• Your shopping cart is empty!

Privacy Terms

Privacy Notice and Register Description

This is the privacy notice and register description of Suomen Kierrätyskone Oy in accordance with the EU General Data Protection Regulation (GDPR).
Prepared on 02.06.2025. Last updated on 02.06.2025.

1. Data Controller
   Suomen Kierrätyskone Oy
   Peltokatu 31
   33100 Tampere

   Other contact information:
   Email: info()kierratyskone.com
   Phone: +358 400 511 000

2. Contact Person Responsible for the Register
   Data Protection Officer
   Email: tietosuoja()kierratyskone.com
   Phone: +358 400 511 000

3. Register Name
   – Customer Register
   – Marketing Register
   – Stakeholder Register
   – Web Service User Register
   – Membership Register
   – Employee Register

4. Legal Basis and Purpose of Processing Personal Data
   The legal basis for processing personal data may include one or more of the following:

   * The data subject’s consent (documented, voluntary, specific, informed, and unambiguous)
   * A contract to which the data subject is a party
   * A legal obligation (e.g., accounting law, occupational safety law)
   * Performance of a task carried out in the public interest (e.g., cooperation with authorities)
   * The data controller’s legitimate interest (e.g., maintaining a customer relationship before a contract, managing employment relationships, providing membership services)

   Personal data are processed for purposes such as:

   * Communicating with customers, stakeholders, and partners
   * Maintaining and marketing the customer relationship
   * Managing contracts and orders
   * Managing web service user accounts and providing the service
   * Managing memberships and employment relationships

   Data are not used for automated decision-making or profiling.

5. Contents of the Register
   The following information may be stored in the register, for example:

   * Person’s name and position
   * Company or organization
   * Contact information (phone number, email address, postal address)
   * Website addresses and service login credentials
   * User’s IP address and cookie data (only as needed, e.g., for security and analytics)
   * Information about services ordered and any changes to them
   * Billing information (e.g., billing address, bank account number)
   * Other information related to the customer relationship, memberships, and employment

   If there are multiple register groups (e.g., a customer register and a marketing register), the data collected for each group may differ from the general list above. In such cases, the specific contents of each register group are described separately in the data controller’s internal guidelines.

   Data are retained for as long as required by law or until the data subject requests deletion, but not longer than the periods mandated by consumer protection or accounting legislation. Some data (e.g., accounting records) may have longer retention periods due to statutory obligations. Certain data are anonymized when contractual or accounting obligations have ended, provided they are no longer needed even for statistical reference.

   Visitors’ IP addresses and cookies necessary for the functionality of the web service are processed on the basis of the data controller’s legitimate interest, to ensure security and to collect usage statistics when they are considered personal data. Third-party cookies (e.g., analytics or advertising cookies) are used only with the data subject’s separate consent.

6. Regular Sources of Data
   – Data entered by the customer themselves via online forms, by email, by phone, via social media, in contracts, in customer meetings, or in other situations where the customer provides their information.
   – Data on contacts at companies and organizations may be supplemented from public sources such as official business directories and websites.
   – Data on employees are collected during the course of employment from information provided by the person and from statutory registers (e.g., the Finnish Tax Administration’s prepayment register).

7. Regular Disclosures of Data and Transfers Outside the EU or EEA
   Data are not regularly disclosed to other parties unless specifically agreed in a contract or mandated by law.
   Data may be transferred by Suomen Kierrätyskone Oy to cooperation projects or subcontractors (such as IT service providers) acting as processors; these processors must comply with the requirements of the EU GDPR.
   If data are transferred outside the EU or EEA (e.g., to server solutions or cloud services whose servers are located outside the EU/EEA), appropriate safeguards are used (such as EU Commission standard contractual clauses or equivalent protective measures). Personal data are not transferred to the United States without the explicit consent of the data subject.

   Possible recipients or recipient groups of the data:
   – IT service providers (processors) for maintaining information systems and cloud services
   – Service providers for billing and accounting
   – Marketing partners, if the data subject has given separate consent for marketing communication

8. Principles of Register Protection
   – Personal data are handled with care, and information systems are protected with appropriate technical and organizational measures.
   – Electronic registers are stored on secure servers with appropriate physical and digital security measures in place (firewalls, backups, and access control).
   – The data controller ensures that access rights to information systems are restricted only to those employees and subcontractors whose duties include maintaining and processing the register.
   – Paper documents are stored in locked premises accessible only to authorized personnel.

9. Right of Access and Right to Rectify Data
   – Every data subject in the register has the right to review the personal data stored about them and to request correction of incorrect data or completion of incomplete data.
   – A request to access or rectify personal data must be submitted in writing to the data controller (e.g., by email to tietosuoja()kierratyskone.com).
   – If necessary, the data controller may request the requester to verify their identity (e.g., by providing a copy of an identity card or passport).
   – The data controller responds to such requests within the timeframe specified in the EU GDPR, usually within one month.

10. Other Rights Related to Personal Data Processing
    – A data subject has the right to request deletion of their personal data from the register (“right to be forgotten”) when processing is no longer necessary for the original purpose or when there is no other lawful basis for processing.
    – Data subjects also have the right to restrict the processing of their data in certain situations, to request portability of their data from one system to another, and to object to the processing of their personal data (e.g., for direct marketing).
    – Requests for the above rights must be submitted in writing to the data controller (e.g., by email to tietosuoja()kierratyskone.com).
    – The data controller may request the requester to verify their identity and responds to requests within the timeframe specified in the EU GDPR, usually within one month.

11. Right to Lodge a Complaint and Appeal Options
    – If a data subject is dissatisfied with how the data controller processes their data or has not received a response to their request, they have the right to lodge a complaint with the supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman ([http://www.tietosuoja.fi](http://www.tietosuoja.fi)).
    – Before filing a complaint, the data subject is encouraged to contact the data controller to rectify any possible error or to obtain further clarification.

12. Cookies and Online Service Tracking
    – The Suomen Kierrätyskone Oy website uses strictly necessary cookies to ensure service functionality (e.g., shopping cart functions, logging in). These cookies are processed on the basis of the data controller’s legitimate interest to maintain security and gather site usage statistics.
    – Additionally, analytics and advertising cookies may be used on the site, but only with the data subject’s separate consent. Details about cookie usage and management are provided in a separate cookie policy, available at the footer of our website.

13. Updates and Changes to the Privacy Notice
    – The processing bases, register contents, and other practices described in this notice may change due to legislative amendments or business needs.
    – We update the privacy notice as needed, and the current version is always available on our website. Any change is indicated by updating the “Last Updated” date.

14. Additional Information
    If you have questions about this privacy notice or wish to exercise your rights under the EU GDPR, please contact:
    Suomen Kierrätyskone Oy
    Data Protection Officer
    Email: tietosuoja()kierratyskone.com
    Phone: +358 400 511 000

---

This privacy notice and register description have been prepared in compliance with the EU General Data Protection Regulation (GDPR) and Finnish data protection law.