subject can no longer be identified from the data.

The user’s screen name and the related content created by the user will remain visible in the communication sections of some services, such as discussion forums and public feedback, even after the customer relationship has ended. In addition, we may be obliged to retain some of the user’s personal data to comply with book-keeping or other compelling legislation, even after the customer relationship or other grounds for personal data processing has ended.

5. WHO WILL PROCESS MY PERSONAL DATA?

ARNON may process personal data in accordance with the applicable Personal Data Act. We may also partially outsource personal data processing to a third party. In such cases, we will take contractual measures to guarantee that the personal data is processed in accordance with the Personal Data Act and in an appropriate way in other regards.
We do not generally transfer data outside the EU or the EEA. If we transfer data outside the EU or the EEA, we ensure an adequate standard of protection for the personal data by means such as making agreements on matters related to the confidentiality and processing of personal data in the manner required by legislation, which may include using the European Commission’s standard contractual clauses, and in other regards in such a way that the personal data is processed in accordance with this privacy statement.

We only disclose data to third parties in the cases set out in Section 6.

6. WILL MY PERSONAL DATA BE DISCLOSED TO THIRD PARTIES?

We do not sell, lease or disclose the personal data of identified users to third parties in any cases other than those set out below.
We may disclose the user’s data to third parties if the user has consented to this.

We may also disclose the user’s personal data in the manner required in accordance with demands presented by competent authorities or other bodies and on the basis of applicable legislation. We may also disclose data for the purpose of scientific or historical research, providing that the data has been converted into such a form that the data subject can no longer be identified from the data. If we sell, buy, merge or otherwise rearrange our business, the user’s personal data may be disclosed to the purchasers and their advisors.

7. HOW IS MY PERSONAL DATA PROTECTED?

We take the necessary technical and organisational information security measures to protect personal data from unauthorised access, disclosure, destruction or other unlawful processing. Such measures include using firewalls, encryption technology and secure data centres, arranging appropriate access management, managing the provision of access rights and monitoring the use thereof, using encryption technologies, instructing the personnel involved in processing personal data and selecting subcontractors carefully.

8. WHAT ARE COOKIES AND ARE THEY USED ON THE WEBSITE?

We may collect data about the user’s device with the help of cookies and other equivalent technologies, such as the browser’s local storage. Cookies are small text files that the browser stores on the user’s device. Cookies often include an anonymous unique identifier, which enables us to identify and count the number of browsers visiting our site.

9. IS IT POSSIBLE FOR ANY OTHER PARTY TO COLLECT DATA ON MY VISIT TO ARNON’S WEBSITE?

“Third parties” are entities outside ARNON, such as advertisers, advertising networks and providers of measurement and tracking services. When the user visits our services, these third parties may set cookies on the user’s device for purposes such as offering the user targeted marketing or compiling statistics on the number of visitors to various sites. As the user’s browser requests adverts set by a third party from an external server, these third parties may view, edit or set their own cookies as if the user were visiting their sites. We strive to make contractual arrangements to guarantee that these third parties comply with applicable legislation and the self-regulation guidelines applying to the sector.

Our services may use “social plugins”, such as Facebook’s “like” button. Elements such as buttons on Facebook’s social plugins may appear to be part of our services, but the content comes directly from Facebook. When a user visits our services, Facebook’s social plugin recognises that the user is signed in to Facebook, and the page then displays tailored content within the plugin as if the user were visiting the site Facebook.com. If the user is not signed in to Facebook, the social plugins do not display tailored content. Facebook may collect data about the user’s visit in accordance with its applicable terms and conditions concerning privacy. Facebook does not disclose data that it collects on ARNON unless the user has expressly consented to this. Users may familiarise themselves with the terms and conditions applying to social plugins on each applicable service.
Our service may also include links to sites other than those mentioned above, but we accept no liability for the privacy protection practices or content of these external websites. We recommend that users familiarise themselves with the terms and conditions applying to privacy protection on every website.

10. WHICH PRIVACY PROTECTION TERMS AND CONDITIONS APPLY WHEN I USE MOBILE OR TABLET APPS?

Any mobile apps that we create and make available to users in channels such as Apple’s App Store, Google Play or the Microsoft Store are subject to this privacy statement, as well as the terms and conditions of the service provider in question.

11. DOES ARNON USE INFORMATION ABOUT MY DEVICE’S LOCATION?

Location data from the user’s device may be used to offer services based on location, such as fetching weather forecasts and displaying targeting marketing related to a specific locality, providing that the user has expressly consented to the use of location data or if the location data has been anonymised. Location data is determined with the help of the available location methods, such as GPS and the locations of Wi-Fi access points and mobile phone base stations. The user may withdraw their consent at any time.

