Registration overview
Consumer customer register
Privacy policy, RINKI Ltd 22 May 2018
1. Data controller
Finnish Packaging Recycling RINKI Ltd
Mikonkatu 15 B
00100 HELSINKI
Telephone +358 9 616 230
(hereinafter ”RINKI Ltd”)
2. Data protection officer
Paula Savolainen
Telephone +358 9 616 230
kpk@rinkiin.fi
3. Register name
Consumer customer register
4. Legal basis for processing personal data in the register and the purpose of personal data usage
The basis for processing personal data stored in the register is the data controller’s legitimate interest to develop services.
The main purpose of using the register is for processing feedback relating to Rinki eco take-back points for households.
5. Personal data in the register
Identification and basic information: a person’s name, telephone number and email address, the correspondence with the contact person.
6. Register data sources
Basic customer information is collected on the basis of a message sent or telephone call made by the customer.
7. Personal data transfers and transfer of data to outside of the EU or European Economic Area
Personal data are not transferred onwards nor to outside of the EU or European Economic Area. RINKI Ltd transfers for the use of the authorities only data about consumer customers as required by law or other regulatory decisions. If use of a RINKI Ltd subcontractor’s service requires the customer’s data, the data will be transferred to the subcontractor solely for that purpose and the subcontractor may not pass this data on.
8. Storage and erasure of personal data
Personal data are stored in the register for as long as necessary for the purpose they are used for. Personal data stored in the consumer customer register can be processed and stored for 10 years from the customer contact.
The data controller regularly assesses the need to store data taking into account the applicable legislation. In addition to this, the data controller takes reasonable measures to ensure that no obsolete or inaccurate data about the data subject that are incompatible with purposes for which they are processed are stored in the register. The data controller will immediately rectify or destroy such data.
9. Register protection principles
RINKI Ltd strictly complies with the prescribed confidentiality. Only those persons whose job description includes use of the register have access to the register.
a. Manual documents
Manual documents are stored in locked premises in RINKI Ltd’s office. Only RINKI Ltd’s employees have the right to process manual customer and supplier information.
b. Data stored in information systems
Access to the register requires user ID granted by the database administrator. The administrator also determines the access level granted to users. Use of the application requires a personal password. Register use and logins are controlled. The system is protected with a firewall against incoming external connections. The databases are in locked premises and only certain persons specified in advance can access them.
RINKI Ltd’s data security is based on the laws and decrees applying to data security and the data security instructions and recommendations issued.
10. Rights of data subject
The data subject has the right to access data concerning him or her stored in the personal register and to request the rectification or erasure of any inaccurate information where there are legal grounds for doing so. Where the processing of personal data is based on the consent of the data subject, he or she also has the right withdraw that consent.
Under the General Data Protection Regulation, effective as of 25 May 2018, the data subject has the right to object to or to request the restriction of the processing of his or her personal data and to complain to the supervisory authority about the processing of personal data.
On grounds relating to his or her particular situation, the data subject has the right to also object to profiling and other processing concerning him or her when processing the data is based on the data controller’s legitimate interest. In conjunction with the request, the data subject must specify the particular situation based on which he or she objects to processing. The data controller may refuse to take action on the objection requested solely on the grounds provided by law. The data subject also has the right to object to the processing of his or her data for direct marketing purposes, including profiling related to this.
11. Amendments to the privacy policy
Should we amend this policy, we will post the new policy on our website and indicate when it was updated. If major amendments are made, we will also notify them in other ways such as email or by posting a notice about it on our website. We recommend that you visit our website regularly and note any amendments to the policy.
Business customer and supplier register
Privacy policy, RINKI Ltd 22 May 2018
1. Data controller
Finnish Packaging Recycling RINKI Ltd
Mikonkatu 15 B
00100 HELSINKI
Telephone +358 9 616 230
(hereinafter ”RINKI Ltd”)
2. Data protection officer
Olli Paavola
Telephone +358 9 6162 3114
info@rinkiin.fi
3. Register name
Business customer and supplier register
4. Legal basis for processing personal data in the register and the purpose of personal data usage
The bases for processing personal data stored in the register are the preparation and execution of a contract made with a customer or supplier and the data controller’s legitimate interest for the purposes of maintaining a customer or supplier relationship, invoicing, developing services and for direct marketing.
