Privacy Policy

Consumer customer register

Privacy statement: Consumer customer register

Updated: 31 March 2021

  1. Data controller

Finnish Packaging Recycling RINKI Ltd
Tynnyrintekijänkatu 1 C
00580 HELSINKI
Tel. +358 9 616 230

(hereinafter referred to as “Rinki”)

  1. Register contact

Customer Service Manager

Tel. +358 9 616 230
info@rinkiin.fi

  1. Purpose of and legal basis for processing personal data

We process personal data for the following purposes:

    • Handling feedback regarding Rinki eco take-back points for consumers as well as related service communications and development of operations
    • Receiving suggestions for setting up new Rinki eco take-back points and where to locate them
    • Marketing Rinki’s services and raising consumers’ awareness of recycling in general for example as part of various campaigns, which may include raffles and similar marketing elements
    • Newsletters

The legal basis for processing personal data stored in the register is the legitimate interest of the controller in developing the services and encouraging consumers to recycle more actively. In terms of newsletters, the processing is based on customers’ consent.

  1. What data do we process?

We process the following details provided by our customers in connection with their feedback:

    • The Rinki eco take-back point that the feedback concerns
    • Subject of the feedback
    • Date on which the feedback was submitted
    • Photograph
    • Name and contact details of the person who submitted the feedback
    • Note on whether the person who submitted the feedback wishes to be contacted

We process the following details in connection with newsletter subscriptions:

    • Details of the subscription request
    • Subscribers’ email addresses

We process our customers’ details, such as name and contact details, when we carry out communications campaigns.

  1. Where do we obtain the data?

We obtain the personal data that we process directly from customers when they submit feedback or suggestions or when they subscribe to our newsletter. Customers also provide us with their details when they take part in our marketing campaigns.

  1. Recipients of personal data and transferring personal data outside the EU or the EEA

Personal data are not disclosed to third parties for commercial purposes. Data may, however, be disclosed to authorities if required by mandatory legislation.

In its operations, Rinki uses service providers that can process personal data on its behalf and at its request. Such service providers include IT service providers that take care of the technical maintenance of Rinki’s systems and servers, and external service providers that handle customer service operations.

Such service providers are bound by professional secrecy and have no right to disclose data to third parties or use data for any purposes other than those required for fulfilling their contract with Rinki. We have taken care of data protection with our service providers by means such as drawing up agreements concerning the processing of personal data.

In principle, personal data are not transferred outside the EU or the EEA. However, our IT management systems may allow service providers to access data from outside the EU or the EEA to provide technical support, for example. If personal data is processed outside the EU or the EEA, we ensure that the service provider is bound by the European Commission’s standard contractual clauses for the processing of personal data.

  1. How long do we retain personal data for?

Personal data are stored only for as long as necessary for the purposes described in this privacy statement or for fulfilling legal obligations. Data related to feedback and suggestions are generally stored for a maximum of three years from the customer’s contact with us. Data processed in connection with a campaign are deleted immediately after the end of the campaign.

Rinki regularly assesses the need for data processing, taking into account the requirements of applicable laws. Rinki also takes reasonable measures to ensure that the register does not contain any information about data subjects that is incompatible, outdated or incorrect in terms of the purposes of processing. Should such data be detected, Rinki shall correct or delete the data without delay.

  1. Principles of protecting personal data

Rinki treats all personal data in its possession as confidential, and those who process data are bound by professional secrecy. Personal data are only processed by persons whose duties require them to do so. User rights and access rights related to the processing of data are personal and their scope is determined on the basis of a person’s duties.

The systems that contain personal data are protected by firewalls and other technical security measures. Login and use of the systems are monitored. Devices and servers that contain personal data are located in locked spaces and can only be accessed by designated persons. Hard copies containing personal data are stored in a locked space on Rinki’s premises. Rinki regularly assesses security-related risks.

  1. Rights of data subjects

Data subjects have the right to check the data stored in the register concerning themselves and to request rectification of incorrect or inaccurate data or deletion of their data if there are legal bases for this. If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw this consent.

Data subjects have the right to obtain, in a machine-readable format, the data they have themselves provided and that are processed upon their consent or agreement, and they also have the right to transfer this data to another data controller.

In accordance with the General Data Protection Regulation, data subjects have the right to request the restriction of processing of their data and to lodge a complaint with the supervisory authority. The supervisory authority in Finland is the Office of the Data Protection Ombudsman (tietosuoja(at)om.fi).

For particular personal reasons, data subjects also have the right to object to the processing of their data when the processing is based on the controller’s legitimate interest. When filing a request, the data subject must identify the specific situation that is the basis for the objection. The controller can only refuse to comply with the request if it has legal grounds to do so. Data subjects also have the right to object to the processing of their personal data for direct marketing purposes at any time, including profiling when it is related to direct marketing.

Rinki does not carry out profiling or automated decision-making based on the data contained in the register of consumer customers.

  1. Who can you contact?

Enquiries and requests regarding the processing of personal data described in this privacy statement can be addressed to the contact person mentioned at the beginning of the statement. Contact must be made in writing or in person.

  1. Notification of changes to the privacy statement

Should we make any amendments to this statement, we will upload the new statement to our website and indicate the date of the update. If the amendments are substantial, we may inform our customers of these by other means, such as by email or by posting a notice on our website. We recommend that you visit our website on a regular basis and take note of any amendments to this privacy policy.

