PRIVACY POLICY

Please find below more information on Aller data protection policy and on how we collect data, for which purposes, how we store data and how you can exercise your rights.

Controller and Data Protection Officer

This statement covers the commercial registers under the Aller Finland Group and its subsidiaries.

Aller Media Oy (Business ID: 0872238-2) and the group members belonging to the same group with it each time...

Aller Media Oy (Business ID: 0872238-2) and the group members belonging to the same group with it each time, currently Suomi24 Oy (Business ID: 2154432-2), Data Refinery Oy (Business ID: 2848544-1) and Dingle Oy (Business ID: 2289652-2) [hereinafter referred to as the “Controller”]

Address: Pursimiehenkatu 29-31 A, FI-00150 Helsinki, Finland
Tel.: +358 75 328 5102
E-mail: tietosuoja@aller.com

Data Protection Officer at Aller Finland Group: Mari Lamberg

What do we mean by the different terms?

In this statement, we use the following terms: personal data, data subject, customer, potential customer and interest group.

‘Personal data’ means the data related to any identified or identifiable natural person

‘Personal data’ means the data related to any identified or identifiable natural person (hereinafter referred to as the “data subject”), such as the name, address and phone number. An identifiable person is any person who is identifiable, directly or indirectly, on the basis of the various pieces of information concerning them.

‘Data subject’ means the person whose data we process in our person register.

A ‘Customer’ means those consumers and the contact persons of those companies and other organisations (hereinafter referred to as the ‘company’) who we have a customer relationship with.

‘Potential customers’ mean those consumers and the contact persons of those companies who we aim to create a customer relationship with.

‘Interest groups’ mean those consumers and the contact persons of those companies we are partnering with (representatives of companies producing services for us, for example) or are connected to by other means (decision-makers in society related to our community relations).

What purposes are my personal data processed for?

We process personal data for the delivery of products and services, customer communication, customer and interest group management, development and analysis, marketing and development of products and services.

The Controller processes the personal data of the data subjects for the following purposes...

The Controller processes the personal data of the data subjects for the following purposes (for one or more purposes simultaneously):

Delivery of products and services

We can process your personal data to deliver products and services if you or the company you represent have purchased a product or service from us, registered to use our digital services, ordered our content to your e-mail or participated in our events. Personal data are used for carrying out the rights and obligations based on our mutual agreement or other commitment.

Customer communication

We may use your personal data in our customer communication, for example, to send you notifications related to our products and services, change notes and to ask you for feedback.

Development and analysis of customer and interest group relations

We may use your personal data for the management, development and analysis of the customer or interest group relationship.

Marketing

We may contact you to tell you about new products, services and benefits. We may use your personal data to provide you with relevant content and to customise our offering. We may, for example, give recommendations or show customised content and customised advertisements in our own and third-party services.

Product and service development

We may use your personal data to develop our products and services, for example, to improve the portfolio and various kinds of content.

On what grounds are my personal data processed?

We process your personal data on the basis of your consent to fulfil a contractual or statutory obligation or on the basis of a legitimate interest.

The legal foundation for the processing of personal data is the following...

The legal foundation for the processing of personal data is the following paragraphs in Article 6 of the General Data protection Regulation of the EU (GDPR):

a) you have given your consent to the processing of your personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the Controller is subject; and

d) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or your fundamental rights and freedoms which require the protection of personal data.

We process your data to execute the agreement with you or the company you represent (e.g. realisation of the subscription of a magazine or a digital service).

We and our partners have legitimate interests pertaining to doing our business, such as the right to promote the sales of our products and services by means of marketing and sales.

Based on a legitimate interest, we may, inter alia, exercise direct marketing and sales using your contact information, including the processing of your personal data for profiling.

Other legitimate interests, based on which we may process your personal data, are consulting and other customer service to non-customers, further development of the business and prevention and investigation of potential misconduct.

If the processing of personal data is not based on contractual needs or a legitimate interest, we may request your consent for another kind of processing of personal data.

In addition, we may process your personal data when the legislation obliges us to do so, for example, when the Bookkeeping Act so requires.

What kind of data types are processed about me?

