Data privacy

At Kaukokiito, we respect your privacy and your right to your data. That is why lawful and secure processing of personal data and high level of data privacy are prerequisites for all our operations.

Our data privacy policy introduces how we aim at securing the transparency of data privacy and related areas for our customers and other stakeholders. Kaukokiito management and personnel are committed to complying with the principles of the European Union’s General Data Protection Regulation (GDPR) when processing personal data.

Acquisition and retention of data

We receive most of the personal data we use directly from our customers, partners, authorities and other stakeholders. In addition, we use existing customer data and open business data found online.

We store and use your personal data for as long as is necessary for their purpose of use. Legislation and decrees set certain regulations on the retention and use of personal data, which affects the retentions periods of the data.

Data processing and processors

We process your personal data to enable our business and fulfilling our contractual obligations, their maintenance and development, maintaining customer relationships and communications related to our operations. We ensure the confidentiality and appropriate processing of your personal data, and we produce our services with confidentiality.

In system acquisitions, development and maintenance, we always take into account data privacy and the requirements of data protection, and they will never be compromised. Your personal data may be transferred to locations outside of Finland if required by the service production or other grounds for processing data. In these cases, data privacy is ensured in accordance with the data privacy regulations and other decrees. Your personal data may also be disclosed to our partners if it is necessary for service production. For our part, we have ensured that our partners comply with the principles in accordance with the legislation and the General Data Protection Regulation in processing personal data.

Everyone at Kaukokiito processing your personal data has received data privacy and data protection training and, with their actions, they are committed to ensuring the processing and protection of personal data in accordance with Kaukokiito’s internal instructions and legislation. Our employees can only access personal data necessary for their work performance. Data privacy is also taken into account in the orientation of new employees.

We have appointed a Data Protection Officer who is the stakeholder contact person in matters related to Kaukokiito’s data privacy.

Transparency to data subjects

Our stakeholders trust their personal data with us, and we want to be worthy of that trust. Transparency to data subjects is an essential part of trust.

We have created file descriptions of our person registers in accordance with the legislation and the GDPR. The documents pertaining to customers are available on our website. As a data subject, you have the right to access, rectify or erase data about yourself from the registers and present any other requests about data subject’s rights by contacting our Data Protection Officer in writing. We will process the requests as soon as possible.

You have all the rights mentioned in the Finnish legislation and the GDPR regarding the processing of your personal data at Kaukokiito. You have the right to have your personal data erased from our registers in the following cases, among others:

• your personal data is no longer required for the purposes for which they were collected or for which they were otherwise processed or
• you revoke the consent on which the processing is based on and there is no other lawful reason for processing your personal data.

You have the right to revoke your consent for processing your personal data at any time. Revoking the consent does not affect the lawfulness of the processing taking place before the revoking of the consent but it may prevent the use of our services. You also have the right to restrict the use of your personal data.

You have the right to lodge a complaint with a data protection authority, start legal proceedings or criminal investigation if you see that applicable data privacy legislation has been breached in processing your personal data.

Procedure in case of compromised data privacy

If we suspect or observe that your data privacy has been compromised, we will investigate the matter immediately and intervene. The affected parties are notified personally if it is required in order to exert corrective measures or to limit damages. We also carry out notifications of observed data privacy issues to authorities as required by the GDPR.

Updating data privacy principles

We observe and update our data privacy policy regularly as part of the development of business operations, and we take into account any possible changes in the legislation and instructions issued by the authorities. Risks and preparing for them are also reviewed as part of the process. We also notify our personnel processing personal data of any changes and train them when necessary.

Data privacy documents and their availability

Any changes in the data privacy police are notified on our website where you can find the latest version of this document. Our website also includes the file descriptions of our up-to-date customer and marketing registers and the terms and conditions and privacy statement of our website.

Contact details

Suomen Kaukokiito Oy
Teollisuustie 7, 33330 Tampere
tietosuoja@kaukokiito.fi

Website and online visitor register

Updated 04.02.2025
Date of creation 31.10.2021

Data controller

Suomen Kaukokiito Oy (0114330-2)
Teollisuustie 7
33330 Tampere

Register contact person

Suomen Kaukokiito Oy
Teollisuustie 7
33330 Tampere
Tel. 010 5100
Email: tietosuoja@kaukokiito.fi

Name of register

Kaukokiito.fi-portal user register (later ”Register”)

General

This Privacy statement concerns the use, sharing and storage of personal data relating to users of Finland’s Kaukokiito Oy’s (later ”Kaukokiito” or ”we”) web portal Kaukokiito.fi. Third party content displayed on this website may be subject to third party website providers’ own terms and conditions and privacy notices.

