Fluo Group Privacy Policy
This Privacy Policy describes Fluo Group Oy's processing of personal data. Processing
is the data of our customers, our potential customers. We process personal data
to enable, implement and market our services. The Fluo Group consists of
Eco-transport, Ekoman, Finells Transport, FL Pipe, Itä-Suomen Murskauskeskus and Keskinen
Recycling.
1.1 Contact details of the controller and contact details of the data protection officer
Fluo Group Oy
Mäkilehdontie 6
67600 Kokkola
Business ID: 3144156-2
Contact person responsible for the register
Petri Aaltonen, petri.aaltonen@fluo.fi
1.2 In this leaflet we explain
1) Contact details of the controller and the Data Protection Officer
2) Whose data we process
3) What rights the data subject has and how to exercise them
4) What we use the data for and on what legal basis we process it
5) How long we keep the data
6) Recipients of data and transfers to third countries
7) What risks are involved in processing the data and how we protect the data
1.3 What information we process and for what purposes we collect it
The personal data collected by Fluo can be categorised as follows:
- Identification and contact information such as name, address,
phone number, email address.
- Job description: title, job description or area of responsibility
- Information related to the use of our website: cookie, ip address, device identifier and
customer identifier.
- Information related to job applications and recruitment, such as name, address, other
contact details, date of birth, identification of the job of interest
information relating to your job application and CV, such as educational details,
work experience, language skills, competences, salary expectations for interview, possible
other information provided by the jobseeker, such as personal identity number, position of trust or
a photo of the person from whom the job opportunity was obtained and the application's
information relating to the processing and the situation.
- Business-related and business-derived personal data received from business customers.
Personal data that we collect directly from the data subject
We collect the information mainly directly from the data subject in a customer service situation.
or the customer provides them themselves via an online form, (possibly chat) or email.
via. This information is used to contact you either to provide services or to.
to deliver to the customer. Website visitor analytics data is also generated from
the activities of the data subject during the visit to the website.
Personal information we may collect from third parties
We collect information from third parties in accordance with specific waste regulations.
For Community customers, we also collect information from other public sources such as.
business registers such as the YTJ and the PRH's Commercial Register of the signatory of the contract
to verify the right to sign, if necessary.
Transport customer records include:
Contact
- name
- address + coordinates
- (email)
- phone number
- billing address
Customer information
- information on the agreed products/services
for the Eastern Finland Crushing Centre:
- credit information
1.4 What rights the data subject has and how to exercise them
The data subject has rights in relation to personal data held by Fluo. For normal
in customer service situations, such as changes to contact and billing information, delivery
for status enquiries and billing enquiries, you can contact Fluo Group Oy.
contact persons (on the Contact page). For more extensive information requests, please contact
the Data Protection Officer. As a general rule, these rights can be exercised once a calendar year.
free of charge. If you receive more than one request from a single person in a calendar year,
requests are subject to an administrative cost depending on the size of the request, which can be estimated at.
advance. The data subject has the following rights:
a) Right of access to personal data
The data subject has the right to access the personal data we hold about him or her. Right to
access to information may, however, need to be restricted by law and other
to protect the privacy of individuals.
b) Right to rectification
The data subject has the right to request the correction of inaccurate or incomplete data.
c) Right to erasure
Data subjects have the right to request the erasure of their data. Deletion of data may be
for example, in the following cases:
- The data subject withdraws consent and there is no other ground for processing
- The data subject objects to the processing and there is no other ground for continuing the processing.
justification
d) Right to restriction of processing
The data subject has the right to restrict the processing of his or her personal data in accordance with Article 18 of the GDPR.
under Article. This means, for example, cases where personal data
there are doubts as to the accuracy or lawfulness of the processing.
e) Right to object
The data subject has the right to object to the processing of his or her data if we process them.
on the basis of our legitimate interests or the public interest.
f) Right to data portability
The data subject has the right to receive the personal data provided by him or her in a machine-readable format.
form. This right applies to personal data that have been processed automatically under a contract or
on the basis of consent. The right to data portability does not apply to.
the contact details of professionals in business-to-business relationships in cases where.
processing is not based on the data subject's consent or on a contract to which the data subject is a party
on.
g) Right to withdraw consent
The data subject has the right to withdraw his or her consent at any time, without prejudice to.
the lawfulness of the processing carried out before its withdrawal, if the processing is based on
consent. Withdrawal of consent may affect our ability to provide you with.
services.
h) Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a supervisory authority if he or she suspects that.
your personal data is being used inappropriately or unlawfully.
To exercise the rights of the data subject, the person responsible for Fluo should be contacted.
1.5 What we use the data for and on what legal basis we process it
Fluo processes personal data to fulfil its legal and contractual obligations. About
will not be used for automated decision-making or profiling. The legal grounds for our processing are:
Implementation of the Agreement
The processing of contracts and the performance of contractual obligations is the processing of personal data.
legal basis. We process personal data for the purposes of providing the service you have ordered from us, from which we.
to the extent necessary.