We process basic information such as name, contact information and direct marketing options selected, purchase and order information like order history, customer communication and the use of digital services.

In addition, we process supplementary information of company representatives and information related to participating in our events.

The personal data we have collected may contain the following...

The personal data we have collected may contain the following types of information and the changes thereto:

  1.    Basic information of all data subjects
  • forename and surname
  • contact information (mailing address, e-mail address, phone numbers)
  • gender
  • direct marketing options selected
  • communication targeted to data subjects and related activities
  • recordings of customer service calls and e-mail discussions and online chats related to customer service in social media channels, for example

 

  1. Supplementary information of those who have purchased the Controller’s products or services or those registered as their users
  • the time and means of the beginning and the end of a customer or corresponding relationship
  • campaigns targeted to customers and their use
  • areas of interest reported by customers or other information
  • content of feedback and complaints, related correspondence and further action
  • user IDs for digital services
  • information on using digital services
  • information on cookies sent to terminal equipment (such as computers and mobile appliances) and other corresponding functionalities of data subjects and on the data collected by them if the person is identifiable based on this information

 

  1. Supplementary information on company representatives
  • title and/or job description in the current and former work related to Controller’s activities

 

  1. Information on the data subjects who have participated in events organised by the Controller
  • dietary information (specific information voluntarily provided by the user)
  • date of birth for events for which a shipping line, for example, requires to have the information
  • names of and dates of birth of travelling companions when, for example, a shipping line so requires

What sources are my personal data collected from?

We collect data, for example, when a customer subscribes to a magazine or digital services, participates in competitions and from external data sources.

Most of the information is derived from you at the beginning of a customer and interest group relationship...

Most of the information is derived from you at the beginning of a customer and interest group relationship and during it and from the software with which you use our products and services.

In addition, we receive personal data and their updates from the authorities and organisations which offer acquisition and update services of personal data and credit history as well as from public directories and other public sources of information, such as company websites and social media channels.

As regards the representatives of companies, we also receive personal data from their colleagues. In other words, the main contact person of a company may also tell us more personal data about their colleagues.

Who can my personal data be shared with?

The data can be shared with our subcontractors for delivering magazines and for producing various services, and to our partners only upon careful consideration, inter alia, for the implementation of direct marketing campaigns.

We do not give, sell or otherwise disclose your personal data to outsiders unless...

We do not give, sell or otherwise disclose your personal data to outsiders unless mentioned otherwise in the following.

We may share your personal data to third parties providing services for us, i.e. to the so-called processors of personal data. These services include, for example, customer service, marketing, software R&D services, research activities and event management.

We may share your personal data for the collection of open invoices and may transfer or sell unpaid invoices to third parties offering collection services.

We do not permit the said parties to use the information for any purposes other than for producing the services in question to us in compliance with this privacy statement and the applicable legislation.

We share your personal data with partners that we carry out projects with, such as events.

We may share your personal data with carefully considered third parties for joint or independent direct marketing purposes and contact information updates. The data can be shared for the said purposes only when the planned use of the third party is not contrary to the uses we have defined in this privacy statement.

We may share your information in conjunction with a company acquisition or similar arrangement or when our business is transferred to another company, and upon the order of a court or similar instance.

We may, at our discretion, share the personal data of people participating in our events to other participants of the event and if appropriate due to the nature of the event (for example an event organised for our interest groups).

Is my personal data sent outside the EU area?

We may transfer data outside the country in which they are used. In this way, we ascertain that the transfer can be done legally, the data are protected and our contractual partners observe the GDPR.

To conduct our business, we may use...

To conduct our business, we may use resources and servers in various locations around the world.

We may transfer your personal data outside the country in which they are used and possibly also to countries outside the EU area whose data protection legislation is different.

In these cases, we shall ensure that there are legal grounds for transferring the data and that your personal data are protected, for example, by using (when necessary) standard agreements and processor agreements approved by the authorities, and by requiring compliance with appropriate technical and other data protection measures.

Is my personal data used for profiling?

We may exploit data analytics and modelling the outcome of which is profiling. We will use profiling to produce personal content or to target our marketing communication.