12. WHAT OPTIONS ARE AVAILABLE TO ME?

Inspecting data: Users are entitled to inspect the personal data stored about them. At the user’s request, we will correct, erase or supplement any personal data that is incorrect, superfluous, incomplete or out of date with regard to the purpose of processing. The user may update and/or inspect their personal data by contacting our customer service team.
Blocking cookies: Users have the option of blocking cookies by changing their browser settings. Blocking cookies may affect the functionality of our services.

Clearing cookies: Users may clear cookies in the browser settings. By clearing cookies at regular intervals, the user will change the identifier used to create a profile of the user. However, clearing cookies will not stop data collection entirely; instead, it effectively resets the profile based on prior behaviour data.

Preventing targeted advertising: Third parties, such as advertisers and advertising networks, may target advertising based on the user’s likely interests. Cookies and other equivalent technologies are used to target advertising. For further information on targeted advertising based on browser usage, see the Your Online Choices site. Users may disable the data collection that enables targeted advertising using the related switch or selector in the application settings. This will stop the device’s unique identifier from being sent and stop the application usage data from being used for targeted advertising.

Consent to the use of location data: Users may consent to the use of location data in the device and application settings. Users may also withdraw consent at any time in the settings.

13. CAN THIS PRIVACY STATEMENT BE CHANGED?

We are constantly developing our services and we reserve the right to change this privacy statement by declaring this on our services. The changes may also be based on changes in legislation. We recommend that users familiarise themselves with the content of the privacy statement regularly.

ARNON does not yet use its own electronic user system or “ARNON account”. In the future, features will be added to the ARNON account enabling users to manage the utilisation of data collected on the use of the ARNON account and with the help of cookies for the purpose targeting marketing and digital advertising. Existing customers will always be asked to approve the new practices whenever the services deploy such features.

14. WHOM CAN I CONTACT?

The primary point of contact is out customer service team. 
Users can send enquiries related to this privacy statement to the following address:

ARNON Oy Marketing & Communications
Hyllilänkatu 15
33730 Tampere 
Finland
Switchboard: +358 10 526 5000

DESCRIPTION OF FILE
Created on: 20 December 2017
Updated on: 30 April 2018

CONTROLLER:
ARNON Oy
Business ID: 1589454-5
Hyllilänkatu 15, 33730 Tampere, Finland

PEOPLE RESPONSIBLE FOR MATTERS PERTAINING TO THE FILE:

Toni Ristamäki
+358 44 7408 330
toni.ristamaki@arnon.fi

Hansku Vihervaara
+358 45 8531 444
hansku.vihervaara@arnon.fi

NAME OF THE FILE:
Customer and partner register

PURPOSE OF PERSONAL DATA PROCESSING

Information about data subjects is used for handling customer relationships or other comparable relationships, analysis, business development and planning, and marketing (such as sending newsletters) and customer communications. Personal data may be used in the manners permitted by applicable legislation for direct marketing by ARNON Oy and companies belonging to the same group of companies.

Data processing is based on the Personal Data Act, Section 8, Points 1 and/or 5.

For technical and practical reasons, external service providers may be used to assist in handling the file.

DATA CONTENT OF THE FILE
First name and surname
Contact details: email and phone number
Employer details: current employer
Language

REGULAR DATA SOURCES
Personal data concerning data subjects is collected from the data subjects themselves or from ARNON’s customers in conjunction with the use of various services (such as subscribing to the newsletter) and in conjunction with various marketing actions such as events.

Personal data may also be collected from and updated using the registers of other companies belonging to the same group as ARNON Oy.

REGULAR DISCLOSURE OF DATA

Personal data is not regularly disclosed to any other party.

TRANSFER OF DATA OUTSIDE THE EU OR EEA

Personal data may be transferred outside the EU or the EEA. In such cases, the provisions of the Personal Data Act will be adhered to.

PRINCIPLES FOR PROTECTING THE FILE

Users of the file are identified on the basis of their user ID and/or online identification. Access rights are granted to groups of people who need such rights to discharge their working duties. These people may also include employees of external service providers.

RIGHT OF INSPECTION

In accordance with the Personal Data Act, data subjects are entitled to check what personal data is stored about them in the file. The inspection request must be sent in writing to the contact person responsible for handling matters related to the file, and the request must be signed.

DIRECT MARKETING PROHIBITION AND RIGHT TO DEMAND CORRECTION OF DATA

Data subjects are entitled to prohibit the processing of personal data related to them for the purpose of direct marketing by contacting the controller’s contact person stated above.

