Privacy Policy

Consumer customer register

Privacy statement: Consumer customer register

Updated: 31 March 2021

Data controller

Finnish Packaging Recycling RINKI Ltd
Tynnyrintekijänkatu 1 C
00580 HELSINKI
Tel. +358 9 616 230

(hereinafter referred to as “Rinki”)

Register contact

Customer Service Manager

Tel. +358 9 616 230
info@rinkiin.fi

Purpose of and legal basis for processing personal data

We process personal data for the following purposes:

Handling feedback regarding Rinki eco take-back points for consumers as well as related service communications and development of operations
Receiving suggestions for setting up new Rinki eco take-back points and where to locate them
Marketing Rinki’s services and raising consumers’ awareness of recycling in general for example as part of various campaigns, which may include raffles and similar marketing elements
Newsletters

The legal basis for processing personal data stored in the register is the legitimate interest of the controller in developing the services and encouraging consumers to recycle more actively. In terms of newsletters, the processing is based on customers’ consent.

What data do we process?

We process the following details provided by our customers in connection with their feedback:

The Rinki eco take-back point that the feedback concerns
Subject of the feedback
Date on which the feedback was submitted
Photograph
Name and contact details of the person who submitted the feedback
Note on whether the person who submitted the feedback wishes to be contacted

We process the following details in connection with newsletter subscriptions:

Details of the subscription request
Subscribers’ email addresses

We process our customers’ details, such as name and contact details, when we carry out communications campaigns.

Where do we obtain the data?

We obtain the personal data that we process directly from customers when they submit feedback or suggestions or when they subscribe to our newsletter. Customers also provide us with their details when they take part in our marketing campaigns.

Recipients of personal data and transferring personal data outside the EU or the EEA

Personal data are not disclosed to third parties for commercial purposes. Data may, however, be disclosed to authorities if required by mandatory legislation.

In its operations, Rinki uses service providers that can process personal data on its behalf and at its request. Such service providers include IT service providers that take care of the technical maintenance of Rinki’s systems and servers, and external service providers that handle customer service operations.

Such service providers are bound by professional secrecy and have no right to disclose data to third parties or use data for any purposes other than those required for fulfilling their contract with Rinki. We have taken care of data protection with our service providers by means such as drawing up agreements concerning the processing of personal data.

In principle, personal data are not transferred outside the EU or the EEA. However, our IT management systems may allow service providers to access data from outside the EU or the EEA to provide technical support, for example. If personal data is processed outside the EU or the EEA, we ensure that the service provider is bound by the European Commission’s standard contractual clauses for the processing of personal data.

How long do we retain personal data for?

Personal data are stored only for as long as necessary for the purposes described in this privacy statement or for fulfilling legal obligations. Data related to feedback and suggestions are generally stored for a maximum of three years from the customer’s contact with us. Data processed in connection with a campaign are deleted immediately after the end of the campaign.

Rinki regularly assesses the need for data processing, taking into account the requirements of applicable laws. Rinki also takes reasonable measures to ensure that the register does not contain any information about data subjects that is incompatible, outdated or incorrect in terms of the purposes of processing. Should such data be detected, Rinki shall correct or delete the data without delay.

Principles of protecting personal data

Rinki treats all personal data in its possession as confidential, and those who process data are bound by professional secrecy. Personal data are only processed by persons whose duties require them to do so. User rights and access rights related to the processing of data are personal and their scope is determined on the basis of a person’s duties.

The systems that contain personal data are protected by firewalls and other technical security measures. Login and use of the systems are monitored. Devices and servers that contain personal data are located in locked spaces and can only be accessed by designated persons. Hard copies containing personal data are stored in a locked space on Rinki’s premises. Rinki regularly assesses security-related risks.

Rights of data subjects

Data subjects have the right to check the data stored in the register concerning themselves and to request rectification of incorrect or inaccurate data or deletion of their data if there are legal bases for this. If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw this consent.

Data subjects have the right to obtain, in a machine-readable format, the data they have themselves provided and that are processed upon their consent or agreement, and they also have the right to transfer this data to another data controller.

In accordance with the General Data Protection Regulation, data subjects have the right to request the restriction of processing of their data and to lodge a complaint with the supervisory authority. The supervisory authority in Finland is the Office of the Data Protection Ombudsman (tietosuoja(at)om.fi).