We may exploit your personal data for profiling, in other words ...

We may exploit your personal data for profiling, in other words analyse them automatically and evaluate certain personal properties of yours especially by analysing or anticipating characteristics which are related to your personal preferences, areas of interest and behaviour.

In this way, we will be able to better serve our customers, to develop our products and services to better meet our customers’ wishes and to target content and marketing in the most appropriate way.

We do not make automatised individual decisions, which would bring legal or other consequences comparable in their gravity. The consequences of the profiling we exercise mostly appear in the form of personalising and targeted advertising to selected target groups.

How long do you keep processing my personal data?

The processing times of the personal data of various person groups are based on different criteria depending on the processing criteria and legislation.

We shall keep processing your personal data as long as...

We shall keep processing your personal data as long as we have any valid criterion for the processing described in this privacy statement, and for a reasonable period thereafter.

The processing period of various person groups is determined on the basis of the following criteria:

Consumer customers

We can process your personal data as long as you are our customer and until the end of the third year after the year your customership ended.

Thereafter, we can transfer the necessary personal data to our marketing register and treat you again as a potential customer.

Business customer representatives

We can process your personal data as long as you represent our business customer and until the end of the third year after the year your customership ended.

Then, we can transfer the necessary personal data to our marketing register and treat you again as a potential business customer representative.

Potential consumer customers and representatives of potential business customers

We can process your personal data for the time being until you become our customer or until you require your information to be erased from our marketing register.

Interest group members

We can process your personal data as long as you are a member of an interest group like representing our partner, and to the end of the calendar year when you have ended your customership.

How can I use the rights related to my personal data?

You can exercise your rights by using any of the enclosed forms or by itemising your request by sending it to one of the addresses listed below depending on the group you belong to.

As a data subject, you have various opportunities to influence the processing...

You can exercise your rights by using any of the enclosed forms or by itemising your request by sending it to one of the addresses listed below depending on the group you belong to.

As a data subject, you have various opportunities to influence the processing of your personal data. As a rule, we shall carry out your request within a month’s time. You can exercise your rights by sending a request to our customer service using the enclosed forms when you wish to inspect your information, request your information to be erased or oppose their processing. In any other cases, please itemise a free-form request. Please note that we must always be able to identify the person who requests the information/processing.

Data inspection form: Inspection request form
• Data erasure request form (including opposing the processing): Erasure request form
• Other requests are free-form, itemise what your request concerns

 

Send the form or the itemised request either by e-mail or to the address Aller Media Oy, Pursimiehenkatu 29-31 a, FI-00150 Helsinki, Finland:

Subscriber to Aller’s magazines or a service user: asiakaspalvelu@aller.fi, tel. +358 75 328 5102
(8.8 c/min + lnf/mcf, queuing included)
• Business customer: rekisteriasiat@aller.com
• Employee, former employee or job applicant: hr@aller.com
• Registered users of Suomi24, Suomi24 Posti, Treffit – and Yksille services: You can inspect and remove your profile using your own credentials in the service. Enquiries: palaute@s24.fi

The rights belonging to you are (the extent of the rights depends on what processing criterion the processing of your personal data is based on, i.e. all of the rights listed below are not available to you in all situations):

a) Right to access the personal data collected about you. In practice, this is realised so that, according to your appropriate and identified request, we will provide you with a report on the personal data which has been collected about you in the person register.

b) Right to request for the rectification or erasure of the data collected about you. If you notice any errors or shortcomings in the data, you can submit a request for rectification to us.

c) The right to request the erasure of the data collected about you. If any of the following criteria are fulfilled and no obligation of data retention remains due to legislation or a regulation by the authorities, we shall have the obligation to erase the personal data you have requested from the person register:

  1. your personal data are no longer needed for the purpose they were originally processed for;
  2. you cancel the consent you have given and no other legal grounds remain for the processing;
  3. you oppose the processing in relation to your specific situation and no justified reason for the processing exists or you oppose the processing of your personal data for direct marketing;
  4. your personal data has been processed against the law;
  5. your personal data must be erased to comply with a statutory obligation based on the court of the European Union or Finnish legislation applicable to the Controller; or
  6. your personal data has been collected in conjunction with offering information society services, such as ordering digital services from the Controller.

