Data Protection Notice


Data controller

Winco Oy
Jaakonkatu 2
01620 Vantaa
FINLAND

Data protection person in charge

Kati Kivijärvi

Purposes of the processing of personal data

The main purpose of the register is to manage, take care and maintain customer relationships. Personal data in the register is used to produce and execute services to customers, to inform customers, to invoice services and to charge and collect payments and to target promotion and/or direct marketing.

Justification of data control and processing of personal data is executing rights and obligations of data controller.

Collecting the personal data

Register may include data like person’s name, email address, mobile and/or other phone number, purchase history, contracts, invoices, delivery information and logfiles. In case of non-private customers register includes name of the organization, name and status of the contact person, VAT number of the organization and the address information of the organization.

Data is stored and processed according to category “confidential”.

Data is collected at the beginning and during of the customer relationship from the data subjects themselves. Organizational information may be collected also from Finnish Patent and Registration Office’s Business Information System.

No consent is needed from data subjects since the justification of data controlling and processing is to execute rights and obligations of the data subject and data controller.

Rights of the data subject

Data subject has opportunity to see and check the data on he/she and the data will be corrected if necessary. Data subject has right to limit the use of his/her data for marketing communications.

All queries about data subject’s personal data can be assigned to data controller:

Winco Oy
Jaakonkatu 2
01620 Vantaa
FINLAND

Data will be deleted, and data subject may demand deletion of his/her data after employment relationship is ceased and when all rights and obligations of the data controller have been fulfilled. Data can be archived/marked inactive even before deletion. Long-term data archive requires anonymization or pseudonymization of the data. Register will be revised regularly in case of outdated data.

Protection of the register data

Data controller will not assign personal data in the register to any third party without distinct consent of the data subject, except when execution of the rights and obligations of data subject and data controller or Finnish public authority requires that. Data controller will not transfer personal data in register outside EU or EFTA, except when execution of the rights and obligations of data subject and data controller or Finnish public authority requires that.

Unauthorized access to data and equipment containing data is prevented with different technical and administrative means.