Oświadczenie o ochronie I prywatności

Nokian Tyres oświadczenie o ochronie i prywatności

Nokian Tyres plc (“Nokian Tyres” or “we”is the controller for the personal data concerning our corporate business contacts, namely the representatives or contact persons of corporate customers. Nokian Tyres is also the controller for the personal data concerning consumers who have registered for our services or might have subscribed for various publications (i.e. Nokian Tyres newsletter). 

This Privacy Statement describes how Nokian Tyres in the context of its business process the personal data of consumers and corporate business contacts (“customer”). Protection of customer’s privacy is important to us. Nokian Tyres is committed to processing personal data transparently and in compliance with applicable data protection laws. 

CONTROLLER AND CONTACT INFORMATION 

Nokian Tyres plc is the controller of our customers’ personal data. Any questions regarding our customers’ privacy can be directed to us: 

Nokian Tyres plc 
Privacy 
Pirkkalaistie 7 
37100, Nokia, FINLAND 
[email protected] 

PURPOSES OF PROCESSING, CATEGORIES OF PERSONAL DATA & LEGAL BASIS 

CUSTOMER – CORPORATE BUSINESS CONTACT 

Personal data is primarily obtained in situations where a corporate customer has acquired products or services from Nokian Tyres or when a corporate business contact has registered into our digital services. Personal data is processed for the following purposes:  

  • To deliver products and services for our corporate customers.   

Personal data processed for this purpose includes contact information, billing information and other information that customer or employee of a customer has provided us during the provision of our products. 

  • To maintain business relationship with our corporate customers in context of customer service and communication, managing customer meetings and leads.  

Personal data processed for this purpose includes information related to customer service such as contact information, information submitted via surveys and feedback forms, information about participation to events and campaigns, newsletter subscriptions or other data provided to us in the context of customer service requests. Phone calls to customer service are recorded in order to ensure the quality of customer service.  

  • To develop our products and services in context of customer surveys and reviews, and website analytics.  

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers, data related to our customers online activity and preferences, and data that might be inferred. Usually, the personal data will be aggregated, or other ways anonymised for compiling statistics and reports for business and product development. More information about our practice regarding cookies is available here.  

  • To sell and market our products and services such as online and postal advertisement. 

Personal data processed for this purpose includes contact information, behavioural information, terminal equipment identifiers, online identifiers and purchase information. Collected personal data is further processed in order to create target audiences and offer targeted content. Targeted content is always based on segments or audiences and not on our customers individual behaviour.  

  • To provide Nokian Tyres Dealer Services for our corporate customers. 

Personal data processed for this purpose includes contact informationterminal equipment identifiers, online identifiers and information related to identity management such as authorization information.  

  • To organize and manage customer events such as trade fairs and Nokian Tyres product launches.  

Personal data processed for this purpose includes contact information and travel and accommodation information.  

  • Fulfilling statutory obligations and any other official rules and regulations 

Personal data processed for this purpose includes any information relevant regarding a statutory requirement.  

Legal basis for processing our corporate customer’s personal data is always one of the following:  

  • Consent 

With regards to newsletter subscription, we process personal data only if a customer has given consent for it. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

  • Contract 

We process our corporate customer’s personal data on contractual basis when providing our Marketing Toolbox -service.  

  • Legal Obligation 

In relation to fulfilling our statutory obligations the legal basis of processing is our legal obligation.  

  • Legitimate interest 

We process personal data based on our legitimate interest in the context of developing, selling, marketing, delivering and providing our products and services, to maintain business relationship with our customersand to organize and manage customer events. 

To ensure that a significant and pertinent relationship exists between Nokian Tyres and a customer, and to demonstrate that our legitimate interest does not cause any significant intrusion of our customers’ privacy, or any other undue impact on interests and rights, we assess the processing with balancing tests. More information on the balancing test can be requested by contacting [email protected]. 

PURPOSES OF PROCESSING, TYPES OF PERSONAL DATA & LEGAL BASIS 

CONSUMER CUSTOMER 

Personal data is primarily obtained during the sign-up for our serviceswhen ordering our publications such as newsletters, or in connection with our surveys and competitions. In addition, personal data may also be obtained and derived from service use. We process personal data for the following purposes:  

  • To deliver newsletter and other publications to recipients who have subscribed to receiving these. 