d) The right to request the limitation of the data collected about you. You can ask us to limit the processing of your personal data if:

  1. you deny the correctness of the personal data we have about you:
  2. the processing is illegal and instead of data erasure you request the limitation of its use;
  3. we do not need the personal data in question for processing purposes, but you need them for composing, presenting or defending a legal claim;
  4. you have opposed the processing of personal data while waiting for verification as to whether our legitimate grounds overrule yours.

e) The right to oppose the processing of personal data concerning you. If we process your data on the basis of a legitimate interest, you shall have the right on the basis of the grounds related to your specific personal situation to oppose the processing of your personal data. All the persons included in the registers covered by this privacy statement shall have the right to oppose the processing of their personal data for direct marketing.

f) The right to transfer the information you have given from one system to another. If the automatic processing of your personal data is based on your consent or an agreement, you shall have the right to receive the data you have submitted to us in an organised, commonly used and machine-readable form and have the right to transfer the data to another controller.

g) The right to cancel your consent. If all or a part of your personal data are processed in this register on the basis of your consent, you shall have the right to cancel the consent you have given.

h) The right to submit a complaint to supervisory authorities. If a potential dispute concerning the processing of your personal data is not settled in an amicable way between us, you shall have the right to take the matter to be resolved by a data protection authority.

How can this data protection information be updated?

When necessary, we shall update the data protection information, for example, when developing our services or processing methods to keep up with the changing legislation.

We are continuously developing our business and it may also mean...

We are continuously developing our business and it may also mean changes related to the processing of personal data.

When necessary, we shall update the privacy statement to correspond to the changes in measures. These changes may also be based on changes in the legislation. We recommend that you familiarise yourself with the content of this privacy statement on a regular basis.

If we begin to process your personal data for any purposes other than what your personal data were originally collected for, we shall notify you of the matter and of the updated privacy statement before the further processing in question.

With regards to other changes, we shall notify you of updating the privacy statement on our website.

Other terms and conditions

Finnish legislation and the GDPR shall, inter alia, be applied for the processing of registers under the scope of this privacy statement.

To fulfil the contractual obligations related to our relationship, we need to...

To fulfil the contractual obligations related to our relationship, we need to process your personal data.

Without the needed personal data, we cannot provide you with the products and services in conjunction of which it is necessary to process personal data, such as subscriptions to magazines and digital services which require your registration.

The Finnish legislation and EU legislation such as the GDPR directly applicable in Finland shall be applied for the registers under the scope of this privacy statement and for the processing of personal data in them.

Are cookies saved on my computer?

We use cookies and other techniques for the production, development and targeted advertising of our digital services.

We collect information on, for example, how you use our services, what browser you use and what parts of the service you have been browsing. We cannot use the cookies to identify you.

We use cookies and other techniques for...

We use cookies and other techniques for the production, development and targeted advertising of our digital services.

We collect information on, for example, how you use our services, what browser you use and what parts of the service you have been browsing. We cannot use the cookies to identify you.

Most of the techniques we use serve as prerequisites for delivering and developing the service.

We need the cookies to ensure that our service is working and that we can develop it to improve it and to provide you with content which you may find interesting.

We will ask for your permission to use the cookies for targeted advertising. We think that these cookies area beneficial to you to receive advertising that you may find interesting.

We use the OneTrust tool which you can also use to manage the settings of the cookies related to targeted advertising and block their use if you wish.

The cookie settings are defined separately for each website. You can access the tool through the cookie banner and the links at the bottom of the website.

Cookie information

Through the mediation of the digital services (hereinafter referred to as ‘Service’) of the Aller Group (Aller Media, Suomi24, Data Refinery, Dingle = hereinafter referred to as ‘Aller’), cookies and other similar techniques can be used to collect information related to the terminal equipment or Service you use, such as from what page the user has come to the Service, what browser the user is using or when and what parts of the Service the user has been browsing. A user cannot be identified solely with the help of cookies.

