Please find below more information on Aller data protection policy and on how we collect data, for which purposes, how we store data and how you can exercise your rights.
Controller and Data Protection Officer
This statement covers the commercial registers under the Aller Finland Group and its subsidiaries.
Aller Media Oy (Business ID: 0872238-2) and the group members belonging to the same group with it each time...
Aller Media Oy (Business ID: 0872238-2) and the group members belonging to the same group with it each time, currently Suomi24 Oy (Business ID: 2154432-2), Data Refinery Oy (Business ID: 2848544-1) and Dingle Oy (Business ID: 2289652-2) [hereinafter referred to as the “Controller”]
Address: Lintulahdenkuja 10 A, FI-00500 Helsinki, Finland
Tel.: +358 75 328 5102
Data Protection Officer at Aller Finland Group: Mari Lamberg
What do we mean by the different terms?
In this statement, we use the following terms: personal data, data subject, customer, potential customer and interest group.
‘Personal data’ means the data related to any identified or identifiable natural person
‘Personal data’ means the data related to any identified or identifiable natural person (hereinafter referred to as the “data subject”), such as the name, address and phone number. An identifiable person is any person who is identifiable, directly or indirectly, on the basis of the various pieces of information concerning them.
‘Data subject’ means the person whose data we process in our person register.
A ‘Customer’ means those consumers and the contact persons of those companies and other organisations (hereinafter referred to as the ‘company’) who we have a customer relationship with.
‘Potential customers’ mean those consumers and the contact persons of those companies who we aim to create a customer relationship with.
‘Interest groups’ mean those consumers and the contact persons of those companies we are partnering with (representatives of companies producing services for us, for example) or are connected to by other means (decision-makers in society related to our community relations).
What purposes are my personal data processed for?
We process personal data for the delivery of products and services, customer communication, customer and interest group management, development and analysis, marketing and development of products and services.
The Controller processes the personal data of the data subjects for the following purposes...
The Controller processes the personal data of the data subjects for the following purposes (for one or more purposes simultaneously):
Delivery of products and services
We can process your personal data to deliver products and services if you or the company you represent have purchased a product or service from us, registered to use our digital services, ordered our content to your e-mail or participated in our events. Personal data are used for carrying out the rights and obligations based on our mutual agreement or other commitment.
We may use your personal data in our customer communication, for example, to send you notifications related to our products and services, change notes and to ask you for feedback.
Development and analysis of customer and interest group relations
We may use your personal data for the management, development and analysis of the customer or interest group relationship.
We may contact you to tell you about new products, services and benefits. We may use your personal data to provide you with relevant content and to customise our offering. We may, for example, give recommendations or show customised content and customised advertisements in our own and third-party services.
Product and service development
We may use your personal data to develop our products and services, for example, to improve the portfolio and various kinds of content.
On what grounds are my personal data processed?
We process your personal data on the basis of your consent to fulfil a contractual or statutory obligation or on the basis of a legitimate interest.
The legal foundation for the processing of personal data is the following...
The legal foundation for the processing of personal data is the following paragraphs in Article 6 of the General Data protection Regulation of the EU (GDPR):
a) you have given your consent to the processing of your personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the Controller is subject; and
d) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or your fundamental rights and freedoms which require the protection of personal data.
We process your data to execute the agreement with you or the company you represent (e.g. realisation of the subscription of a magazine or a digital service).
We and our partners have legitimate interests pertaining to doing our business, such as the right to promote the sales of our products and services by means of marketing and sales.
Based on a legitimate interest, we may, inter alia, exercise direct marketing and sales using your contact information, including the processing of your personal data for profiling.
Other legitimate interests, based on which we may process your personal data, are consulting and other customer service to non-customers, further development of the business and prevention and investigation of potential misconduct.
If the processing of personal data is not based on contractual needs or a legitimate interest, we may request your consent for another kind of processing of personal data.
In addition, we may process your personal data when the legislation obliges us to do so, for example, when the Bookkeeping Act so requires.
What kind of data types are processed about me?
We process basic information such as name, contact information and direct marketing options selected, purchase and order information like order history, customer communication and the use of digital services.
In addition, we process supplementary information of company representatives and information related to participating in our events.
The personal data we have collected may contain the following...