Personal data processed for this purpose includes contact information such as contact information, terminal equipment identifiers and behavioural information.   

  • To provide customer service for our consumer customers 

Personal data processed for this purpose includes information related to customer service such as contact information, information submitted via feedback forms or other data provided to us in the context of customer service requests. Phone calls to customer service are recorded in order to ensure the quality of customer service.  

  • To market and advertise our products and services such as online and postal advertisement  

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers, behavioural datadata related to our customers online activity and preferences, and data that might be inferred from other data we collect. Collected personal data is further processed in order to create target audiences and offer targeted content. Targeted content is always based on segments or audiences and not on our consumer customers individual behaviour. More information about our practice regarding cookies is available here.  

  • To offer our services such as Aramid guarantee or Nokian Tyres Satisfaction Promise.  

Personal data processed for this purpose includes contact informationvehicle and tire information and purchase information.  

  • To organize competitions and draws for our consumer customers. 

Personal data processed for this purpose includes contact information and possible competition specific information. 

  • To develop our products and services based on our customers feedback, product reviews and online activity. 

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers, behavioural data, customer feedback and product reviews. More information about our practice regarding cookies is available here.  

  • Fulfilling statutory obligations and any other official rules and regulations 

Personal data processed for this purpose includes any information relevant regarding a given statutory requirement.  

Legal basis for processing our consumer customer’s personal data is always one of the following:  

  • Consent 

With regards to newsletter subscription, we process personal data only if a customer has given consent for it. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

  • Contract 

Legal basis for processing is contract when we process personal data for the purpose of organizing competitions or draws, or with regards to product guarantees where processing is necessary for a contractual relationship and enforcing the service contract.   

  • Legal Obligation 

In relation to fulfilling our statutory obligations the legal basis of processing is our legal obligation.  

  • Legitimate interest 

We process personal data based on our legitimate interest to develop our products and services, to provide customer service, and to market and advertise our products and services.  

To demonstrate that our legitimate interest does not cause any significant intrusion into our customer’s privacy, or any other undue impact on interests and rights, we assess the processing with balancing tests. More information on the balancing test can be requested by contacting [email protected].  

PERSONAL DATA TRANSFERS AND DISCLOSURES 

Personal Data Transfers 

As a global company, Nokian Tyres uses subcontractors and service providers to operate our business efficiently. For example, we use subcontractors to carry out campaigns and direct marketing or service providers for payment and billing management.  

The processing of personal data in relation to our subcontractors is always commissioned by Nokian Tyres and the other parties will act only on our behalf as personal data processors. Such processing is always protected with contractual arrangements to ensure that our service providers and partners process our customers’ personal data in accordance with the laws and good data processing practices.  

In a case our subcontractor or service providers is located outside the European Union (EU) or the European Economic Area (EEA) we ensure the adequate level of protection of our customers’ personal data with appropriate safeguards by using standard contractual model clauses approved by the European Commission or another valid mechanism provided under applicable legislation.

Personal Data Disclosures  

We only disclose personal data that is strictly necessary for complying with the statutory requirement. Example, when we give assistance in investigations of accidents, we need to disclose relevant information to support the investigative authorities.  

We might disclose personal data to other companies within Nokian Tyres group. This usually happens for the purposes of customer service, customer relationship management and marketing.  

In a case we sell, merge or otherwise re-arrange our business operations or assets, we need to disclose personal data to purchaser or prospective seller or buyer of such business or assets in compliance with applicable laws. In such a case we process personal data based on our legitimate interest to ensure our business continuity. In case a customer objects to such processing, the purchaser of our business may not be able to provide services anymore.  

SECURITY OF PERSONAL DATA  

We use technical and organisational measures to ensure the security of personal data from loss, misuse or other similar unlawful access. Such methods include the use of firewalls, encryption technologies and safe server premises. Access to personal data is limited on “need-to-know” basis and controlled by system access rights, as well as through granting and controlling access rights.  

In the event of a personal data breach, we will notify local supervisory authorities and everyone whose personal data may have been endangered in accordance with applicable legislation.  