Purpose of personal data processing

We use personal data belonging to the Register for the following purposes:

• Managing our customer relationships, such as customer service and communication
• Offering and providing web services for current and potential customers
• Personalising our services and communication, recommendations and targeted advertising
• Sending Data subjects marketing, advertising and sales promoting messages and other information that we consider may interest them, including sales promoting information concerning us, our services or joint campaigns and services
• Creating, maintaining, protecting and developing services
• Direct marketing according to data subject consents and denials
• Performing and directing market research and other types of research, analysis and reporting
• Ensuring that communication is appropriate and operational
• Performing risk assessments and preventing and investigating wrongdoings targeted at us
• Business planning and product development
• Fulfilling other tasks required by controller rights and obligations as well as for solving any possible disagreements between us and any customer and for executing our agreements with third parties

Content of the register

We collect the following personal data relating to web portal subscribers to the Register:

• First name
• Surname
• Address
• Telephone number
• Email address
• Company name
• Company number Y-tunnus
• Kaukokiito customer numbers
• Address book stored by user

In addition, we collect the following technical information about all website visitors:

• Device IP-address
• Device/browser used
• Visited sites
• Time of visit

We use the above mentioned information (in real time) for handling your visit request and for providing content to the browser on your device. We use the above mentioned data for different purposes, such as information security, error correction, and visit and web traffic analysis. Technical information is not connected to identifying information or the identity of the user. We may nonetheless anonymously tailor content based on the technical information gathered. We store information only for as long as needed for fulfilling the purposes listed here. 

Use of cookies

Kaukokiito’s web services and similar electronic platforms may use cookies. A cookie is a small text file sent to and stored on the user’s computer that enables the website host to identify users who often visit the site, facilitates visitors’ login to sites and allows compiling aggregated information about users. Cookies do not harm users’ computers or files. We use them for providing our customers with information and services based on their individual needs. Functional cookies help our website to remember your choices (such as your chosen language). We use information gathered using cookies to improve the functionality and content of the site. The user may block cookies in their browser settings. We cannot however guarantee that our platforms function properly after you have blocked cookies as cookies may be necessary for the appropriate functionality of some of our services.

Regular sources of data

We receive personal data from data subjects themselves and in connection with customer support, offers, contact requests, complaints, resale and sale of products and services as well as from combining data with Kaukokiito’s other information systems. In addition, we may receive personal data from other third parties such as authorities, on the basis of the consent of the data subject or a law, for example for improving communication quality and for ensuring that information is kept up-to-date.

Regular disclosures of data

Kaukokiito does not regularly disclose data from its user register to parties outside the Kaukokiito group of companies. Kaukokiito may disclose data to companies belonging to the Kaukokiito group of companies.

Where provided for by law, Kaukokiito may, to the extent necessary, disclose personal data to third parties, such as authorities.

We do not transfer personal data outside the EU or EEA, unless such a transfer is necessary for technically executing a service. In such cases, we ensure an adequate standard of protection of your data as legally required from us as data controller.

Data security

We do our best to secure personal data from unauthorised use, destruction or modification. We execute and regularly update our security measures and practices. Kaukokiito’s digital assets are stored using strong technical measures. Only persons with personal access rights have access to the Register. The Register is secured with a fire wall and access requires encrypted connection. The Register does not include any manual assets.

Right of access

Under data protection law, data subjects have the right to request access to information about them. An explicit and specified request of access should be delivered in writing to the controller’s contact person specified in this privacy notice.

Right to request the rectification and erasure of data

Under data protection law, the data subject has the right to request incorrect personal data about them to be corrected. The data subject also has the right to request personal data that are unnecessary, incomplete or outdated for the purposes listed in this privacy notice to be completed or erased. The data subject himself or herself is responsible for the correctness of the data that they provide. The data subject must inform Kaukokiito about changes in the data provided. The controller may correct inaccurate data on its own initiative.

The data subject has the right to have their personal data deleted without undue delay, provided that the personal data are no longer needed for the purposes for which they were collected or for which they were otherwise processed; the data subject withdraws their consent upon which processing was based, and there are no other legal grounds which justify processing; personal data have been unlawfully processed; or personal data must be erased for compliance with a legal obligation in European Union or national law.

The request for rectification or erasure must be delivered in writing to the data controller’s contact person specified in this privacy notice. The data controller has the right to deny the request if the data are material for carrying out a specified purpose of processing (for example, billing) or if the law has specified retention times concerning the processed data. In this case, we strive to erase personal data that are unnecessary for that purpose.

Other rights relating to personal data processing

The data subject has the right to give and withdraw permission for electronic direct marketing by notifying the contact person specified in this privacy notice in writing.

The Data subject has the right to request the restriction of personal data if the Data subject contests the accuracy of personal data; processing is unlawful and the Data subject opposes the erasure of personal data and requests restriction of use instead; the Data controller no longer needs the data in question for the purposes of processing but the Data subject needs them for the establishment, exercise or defence of legal claims.

In addition, the Data subject has a legal right to object to the use of personal data concerning him or her and its disclosure for direct marketing, distance selling and direct marketing as well as marketing and opinion research by notifying Kaukokiito of this denial in writing to the contact person specified in this privacy notice. The right to object does not apply to customer communication or to other communication relating the provision of services or customer management sent in connection with the provision of the service.

The Data subject has the right to lodge a complaint with a supervisory authority if he or she considers that the processing of personal data relating to him or her violates applicable data protection legislation.

