Privacy policy
PRIVACY POLICY FOR PAULIG’S CUSTOMERS, POTENTIAL CUSTOMERS AND INTEREST GROUPS
Effective on May 25, 2018
PRIVACY POLICY FOR PAULIG’S CUSTOMERS, POTENTIAL CUSTOMERS AND INTEREST GROUPS
Effective on May 25, 2018
Dear Visitor,
We at Paulig take your privacy very seriously. On this page you find what information we collect about you and why. We also explain how we protect your data and ensure its safety. To learn more, please scroll down the page or click on the links below. As there are quite a few facts to explain, the page is fairly long. With any questions, please do not hesitate to contact us.
With friendly regards,
Privacy Team
Paulig Ltd
privacy@paulig.com
Controller of this filing system is the Finnish company Paulig Ltd (business registration number: 0112563-0) and companies at the time belonging to Paulig, all together hereinafter referred to as ”Paulig”. | The controller of your personal data is Paulig Ltd and its affiliates. |
Paulig Ltd’s contact details in privacy policy matters are:
Paulig Ltd / privacy matters
Satamakaari 20
FIN – 00980 Helsinki
FINLAND
privacy@paulig.com
Tel: +358 9 319 81
Please do not hesitate to contact us if you have any questions, concerns or ideas related to Paulig’s personal data procedures.
In the following the most essential terms used in this privacy policy are explained: | Most important terms are: |
1. 'Consumer customer' means any consumer that has purchased or ordered something from Paulig or has some other type of other relevant connection with Paulig, such as a subscription of a newsletter or a membership of a digital club or a consumer panel. | 'Consumer customer' means customers that are consumers and not business representatives. |
2. 'Potential consumer customer' means any consumer that is not yet or anymore an active customer. | 'Potential consumer customer' means a consumer that is not yet or anymore an active customer. |
3. 'Business-to-business customer' means any representative of a company or public body which has purchased or ordered something from Paulig or has some other type of other relevant connection with Paulig. | 'Business-to-business customer' means customers that are representatives of a company or public body. |
4. 'Potential business-to-business customer' means any representative of a company or public body which is not yet or anymore an active customer. | 'Potential business-to-business customer' means a representative of a company or public body which is not yet or anymore an active customer. |
5. 'Interest groups' means amongst others representatives of suppliers, the press, entities offering services to Paulig and other stakeholders as well as visitors of all Paulig premises. | 'Interest groups' means people who have some other type of connection with Paulig, such as supplier relationship. |
6. 'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly. | 'Personal data' means any information relating you if you can be identified or are identifiable ('data subject'). |
7. 'Consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. | 'Consent' means any freely given and specific indication of your wishes. |
8. 'Profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. | 'Profiling' means automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person. |
This privacy policy covers processing of personal data of both consumers and business representatives as well as representatives of different interest groups. This privacy policy covers processing of personal data related to all of Paulig’s business operations under Paulig brands such as PAULIG, SANTA MARIA, POCO LOCO and RISENTA as well as the private label operations. | This privacy policy covers processing of your personal data related to all of Paulig’s business operations. |
In the following we explain the differences in each category. One or more roles and purposes may apply simultaneously. | We explain in the following how the processing may be different for different people. |
Providing products and services
Paulig may use your personal data for providing products and services for you, for example when you purchase our products, use our digital services, subscribe to our newsletters and participate in our trainings and other events. | We may use your data for providing products and services for you. |
Managing, analyzing and improving the customer relationship
Paulig may use your personal data for managing, analyzing and improving the customer relationship with you and the entity you represent. | We may use your personal data for managing, analyzing and improving the customer relationship. |
Communication with you
Paulig may use your personal data to communicate with you, for example to send you invitations, important alerts and other such notices relating to our products, services, consumer panels or market research and to ask for your feedback on our products and services. | We may use your personal data to communicate with you. |
Marketing to you
Paulig may contact you to enhance your experience with Paulig by informing you of new products, services or promotions Paulig may offer. Paulig may use your personal data to personalize our offering and to provide you with more relevant content. This means for example making recommendations and to display customized content and advertising in our services (such as websites, applications and marketing e-mails) and in third party services (such as banner advertisements). | We may contact you to inform you of new products, services or promotions. We may use your personal data to personalize our offering and to provide you with more relevant content. |
Managing and developing products and services
Paulig may use your personal data to manage and develop Paulig’s business operations, including its products and services. | We may use your personal data to manage and develop our business operations. |