DATA SUBJECT RIGHTS  

As a responsible company we want to be open and transparent on the processing of our customers’ personal data. This means we give our customers the opportunity to control the processing of personal data.  

Right of AccessCustomers have the right to receive a confirmation whether we are processing their personal data, what personal data we process about them and to receive a copy of their personal data.  

Right to Rectification. In case personal data of our customers is inaccurate or incomplete, customers have the right to request rectification or completion of their data.  

Right to Restrict Processing. Customers have the right to request restriction by contesting the accuracy of their personal data. In such situation, the processing activities are restricted for the period of time taken to verify the accuracy of personal data.  

Right to Object. Customers have the right to object to the processing of their personal data. Our customers have the right to object the processing of their personal data for the purposes of direct marketing at any time.  

Right to be ForgottenCustomers have the right to request their personal data to be erased. In some cases, there may still be an overriding purpose for processing and retaining personal data e.g. in order to fulfil legal obligations or for the warranty needs.  

Right to Data PortabilityCustomers have the right to request their personal data in machine-readable format in situations where we process personal data based on contract or consent. This only applies to personal data customers have provided us with.  

Right to Withdraw a ConsentCustomers have the right to withdraw their consent at any time. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

If customers consider that the processing of personal data infringes their rights, customers may contact the supervisory authority and lodge a complaint about our processing of personal data.  

Any questions or requests regarding above mentioned rights can be sent via email to [email protected].  

RETENTION PERIODS 

Personal data is retained as long as is necessary for the purpose they were collected for, or until we receive a request for erasure – unless we have a legal obligation to retain it for a longer period. The retention period of personal data is determined by the following criteria: 

  • If a customer has a Dealer Service account with us, we will retain personal data while your account is active or for as long as needed to provide services to customer.  
  • For guarantees and other product related programmes we need to retain personal data for the duration of the validity of the guarantee or programme in each specific case and in any case until any possible claims towards Nokian Tyres have expired. 
  • For purposes of organizing competitions or draws, personal data will be retained until the competition has ended and all the following measures has been carried out. More information on retention periods is always provided in the competition terms. 
  • When a customer has subscribed into receiving electronic direct marketing communications, we process personal data for those purposes as long as their subscription remains in force. In case a customer withdraws their consent, we will discontinue the processing of personal data and erase personal data if there is no other valid purpose for processing. 

Any questions regarding retention periods of our customers’ personal data can be sent via email to [email protected].  

REVISIONS TO THIS PRIVACY STATEMENT  

We are continuously developing our services and this privacy statement is subject to changes. Changes may also be based on changes in legislation. We recommend our customers to visit this privacy statement in regular basis in order to keep track of possible changes. 

Whistleblowing Privacy Statement

Nokian Tyres plc (“Nokian Tyres” or “we”) is the controller for the personal data concerning our group level whistleblowing process. Nokian Tyres group has a defined whistleblowing process for investigating suspected internal violations or other unethical behaviour.

This Privacy Statement describes how Nokian Tyres processes personal data in the context of the whistleblowing process. Because personal data from various data subjects can be processed during the whistleblowing process, data subjects usually involve the person making a report (“the whistleblower”) and the person mentioned in a report (“the alleged wrongdoer”). Depending on the case under investigation, personal data of the investigator and witnesses can also be processed.

Protection of data subjects’ privacy is important to us. Nokian Tyres is committed to processing personal data transparently and in com­pliance with applicable da­ta pro­tec­tion laws.

Controller and Contact Information

Nokian Tyres plc is the controller of the personal data processed in the whistleblowing process. Any questions regarding our privacy practices can be directed to us:

Nokian Tyres plc 
Privacy 
Pirkkalaistie 7 
37100, Nokia, FINLAND 
[email protected]

Purposes of Processing & Legal Basis

Nokian Tyres whistleblowing process’s aim is to ensure the quality of Nokian Tyres governance system and to maintain trust towards Nokian Tyres group.  In addition, its objective is to encourage employees and other stakeholders to report any findings or suspicions of non-compliance with laws, Nokian Tyres’ business principles or other guidelines.

