PRIVACY POLICY FOR EXTERNAL STAKEHOLDERS AND WEBSITE VISITORS
Controller
Porkka Finland Oy
Ravitie 3, 15860 Hollola
Phone number: +358 20 5555 12email: contact@porkka.com
Targeted groups of data subjects
The purpose of this privacy policy is to inform clients and other external stakeholders, as well as visitors of the Company’s website https://porkka.com (the “Website”), about the processing of their personal data conducted either directly by the Company or on its behalf.
The groups of clients targeted by this privacy policy include those which have ordered products from the Company and information included in orders as well as those who have requested the login information to the subscription channel on the Website. The groups of other external shareholders targeted by this privacy policy include suppliers, among others. In practice, personal data is processed foremost of contact persons.
Purposes of and legal bases for processing of personal data
We process personal data in connection with the following in particular:
- purchase orders;
- distribution agreements;
- non-disclosure agreements concluded with third parties;
- subscriptions to our subscription channel on the Website;
- responses to information requests sent to us through the Website;
- visitor logs;
- commercial promotion; and
- web analytics.
The legal bases for the processing of personal data to fulfil the purposes referred to in items I. to IV. are to fulfil the obligations set out in the agreements concluded between the Company and third parties. The legal basis for the processing of personal data to fulfil the purposes referred to in items V. to VII is the Company’s legitimate interest in conducting business and to safeguard its interests. The legal basis for the processing of personal data to fulfil the purpose referred to in item VIII is consent of the data subject.
Categories of personal data
The personal data collected includes the following in particular:
- name, title and contact information of the data subject;
- name of the company, hospital or other organization;
- billing and shipping information; and
- cookie information.
Standard sources of personal data
The personal data is usually collected either directly from data subjects or from organizations in the course of business activities. In addition, personal data may be collected in connection with the use the Website.
Groups of recipients of personal data
As a rule, the Company does not disclose personal data to third parties. However, personal data may be disclosed to third parties to the extent agreed with the customer or other external stakeholder. Moreover, personal data may be transferred to and processed by third-party providers which perform services for the Company (data processors) to enable these companies to perform the services requested by the Company.
Data retention periods
Personal data processed in connection with purchase orders is deleted within [five] years from the delivery of the product.
Personal data processed in connection with distribution agreements and non-disclosure agreements is deleted within [five] years after the end of the relevant agreement.
Personal data processed in connection with subscriptions to the Company’s subscription channel on the Website is deleted within [six] months after the end of the subscription.
Personal data processed in connection with information requests is deleted within [two] years after the subscription has ended.
Personal data processed in connection with visitor logs is deleted within [six] months from the visit.
Personal data processed in connection with commercial promotion is deleted within [three] years from the end of the customer relationship.
Personal data processed in connection with web analytics is deleted from the Company’s IT systems within [two] years from the moment it was obtained.
Notwithstanding the above, the Company may be under the obligation to store certain types of personal data for longer in order to fulfill its legal obligations, such as accounting.
Google Analytics, cookies, and the transfer of data outside the EU or the EEA
The Company is using Google Analytics which tracks and reports website traffic with the help of cookies, i.e. small text files saved on your computer by your web browser.
When cookie data is transferred to Google LLC, the data may be transferred to servers outside the European Union and the European Economic Area. However, the Company does not transfer personal data outside the European Union or the European Economic Area in any other circumstances.
You may change your cookie settings in order to allow or prevent the use of other than strictly necessary cookies by clicking the white banner in the left bottom corner of the website. However, if you prevent the use of functional cookies, you may not be able to use all features on the Website.
Protection of personal data
The Company is exercising due care in its processing of personal data. Appropriate measures have been taken in order to protect the personal data stored in the Company’s IT systems. When personal data is stored on an internet server, due care is taken of the physical and digital data security of the relevant hardware. The Company ensures that stored personal data as well as server access data and other data which are important for the safety of personal data are processed confidentially and only by those employees whose part of the job description the processing of such data is.
The rights of the data subject
Data subjects may at any time object to the processing of their personal data for purposes related to direct marketing.
In addition, according to the general data protection regulation, data subjects have the right:
- to obtain information on the processing of personal data;
- of access to their personal data;
- to rectification of their personal data;
- to the erasure of their personal data in so far as the processing is based on consent, an agreement or the Company’s legitimate interest;
- object to the processing in so far as it is based on the Company’s legitimate interest;
- right to data portability in so far as the processing is based on consent or an agreement;
- to restrict the processing of their personal data;
- not to be subject to a decision based solely on automated processing where the processing is based on an agreement; ja
- receive a notification regarding the rectification or erasure of personal data.
In order to exercise their rights referred to above, data subjects must send their requests by e-mail to contact@porkka.com. Data subjects may also present their requests in writing by sending them to Porkka Finland Oy, Ravitie 3, 15860 Hollola. The Company may ask the data subjects to specify their requests in writing and to verify their identity before their requests are processed. The Company may have a right to refuse to execute requests related to data protection based on grounds referred to in applicable law.
Data subjects always have the possibility of lodging a complaint with the Data Protection officer if they think that their personal data has not been processed in accordance with applicable data protection law.