Business customer and supplier register

Privacy statement: business customers and partners

Updated: 31 March 2021

  1. Data controller

Finnish Packaging Recycling RINKI Ltd

Tynnyrintekijänkatu 1 C

00580 HELSINKI

Tel. +358 9 616 230

(hereinafter referred to as “Rinki”)

  1. Register contact

Customer Service Manager

Tel. +358 9 616 230
info@rinkiin.fi

  1. Purpose of and legal basis for processing personal data

We process personal data to register business customers with producer responsibility that supply packed products to the market and to collect and compile packaging data. Personal data are also processed for the purposes of customer communication and customer relationship management as well as for notification of matters relating to producer responsibility for packaging. Data can also be used to conduct Rinki’s customer satisfaction surveys.

Supplier and partner data and data concerning contact persons in producer organisations are used to maintain cooperation or contractual relationships, to manage contracts, to monitor and coordinate services provided by suppliers, to handle invoicing and to develop Rinki’s operations and services.

Personal data are also used to send newsletters and Rinki’s online magazine.

The bases for processing personal data stored in the register are the preparation and execution of contracts made with business customers, producer organisations and suppliers to maintain and develop customer cooperation and supplier relationships and to perform related tasks such as invoicing. Another basis for processing personal data is Rinki’s legitimate interest in the production and development of services and the implementation of marketing communications and campaigns. In electronic direct marketing, the basis for processing is consent.

  1. What data do we process?

We process the following personal data concerning our business customers and suppliers:

    • Basic and identifying details of contact persons, such as name, position in the company, phone number and other contact details
    • Correspondence with the contact person
    • Details related to invoicing and debt collection
    • Details of direct marketing bans
    • Communications materials insofar as said materials can be linked to a person
    • Login details regarding the use of the extranet services

We process the following details in terms of newsletter and online magazine subscriptions:

    • Subscription requests
    • Subscribers’ email addresses
  1. Where do we obtain the data?

Basic information about our business customers and suppliers, including the names and contact details of contact persons, is saved from contracts entered into by these companies, telephone calls or other similar notifications made to Rinki during the customer or supplier relationship. Details of turnover, industry and other similar information can also be obtained from publicly available data sources, such as corporate websites, trade registers, credit registers and other public and private registers.

  1. Recipients of personal data and transferring personal data outside the EU or the EEA

Personal data are not disclosed to third parties for commercial purposes. Rinki only provides authorities with data concerning companies as prescribed by law or other official decisions.

In its operations, Rinki uses service providers that can process personal data on its behalf and at its request. Such service providers include IT service providers that take care of the technical maintenance of Rinki’s systems and servers.

Such service providers are bound by professional secrecy and have no right to disclose data to third parties or use data for any purposes other than those required for fulfilling their contract with Rinki. We have taken care of data protection issues with our service providers by means such as drawing up agreements concerning the processing of personal data.

In principle, personal data are not transferred outside the EU or the EEA. However, our IT management systems may allow service providers to access data from outside the EU or the EEA to provide technical support, for example. If personal data is processed outside the EU or the EEA, we ensure that the service provider is bound by the European Commission’s standard contractual clauses for the processing of personal data.

  1. How long do we retain personal data for?

Personal data are stored only for as long as necessary for the purposes described in this privacy statement or for fulfilling legal obligations. Personal data stored in the business customer and supplier register are processed and stored for the duration of the customer or supplier relationship and thereafter for the time necessary for the controller to respond to complaints and claims made under the customer or supplier relationship or agreement. As a rule, this period is at most three years from the end of the customer or supplier relationship. Data related to invoicing are treated as part of accounting material for a period determined by the Accounting Act, which is six years from the end of the calendar year during which the financial year ended.

Rinki regularly assesses the need for data processing, considering the requirements of applicable laws. Rinki also takes reasonable measures to ensure that the register does not contain any information about data subjects that is incompatible, outdated or incorrect in terms of the purposes of processing. Should such data be detected, Rinki shall correct or delete the data without delay.

  1. Principles of protecting personal data

Rinki treats all personal data in its possession as confidential, and those who process data are bound by professional secrecy. Personal data are only processed by persons whose duties require them to do so. User rights and access rights related to the processing of data are personal and their scope is determined based on the person’s duties.

The systems that contain personal data are protected by firewalls and other technical security measures. Login and use of the systems are monitored. Devices and servers that contain personal data are located in locked spaces and can only be accessed by designated persons. Hard copies containing personal data are stored in a locked space on Rinki’s premises. Rinki regularly assesses security-related risks.

  1. Rights of data subjects

Data subjects have the right to check the data stored in the register concerning themselves and to request rectification of incorrect or inaccurate data or deletion of their data if there are legal bases for this. If the processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw this consent.

Data subjects have the right to obtain, in a machine-readable format, the data they have themselves provided and that are processed upon their consent or agreement, and they also have the right to transfer this data to another data controller.

In accordance with the General Data Protection Regulation, data subjects have the right to request the restriction of processing of their data and to lodge a complaint with the supervisory authority. The supervisory authority in Finland is the Office of the Data Protection Ombudsman (tietosuoja(at)om.fi).

For particular personal reasons, data subjects also have the right to object to the processing of their data when the processing is based on the controller’s legitimate interest. When filing a request, the data subject must identify the specific situation that is the basis for the objection. The controller can only refuse to comply with the request if it has legal grounds to do so. Data subjects also have the right to object to the processing of their personal data for direct marketing purposes at any time, including profiling when it is related to direct marketing.

Rinki does not carry out profiling or automated decision-making based on the data contained in the register of business customers and partners.

  1. Who can you contact?

Enquiries and requests regarding the processing of personal data described in this privacy statement can be addressed to the contact person mentioned at the beginning of the statement. Contact must be made in writing or in person.

  1. Notification of changes to the privacy statement

Should we make any amendments to this statement, we will upload the new statement to our website and indicate the date of the update. If the amendments are substantial, we may inform our customers of these by other means, such as by email or by posting a notice on our website. We recommend that you visit our website on a regular basis and take note of any amendments to this privacy policy.

Information about cookies