Term

This privacy notice was last updated on 9.4.2017 and is in force indefinitely. Kaukokiito reserves the right to change the privacy notice described here and to update these terms.

Updated 03.02.2025
Date of creation 31.10.2021

Registrar

Suomen Kaukokiito Oy
Teollisuustie 7, 33330 Tampere
Tel. 010 5100

The processors of personal data are: Kuljetusliike Taipale Oy, Kuljetusliike Kantola & Koramo Oy, Kuljetusliike Y. Auramaa Oy, Kuljetusliike Ilmari Lehtonen Oy and Kaukokiito Henkilöstö Oy.

Contact person in matters concerning the register

Suomen Kaukokiito Oy
Teollisuustie 7, 33330 Tampere
Tel. 010 5100
Email tietosuoja@kaukokiito.fi   

Basis for processing personal data

The register is used to maintain the organisation’s customer register as well as to manage, archive and process customer orders inquiries, service requests, offers and manage customer relationships in general. The data may be used to develop operations and produce more personalised, targeted content in our online service as well as for statistical purposes. Personal data is  processed as permitted and required by the General Data Protection Regulation (GDPR).

The data in the register may be used in the organisation’s own registers; for example, to target marketing without disclosing any personal data to external parties. The organisation may use partners to maintain its customer and service relationships, in which case some register data may be transferred to the partners’ servers due to technical requirements.

The data is processed only to maintain the customer relationship of the controller organisation through technical interfaces. The organisation has the right to publish data contained in the customer register electronically or as a written list, unless expressly prohibited by the customer. Here a list refers to, for example, postal labels for direct marketing or similar. The customer has the right to prohibit the publication of their data by reporting this to the controller’s customer service, by email (email address) or to the contact person for the register.

Basis of legitimate interest

The legal basis for the processing is the agreement.

Recipients and recipient groups

The personnel of the controller and outsourced partners (transport companies, financial administration, IT), where applicable.

Recipients and recipient groups

The controller’s personnel and outsourcing partners (transport companies, financial administration, IT) where applicable.

Data content of the register

The personal data register may include the following information:

• First name and last name of the person
• Represented company
• Email address
• Customer number
• Business ID
• Postal address
• Telephone number
• Web address
• IP address
• Information about the previous orders
• Possible previous reminders or claims
• Payment information or dafaults
• Bank account number
• Service order information
• Email communiation related to the service request
• Address book if saved by the user

Regular sources of information

Data is collected through the registrations of the customers and notifications submitted by the customer during the customer relationship. Data is collected also about service requests, orders and transport damage notifications. Name and address  information is also received from the authorities and companies providing update services.

Data may also be collected from the subcontractors who are related to the use or production of the service. Information about the customers’ other activities in the digital environment may be collected from partners’ websites, information systems or other digital sources to which the customer logs in through an electronic invitation (link), cookies or by using an ID provided to the customer. The customer register data can only be accessed by the organisation, with the exception of
situations in which an external service provider is used either to produce an added value service or
support a credit decision. 

Data is not disclosed outside the organisation or for the use of its partners, except in matters related to a credit application, recovery or invoicing and when required by the legislation. Personal data is not disclosed outside the European Union, unless it is necessary for ensuring the technical implementation of the controller or its partners. The personal data of the data subject are disposed of upon the user’s request, unless otherwise required by the legislation, open invoices or recovery actions.

Personal data retention period

Ten (10) years after the termination of the customer relationship.

Regular transfers of information

The customer register data can only be accessed by the organisation, with the exception of situations in which an external service provider is used either to produce an added value service or support a credit decision.

Data is not disclosed outside the controller or for the use of its partners, except in matters related to a credit application, recovery or invoicing and when required by the legislation. The personal data of the data subject are disposed of upon the user’s request, unless otherwise required by the legislation, open invoices or recovery actions.

Data transfer outside the EU or EEA

Personal data is not disclosed outside the European Union, unless it is necessary for ensuring the technical implementation of the organization or its partners.

Principles of registry protection A: Manual material

Contact details collected at customer events and other documents containing manually processed customer information are stored, after initial processing, in a locked and fire-safe storage premises. Only designated employees who have signed non-disclosure agreements have the right to process manually recorded customer information.

The data in the register are safeguarded and processed in accordance with the provisions and principles of the Data Protection Act, instructions of the authorities and good data processing practices.

Principles of register protection B: Electronic material

Only the organisation’s designated employees and employees of companies operating on behalf of the organisation have the right to access the client-owner and customer register and maintain its information. Each designated user has their own personal IDs and passwords. Each user has signed a non-disclosure agreement. The system is protected by a firewall, which provides protection for external contacts to the system.

The data in the register are safeguarded and processed in accordance with the provisions and principles of the Data Protection Act, instructions of the authorities and good data processing practices.

Cookies

We use cookies on our websites. A cookie is a small text file sent to and saved on the user’s computer. Cookies do not damage users’ computers or files. The primary purpose of cookies is to improve and adapt the visitor’s user experience on the website as well as to analyse and enhance the functionality and content of the website.