Processing of your personal data is based on the following grounds of the EU’s General Data Protection Regulation (one or more purposes may apply simultaneously): | Processing of your personal data is based on the following grounds in the law: |
a) Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. | - it is necessary based on a contract between us |
b) Processing is necessary for compliance with a legal obligation to which the controller is subject (for example the duty to keep the records based on Accounting Act). | - we have to process your data based on a legal requirement |
c) Processing is necessary for the purposes of the legitimate interests pursued by Paulig. | - we have legitimate interests as a company |
d) You have given consent to the processing of your personal data. | - you have given consent to us |
The legitimate interests of Paulig or third party referred to in point c) above may include amongst others the following matters: | Our legitimate interests may include marketing, business development and investigation of wrongdoing. |
| |
| |
|
Marketing to you
Paulig may contact you to promote its products and services or to invite you to a consumer panel. Paulig may use your personal data to personalize our offering and to provide you with more relevant content. This means for example making recommendations and to display customized content and advertising in our services (such as websites, applications and marketing e-mails) and in third party services (such as banner advertisements). | We may contact you to inform you of new products, services or promotions. We may use your personal data to personalize our offering and to provide you with more relevant content. |
Communication with you
Paulig may use your personal data to communicate with you, for example to ask for your feedback on our prior engagement with you. | We may use your personal data to communicate with you. |
Managing and developing products and services
Paulig may use your personal data to manage and develop Paulig’s business operations, including its products and services. | We may use your personal data to manage and develop our business operations. |
Processing of your personal data is based on the following grounds of the EU’s General Data Protection Regulation (one or more purposes may apply simultaneously): | Processing of your personal data is based on the following grounds in the law: |
a) Processing is necessary for the purposes of the legitimate interests pursued by Paulig. | - we have legitimate interests as a company |
b) You have given consent to the processing of your personal data. | - you have given consent to us |
The legitimate interests of Paulig referred to in point a) above may include amongst others the following matters: | Our legitimate interests may include marketing, customer service for potential customers and business development. |
| |
| |
|
By interest groups we mean amongst others representatives of the press, representatives of entities offering services to Paulig and representatives of other stakeholders as well as visitors of all Paulig premises.
Managing, analyzing and improving the relationship
Paulig may use your personal data for managing, analyzing and improving the relationship with you and the entity you represent. | We may use your personal data to manage, analyze and improve our relationship. |
Communication with you
Paulig may use your personal data to communicate with you, for example to send you news, alerts and other such notices relating to our relationship. | We may use your personal data to communicate with you. |
Managing and developing products and services
Paulig may use your personal data to manage and develop Paulig’s business operations, including its products and services. | We may use your personal data to manage and develop our business operations. |
Processing of your personal data is based on the following grounds of the EU’s General Data Protection Regulation (one or more purposes may apply simultaneously): | Processing of your personal data is based on the following grounds in the law: |
a) Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. | - it is necessary based on a contract between us |
b) Processing is necessary for compliance with a legal obligation to which the controller is subject (for example the duty to keep the records based on Accounting Act). | - we have to process your data based on a legal requirement |
c) Processing is necessary for the purposes of the legitimate interests pursued by Paulig. | - we have legitimate interests as a company |
d) You have given consent to the processing of your personal data. | - you have given consent to us |
The legitimate interests of Paulig referred to in point c) above may include amongst others the following matters: | Our legitimate interests may include marketing and business development. |
| |
| |
In addition to the above, Paulig uses your data in which ever role you are if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our agreements or this Privacy Policy. | We may always use your data if we think it’s necessary for security purposes or to investigate possible violations of our agreements or this Privacy Policy. |
Content of Paulig’s filing system may include the following types of data and changes made to these data types: | We may process the following types of data: |
4.1. Information that may be collected of all data subjects | Basic data of all data subjects such as contact details, your interests and choices and data collected from your use of our services and interactions with us. |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
In addition to the list in point 4.1. Paulig may collect the following data types: | If you are a consumer customer, we may collect these types of additional data. |
| |
| |
| |
| |
|
In addition to the list in point 4.1. Paulig may collect the following data types: | If you are a potential consumer customer, we may collect these types of additional data. |
