Privacy statement of the Fintraffic.fi web service
1 Introduction
2 Controller
Name: Traffic Management Company Fintraffic Ltd
Business ID: 2942108-7
Address: Palkkatilanportti 1, 00240 Helsinki, Finland
Telephone switchboard: +358 29 450 7000
Controller's representative: viestinta(at)fintraffic.fi, +358 29 450 7000
Group Data Protection Officer: privacy(at)fintraffic.fi, +358 29 450 7000
3 Categories of data subjects and personal data we process
Categories of data subjects
The Fintraffic.fi website is open to everyone. Data is collected and processed on data subjects visiting and using the online service.
With regard to media releases, information from suppliers and stakeholders is processed.
Personal data we process
The following information can be processed on website users:
- Forename and surname
- Company/organisation the data subject represents
- Postal address
- E-mail address
- Phone number
- Information on the subscription to Fintraffic’s newsletter
- Information on the subscription to Fintraffic’s news releases
- Customer service
- Comments or contacts made on the service
- Permits and consents, if any
The website also uses cookies to collect information for different purposes. Some cookies are necessary for the operation of the site. Cookies collect analysis and statistical data about the use of our online service and are used to improve your user experience when you visit our website. They are also used for statistics on website visitor traffic. More detailed information about cookies can be found in our cookie policy.
4 Data sources
The data collected on the use of the Fintraffic.fi online service is collected from the data subject when they use the online service.
Data collected from the data subject
- Forename and surname
- Company/organisation the data subject represents
- Postal address
- E-mail address
- Phone number
- Information on the subscription to Fintraffic’s newsletter
- Information on the subscription to Fintraffic’s news releases
- Customer service
- Comments or contacts made on the service
- Permits and consents, if any
- Cookies
5 Purpose and legal basis of processing
Purpose of processing
The data that you provide is processed so that we can send customer and stakeholder communications, send newsletters and media releases, handle customer feedback and provide customer service. The data collected when you use our online services is processed to improve the user experience and to collect visitor statistics. We also process your personal data to the extent that is necessary to ensure data security in the online services.
Legal basis for the processing of personal data
The personal data referred to in this privacy statement are processed in accordance with the EU General Data Protection Regulation’s Article 6(1)
- (a) with the consent of the data subject
- (f) in the legitimate interest of the controller.
| LEGAL BASIS | PROCESSING PURSUANT TO THE BASIS |
| Data subject’s consent |
|
| Legitimate interest pursued by the controller |
|
6 Disclosure of data and data recipients
The controller uses instructions and written data processing agreements to ensure that each recipient complies with the regulations related to the processing of personal data.
Other companies belonging to the controller's group may process your personal data on the basis of the legitimate interest of the controller. However, your data is disclosed and processed within the group only to the extent necessary to implement the purposes described in this privacy statement.
Your data can be disclosed to the following parties:
Disclosure of personal data to processors
We may use subcontractors for the technical maintenance and development of our online service, managing and analysing user data, conducting customer surveys or sending customer communications.
The following service providers are used for website functions:
Cookies
- Matomo (InnoCraft Limited, ePrivacy Holding GmbH)
Website maintenance
- Wunder Finland Oy
Newsletters and media releases:
- Meltwater Finland Oy
- LianaMailer (Liana Technologies Oy)
The processor of personal data may only process data in accordance with instructions issued by the controller.
Transfers of personal data outside the EU or EEA countries
Some of the service providers used by Fintraffic may be located, operate or store data outside the EU and the EEA. Such service providers for the personal data referred to in this statement shall be:
- Meltwater Finland Oy (US & Canada)
We carry out such transfers as required by law, for example, using standard contractual clauses adopted by the EU Commission, so as to ensure that your personal data is adequately protected. We ensure that your personal data is processed in accordance with this privacy policy no matter where your data is processed.
7 Data storage
Your personal data will only be processed for the period and to the extent necessary for the purposes listed in this privacy statement. When the legal basis for processing no longer exists or personal data is no longer needed, the data will be properly destroyed.
For a newsletter subscription based on the data subject's consent, the data will be deleted as soon as the subscription ends. Media releases will be sent to journalists who may leave the subscription list if they so wish, and the data will be deleted as soon as the subscription ends.
You can check the cookie menu for the up-to-date cookie retention periods.
8 Protection of personal data
The controller has access to appropriate technical and organisational personal data protection measures. With these measures, the controller ensures that the data subject’s personal data are not accidentally or unlawfully destroyed, lost or altered. The controller also ensures that the data are not disclosed without authorisation and cannot be accessed by anyone who does not have the right to process the data.
9 Rights of the data subject
Right to obtain information on the processing of their own data, right of access to their data and right to request rectification of their data
You have the right to be informed by the controller of whether your personal data is being processed. If your personal data is being processed, you have the right to receive a copy of your personal data and information on the purposes of the processing and other matters related to the nature of the processing.
If your personal data is incomplete or otherwise incorrect, you can demand that the controller rectify your data.
Right to request the erasure or restricting the processing of data and the right to object to processing
You may require that the controller delete your personal data, for example, when the controller no longer needs your personal data for the original purpose, your personal data is being unlawfully processed in your opinion, or you withdraw your consent as the legal basis for the processing of your data. However, if the retention of your personal data is necessary to establish, present or defend a legal claim, the controller is not under any obligation to delete your data.
You may require that the controller restrict the processing of your personal data to only include its storage, for example when it is unclear whether your personal data is accurate or being lawfully processed.
When the legal basis for the processing of your data is the legitimate interest of the controller, the public interest or the exercise of public authority, you have the right to object to the processing of your data on the basis of your personal, special situation. However, if there is a significant and justified reason for processing that overrides your rights, the processing of your data can continue.
Right to withdraw consent
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. After your consent has been withdrawn, the controller may no longer process your personal data for which your consent was the only grounds for processing. Withdrawal of consent shall not affect the lawfulness of processing carried out before the withdrawal of consent.
Right to require the technical transfer of their data from one controller to another (data portability)
If the processing is based on your consent or the implementation of an agreement and it is carried out automatically, you have the right to require the transfer of your data technically directly from one controller to another.
Exercise of the data subject's rights
As a rule, the actions the controller takes due to your request are free of charge for you. However, you must be able to identify yourself reliably for your request to be approved. Therefore, if necessary, the controller may require you to prove your identity at the time of your request.
The controller will respond to your request without undue delay and, as a rule, within one month of receiving the request.
10 Referral to the Data Protection Ombudsman
If you feel that your personal data has been processed in a manner that does not comply with data protection legislation, you may lodge a complaint with the supervisory authority. The Office of the Data Protection Ombudsman acts as the competent supervisory authority in Finland:
Street address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: PO Box 800, 00531 Helsinki, Finland
Switchboard: +358 29 566 6700
Registry: +358 29 566 6768
Email (registry): tietosuoja(at)om.fi
However, the controller would appreciate if you could first notify the controller of the matter. For further information on the data subject's rights please see https://tietosuoja.fi/yksityishenkilot.