For particular personal reasons, data subjects also have the right to object to the processing of their data when the processing is based on the controller’s legitimate interest. When filing a request, the data subject must identify the specific situation that is the basis for the objection. The controller can only refuse to comply with the request if it has legal grounds to do so. Data subjects also have the right to object to the processing of their personal data for direct marketing purposes at any time, including profiling when it is related to direct marketing.

Rinki does not carry out profiling or automated decision-making based on the data contained in the register of consumer customers.

Who can you contact?

Enquiries and requests regarding the processing of personal data described in this privacy statement can be addressed to the contact person mentioned at the beginning of the statement. Contact must be made in writing or in person.

Notification of changes to the privacy statement

Should we make any amendments to this statement, we will upload the new statement to our website and indicate the date of the update. If the amendments are substantial, we may inform our customers of these by other means, such as by email or by posting a notice on our website. We recommend that you visit our website on a regular basis and take note of any amendments to this privacy policy.

Business customer and supplier register

Privacy statement: business customers and partners

Updated: 10 August 2023

Data controller

Finnish Packaging Recycling RINKI Ltd

Tynnyrintekijänkatu 1 C

00580 HELSINKI

Tel. +358 9 616 230

(hereinafter referred to as “Rinki”)

Register contact

Customer Service Manager

Tel. +358 9 616 230
info@rinkiin.fi

Purpose of and legal basis for processing personal data

We process personal data to register business customers with producer responsibility that supply packed products to the market as well as other operators that process packaging waste and to collect and compile packaging data. Personal data are also processed for the purposes of customer communication and customer relationship management as well as for notification of matters relating to producer responsibility for packaging. Data can also be used to conduct Rinki’s customer satisfaction surveys.

Supplier and partner data and data concerning contact persons in producer organisations are used to maintain cooperation or contractual relationships, to manage contracts, to monitor and coordinate services provided by suppliers, to handle invoicing and to develop Rinki’s operations and services.

Personal data are also used to send newsletters and Rinki’s online magazine.

The bases for processing personal data stored in the register are the preparation and execution of a contract made with a business customer or other operator that processes packaging waste, a producer organisation or a supplier to maintain and develop customer cooperation and supplier relationships and to perform related tasks such as invoicing. Another basis for processing personal data is Rinki’s legitimate interest in the production and development of services and the implementation of marketing communications and campaigns. In electronic direct marketing, the basis for processing is consent.

What data do we process?

We process the following personal data concerning our business customers and suppliers:

Basic and identifying details of contact persons, such as name, position in the company, phone number and other contact details
Correspondence with the contact person
Details related to invoicing and debt collection
Decision maker data
Details of direct marketing bans
Communications materials insofar as said materials can be linked to a person
Login details regarding the use of the extranet services

We process the following details in terms of newsletter and online magazine subscriptions:

Subscription requests
Subscribers’ email addresses

Where do we obtain the data?

Basic information about our business customers and suppliers, including the names and contact details of contact persons, is saved from contracts entered into by these companies, telephone calls or other similar notifications made to Rinki during the customer or supplier relationship. Details of turnover, industry, decision maker data and other similar information can also be obtained from publicly available data sources, such as corporate websites, trade registers, credit registers and other public and private registers.

Recipients of personal data and transferring personal data outside the EU or the EEA

Personal data are not disclosed to third parties for commercial purposes. Rinki only provides authorities with data concerning companies as prescribed by law or other official decisions. In addition, personal data may be disclosed to packaging sector producer organisations represented by Rinki, upon a separate request of an individual producer organisation.

Such service providers are bound by professional secrecy and have no right to disclose data to third parties or use data for any purposes other than those required for fulfilling their contract with Rinki. We have taken care of data protection issues with our service providers by means such as drawing up agreements concerning the processing of personal data.

In connection to the collection of packaging data from companies with producer responsibility and the collection of waste sorting data from possible other operators we may use an international cloud service, whereupon contact person data may be transferred for a limited period outside the EU/EEA. In addition, our IT management systems may allow service providers to access data from outside the EU or the EEA to provide technical support, for example. If personal data is processed outside the EU or the EEA, we ensure that the service provider is bound by the European Commission’s standard contractual clauses for the processing of personal data.

How long do we retain personal data for?