| |
|
In addition to the list in point 4.1. Paulig may collect the following data types: | If you are a business-to-business customer, we may collect these types of additional data. |
| |
| |
| |
|
In addition to the list in point 4.1. Paulig may collect the following data types: | If you are a potential business-to-business customer, we may collect these types of additional data. |
| |
| |
|
In addition to the list in point 4.1. Paulig may collect the following data types: | If you are in our interest groups consumer customer, we may collect these types of additional data. |
| |
| |
| |
| |
|
Paulig gathers personal data directly from you, for example from: | We gather personal data directly from you, for example from your digital activities and customer service interactions. |
| |
| |
| |
| |
| |
Paulig gathers personal data from the technical device you use in your communication with Paulig. | |
Paulig may obtain and update the personal data in its filing system from officials and companies offering personal data services. | We may collect and update your personal data from officials and companies offering such services. |
Paulig may gather personal data from Paulig’s online shops, and from Paulig’s social media channels about content related to Paulig’s business categories. | We may gather your personal data from our online shops and e-commerce partners, and social media channels. |
Paulig may gather personal data from the payment service providers related to Paulig’s online shops. |
Paulig may gather personal data from Paulig’s social media channels about content related to Paulig’s business categories. | We may gather your personal data from our social media channels. |
Paulig gathers personal data from Paulig’s online shops. | We may gather your personal data from our online shops and from your colleagues. |
Paulig may gather personal data from the business-to-business customer when the representative of the company gives personal data of other employees to Paulig. |
Paulig may gather personal data from companies’ websites, Trade Register, social media and from other public sources. | We may gather your personal data from public sources. |
Paulig may gather personal data from organizations’ websites, Trade Register, social media and from other public sources. | We may gather your personal data from public sources. |
Paulig does not sell, lease or otherwise disclose your personal data to third parties outside of Paulig unless otherwise stated below. | We do not disclose your personal data to third parties outside of Paulig unless otherwise stated below. |
Paulig may share your personal data with authorized third parties that perform services for Paulig for the purposes described in this Privacy Policy within the limits of the applicable legislation. This may include for example providing services such as customer service and software services, managing and analyzing personal data, conducting market research and managing marketing and execution of diverse campaigns. | We may share your personal data with authorized third parties that perform services for us for the purposes described in this Privacy Policy. |
Paulig may share your personal data for obtaining payment for products and services including the transfer or sale of delinquent accounts to third parties for collection. | We may share your personal data with collection companies. |
Because Paulig takes the responsibility to safeguard your personal data seriously, Paulig does not allow those companies to use it for any purpose other than to perform those services, and Paulig requires them to protect your personal data in a way consistent with this privacy policy. | We do not allow other companies to use your personal data for any purpose other than agreed. |
Paulig may share your personal data with carefully considered third parties for joint or independent direct marketing purposes. Sharing of your data for such purposes may in principle only happen when the planned purposes of the third party are not incompatible with Paulig’s purposes described in this privacy policy. Only the minimum necessary amount of your personal data is shared with third parties. | We may share your personal data with carefully considered third parties for joint or independent direct marketing purposes. |
Paulig may share your personal data based on a valid order from a court or other official body with sufficient authority. | We may share your personal data based on a court or similar order. |
Paulig may share your personal data as part of any merger, acquisition, sale of company assets or transition of service to another provider. This also applies in the unlikely event of an insolvency, bankruptcy or receivership in which your personal data would be transferred to another entity as a result of such a proceeding. | We may share your personal data as part of any company merger, acquisition or similar restructuring of operations. |
Paulig’s services may be provided using resources and servers located in various countries around the world. Therefore Paulig may transfer your personal data outside the country where you use our services, including to countries outside the EU and EEA that do not have laws providing specific protection for personal data or that have different legal rules on data protection. | We may use resources and servers located in various countries around the world and we may transfer your personal data outside the country where you use our services, including to countries outside the EU and EEA. |
In such cases Paulig ensures that a legal basis for such a transfer exists and that adequate protection for your personal data is provided as required by applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) and by requiring the use of other appropriate technical and organizational information security measures. | In such cases we ensure adequate protection for your personal data. |