The personal data we have collected may contain the following types of information and the changes thereto:
- Basic information of all data subjects
- forename and surname
- contact information (mailing address, e-mail address, phone numbers)
- date of birth
- language (Finnish, Swedish, other)
- direct marketing options selected
- communication targeted to data subjects and related activities
- recordings of customer service calls and e-mail discussions and online chats related to customer service in social media channels, for example
- Supplementary information of those who have purchased the Controller’s products or services or those registered as their users
- the time and means of the beginning and the end of a customer or corresponding relationship
- campaigns targeted to customers and their use
- purchase and payment information
- areas of interest reported by customers or other information
- content of feedback and complaints, related correspondence and further action
- user IDs for digital services
- information on using digital services
- information on cookies sent to terminal equipment (such as computers and mobile appliances) and other corresponding functionalities of data subjects and on the data collected by them if the person is identifiable based on this information
- Supplementary information on registered users of Treffit24 -dating service
- interest and description information provided in your dating profile and photo
- sensitive information if registered user chooses to give them ( racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health or data concerning a natural person’s sex life or sexual orientation)
- Supplementary information on company representatives
- title and/or job description in the current and former work related to Controller’s activities
- Information on the data subjects who have participated in events organised by the Controller
- dietary information (specific information voluntarily provided by the user)
- date of birth for events for which a shipping line, for example, requires to have the information
- names of and dates of birth of travelling companions when, for example, a shipping line so requires
What sources are my personal data collected from?
We collect data, for example, when a customer subscribes to a magazine or digital services, participates in competitions and from external data sources.
Most of the information is derived from you at the beginning of a customer and interest group relationship...
Most of the information is derived from you at the beginning of a customer and interest group relationship and during it and from the software with which you use our products and services.
In addition, we receive personal data and their updates from the authorities and organisations which offer acquisition and update services of personal data and credit history as well as from public directories and other public sources of information, such as company websites and social media channels.
As regards the representatives of companies, we also receive personal data from their colleagues. In other words, the main contact person of a company may also tell us more personal data about their colleagues.
Is my personal data sent outside the EU area?
We may transfer data outside the country in which they are used. In this way, we ascertain that the transfer can be done legally, the data are protected and our contractual partners observe the GDPR.
To conduct our business, we may use...
To conduct our business, we may use resources and servers in various locations around the world.
We may transfer your personal data outside the country in which they are used and possibly also to countries outside the EU area whose data protection legislation is different.
In these cases, we shall ensure that there are legal grounds for transferring the data and that your personal data are protected, for example, by using (when necessary) standard agreements and processor agreements approved by the authorities, and by requiring compliance with appropriate technical and other data protection measures.
Is my personal data used for profiling?
We may exploit data analytics and modelling the outcome of which is profiling. We will use profiling to produce personal content or to target our marketing communication.
We may exploit your personal data for profiling, in other words ...
We may exploit your personal data for profiling, in other words analyse them automatically and evaluate certain personal properties of yours especially by analysing or anticipating characteristics which are related to your personal preferences, areas of interest and behaviour.
In this way, we will be able to better serve our customers, to develop our products and services to better meet our customers’ wishes and to target content and marketing in the most appropriate way.
We do not make automatised individual decisions, which would bring legal or other consequences comparable in their gravity. The consequences of the profiling we exercise mostly appear in the form of personalising and targeted advertising to selected target groups.
How long do you keep processing my personal data?
The processing times of the personal data of various person groups are based on different criteria depending on the processing criteria and legislation.
We shall keep processing your personal data as long as...
We shall keep processing your personal data as long as we have any valid criterion for the processing described in this privacy statement, and for a reasonable period thereafter.
The processing period of various person groups is determined on the basis of the following criteria:
We can process your personal data as long as you are our customer and until the end of the third year after the year your customership ended.
Thereafter, we can transfer the necessary personal data to our marketing register and treat you again as a potential customer.
Business customer representatives
We can process your personal data as long as you represent our business customer and until the end of the third year after the year your customership ended.
Then, we can transfer the necessary personal data to our marketing register and treat you again as a potential business customer representative.
Potential consumer customers and representatives of potential business customers
We can process your personal data for the time being until you become our customer or until you require your information to be erased from our marketing register.
Interest group members
We can process your personal data as long as you are a member of an interest group like representing our partner, and to the end of the calendar year when you have ended your customership.
How can I use the rights related to my personal data?
You can exercise your rights by using any of the enclosed forms or by itemising your request by sending it to one of the addresses listed below depending on the group you belong to.
As a data subject, you have various opportunities to influence the processing...
You can exercise your rights by using any of the enclosed forms or by itemising your request by sending it to one of the addresses listed below depending on the group you belong to.
