I.e. how we collect data, for which purposes, how we store data and how you can exercise your rights.
This statement covers the commercial registers under the Aller Finland Group and its subsidiaries.
Aller Media Oy (Business ID: 0872238-2) and the group members belonging to the same group with it each time, currently Data Refinery Oy (Business ID: 2848544-1) and Dingle Oy (Business ID: 2289652-2) [hereinafter referred to as the “Controller”]
Address: Lintulahdenkuja 10 A, FI-00500 Helsinki, Finland
Tel.: +358 75 328 5102
Data Protection Officer at Aller Finland Group: Mari Lamberg
In this statement, we use the following terms: personal data, data subject, customer, potential customer and interest group.
‘Personal data’ means the data related to any identified or identifiable natural person (hereinafter referred to as the “data subject”), such as the name, address and phone number. An identifiable person is any person who is identifiable, directly or indirectly, on the basis of the various pieces of information concerning them.
‘Data subject’ means the person whose data we process in our person register.
A ‘Customer’ means those consumers and the contact persons of those companies and other organisations (hereinafter referred to as the ‘company’) who we have a customer relationship with.
‘Potential customers’ mean those consumers and the contact persons of those companies who we aim to create a customer relationship with.
‘Interest groups’ mean those consumers and the contact persons of those companies we are partnering with (representatives of companies producing services for us, for example) or are connected to by other means (decision-makers in society related to our community relations).
We process personal data for the delivery of products and services, customer communication, customer and interest group management, development and analysis, sales, marketing and research (both our own and, in some cases, third-party products and services) and development of products and services.
The Controller processes the personal data of the data subjects for the following purposes (for one or more purposes simultaneously):
Delivery of products and services
We can process your personal data to deliver products and services if you or the company you represent have purchased a product or service from us, registered to use our digital services, ordered our content to your e-mail or participated in our events. Personal data are used for carrying out the rights and obligations based on our mutual agreement or other commitment.
We may use your personal data in our customer communication, for example, to send you notifications related to our products and services, change notes and to ask you for feedback.
Development and analysis of customer and interest group relations
We may use your personal data for the management, development and analysis of the customer or interest group relationship.
We may contact you to tell you about new products, services and benefits. We may also share your contact information for marketing purposes with our partners. For more information on disclosure, see “Who can my personal data be shared with?”
We may use your personal data to provide you with relevant content and to customise our offering. We may, for example, give recommendations or show customised content and customised advertisements in our own and third-party services.
Product and service development and research
We may use your personal data to develop our products and services, for example, to improve the portfolio and various kinds of content.
We may use your personal data to conduct market research.
We process your personal data on the basis of your consent to fulfil a contractual or statutory obligation or on the basis of a legitimate interest.
The legal foundation for the processing of personal data is the following paragraphs in Article 6 of the General Data protection Regulation of the EU (GDPR):
a) you have given your consent to the processing of your personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
c) processing is necessary for compliance with a legal obligation to which the Controller is subject; and
d) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or your fundamental rights and freedoms which require the protection of personal data.
We process your data to execute the agreement with you or the company you represent (e.g. realisation of the subscription of a magazine or a digital service).
We and our partners have legitimate interests pertaining to doing our business, such as the right to promote the sales of our products and services by means of marketing and sales.
Based on a legitimate interest, we may, inter alia, exercise direct marketing and sales using your contact information, including the processing of your personal data for profiling.
Other legitimate interests, based on which we may process your personal data, are consulting and other customer service to non-customers, further development of the business, market research and prevention and investigation of potential misconduct.
If the processing of personal data is not based on contractual needs or a legitimate interest, we may request your consent for another kind of processing of personal data. For example, direct marketing using electronic channels requires your consent in certain situations. Please note, however, that not all direct marketing measures require consent. In addition, you may object to or withdraw your consent to direct marketing as per our instructions.
In addition, we may process your personal data when the legislation obliges us to do so, for example, when the Bookkeeping Act so requires.
We process basic information such as name, contact information and direct marketing options selected, purchase and order information like order history, customer communication and the use of digital services.
In addition, we process supplementary information of company representatives and information related to participating in our events.
The personal data we have collected may contain the following types of information and the changes thereto:
1 .Basic information of all data subjects
2. Supplementary information of Controller’s customers and potential customers
The following types of additional information on the data subject may be processed, as appropriate, based on the role and activity of the data subject.
3. Supplementary information on company representatives
4. Information on the data subjects who have participated in events organised by the Controller
We collect data, for example, when a customer subscribes to a magazine or digital services, participates in competitions and from external data sources.
Most of the information is derived from you at the beginning of a customer and interest group relationship and during it and from the software with which you use our products and services.
In addition, we receive personal data and their updates from the authorities and organisations which offer acquisition and update services of personal data and credit history as well as from public directories and other public sources of information, such as company websites and social media channels.
As regards the representatives of companies, we also receive personal data from their colleagues. In other words, the main contact person of a company may also tell us more personal data about their colleagues.