Data collected by cookies can also be used for marketing and targeting the marketing as well as for marketing optimisation. A visitor cannot be identified solely on the basis of cookies. However, data collected by cookies can be linked to other information obtained from the user in other contexts, such as when the user fills out a form on our website.

Cookies are used to collect the following information:

Automatic processing and profiling

No automatic processing of data or profiling.

•  visitor’s IP address
• time of the visit
• browsed websites and times of visiting
• visitor’s browser

Your rights

Users visiting our website can, at any time, disable the use of cookies by changing their browser settings. Most browsers allow the disabling of cookies and erasure of already saved cookies. Disabling cookies may affect the functionality of the website. GOOGLE ANALYTICS Statistical information on the use of our website is collected by the Google Analytics service. The purpose of this is the website’s monitoring, development and marketing planning. The information of an individual user or person cannot be identified from the collected data.

The website also uses Google Analytics Demographics to collect target group- and theme-related information, such as the user’s age, gender and interests. Settings related to the collection of this information can be changed through your own Google account at https://www.google.com/settings/ads

If you wish, you can disable Google Analytics tracking through the Chrome browser add-on.

Inspection right, i.e. the right to get access to personal data

Data subjects have the right to access the information that has been registered about them. The right of access request must be submitted in writing by contacting the controller’s customer service or register contact person in Finnish or in English. The right of access request must be signed.

The data subject has the right to prohibit the use and disclosure of their information for direct advertising, remote selling, direct marketing as well as marketing and opinion research by contacting the controller’s customer service.

The right to transfer data from one system to another 

The data subject has the right to transfer their information from one system to another. The transfer request can be submitted to the register contact person.

The right to demand correction of information

Personal data saved in the register which is incorrect, unnecessary, incomplete or outdated in terms of the purpose of the processing must be rectified, removed or supplemented.

The personally signed request for rectification must be submitted in writing to the organization’s customer service or the contact person of the personal data register.

The request must specify which data is requested to be rectified and on what grounds. The data is rectified without undue delay.

The rectification of the data is reported to the party from which the incorrect data was obtained or disclosed to.

The person responsible for the register provides a written certificate of the refusal to rectify the data, which states the reasons for the refusal. The party concerned may refer the refusal to the Data Protection Ombudsman for a decision.

The right to file a complaint with the supervisory authority

If you deem that your personal data has been processed in breach of the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority.

The complaint can be lodged also in the Member State where you have your permanent place of residence or workplace.

Contact details of the national supervisory authority:
The Office of the Data Protection Ombudsman
PO Box 800
Ratapihantie 9
00521 Helsinki, Finland
tel. +358 (0)29 566 6700
tietosuoja@om.fi
https://tietosuoja.fi/en/home

Other rights related to the processing of personal data

The data subject has the right to prohibit the disclosure and processing of their data for direct marketing and other marketing, the right to request for the anonymization of their data, where applicable, and the right to be forgotten.

Marketing – customers, prospects and potential customers – communication

Updated 03.02.2025
Date of creation 31.10.2021

Registrar

Suomen Kaukokiito Oy (0114330-2)
Teollisuustie 7
Tampere
33330
0105100

Contact person in matters concerning the register

Marjo Viitala
Teollisuustie 7, 33330 Tampere
Tel. 010 5100
tietosuoja@kaukokiito.fi

Basis for processing personal data

The register is used for the controller’s business operations, the launching of new customer accounts and related communications and also for communicating with existing customers and . The collected data is used for the creation and maintenance of customer accounts as well as for the controller’s other business needs such as organizing competitions, raffles and sponsorships, registering for events and also as a mailing list for sending newsletters.
The legal basis for the processing is the legitime interest.

Basis of legitimate interest

The launch of the customer relationship, negotiations and other activities related to the controller’s business operations and communication.
The legitimate interest of the controller to process the collected and used personal data is based on the direct marketing needs and the freedom to pursue a business. According to the EU Genera Data Protection Regulation, direct marketing is a legitimate interest of a company.

Recipients and recipient groups

The controller’s employees and outsourcing partners, where applicable (financial administration, marketing, IT maintenance).

Consent

The processing is based on the legitimate interest, so consent is not required.

Data content of the register

The personal data register includes the following information:

• First name and last name of the person
• Represented company
• Email address
• Postal address
• Office
• Telephone number
• Web address
• IP number
• Willingness to receive Newsletter
• Answers to competition question
• The sponsorship survey may include age, name, and hobby information about the sponsorship target.

Regular sources of information

Data is collected from email messages, business cards and telephone contacts received from the customer as well as from physical meetings. Data may also be collected from other stakeholders, for example, through mass communication, marketing, contact forms on web pages or similar.
The data is not disclosed outside the controller organisation or for the use of its partners, except in matters related to a credit application, recovery or invoicing and when required by the legislation or to the marketing partners. The data is only used for Kaukokiito’s own business operation purposes. Personal data is not disclosed outside the European Union, unless it is necessary for ensuring the
technical implementation of the controller or its partners.
The personal data of the data subject are disposed of upon the user’s request, unless otherwise required by the legislation, customer relationship management, open invoices or recovery actions.