Direct marketing prohibition

Information concerning marketing and sales promotion

Information concerning customer relationship management and customer contact

Information concerning the use of electronic services and content, technical information sent to the controller’s server by the data subject’s browser (IP address, browser type and browser version), and cookies sent to the data subject’s browser and related information.

Data subjects are entitled to demand the correction of incorrect, incomplete or out-of-date personal data about them. The controller is obliged to correct this data without undue delay. The correction request must be made in writing and sent to the contact people named above.

EMPLOYEES’ PRIVACY STATEMENT

Controller: ARNON Oy (business ID: 1589454-5) and ARNON Solutions Oy (business ID: 0810902-7)

Address: Hyllilänkatu 15, 33730 Tampere, Finland

Contact details: firstname.lastname@arnon.fi; +358 10 5265000

Contact person in matters concerning the file:
Anni-Maria Kauppila
Address: Hyllilänkatu 15, 33730 Tampere, Finland
Contact details:
anni-maria.kauppila@arnon.fi;
+358 10 5265000

Name of the file: Employee register (HRM and HRD)

Purpose of
personal data processing: The register contains data needed by ARNON Oy and ARNON Solutions Oy for the purposes of employee payroll and competence development, as well as for monitoring working time.
Personal data processing is necessary in order to comply with the controller’s statutory obligations and, as such, data collection is based on the law and express consent for data processing is not requested for this reason.

Users sign in to the system with their own personal user IDs and passwords. Log data enables retrospective verification of sign-ins and changes.

The payroll is outsourced to Accountor Oy, and a separate appendix to the agreement has been prepared concerning personal data processing.
Data content of the file: The file may contain job applicants’ information, including their name, address, post town, phone number, email address, date of birth, personal ID code, job, form of employment relationship, start and end date of the employment relationship, cost centre, supervisor, salary details, bank account number, tax details, education details, courses attended, qualifications, permits, Mepco user ID, working time start and end times.

Regular data sources:

Data is collected from employees themselves when the employment contract is signed. Education data is updated during the employment relationship. Everybody is responsible for entering their own working times.

Regular disclosure of data:
Data is not disclosed to third parties without the data subjects’ consent.

Transfer of data outside the EU or EEA:
Data is not transferred outside the EU or EEA.

Principles for protecting the file:

Employment contracts and material affecting manual salary payment is stored in a locked area that can only be accessed by the employees of ARNON Oy or ARNON Solutions Oy who handle the payroll.
The system supplier, Accountor Oy, is responsible or protecting the file.

Right of inspection:

In accordance with Section 26 of the Personal Data Act, data subjects are entitled to check what data is stored about them in the file. Data subjects can view their own data themselves by signing in to the system with their own personal user IDs. If a data subject does not have a personal user ID, the data subject may present a verbal or written inspection request to the controller.

Right to demand correction of data:

If there are errors in a data subject’s data, the data subject may present a request to the controller for the error to be corrected.
Other rights related to personal data processing:
Data subjects are entitled to request that their data be erased. The erasure request must be presented in writing to the contact person for the file, and the request must be signed.

Privacy statement
Controller: ARNON Oy (business ID: 1589454-5) and ARNON Solutions Oy (business ID: 0810902-7)

Address: Hyllilänkatu 15, 33730 Tampere, Finland

Contact details: firstname.lastname@arnon.fi; +358 10 5265000

Contact person in matters concerning the file: Hanna-Leena Vihervaara

Address: Hyllilänkatu 15, 33730 Tampere, Finland

Contact details: hansku.vihervaara@arnon.fi; +358 10 5265000

Name of the file:
Register for sending the internal newsletter

Purpose of personal data processing:
The file contains information needed by ARNON Oy and ARNON Solutions Oy for the purpose of sending the internal newsletter. The newsletter is sent using the Mail Chimp system.

Data content of the file:
The file includes the data subject’s name and email address, as well as analytics on the number of times the newsletter is read.

Regular data sources:
Email addresses are collected at the beginning of the employment relationship.

Regular disclosure of data:
Data is not disclosed to third parties without the data subjects’ consent.

Transfer of data outside the EU or EEA:
Data is not transferred outside the EU or EEA.

Principles for protecting the file:
The file is saved on Hanna-Leena Vihervaara’s computer, which nobody else can access.

Right of inspection:
In accordance with Section 26 of the Personal Data Act, data subjects are entitled to check what data is stored about them in the file. Data subjects may ask to inspect their data by requesting this from the controller verbally or in writing.

Right to demand correction of data:
If there are errors in a data subject’s data, the data subject may present a request to the controller for the error to be corrected.
Other rights related to personal data processing:
Data subjects are entitled to request that their data be erased. The erasure request must be presented to the contact person for the file verbally or in writing.