The data can be shared with our subcontractors for delivering magazines and for producing various services, and to our partners, inter alia, for the implementation of direct marketing campaigns.
We may transfer data outside the country in which they are used. In this way, we ascertain that the transfer can be done legally, the data are protected and our contractual partners observe the GDPR.
To conduct our business, we may use resources and servers in various locations around the world.
We may transfer your personal data outside the country in which they are used and possibly also to countries outside the EU area whose data protection legislation is different.
In these cases, we shall ensure that there are legal grounds for transferring the data and that your personal data are protected, for example, by using (when necessary) standard agreements and processor agreements approved by the authorities, and by requiring compliance with appropriate technical and other data protection measures.
We may exploit data analytics and modelling the outcome of which is profiling. We may use profiling to produce personal content or to target our marketing communication.
We may exploit your personal data for profiling, in other words analyse them automatically and evaluate certain personal properties of yours especially by analysing or anticipating characteristics which are related to your personal preferences, areas of interest and behaviour.
In this way, we will be able to better serve our customers, to develop our products and services to better meet our customers’ wishes and to target content and marketing in the most appropriate way.
We do not make automatised individual decisions, which would bring legal or other consequences comparable in their gravity. The consequences of the profiling we exercise mostly appear in the form of personalising and targeted advertising to selected target groups.
The processing times of the personal data of various person groups are based on different criteria depending on the processing criteria and legislation.
We shall keep processing your personal data as long as we have any valid criterion for the processing described in this privacy statement, and for a reasonable period thereafter.
The processing period of various person groups is determined on the basis of the following criteria:
We can process your personal data as long as you are our customer and until the end of the third year after the year your customership ended.
Thereafter, we can transfer the necessary personal data to our marketing register and treat you again as a potential customer.
Business customer representatives
We can process your personal data as long as you represent our business customer and until the end of the third year after the year your customership ended.
Then, we can transfer the necessary personal data to our marketing register and treat you again as a potential business customer representative.
Potential consumer customers and representatives of potential business customers
We can process your personal data for the time being until you become our customer or until you require your information to be erased from our marketing register.
Interest group members
We can process your personal data as long as you are a member of an interest group like representing our partner, and to the end of the calendar year when you have ended your customership.
You can exercise your rights by using any of the enclosed forms or by itemising your request by sending it to one of the addresses listed below depending on the group you belong to.
As a data subject, you have various opportunities to influence the processing of your personal data. As a rule, we shall carry out your request within a month’s time.
You can exercise your rights by sending a request to our customer service using the enclosed forms when you wish to inspect your information, request your information to be erased or oppose their processing.
In any other cases, please itemise a free-form request. Please note that we must always be able to identify the person who requests the information/processing.
Send the form or the itemised request either by e-mail or to the address Aller Media Oy, Lintulahdenkuja 10 A, FI-00500 Helsinki, Finland:
The rights belonging to you are (the extent of the rights depends on what processing criterion the processing of your personal data is based on, i.e. all of the rights listed below are not available to you in all situations):
a) Right to access the personal data collected about you. In practice, this is realised so that, according to your appropriate and identified request, we will provide you with a report on the personal data which has been collected about you in the person register.
b) Right to request for the rectification or erasure of the data collected about you. If you notice any errors or shortcomings in the data, you can submit a request for rectification to us.
c) The right to request the erasure of the data collected about you. If any of the following criteria are fulfilled and no obligation of data retention remains due to legislation or a regulation by the authorities, we shall have the obligation to erase the personal data you have requested from the person register:
d) The right to request the limitation of the data collected about you. You can ask us to limit the processing of your personal data if:
e) The right to oppose the processing of personal data concerning you. If we process your data on the basis of a legitimate interest, you shall have the right on the basis of the grounds related to your specific personal situation to oppose the processing of your personal data. All the persons included in the registers covered by this privacy statement shall have the right to oppose the processing of their personal data for direct marketing.
f) The right to transfer the information you have given from one system to another. If the automatic processing of your personal data is based on your consent or an agreement, you shall have the right to receive the data you have submitted to us in an organised, commonly used and machine-readable form and have the right to transfer the data to another controller.
g) The right to cancel your consent. If all or a part of your personal data are processed in this register on the basis of your consent, you shall have the right to cancel the consent you have given.
h) The right to submit a complaint to supervisory authorities. If a potential dispute concerning the processing of your personal data is not settled in an amicable way between us, you shall have the right to take the matter to be resolved by a data protection authority.
When necessary, we shall update the data protection information, for example, when developing our services or processing methods to keep up with the changing legislation.
We are continuously developing our business and it may also mean changes related to the processing of personal data.
When necessary, we shall update the privacy statement to correspond to the changes in measures. These changes may also be based on changes in the legislation. We recommend that you familiarise yourself with the content of this privacy statement on a regular basis.