The main purpose of using the register is for the registration of producer responsible firms which supply packed products for the Finnish market and for the collection of packaging data and statistics. Personal data are collected for customer communication and customer relationship management as well as for notification of matters relating to producer responsibility for packaging. The data may also be used for the purposes of ascertaining RINKI Ltd’s own customer satisfaction or similar information unless the customer has refused permission for the use of their data for that purpose. Information collected about suppliers is used for communication with suppliers and to monitor and coordinate the services ordered from them. The data may also be used for electronic and other direct marketing.
5. Personal data in the register
Identification and basic information: The name, telephone number, email address of a firm’s contact person and the correspondence with that contact person.
6. Register data sources
Basic information stored about a customer or supplier are obtained from an agreement made with a firm, telephone calls or from other similar notifications made to the data controller during the customer or supplier relationship. Information about net sales, line of business and similar information may be obtained from producer firms or by other legal means permitted by data protection legislation.
7. Personal data transfers and transfer of data to outside of the EU or European Economic Area
Personal data are not transferred onwards nor to outside of the EU or European Economic Area. RINKI Ltd transfers for the use of the authorities only data about firms that the law or other regulatory decisions require to be transferred. If use of a RINKI Ltd subcontractor’s service requires the customer’s data, the data will be transferred to the subcontractor solely for that purpose and the subcontractor may not, without separate consent, transfer or pass this data on.
8. Storage and erasure of personal data
Personal data are stored in the register for as long as necessary depending on the purpose they are used for. Data stored in the business customer and supplier register are stored for the duration of the supplier contract or claims and proceedings submitted pursuant to the contract. As a rule, this period is three (3) years from the end of the customer or supplier relationship.
The data controller regularly assesses the need to store data taking into account the applicable legislation. In addition to this, the data controller takes reasonable measures to ensure that no obsolete or inaccurate data about the data subject that are incompatible with purposes for which they are processed are stored in the register. The data controller will immediately rectify or destroy such data.
9. Register protection principles
RINKI Ltd strictly complies with the prescribed confidentiality. Only those persons whose job description includes use of the register have access to the register.
a. Manual documents
Manual documents are stored in locked premises in RINKI Ltd’s office. Only RINKI Ltd’s employees have the right to process manual customer and supplier information.
b. Data stored in information systems
Access to the register requires user ID granted by the database administrator. The administrator also determines the access level granted to users. Use of the application requires a personal password. Register use and logins are controlled. The system is protected with a firewall against incoming external connections. The databases are in locked premises and only certain persons specified in advance can access them.
RINKI Ltd’s data security is based on the laws and decrees applying to data security and the data security instructions and recommendations issued.
10. Rights of data subject
The data subject has the right to access data concerning him or her stored in the personal register and to request the rectification or erasure of any inaccurate information where there are legal grounds for doing so. Where the processing of personal data is based on the consent of the data subject, he or she also has the right withdraw that consent.
Under the General Data Protection Regulation, effective as of 25 May 2018, the data subject has the right to object to or to request the restriction of the processing of his or her personal data and to complain to the supervisory authority about the processing of personal data.
On grounds relating to his or her particular situation, the data subject has the right to also object to profiling and other processing concerning him or her when processing the data is based on the data controller’s legitimate interest. In conjunction with the request, the data subject must specify the particular situation based on which he or she objects to processing. The data controller may refuse to take action on the objection requested solely on the grounds provided by law.
The data subject also has the right to object to the processing of his or her data for direct marketing purposes, including profiling related to this.
11. Amendments to the privacy policy
Should we amend this policy, we will post the new policy on our website and indicate when it was updated. If major amendments are made, we will also notify them in other ways such as email or by posting a notice about it on our website. We recommend that you visit our website regularly and note any amendments to the policy.