Personal data retention period

The personal data is retained for ten (10) years.

Regular transfers of information

The register data can only be accessed by the controller and its employees, with the exception of situations in which an external service provider is used either to produce an added value service or support a credit decision.
Data is not disclosed outside the controller organisation maintaining the register or for the use of its partners, except for the marketing partners or when required by legislation.
The personal data of the data subject are disposed of upon the user’s request, unless otherwise required by the legislation, customer relationship management, open invoices or recovery actions.

Data transfer outside the EU or EEA

Personal data is not disclosed outside the European Union, unless it is necessary for ensuring the technical implementation of the controller or its partners.

Principles of registry protection A: Manual material

Documents containing manually processed customer information (e.g. printed emails or their appendices, printed online forms or similar) are stored, after the initial processing, in a locked and fire-safe storage premises.
Only designated employees who have signed non-disclosure agreements have the right to process manually recorded customer information.
The data in the register are safeguarded and processed in accordance with the provisions and principles of the Data Protection Act, instructions of the authorities and good data processing practices.

Principles of register protection B: Electronic material

Only the organisation’s designated employees and employees of companies operating on behalf of the organisation have the right to use, for example, workstations whose software enables the maintenance of the information of potential customers. Each designated user has their own
personal IDs and passwords. Each user has signed a non-disclosure agreement.
The system is protected by a firewall, which provides protection for external contacts to the system, and the workstations are protected by suitable security software.
The data in the register are safeguarded and processed in accordance with the provisions and principles of the Data Protection Act, instructions of the authorities and good data processing practices.

Cookies

We use cookies on our websites. A cookie is a small text file sent to and saved on the user’s computer. Cookies do not damage users’ computers or files. The primary purpose of cookies is to improve and adapt the visitor’s user experience on the website as well as to analyse and enhance the functionality and content of the website.
Data collected by cookies can also be used for marketing and targeting the marketing as well as for marketing optimisation. A visitor cannot be identified solely on the basis of cookies. However, data collected by cookies can be linked to other information obtained from the user in other contexts, such as when the user fills out a form on our website.

Cookies are used to collect the following information:

• visitor’s IP address
• time of the visit
• browsed websites and times of visiting
• visitor’s browser

Your rights

Users visiting our website can, at any time, disable the use of cookies by changing their browser settings. Most browsers allow the disabling of cookies and erasure of already saved cookies. Disabling cookies may affect the functionality of the website.

Google Analytics

Statistical information on the use of our website is collected by the Google Analytics service. The purpose of this is the website’s monitoring, development and marketing planning. The information of an individual user or person cannot be identified from the collected data.
The website also uses Google Analytics Demographics to collect target group- and theme-related information, such as the user’s age, gender and interests. Settings related to the collection of this information can be changed through your own Google account at
https://www.google.com/settings/ads

If you wish, you can disable Google Analytics tracking through the Chrome browser add-on.

Inspection right, i.e. the right to get access to personal data

Data subjects have the right to access the information that has been registered about them. The right of access request must be submitted in writing by contacting the controller’s customer service or register contact person in Finnish or in English. The right of access request must be signed.
The data subject has the right to prohibit the use and disclosure of their information for direct advertising, remote selling, direct marketing as well as marketing and opinion research by contacting the controller’s customer service.

The right to transfer data from one system to another

The data subject has the right to transfer their information from one system to another.
The transfer request can be submitted to the register contact person.

The right to demand correction of information

Personal data saved in the register which is incorrect, unnecessary, incomplete or outdated in terms of the purpose of the processing must be rectified, removed or supplemented. The personally signed request for rectification must be submitted in writing to the controller organisation’s customer service or the contact person of the personal data register. The request must specify which data is requested to be rectified and on what grounds. The data is rectified without undue delay.
The rectification of the data is reported to the party from which the incorrect data was obtained or disclosed to. The person responsible for the register provides a written certificate of the refusal to rectify the data, which states the reasons for the refusal. The party concerned may refer the refusal to the Data Protection Ombudsman for a decision.

The right to file a complaint with the supervisory authority

If you deem that your personal data has been processed in breach of the General Data Protection Regulation, you have the right to lodge a complaint with the supervisory authority.
The complaint can be lodged also in the Member State where you have your permanent place of residence or workplace.

Contact details of the national supervisory authority:
The Office of the Data Protection Ombudsman
PO Box 800,
Ratapihantie 9,
00521 Helsinki, Finland
tel. +358 (0)29 566 6700
tietosuoja@om.fi
https://tietosuoja.fi/en/home

Other rights related to the processing of personal data

The data subject has the right to prohibit the disclosure and processing of their data for direct marketing and other marketing, the right to request for the anonymisation of their data, where applicable, and the right to be forgotten.