If we begin to process your personal data for any purposes other than what your personal data were originally collected for, we shall notify you of the matter and of the updated privacy statement before the further processing in question.
With regards to other changes, we shall notify you of updating the privacy statement on our website.
Finnish legislation and the GDPR shall, inter alia, be applied for the processing of registers under the scope of this privacy statement.
To fulfil the contractual obligations related to our relationship, we need to process your personal data.
Without the needed personal data, we cannot provide you with the products and services in conjunction of which it is necessary to process personal data, such as subscriptions to magazines and digital services which require your registration.
The Finnish legislation and EU legislation such as the GDPR directly applicable in Finland shall be applied for the registers under the scope of this privacy statement and for the processing of personal data in them.
Most of the techniques we use serve as prerequisites for delivering and developing the service. We need the cookies to ensure that our service is working and that we can develop it to improve it and to provide you with content which you may find interesting.
We will ask for your permission to use the cookies for targeted advertising. We think that these cookies area beneficial to you to receive advertising that you may find interesting. We use the OneTrust tool which you can also use to manage the settings of the cookies related to targeted advertising and block their use if you wish.
The cookie settings are defined separately for each website. You can access the tool through the cookie banner and the links at the bottom of the website.
Through the mediation of the digital services (hereinafter referred to as ‘Service’) of the Aller Group (Aller, Data Refinery, Dingle = hereinafter referred to as ‘Aller’), cookies and other similar techniques can be used to collect information related to the terminal equipment or Service you use, such as from what page the user has come to the Service, what browser the user is using or when and what parts of the Service the user has been browsing. A user cannot be identified solely with the help of cookies.
A cookie is a small text file which can be sent to the user’s terminal equipment through the Service.
The cookies do not move across the Internet on their own but are rather set for the user’s terminal equipment only with a website called by a user. The cookies contain an anonymous, unique ID with which Aller can calculate and identify the browsers visiting the Service.
In addition to cookies, Aller may use other similar technologies. The cookies cause no harm for using the computer or browsing in the Internet. The cookies are ordinary text files which cannot contain viruses. In this cookie information, all of them are jointly referred to as cookies.
A user cannot be identified solely with the help of cookies. The data obtained with the help of cookies and other corresponding techniques can be linked to data obtained in other contexts, considering the valid data protection legislation.
The user is encouraged to also familiarise themselves with other data protection information of Aller where the processing of the personal data of identifiable persons is described.
The user may, if they wish to do so, prevent the use of certain kinds of cookies by changing the browser settings.
The user may, if they wish to do so, delete the cookies from the browser on a regular basis. Deleting the cookies in practice zeroes the user data on the basis of which advertising has been targeted to the user. Thus, deleting the cookies does not prevent the collection of user data and targeted advertising, for example, but it does delete the information on the basis of which advertising has been targeted previously.
We are happy to answer to users’ questions related to cookies. You can contact us at:
Aller Media Oy, Lintulahdenkuja 10 A, FI-00500 Helsinki, Finland
Tel.: +358 9 862 17 000
The necessary cookies include, inter alia, cookies with which the users need not insert the user IDs, passwords and personalisation options again and again.
In its Service, Aller also provides so-called first-party advertising, i.e. advertising offered by Aller. This kind of first-party advertising is part of the Service offered by Aller to the user, which is why Aller does not provide the user an opportunity to prevent first-party advertising in Aller’s Service.
The purpose of cookies is to enable the use of the Service for the users, to process the numbers of user and other Service related data and to enable and realise development work related to information security. Their purpose of use is to analyse and to develop a Service to better meet the individual needs of its users.
Aller also uses commercial cookies which can be used to target the marketing of Aller and selected third parties on external websites based on, for example, what kind of content the user has been searching for or what websites they have been viewing. These cookies are often saved on the user’s computer by a third party acting as Aller’s partner.
With cookies and other corresponding techniques, advertising can be targeted to the user on the basis of their areas of interest.
With the help of cookies, the system will also recognise whether the use has seen the advertisement before and, as a result, the same advertisements are not shown repeatedly to the user. Cookies can also be used for the targeted advertising carried out by third parties.
Aller may create target group segments based on the visited websites over a period under review. In this way, these target group segments can be provided with content and marketing which those concerned will probably find interesting.
In addition, one purpose is to enable for the user the kind of content and marketing both in the Service and outside it which they will probably find interesting by utilising retargeting, for example.
The user may, if they wish to do so, prevent the targeted marketing based on this kind of browser use on the Internet and on mobile equipment when there is a third party involved in targeting in addition to Aller.
If the user does not want advertising to be targeted at them on the basis of browser use, they can prevent the targeting by using the OneTrust service. After the targeted advertising has been prevented, the user will still be shown advertisements, but their content will no longer be targeted at the user.
You can edit your targeting cookie permissions also through external services, e.g. NAI Consumer Opt Out.
The user must take into account that targeted advertising based on browser use shall be prevented separately in each browser that the user is using.