Privacy Policy

‘Personal data’ means the data related to any identified or identifiable natural person (hereinafter referred to as the “data subject”), such as the name, address and phone number. An identifiable person is any person who is identifiable, directly or indirectly, on the basis of the various pieces of information concerning them.

‘Data subject’ means the person whose data we process in our person register.

A ‘Customer’ means those consumers and the contact persons of those companies and other organisations (hereinafter referred to as the ‘company’) who we have a customer relationship with.

‘Potential customers’ mean those consumers and the contact persons of those companies who we aim to create a customer relationship with.

‘Interest groups’ mean those consumers and the contact persons of those companies we are partnering with (representatives of companies producing services for us, for example) or are connected to by other means (decision-makers in society related to our community relations).

The legal foundation for the processing of personal data is the following paragraphs in Article 6 of the General Data protection Regulation of the EU (GDPR):

a) you have given your consent to the processing of your personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which the Controller is subject; and

d) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or your fundamental rights and freedoms which require the protection of personal data.

We process your data to execute the agreement with you or the company you represent (e.g. realisation of the subscription of a magazine or a digital service).

We and our partners have legitimate interests pertaining to doing our business, such as the right to promote the sales of our products and services by means of marketing and sales. Based on a legitimate interest, we may, inter alia, exercise direct marketing and sales using your contact information, including the processing of your personal data for profiling. For more information on profiling, see ”Is my personal data used for profiling?”

Other legitimate interests, based on which we may process your personal data, are consulting and other customer service to non-customers, further development of the business, market research and prevention and investigation of potential misconduct.

When we process personal data on the basis of a legitimate interest, we weigh up the benefits and potential disadvantages to you. For example, we have performed a ‘balancing test’, regarding legitimate interest, for a situation in which we process personal data for our own or a partner’s direct marketing purposes. In the test, we weighed up the interests of ourselves and our partners in relation to your rights and freedoms regarding the processing of personal data. We came to the conclusion that our processing of personal data does not have unreasonable impacts on data subjects.

You have the right to opt out of personal data processing done on the basis of a legitimate interest, and do not have to give a reason for opting out. We give instructions on how to opt out in this Privacy Policy, under ”How can I exercise my rights in relation to my personal data?”.

If the processing of personal data is not based on contractual needs or a legitimate interest, we may request your consent for another kind of processing of personal data. For example, direct marketing using electronic channels requires your consent in certain situations. Please note, however, that not all direct marketing measures require consent. In addition, you may object to or withdraw your consent to direct marketing as per our instructions.

In addition, we may process your personal data when the legislation obliges us to do so, for example, when the Bookkeeping Act so requires.

The personal data we have collected may contain the following types of information and the changes thereto:

1 .Basic information of all data subjects

• forename and surname
• contact information (mailing address, e-mail address, phone numbers)
• gender
• date of birth
• language (Finnish, Swedish, other)
• direct marketing options selected
• communication targeted to data subjects and related activities
• recordings of calls with customers and potential customers (if that call is recorded) and e-mail discussions and online chats related to customer service in social media channels, for example

2. Supplementary information of Controller’s customers and potential customers

The following types of additional information on the data subject may be processed, as appropriate, based on the role and activity of the data subject.

• the time and means of the beginning and the end of a customer or corresponding relationship
• campaigns targeted to data subjects (such as direct marketing, marketing lotteries and competitions) and their use
• which email addresses receive messages, which emails are opened, and which links in the email are clicked on
• purchase and payment information
• additional information provided voluntarily and in a recognizable form in the context of research activities (as a rule, research results are processed anonymously)
• areas of interest reported by data subjects or other information
• content of feedback and complaints, related correspondence and further action
• user IDs for digital services
• information on using digital services
• information on cookies sent to terminal equipment (such as computers and mobile appliances) and other corresponding functionalities of data subjects and on the data collected by them if the person is identifiable based on this information (for example, information on how ads on our sites are clicked on)

3. Supplementary information on company representatives

• title and/or job description in the current and former work related to Controller’s activities

4. Information on the data subjects who have participated in events organised by the Controller

• dietary information (specific information voluntarily provided by the user)
• date of birth for events for which a shipping line, for example, requires to have the information
• names of and dates of birth of travelling companions when, for example, a shipping line so requires

Most of the information is derived from you at the beginning of a customer and interest group relationship and during it and from the software with which you use our products and services. We may combine the personal data you provide to us at different times and on differrent channels, such as telephone number you provided in connection with your magazine subscription and the email address you provided in the Seiska Club membership form. We may supplement your personal data from the providers of acquisition and update services decribed below.

In addition, we receive personal data and their updates from the authorities and organisations which offer acquisition and update services of personal data and credit history relating to customer- and marketing registers as well as from public directories and other public sources of information, such as company websites and social media channels.

As regards the representatives of companies, we also receive personal data from their colleagues. In other words, the main contact person of a company may also tell us more personal data about their colleagues.

To conduct our business, we may use resources and servers in various locations around the world.

We may transfer your personal data outside the country in which they are used and possibly also to countries outside the EU area whose data protection legislation is different.

In these cases, we shall ensure that there are legal grounds for transferring the data and that your personal data are protected, for example, by using (when necessary) standard agreements and processor agreements approved by the authorities, and by requiring compliance with appropriate technical and other data protection measures.

As a data subject, you have various opportunities to influence the processing of your personal data. As a rule, we shall answer your request within a month’s time.

You can exercise your rights by sending a request to our customer service using the enclosed forms when you wish to inspect your information, request your information to be erased or oppose their processing. In any other cases, please itemise a free-form request and deliver it in the customer service channel of your choice.