Personal data are stored only for as long as necessary for the purposes described in this privacy statement or for fulfilling legal obligations. Personal data stored in the business customer and supplier register are processed and stored for the duration of the customer or supplier relationship and thereafter for the time necessary for the controller to respond to complaints and claims made under the customer or supplier relationship or agreement. As a rule, this period is at most three years from the end of the customer or supplier relationship. Data related to invoicing are treated as part of accounting material for a period determined by the Accounting Act, which is six years from the end of the calendar year during which the financial year ended.

Rinki regularly assesses the need for data processing, considering the requirements of applicable laws. Rinki also takes reasonable measures to ensure that the register does not contain any information about data subjects that is incompatible, outdated or incorrect in terms of the purposes of processing. Should such data be detected, Rinki shall correct or delete the data without delay.

Principles of protecting personal data

Rights of data subjects

Rinki does not carry out profiling or automated decision-making based on the data contained in the register of business customers and partners.

Who can you contact?

Notification of changes to the privacy statement

Privacy statement: job applicants

31 March 2021

Data controller

Finnish Packaging Recycling RINKI Ltd

Tynnyrintekijänkatu 1 C

00580 HELSINKI, Finland

Tel. +358 9 616 230

(hereinafter referred to as ‘Rinki’)

2. Contact person

Financial Manager

Tel. +358 9 616 230
Email: rekry@rinkiin.fi

3. Purpose of and legal basis for processing personal data

The purpose of processing personal data is to receive and process job applications and manage recruitment processes. We process data related to the job application process of people who have applied to work with us to enable the necessary contacts and decision-making when selecting employees. The personal data contained in the job applicant register may also be processed for the purposes of demonstrating that the legal obligations related to the selection of the data controller’s employees are met and responding to a legal claim or filing a claim.

Grounds for processing personal data:

• A legitimate interest to process personal data for recruitment purposes and demonstrate legal obligations, and to respond to or make a legal claim
• Consent that may be requested in circumstances such as for the purpose of collecting personal data from referees, and processing personal data in the context of aptitude assessments and medical tests

4. What data do we process?
In relation to the job applicant register, we process the following personal data of job applicants:

basic details, such as name, date of birth, sex, native language;
- contact details, such as private email address, private phone number, home address;
- information related to the job applied for, such as information about the form and nature of the employment relationship as well as about the person in charge of the job application process, salary requirement, details related to the start date and other information included in the job posting and job application;
- information provided by data subjects to the controller in connection with the job application process, regarding themselves, their background and suitability, such as photographs, details about education and other information related to training, occupation, information about employment history (such as employers, start times and duration of each employment, and the nature of the jobs), language skills, other special skills, description of personal characteristics, various certificates and assessments, references to portfolios, profiles or other sources found on the Internet, as well as references and information related to any personal and aptitude assessment carried out with the consent of the data subjects;
- information on the progress of the recruitment process, such as details about any upcoming follow-up interviews or the interruption of the recruitment process;
- any other information voluntarily provided by data subjects themselves in connection with the job application process or otherwise expressly disclosed for professional purposes, such as LinkedIn profiles, or any information collected by the data controller with the consent of the data subjects.

5. Where we obtain data from: As a rule, the data stored in the register is obtained from job applicants themselves. Other sources of information are used within the scope of the legislation. We also use recruitment consultants as a source of information if necessary. By submitting a job application, applicants give Rinki permission to collect their data from their profiles published for professional purposes to the extent that the collection of data is necessary and is related to work performance, taking into account the job in question.

6. Recipients of personal data and transferring data outside the EU and the EEA: We do not, as a rule, disclose data in our register to third parties unless the consent of the data subject has been specifically requested and obtained for the purposes of an aptitude assessment, for example. Personal data may also be disclosed as required by law to parties who have a legal or contractual right to obtain data from the register, such as TE Offices. We primarily process data ourselves, but we also use service providers that process personal data on our behalf. Such service providers include IT service providers who take care of the technical maintenance of our systems and servers, and recruitment agencies that assist us in the recruitment process. We have taken care of data protection with our service providers by means such as signing agreements regarding the processing of personal data. As a rule, personal data is not transferred outside the EU or the EEA. However, our IT management systems may allow a service provider to access the data from outside the EU or the EEA to provide technical support, for example. If personal data is processed outside the EU or the EEA, we ensure that the service provider is bound by the European Commission’s standard contractual clauses for the processing of personal data.