Updated 04.02.2025
Date of creation 19.08.2021

Registrar

Suomen Kaukokiito Oy (0114330-2)
Teollisuustie 7
33330 Tampere

Contact person in matters concerning the register

Shared contact point:
Suomen Kaukokiito Oy
Teollisuustie 7, 33330 Tampere
Tel. 010 5100
Email: tietosuoja@kaukokiito.fi

This Privacy Statement is maintained by and under the responsibility of Suomen Kaukokiito Oy. Data subject requests sent to this address will be directed forward to the correct company for
processing. The customer will receive the answer from the shared contact point.

Basis for processing personal data

The controller collects and processes personal data to perform recruitment activities and promote the employment of the personnel. The processing of the personal data is based on the legitimate interest and the candidate also provides their consent to the processing of the sent personal data by sending their application.

A background clarification concerning the job applicant, pursuant to a separately issued written
consent, may be commissioned if there are grounds for commissioning the background clarification based on the work tasks. Such work tasks include, for example, handling of air cargo.

A suitability assessment concerning the job applicant, pursuant to a separately issued written
consent, may be commissioned if there are grounds for commissioning the suitability assessment
based on the work tasks. The suitability assessment is always performed by a certified and reliable
operator.

By sending the job application to Kaukokiito or filling out Kaukokiito’s open application, the
applicant gives consent to the processing of their personal data in accordance with this Privacy
Statement.

Basis of legitimate interest

The processing of the data is based on the legitimate interest.
With the help of the provided personal data, the job applicant can improve their chances of finding employment. The applicant can withdraw their data by reporting this to: tietosuoja@kaukokiito.fi

Recipients and recipient groups

When recruiting, the controller collects personal data to the TalentAdore VRA recruitment system.

The controllers of the shared register only process applications sent to their respective companies as well as possible open applications and personal data included in them. While processing, each company complies with the Data Protection Act (1050/2018) and the General Data Protection Regulation (679/2016). There is a separate data protection agreement between the controllers of the shared register.

Personal data is processed by persons participating in the controllers’ recruitment as well as
possible third parties selected to participate in the recruitment by the controller, where applicable.

In addition, personal data is processed by the controller’s service provider, which provides the
controller with the technical platform for implementing the recruitment. Other possible processors of personal data include, for example, different auxiliary recruitment systems.

Consent

The processing is based on the legitimate interest. Consent is not required.

Data content of the register

The personal data register includes the following information:

• First name and last name of the person
• Date of birth
• Email address
• Postal address
• Telephone number
• Work history
• Education information Possibly also:
• Picture
• Reference information
• Demonstration of skills
  Possible preferences of the applicant:
• Form of the employment relationship
• Working hours
• Working location
• Salary requirement

Also possible additional information essential for the recruitment or other information provided in the application by the applicant.

Regular sources of information

The data in the register is provided by data subjects (applicants) themselves.

Upon the applicant’s consent, information can also be obtained from other sources, such as from a referee or authorities.

A suitability assessment may also be commissioned with the applicant’s separate consent.

A security clearance may also be commissioned with the applicant’s separate consent if the job
description requires this.

Personal data retention period

As a rule, the data in the recruitment register is retained for twelve (12) months from the recording date of the application. In certain situations, the personal data may be retained for a longer period. In such a situation, a separate consent for retaining the data for a longer period is requested from the applicant.

In Talent Community, personal data is always stored for twelve (12) months at a time.

Regular transfers of information

The data in the register is only disclosed to the processors of the register and to parties which are
essential for the recruitment.

Data transfer outside the EU or EEA

Personal data is mainly processed in the EU/EEA area.

In certain situations, personal data may be technically processed also outside the EU/EEA area. In
such a case, the service provider ensures that the personal data is processed in accordance with the requirements of the General Data Protection Regulation and that the processing pursuant to the Regulation is agreed upon with data processing agreements required by the Regulation.

Principles of registry protection A: Manual material

Personal data is mainly stored and processed electronically. Individual applications printed to
support recruitment are stored out of the reach of unauthorised persons and the copies are
disposed of after the recruitment process.

Principles of register protection B: Electronic material

Personal data is stored on the service provider’s servers, which are protected in accordance with the common practices in the sector, the provisions and principles of the Data Protection Act and the orders of the authorities. The servers are located in the EU area. The data is mainly stored and
processed electronically.

The collected and processed personal data is kept confidential and not disclosed to anyone other
than those who need them in their work or confidentially and in a limited manner in accordance
with service agreements to the controller’s customers.

Access to personal data is safeguarded with user-specific IDs, passwords and access rights. The data in the register is only accessed by those who participate in the recruitment process. If the person has saved personal data in the controller’s recruitment system, the only purpose of the data processing is to serve the measures required by the recruitment.

The service provider is responsible for the technical and secure protection. For example, the service provider may be forced to process personal data in connection with technical clarifications. The employees of the service provider have signed non-disclosure agreements and undertaken to process personal data in a secure and confidential manner and only for the purpose of providing the service.