Paulig may process your personal data for as long as described below for each different sub-group. In addition to the below stated times, Paulig may always process your personal data for e.g. tax or legal purposes or due to an extraordinary long-term commitment for as long as necessary and justified. | We may process your personal data for as long as described below. In addition, we may always process your personal data for e.g. tax or legal purposes for as long as justified. |
Paulig may process your personal data for as long as the customer relationship between you and Paulig exists, and until the end of the calendar year following the 3rd year thereafter. | We may process consumer customers’ personal data for as long as the customer relationship exists, and until the end of the calendar year following the 3rd year thereafter, after which we may consider you a potential consumer customer. |
After the above specified timeframe has ended, Paulig may process part of your personal data and consider you a potential consumer customer. |
Paulig may process your personal data continuously as Paulig aims at building a customer relationship with you. Once the customer relationship has started, the duration of the processing is defined in point 8.1. above. | We may process your personal data continuously until possible customer relationship starts. |
Paulig may process your personal data for as long as the customer relationship between the company you represent and Paulig exists, and until the end of the calendar year following the 6th year thereafter. | We may process business-to-business customers’ personal data for as long as the customer relationship between your company and Paulig exists, and until the end of the calendar year following the 6th year thereafter, after which we may consider you a potential consumer customer. |
Paulig may process your personal data for as long as you are working at any company which is Paulig’s customer, and until the end of the calendar year following the 6th year thereafter. | |
After the above specified timeframe has ended, Paulig may process part of your personal data and consider you a representative of a potential business-to-business customer. |
Paulig may process your personal data continuously as Paulig aims at building a customer relationship with the company you represent. Once the customer relationship has started, the duration of the processing is defined in point 8.3. above. | We may process your personal data continuously until possible customer relationship starts. |
Paulig may process your personal data for as long as you are a member of any of Paulig’s interest groups such as co-operation partners or press representatives. Paulig may process personal data related to a supplier of products or services or a contractual co-operation party until the end of the calendar year following the 6th year after the end of the contractual relationship. | We may process your personal data for as long as you are a member of any of Paulig’s interest groups. We may process personal data related to a supplier or a contractual co-operation party until the end of the calendar year following the 6th year after the end of the contractual relationship. |
All rights can be exercised by contacting Paulig’s privacy team by using the contact details issued at section 1 above. The team will then give further instructions on how to exercise a specific right. Where Paulig has reasonable doubts concerning the identity of the person making the request, Paulig may request the provision of additional information necessary to confirm your identity. | All rights can be exercised by seeking instructions from Paulig’s privacy team. |
Paulig will provide information on action taken on a request to you within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. | We will provide information on action taken usually within one month of receipt of your request. |
You have the right to obtain from Paulig confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, receive information about your personal data. | You have the right to receive information about your personal data which we process. |
You have the right to obtain from Paulig without undue delay the rectification of inaccurate personal data concerning you. | You have the right to obtain rectification of inaccurate personal data. |
You have the right to obtain from Paulig the erasure of personal data concerning you without undue delay where one of the following grounds applies: | You have the right to obtain erasure of your personal data where one of the following grounds applies. |
(a) your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; | |
(b) you withdraw consent on which the processing is based and where there is no other legal ground for the processing; | |
(c) you object to the processing and there are no overriding legitimate grounds for the processing; | |
(d) your personal data have been unlawfully processed; | |
(e) your personal data have to be erased for compliance with a legal obligation in Union or member state law to which Paulig is subject; | |
(f) the personal data have been collected in relation to the offer of information society services. | |
However, you do not have the right or erasure if the processing is necessary: | You do not have the right or erasure if the processing is necessary: |
(a) for exercising the right of freedom of expression and information; | |
(b) for compliance with a legal obligation which requires processing by Union or member state law to which Paulig is subject; or | |
(c) for the establishment, exercise or defence of legal claims. |
You have the right to obtain from Paulig restriction of processing where one of the following applies: | You have the right to obtain restriction of processing where one of the following applies: |