A cookie is a small text file with which the operation of an individual piece of terminal equipment is identified on a website. The user may prevent the use of cookies if they wish to do so.

We have divided cookies into different categories on the basis of how these cookies are used. We use cookies which are necessary for the production and development of services and for service experience and targeted advertising.

Cookies and their management

A cookie is a small text file which can be sent to the user’s terminal equipment through the Service.

The cookies do not move across the Internet on their own but are rather set for the user’s terminal equipment only with a website called by a user. The cookies contain an anonymous, unique ID with which Aller can calculate and identify the browsers visiting the Service.

In addition to cookies, Aller may use other similar technologies. The cookies cause no harm for using the computer or browsing in the Internet. The cookies are ordinary text files which cannot contain viruses. In this cookie information, all of them are jointly referred to as cookies.

A user cannot be identified solely with the help of cookies. The data obtained with the help of cookies and other corresponding techniques can be linked to data obtained in other contexts, considering the valid data protection legislation.

The user is encouraged to also familiarise themselves with other data protection information of Aller where the processing of the personal data of identifiable persons is described.

The user may, if they wish to do so, prevent the use of certain kinds of cookies by changing the browser settings.

Typically, in the Settings section of a browser there are buttons related to cookie options. The user must, however, take into account that the use of cookies or their removal may impair the use of the Service or some of its parts or functionalities, or even totally prevent its use.

The user may, if they wish to do so, delete the cookies from the browser on a regular basis. Deleting the cookies in practice zeroes the user data on the basis of which advertising has been targeted to the user. Thus, deleting the cookies does not prevent the collection of user data and targeted advertising, for example, but it does delete the information on the basis of which advertising has been targeted previously.

We are happy to answer to users’ questions related to cookies. You can contact us at:

Aller Media Oy, Pursimiehenkatu 29-31 A, FI-00150 Helsinki, Finland
Tel.: +358 9 862 17 000
E-mail: tietosuoja@aller.com

Cookie types

  1. Necessary cookies

The necessary cookies include, inter alia, cookies with which the user need not insert the user IDs, passwords and personalisation options again and again.

In its Service, Aller also provides so-called first-party advertising, i.e. advertising offered by Aller. This kind of first-party advertising is part of the Service offered by Aller to the user, which is why Aller does not provide the user an opportunity to prevent first-party advertising in Aller’s Service.

  1. Service development and service experience

The purpose of cookies is to enable the use of the Service for the users, to process the numbers of user and other Service related data and to enable and realise development work related to information security. Their purpose of use is to analyse and to develop a Service to better meet the individual needs of its users.

Aller can use cookies, for example, to find out whether the marketing e-mails sent to the user by Aller have been opened and whether any action has been taken because of them, such as clicking of the links included in the e-mail.

  1. Targeted advertising

Aller also uses commercial cookies which can be used to target the marketing of Aller and selected third parties on external websites based on, for example, what kind of content the user has been searching for or what websites they have been viewing. These cookies are often saved on the user’s computer by a third party acting as Aller’s partner.

With cookies and other corresponding techniques, advertising can be targeted to the user on the basis of their areas of interest.

With the help of cookies, the system will also recognise whether the use has seen the advertisement before and, as a result, the same advertisements are not shown repeatedly to the user. Cookies can also be used for the targeted advertising carried out by third parties.

Aller may create target group segments based on the visited websites over a period under review. In this way, these target group segments can be provided with content and marketing which those concerned will probably find interesting.

In addition, one purpose is to enable for the user the kind of content and marketing both in the Service and outside it which they will probably find interesting by utilising retargeting, for example.

The user may, if they wish to do so, prevent the targeted marketing based on this kind of browser use on the Internet and on mobile equipment when there is a third party involved in targeting in addition to Aller.

If the user does not want advertising to be targeted at them on the basis of browser use, they can prevent the targeting by using the OneTrust service. After the targeted advertising has been prevented, the user will still be shown advertisements, but their content will no longer be targeted at the user.

You can edit your targeting cookie permissions also through external services, e.g. NAI Consumer Opt Out.

The user must take into account that targeted advertising based on browser use shall be prevented separately in each browser that the user is using.