Cookies

We use cookies on our websites. A cookie is a small text file sent to and saved on the user’s
computer. Cookies do not damage users’ computers or files. The primary purpose of cookies is to
improve and adapt the visitor’s user experience on the website as well as to analyse and enhance
the functionality and content of the website.

Data collected by cookies can also be used for marketing and targeting the marketing as well as for marketing optimisation. A visitor cannot be identified solely on the basis of cookies. However, data collected by cookies can be linked to other information obtained from the user in other contexts, such as when the user fills out a form on our website.

Cookies are used to collect the following information:

• visitor’s IP address
• time of the visit
• browsed websites and times of visiting
• visitor’s browser

Your rights

Users visiting our website can, at any time, disable the use of cookies by changing their browser
settings. Most browsers allow the disabling of cookies and erasure of already saved cookies.
Disabling cookies may affect the functionality of the website.

Google Analytics

Statistical information on the use of our website is collected by the Google Analytics service. The purpose of this is the website’s monitoring, development and marketing planning. The
information of an individual user or person cannot be identified from the collected data.

The website also uses Google Analytics Demographics to collect target group- and theme-related information, such as the user’s age, gender and interests. Settings related to the collection of this information can be changed through your own Google account at https://www.google.com/settings/ads

If you wish, you can disable Google Analytics tracking through the Chrome browser add-on.

Automatic processing and profiling

The personal data in the register is not used for automatic decision making; recruitment decisions are always made by a person.

Inspection right, i.e. the right to get access to personal data

Data subjects have the right to access the information that has been registered about them. The
right of access request must be submitted in writing by contacting the company’s customer service or register contact person in Finnish or in English. The right of access request must be signed.

The data subject has the right to prohibit the use and disclosure of their information for direct
advertising, remote selling, direct marketing as well as marketing and opinion research.
Contacts: tietosuoja@kaukokiito.fi

The right to transfer data from one system to another

For the parts that the data subject has provided data to the customer register and the data
processed based on the data subject’s consent or assignment, the data subject has the right to
receive this kind of data and also the right to transfer this data to another controller.

The right to demand correction of information

Personal data saved in the register which is incorrect, unnecessary, incomplete or outdated in terms of the purpose of the processing must be rectified, removed or supplemented.

The personally signed request for rectification must be submitted in writing to the company’s
customer service or the contact person of the personal data register.

The request must specify which data is requested to be rectified and on what grounds. The data is rectified without undue delay.

The rectification of the data is reported to the party from which the incorrect data was obtained or disclosed to. The person responsible for the register provides a written certificate of the refusal to rectify the data, which states the reasons for the refusal. The party concerned may refer the refusal to the Data Protection Ombudsman for a decision.
Contacts: tietosuoja@kaukokiito.fi

The right to file a complaint with the supervisory authority

If you deem that your personal data has been processed in breach of the General Data Protection
Regulation, you have the right to lodge a complaint with the supervisory authority.

The complaint can be lodged also in the Member State where you have your permanent place of
residence or workplace.

Contact details of the national supervisory authority:
The Office of the Data Protection Ombudsman
PO Box 800,
Ratapihantie 9,
00521 Helsinki, Finland
tel. +358 (0)29 566 6700
tietosuoja@om.fi
https://tietosuoja.fi/en/home

Other rights related to the processing of personal data

The data subject has the right to prohibit the disclosure and processing of their data for direct
marketing and other marketing, the right to request for the anonymisation of their data, where
applicable, and the right to be forgotten after the termination of the employment relationship.

1. General

These General Terms of Use (later ”Terms”) define legally enforceable terms that govern the use of the Kaukokiito.fi portal (later “Web services), provided by Suomen Kaukokiito Oy and other companies belonging to the same Group of companies (later “Kaukokiito”) to its Clients and partners (later “Client”).

2. Entry into force of the Terms

The Client must carefully read and accept these Terms before starting to use the Web services. The Terms apply once the Client has registered a username for himself or herself in the Web services and when Kaukokiito has accepted the registration. Kaukokiito has the right to deny registration to the Web services. If the Client does not accept these Terms, the Client does not have the right to log into the Web services or use its parts.

3. Client’s rights and obligations

By registering for the Web services, the Client accepts the Terms and commits to give rightful, exact, up-to-date and complete information about himself or herself. The Client is also responsible for the correctness of information he or she has provided to Kaukokiito about third parties.

The Client commits himself or herself to keeping information given upon registration up-to-date and to updating such information without undue delay. The Client accepts that if he or she gives false, inexact, outdated or incomplete information or if Kaukokiito has justified reason to believe that the information is false, inexact, outdated or incomplete, Kaukokiito has the right to deny registration for the Web services or close the Client’s user account and deny the Client the use of the Web Services at that time or later.

The Client commits to carefully storing the username and password to the Web services. The Client is responsible for safeguarding the credentials against unauthorized use. For information security purposes, the Client is also responsible for regularly changing their password and for ensuring that devices and applications used are up-to-date and secure.