Please note that we must always be able to identify the person who requests the information/processing for example by name, address, customer number, phone number and/or email address.

• Data inspection request: Inspection request form
• Data erasure request (including opposing the processing): Erasure request form
• Opting out of direct marketing: Make a free-form request, telling us what kind of direct marketing (postal, phone, SMS or email) your request applies to
• Forbidding the sharing of personal data with partners for their postal and/or telemarketing purposes or contact information updates: Make a free-form request, telling us what kind of direct marketing (postal and/or phone) your request applies to
• Other requests are free-form, itemise what your request concerns

Send the form or the itemised request either by e-mail or to the address Aller Media Oy, Lintulahdenkuja 10 A, FI-00500 Helsinki, Finland:

• Subscriber to Aller’s magazines or a service user: [email protected], tel. +358 75 328 5102
  (8.8 c/min + lnf/mcf, queuing included)
• Business customer: [email protected]
• Employee, former employee or job applicant: [email protected]
  

The rights belonging to you are (the extent of the rights depends on what processing criterion the processing of your personal data is based on, i.e. all of the rights listed below are not available to you in all situations):

a) Right to access the personal data collected about you. In practice, this is realised so that, according to your appropriate and identified request, we will provide you with a report on the personal data which has been collected about you in the person register.

b) Right to request for the rectification or erasure of the data collected about you. If you notice any errors or shortcomings in the data, you can submit a request for rectification to us.

c) The right to request the erasure of the data collected about you. If any of the following criteria are fulfilled and no obligation of data retention remains due to legislation or a regulation by the authorities, we shall have the obligation to erase the personal data you have requested from the person register:

1. your personal data are no longer needed for the purpose they were originally processed for;
2. you cancel the consent you have given and no other legal grounds remain for the processing;
3. you oppose the processing in relation to your specific situation and no justified reason for the processing exists or you oppose the processing of your personal data for direct marketing;
4. your personal data has been processed against the law;
5. your personal data must be erased to comply with a statutory obligation based on the court of the European Union or Finnish legislation applicable to the Controller; or
6. your personal data has been collected in conjunction with offering information society services, such as ordering digital services from the Controller.

d) The right to request the limitation of the data collected about you. You can ask us to limit the processing of your personal data if:

1. you deny the correctness of the personal data we have about you:
2. the processing is illegal and instead of data erasure you request the limitation of its use;
3. we do not need the personal data in question for processing purposes, but you need them for composing, presenting or defending a legal claim;
4. you have opposed the processing of personal data while waiting for verification as to whether our legitimate grounds overrule yours.

e) The right to oppose the processing of personal data concerning you. If we process your data on the basis of a legitimate interest, you shall have the right on the basis of the grounds related to your specific personal situation to oppose the processing of your personal data. All the persons included in the registers covered by this privacy statement shall have the right to oppose the processing of their personal data for direct marketing.

f) The right to transfer the information you have given from one system to another. If the automatic processing of your personal data is based on your consent or an agreement, you shall have the right to receive the data you have submitted to us in an organised, commonly used and machine-readable form and have the right to transfer the data to another controller.

g) The right to cancel your consent. If all or a part of your personal data are processed in this register on the basis of your consent, you shall have the right to cancel the consent you have given.

h) The right to submit a complaint to supervisory authorities. If a potential dispute concerning the processing of your personal data is not settled in an amicable way between us, you shall have the right to take the matter to be resolved by a data protection authority.

Most of the techniques we use serve as prerequisites for delivering and developing the service. We need the cookies to ensure that our service is working and that we can develop it to improve it and to provide you with content which you may find interesting.

We will ask for your permission to use the cookies for targeted advertising. We think that these cookies area beneficial to you to receive advertising that you may find interesting. We use the OneTrust tool which you can also use to manage the settings of the cookies related to targeted advertising and block their use if you wish.

The cookie settings are defined separately for each website. You can access the tool through the cookie banner and the links at the bottom of the website.

A cookie is a small text file which can be sent to the user’s terminal equipment through the Service. The cookies do not move across the Internet on their own but are rather set for the user’s terminal equipment only with a website called by a user. The cookies contain an anonymous, unique ID with which Aller can calculate and identify the browsers visiting the Service.

In addition to cookies, Aller may use other similar technologies. The cookies cause no harm for using the computer or browsing in the Internet. The cookies are ordinary text files which cannot contain viruses. In this cookie information, all of them are jointly referred to as cookies.

A user cannot be identified solely with the help of cookies. The data obtained with the help of cookies and other corresponding techniques can be linked to data obtained in other contexts, considering the valid data protection legislation. The user is encouraged to also familiarise themselves with other data protection information of Aller where the processing of the personal data of identifiable persons is described.

The user can make choices regarding cookies, in the case of Aller, using the OneTrust cookie tool. The user must, however, take into account that the use of cookies or their removal may impair the use of the Service or some of its parts or functionalities, or even totally prevent its use.

The user may, if they wish to do so, delete the cookies from the browser on a regular basis. Deleting the cookies in practice zeroes the user data on the basis of which advertising has been targeted to the user. Thus, deleting the cookies does not prevent the collection of user data and targeted advertising, for example, but it does delete the information on the basis of which advertising has been targeted previously.

We are happy to answer to users’ questions related to cookies. You can contact us at:

Aller Media Oy, Lintulahdenkuja 10 A, FI-00500 Helsinki, Finland
Tel.: +358 9 862 17 000
E-mail: [email protected]