7. Data protection principles and the retention period: Personal data is processed as confidential, and those who process data are bound by professional secrecy. Only persons whose duties require them to do so have access to systems that contain personal data. Personal data related to human resources is protected with appropriate technical and organisational measures. Each user has their own username and password to the system. The data is processed in databases, which are protected by firewalls, passwords and other technical measures. The databases and their backups are located in locked spaces and can only be accessed by designated persons. We also store hardcopy data in locked facilities that can only be accessed by persons who are entitled to process data in the course of their work. We retain personal data for as long as is necessary for the purpose for which the personal data is used. As a rule, the retention period does not exceed one (1) year. Personal data may also be retained longer than the above-mentioned one year on the basis of legitimate interest, in which case the retention periods are based on the statute of limitations and general period of limitation. If a job applicant becomes our employee, we will retain data related to the job application process as part of their employee data in accordance with the HR privacy statement. We assess the necessity of retaining the data on a regular basis, taking into account applicable legislation. We also take reasonable measures to ensure that the register does not contain any information about data subjects that is incompatible, outdated or incorrect in terms of the purposes of processing. We rectify or delete such data without delay.’

7. Rights of data subjects: Data subjects have the right to check the data concerning themselves stored in the register and to request rectification of incorrect or inaccurate data or deletion of their data if there are legal bases for this. If the processing of personal data has been based on consent, the data subject has the right to withdraw their consent. The data controller may, on their own initiative or at the request of a data subject, complement, correct or delete incomplete, inaccurate or outdated personal data. Insofar as the data subject has provided data to the register that is processed on the basis of consent or a contract, the data subject has the right to obtain such information in a machine-readable format and the right to transfer this information to another data controller. The data subject has the right to object to the processing of their personal data for particular personal reasons, when the processing is based on the legitimate interest of the data controller or the processing is necessary for the performance of a task carried out in the public interest. When filing the demand, the data subject must identify the specific situation that is the basis for the objection. The data controller can only refuse to comply with the request if it has legal grounds to do so. The data subject has the right to request that the processing of their personal data be restricted as well as to lodge a complaint about the processing of their personal data with a supervisory authority. The supervisory authority in Finland is the Office of the Data Protection Ombudsman (tietosuoja(at)om.fi).

8. Who to contact: Inquiries and requests regarding the processing of personal data described in this privacy statement can be addressed to the contact person mentioned at the beginning of the statement. Contacts must be made in writing or in person.

Information about cookies

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to enhance their user experience. Cookies also provide us with information, which enables us to monitor the use of our website and to develop our services.

We need your consent for the use of cookies other than necessary cookies. You can manage your consent to the use of cookies on our website. Further, you can manage the use of third-party cookies in Your Online Choices.

The cookies used on our website are classified into different categories based on their functionalities: 1) necessary, 2) preferences, 3) statistics and 4) marketing.

You may at any time change or withdraw your consent regarding the use of cookies through the cookie declaration on our website. You may also prevent the use of cookies or certain types of cookies in the browser settings of your device. If you prevent the use of cookies, please note that our website may not function optimally.

To obtain information on the behavior of the visitors on our website, we use Simple Analytics. This analytics software gives us insight about our visitors only on a general level, and the information collected in connection with the software cannot be linked to individual persons. It does not track visitors or store personally identifiable information. Learn more here about what data is collected and processed by Simple Analytics.

We use social media add-ons that allow our service to work together with sites like Facebook and Twitter. In practice, this means that you may use “share” and “like” buttons in our online and mobile services. If you use the said functionalities or have accepted the use of cookies, these service providers may gather data on the use of our online and mobile services. Rinki is not responsible for data processing, cookies or other monitoring techniques of these third parties, as they are subject to privacy policies and user terms of the party in question. It is recommended that you familiarize yourself with the privacy policies and terms of use of these third parties (Google, Facebook, Twitter, LinkedIn, YouTube).

Should you have any questions on cookies, please contact us by email at info@rinkiin.fi. For more information on how we process your personal data, please read our privacy notice.

Your consent applies to the following domains: extranet.rinkiin.fi, verkkolehti.rinkiin.fi, rinkiin.fi