The Client’s main user is responsible for managing and sharing other usernames of the same company. In the end, the Client’s main user is responsible for all activity of users of the same company, and the Client is responsible for the damage caused by the use of the credentials to himself or herself, to Kaukokiito and to third parties.

The Client is responsible for the use of his or her username as well as for any costs or damage that may result from its use to the contract parties and third parties.

If there is unauthorized access to usernames, the Client is responsible for any resulting damage thereof. If the Client believes that there has been unauthorized access to user credentials, the Client must immediately notify Kaukokiito in order to prevent the use of the credentials. The Client’s responsibility for damages ends when the Client has notified Kaukokiito of the matter and the credentials have been closed.

The Customer is responsible for all content entered and uploaded into the Service, including address books and any attachments entered into the Service. Attachments are intended only for sending to the consignee the necessary attachments for the purpose of transport.

The Client commits to use the Web services in accordance with the laws of Finland, authority guidelines and good practice.

4. Kaukokiito’s rights and obligations

Kaukokiito strives to make every effort to ensure the continuous availability of the Web service. Continuous availability is not guaranteed. Kaukokiito reserves the right to restrict the availability of the Web services at any time and geographical location for example for securing the maintenance, modification work or functionality of the service. Kaukokiito does not guarantee that the service can be used on the device or software used by the Client.

Kaukokiito is not responsible for any damage suffered by the Client as a result of disruptions in the Web services. Kaukokiito is not responsible for damages caused by an event of force majeure and is not liable for any damages to the Client or third parties.

If the Web services do not fulfil the needs of the Client, Kaukokiito is not responsible for any damage caused thereby.

Kaukokiito is not responsible for the content uploaded to the service or its lawfulness. Kaukokiito deletes illegal, inappropriate or otherwise contested content upon separate request.

Kaukokiito has the right to change Web services charges, the content of the Web service or terminate the Web services indefinitely.

5. Processing personal data and other data

Kaukokiito collects and stores the information about the user of the Online Service that the Customer declares when registering for the Online Service. Remote access also processes data that the Customer enters or uploads into the Online Service, including address books and any attachments that may contain personal data. In addition, Kaukokiito collects information about the use of the Online Service and the communication between Kaukokiito and the Customer. Some of the data collected is personal data. The Customer accepts that Kaukokiito has the right to collect and process the Customer’s personal data in accordance with the current privacy policy of Kaukokiito.

Kaukokiito may use cookies, web beacons and other analytical techniques to collect, use, store and transmit technical and other information. The data collected by means of cookies, web beacons and other analytical techniques can be used, for example, for the development of the Online Service, if the user has given his consent to this.

6. Information security

Kaukokiito strives by all means to ensure a legally required level of information security. The Client is responsible for notifying Kaukokiito of any observed information security deficiencies.

The Client is responsible for the information security of all the Client’s software, devices and other tools and web traffic solutions required for using the service.

The Client commits not to perform any actions on the Web service that result in abnormal load on the service. The Client may not use the Web service or any of its parts for any out of the ordinary purposes. Automated technical solutions may not be used for utilizing the Web services or any of its parts without Kaukokiito’s written approval.

The Web services may contain links to third party websites. Kaukokiito is not responsible for the correctness, trustworthiness or information security of third party links.

Kaukokiito commits to notify the Clients without undue delay of any potential data breaches on the Web services.

7. Intellectual property rights

The content displayed and used in the Web services is partly protected by intellectual property law. Partial copying, borrowing, redistributing or making commercial use of the content of the Web services without Kaukokiito’s written permission is prohibited.

8. Assignment of the agreement

Kaukokiito reserves the right to transfer the agreement with all its rights and obligations to another company belonging to the same group of companies or a third party, for example by assignment of a receivable. The Client does not have the right to assign the agreement to a third party.

9. Term, termination and suspension of the Terms

The Client may end the right to use the Web services by written notification to Kaukokiito.

Kaukokiito may delete usernames and terminate the right to use the Web services on its own initiative if the Client has not used the service in six (6) months.

Kaukokiito may immediately suspend the agreement if the Client has violated his or her obligations under these Terms or if the Client’s transport contract ends.

10. Other terms

Kaukokiito has the right to change these terms. Changes to these Terms will be notified at least fourteen (14) days before the change in the Web services. If the Client does not accept the change of terms, the Client must immediately cease using the Web services.

The laws of Finland shall be applied in addition to these terms. Negotiation shall be primarily used. A dispute shall primarily be attempted to be solved in negotiation. If the disagreement is not solved in negotiation, possible disputes shall be resolved in the District Court of Helsinki. A consumer may nevertheless always take or respond to legal actions in the lower courts of the consumer’s place of residence. Consumers may also first turn to the consumer advisory services and thereafter to the Consumer Disputes Board. Consumers may additionally use the dispute resolution service provided by the ODR-forum.

11. Term and contact details

These Terms are drafted on 19.4.2018 and they shall continue indefinitely. These Terms of Service were last updated on 30.10.2021.

Suomen Kaukokiito Oy
Teollisuustie 7
33330 Tampere
Business ID 0114330-2
Place of residence Helsinki