As a data subject, you have various opportunities to influence the processing of your personal data. As a rule, we shall carry out your request within a month’s time. You can exercise your rights by sending a request to our customer service using the enclosed forms when you wish to inspect your information, request your information to be erased or oppose their processing. In any other cases, please itemise a free-form request. Please note that we must always be able to identify the person who requests the information/processing.
Send the form or the itemised request either by e-mail or to the address Aller Media Oy, Lintulahdenkuja 10 A, FI-00500 Helsinki, Finland:
Subscriber to Aller’s magazines or a service user: email@example.com, tel. +358 75 328 5102
(8.8 c/min + lnf/mcf, queuing included)
• Business customer: firstname.lastname@example.org
• Employee, former employee or job applicant: email@example.com
• Registered users of Suomi24, Suomi24 Posti, Treffit – and Yksille services: You can inspect and remove your profile using your own credentials in the service. Enquiries: firstname.lastname@example.org
The rights belonging to you are (the extent of the rights depends on what processing criterion the processing of your personal data is based on, i.e. all of the rights listed below are not available to you in all situations):
a) Right to access the personal data collected about you. In practice, this is realised so that, according to your appropriate and identified request, we will provide you with a report on the personal data which has been collected about you in the person register.
b) Right to request for the rectification or erasure of the data collected about you. If you notice any errors or shortcomings in the data, you can submit a request for rectification to us.
c) The right to request the erasure of the data collected about you. If any of the following criteria are fulfilled and no obligation of data retention remains due to legislation or a regulation by the authorities, we shall have the obligation to erase the personal data you have requested from the person register:
- your personal data are no longer needed for the purpose they were originally processed for;
- you cancel the consent you have given and no other legal grounds remain for the processing;
- you oppose the processing in relation to your specific situation and no justified reason for the processing exists or you oppose the processing of your personal data for direct marketing;
- your personal data has been processed against the law;
- your personal data must be erased to comply with a statutory obligation based on the court of the European Union or Finnish legislation applicable to the Controller; or
- your personal data has been collected in conjunction with offering information society services, such as ordering digital services from the Controller.
d) The right to request the limitation of the data collected about you. You can ask us to limit the processing of your personal data if:
- you deny the correctness of the personal data we have about you:
- the processing is illegal and instead of data erasure you request the limitation of its use;
- we do not need the personal data in question for processing purposes, but you need them for composing, presenting or defending a legal claim;
- you have opposed the processing of personal data while waiting for verification as to whether our legitimate grounds overrule yours.
e) The right to oppose the processing of personal data concerning you. If we process your data on the basis of a legitimate interest, you shall have the right on the basis of the grounds related to your specific personal situation to oppose the processing of your personal data. All the persons included in the registers covered by this privacy statement shall have the right to oppose the processing of their personal data for direct marketing.
f) The right to transfer the information you have given from one system to another. If the automatic processing of your personal data is based on your consent or an agreement, you shall have the right to receive the data you have submitted to us in an organised, commonly used and machine-readable form and have the right to transfer the data to another controller.
g) The right to cancel your consent. If all or a part of your personal data are processed in this register on the basis of your consent, you shall have the right to cancel the consent you have given.
h) The right to submit a complaint to supervisory authorities. If a potential dispute concerning the processing of your personal data is not settled in an amicable way between us, you shall have the right to take the matter to be resolved by a data protection authority.
How can this data protection information be updated?
When necessary, we shall update the data protection information, for example, when developing our services or processing methods to keep up with the changing legislation.
We are continuously developing our business and it may also mean...
We are continuously developing our business and it may also mean changes related to the processing of personal data.
When necessary, we shall update the privacy statement to correspond to the changes in measures. These changes may also be based on changes in the legislation. We recommend that you familiarise yourself with the content of this privacy statement on a regular basis.
If we begin to process your personal data for any purposes other than what your personal data were originally collected for, we shall notify you of the matter and of the updated privacy statement before the further processing in question.
With regards to other changes, we shall notify you of updating the privacy statement on our website.
Other terms and conditions
Finnish legislation and the GDPR shall, inter alia, be applied for the processing of registers under the scope of this privacy statement.
To fulfil the contractual obligations related to our relationship, we need to...
To fulfil the contractual obligations related to our relationship, we need to process your personal data.
Without the needed personal data, we cannot provide you with the products and services in conjunction of which it is necessary to process personal data, such as subscriptions to magazines and digital services which require your registration.
The Finnish legislation and EU legislation such as the GDPR directly applicable in Finland shall be applied for the registers under the scope of this privacy statement and for the processing of personal data in them.