Legal obligation
In addition to contracts, our activities are subject to legal obligations that require us to.
we process personal data. Examples include:
- Accounting legislation, the Act on the Organisation of Occupational Health Care, the Annual Holidays Act, and
instructions from the tax authorities and the authorities on the organisation and accounting of payroll administration
- Waste Act, Waste Shipment Ordinance, Environmental Authorisation Act, Environmental Protection Act,
Landfill Act, Annex I of the Environmental Protection Decree.
Consent
To develop our website, we collect analytics data on the use of the website.
based on consent. You give your consent by accepting cookies on the site
when you arrive.
For data collected for marketing purposes, consent is obtained from data subjects,
which can be cancelled at any time.
Legitimate interest
We use legitimate interest as a ground for processing mainly for administrative purposes.
the choice of implementation methods, for example, for data processing software
and how we store the information.
1.6 How long we keep the data
Personal data is stored only for the duration of the contractual relationship and for one year after the end of the contract.
to deal with any complaints or requests for redress, unless the legislation, such as.
accounting law, otherwise required.
Laws and regulations impose certain requirements on the storage of material containing personal data
and use, which affects data retention periods. The remaining retention periods are determined by the controller
a description of the processing operations.
1.7 Data recipients and data transfers to third countries
Personal data is only transferred outside the EEA for system maintenance and cloud computing purposes.
relating to. Such suppliers include Microsoft and Google. The transfer of personal data takes place within the EU
US data protection framework, which has the European Commission's Adequate Data Protection
statement and for which these suppliers are certified.
Suppliers are also contractually bound not to use our personal data for any purpose.
for their own purposes or to use them, for example, for their own products or services.
marketing.
1.8 What risks are involved in processing your data and how we protect it
The main risk associated with the system is the information provided by the data subjects themselves. Fluo
does not routinely collect data relating to, for example, personal private life.
information.
At the current level of protection, this does not pose any risk to the rights of the data subject or
freedoms, but the registrant should be aware of this.
No significant risks have been identified for the data of data subjects, with the exception of.
the care required for the processing of personal data relating to recruitment and the transfer of data.
and the technical security of the storage. Ensuring the correct processing of personal data
are taken care of and services are provided in confidence.
However, data subjects should be aware that the controller is not able to anticipate.
assess the content of the information they provide themselves and thus carry out specific
protective measures.
At the current level of protection, the above risks do not pose a risk to the registered
rights or freedoms, but the data subject should be aware of these.
The aim of Fluo's security activities is to secure the security of data and information systems.
access, ensure their confidentiality, ensure the integrity of the data, and
minimise the damage caused by any deviations. The safeguard measures are based on
the risk assessment of the activity and are proportionate to the site to be protected and its
to manage the risks to. Processing of personal data and protection measures
take into account the requirements of existing data protection legislation.
Measures to ensure information security and data protection include:
Measures to increase access to and availability of information aim to ensure
access to relevant information when you need it. Such activities include
ensuring that systems are up and running, backing up and archiving data correctly.
Data integrity is ensured through system checks and controls.
Security measures and guidance are aimed at preventing errors and omissions in the data.
in the processing. We regularly review and update our privacy policy
as part of our business development and take into account any
The confidentiality of data is ensured by organisational and technical measures.
by. Organisational means include confidentiality agreements, defined
operational processes, guidelines and staff training. Technical means include.
virus and malware filtering, traffic encryption, strong
authentication, network and terminal security and encryption, premises locks and
Supervision.
1.9 Websites and cookies
Our website uses cookies for the following purposes:
- For visitor statistics (Google Analytics, etc.)
- To save user-selected settings (such as language preferences)
- For the operation of the Chat service
For visitor statistics, information is collected on the user's terminal device, network address
(IP address) and the software and versions used. With this information you can
we can identify and count the different users who visit our site and what kind of information
and how to use the services on the site. The purpose is to provide statistics on
anonymously count the number of visitors to the page, for example for marketing campaigns
in impact studies. At the same time, we learned what information on our website is most often
is being sought, and we can use this information to develop the structure of the site so that
users can easily find what they are looking for.
For settings chosen by the user, information such as,
in which language the user wants to use the site. In the same cookie, a user can
store any other choices you wish to make on the site. This way, when a user enters
next time you visit the site, for example, the language of the site will be immediately correct.
We keep the information for 36 months.
Our online services may include features called "community plug-ins", such as.
Facebook info boxes with content coming directly from Facebook.
Advertisers and third parties, such as Google, may collect information and
target advertising based on the cookie data collected from our website. We do not
disclose any information you submit to us through the Site to anyone.
to a third party.
You can delete cookies stored by your browser in your browser settings. If you do not want to
use cookies, you may not be able to take full advantage of the features of the website,
but it does not prevent you from using any of our services completely.
1.10 Contact details of the supervisory authority
Every data subject has the right to lodge a complaint about the processing of personal data with a supervisory authority,
if you feel that your personal data is not being processed fairly.
Office of the Data Protection Ombudsman
Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
Postal address: P.O. Box 800, 00521 Helsinki
Switchboard: 029 56 66700
Fax: 029 56 66735
Email: tietosuoja@om.fi