(a) the accuracy of the personal data is contested by you, for a period enabling Paulig to verify the accuracy of the personal data; | |
(b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; | |
(c) Paulig no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; | |
(d) you have objected to processing pending the verification whether the legitimate grounds of Paulig override those of you. |
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests pursued by Paulig, including profiling. Paulig shall no longer process the personal data unless Paulig demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms for the establishment, exercise or defence of legal claims. | You have in some cases right to object to processing of your personal data. |
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. | You have the right to object processing of your personal data for direct marketing purposes. |
Please be aware that you cannot opt out of receiving service messages from Paulig, including but not limited to security and legal notices. | You cannot opt out of receiving service messages from us, such as security and legal notices. |
You have the right to receive the personal data concerning you, which you have provided to Paulig, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller where: | You have the right to receive your personal data, which you have provided to us, and have us transmit those data to another controller where: |
(a) the processing is based on consent or on a contract; and | |
(b) the processing is carried out by automated means. |
Where your personal data is necessary for Paulig in order to fulfil its contractual obligations related to a contract with you, disclosing your personal data to us is mandatory. For example, you cannot make purchases from Paulig’s online shop without disclosing the necessary personal data. | If your personal data is necessary for us in order to fulfil our contractual obligations, you must give us personal data about you. |
You may withdraw possible consent by contacting Paulig’s privacy team (contact information in section 1) or by using possible electronic means provided by Paulig. | You may withdraw your consent by contacting our privacy team or by using our possible electronic means. |
Paulig does not make decisions based solely on automated processing which produces legal effects concerning you or similarly significantly affect you. | We do not make decisions based on automated means which produce legal effects concerning you or similarly significantly affect you. |
Paulig may target (and measures the performance of) ads to its websites’ and applications’ visitors and users as well as newsletters recipients based on profiling both on and off of Paulig’s services through a variety of ad networks and exchanges, using the following data, whether separately or combined: | We may target ads to our target groups based on profiling both on and off of Paulig’s services, using the following data: |
| |
| |
| |
| |
|
In case you suspect a breach of data protection legislation, please contact Paulig’s privacy team first (contact information in section 1). This Privacy Policy covers Paulig’s operations in all countries. | This Privacy Policy covers Paulig’s operations in all countries. |
In case the matter is not solved amicably between you and Paulig, you may contact the Data Protection authority of the country where the Paulig entity in question operates. Contact information of the competent authority of each Paulig’s operation country can be found here. | Contact information of the competent data protection authority of Paulig’s operation countries can be found here. |
Paulig has established electronic and administrative safeguards designed to make the information collected secure. | We strive to secure your personal data. |
Only appointed personnel of Paulig and of organizations operating by Paulig’s assignment or on behalf of Paulig are entitled to use the personal data filing system. All persons processing the system have a personal right of use granted by Paulig or its co-operation partner. Different levels of access have been created based on the data a person needs according to his/her job description. Systems are protected with a firewall that prohibits unauthorized access outside of Paulig. | Only appointed personnel of Paulig and of organizations operating by our assignment or on behalf of us are entitled to use the personal data filing system with personal user rights. |
All personnel of Paulig and its subcontractors are obliged to keep the information of the personal data which they obtain in their work confidential. | Everyone accessing the personal data are obliged to keep the information confidential. |
Manually processed documents containing personal data are protected against unauthorized access. |
The processing of personal data in Paulig’s filing system is governed by the European Union’s applicable data protection legislation as well as national laws of countries where Paulig is established. | The processing of personal data is governed by the European Union’s data protection legislation as well as national laws of countries where we are established. |
Paulig may modify this Privacy Policy, and if we make material changes to it, we will provide notice on our website or by other means, to provide you the opportunity to review the changes before they become effective. Your continued use of Paulig’s products and services after we publish or send a notice about our changes to this Privacy Policy means that you have become bound by the updated Privacy Policy. | We may modify this Privacy Policy from time to time and we in some cases notify about it, to provide you the opportunity to review the changes. Your continued use of Paulig’s products and services means that you have become bound by the updated Privacy Policy. |