In connection to Nokian Tyres’ whistleblowing process, personal data is processed for the purposes of:

  • preventing, identifying and   investigating   suspected   criminal   activity, internal   violations   and   other malpractices;
  • preventing, identifying and investigating suspected activity, which is unethical or against Nokian Tyres’ Code of Conduct.

In the context of the whistleblowing process and an internal investigation, we will process your personal data based on the following legal grounds: 

  • Legal basis for processing is our legitimate interest to monitor compliance with applicable laws and Nokian Tyres’ Code of Conduct and other guidelines. In this respect, we will always determine case by case whether our interests are not overridden by the interests, fundamental rights and freedoms of the data subjects involved. Also, the processing is necessary to comply with a legal obligation, given the fact that whistleblowing systems may be mandatory in some countries where Nokian Tyres operates.
  • To the extent that the processing relates to special categories of personal data, the legal basis for such processing is that it is necessary for the purposes of carrying out the obligations and exercising the specific rights of Nokian Tyres in the field of employment and social security and social protection law, or that the processing is necessary for the establishment, exercise or defense of legal claims.

Sources & Categories of Personal Data

All whistleblowing investigations related to information received from the official whistleblowing channels are conducted or headed by Nokian Tyres’ internal audit unit. Initially personal data is primarily obtained through the official whistleblowing channels (via a specific whistleblowing e-mail address or via regular mailing address). Depending on the case under investigation, personal data is also obtained through the investigative measures.

In most cases the personal data processed in connection to the whistleblowing process includes: 

  • Data received via whistleblowing notification such as name and contact details of the whistleblower (unless notification is made anonymously) and the alleged wrongdoer, and a description of the suspected misconduct. Due to the nature of the whistleblowing channel and varying case contexts, the received data can vary significantly on each case. Depending on the received notification, processed personal data can also include special categories of personal data.
  • Data obtained through investigative measures such as employment information, physical safety related information (e.g. CCTV, access control information), information related to system administration and network security, records of working hours, witness testimonies and case relevant information from public registers or other public or internal information or information from internal systems used in conjunction with other information.

Personal Data Transfers and Disclosures 

Personal data transfers

As a global company, Nokian Tyres may use subcontractors and service providers to process whistleblowing investigations. The processing of personal data in relation to our subcontractors is always commissioned by Nokian Tyres and the other parties will act only on our behalf as personal data processors. Such processing is always protected with contractual arrangements to ensure that our service providers and partners process personal data in accordance with the laws and good data processing practices to maintain high integrity of the investigation.

In a case our subcontractor or service providers is located outside the European Union (EU) or the European Economic Area (EEA) we ensure the adequate level of protection whistleblowing investigation related personal data with appropriate safeguards by using standard contractual model clauses approved by the European Commission or another valid mechanism provided under applicable legislation.

Personal Data Disclosures

We only disclose personal data that is strictly necessary for complying with the statutory requirement. If the investigated whistleblowing case involves illegal or criminal activities, the case may be reported to the appropriate authorities in accordance with applicable laws. Third parties to whom data can be disclosed based on a specific case context and local legislation include for example the law enforcement authorities, the tax administration, customs and in certain cases the insurance company or other case owners of the matter.

In a case we sell, merge or otherwise re-arrange our business operations or assets, we need to disclose personal data to purchaser or prospective seller or buyer of such business or assets in compliance with applicable laws. In such a case we process personal data based on our legitimate interest to ensure our business continuity.

Security of Personal Data

We use technical and organisational measures to ensure the security of personal data from loss, misuse or other similar unlawful access. Such methods include the use of firewalls, encryption technologies and safe server premises. Access to personal data is limited on “need-to-know” basis and controlled by system access rights, as well as through granting and controlling access rights.

In the event of a personal data breach, we will notify local supervisory authorities and everyone whose personal data may have been endangered in accordance with applicable legislation.

Data Subject Rights

As a responsible company we want to be open and transparent on the processing of personal data. This means we give our data subjects the opportunity to control the processing of personal data. However, because of the nature of the processing in whistleblowing investigations, we have the right to derogate from exercising the data subjects’ rights in certain situations based on legal grounds.

Right of Access. Data subjects have the right to receive a confirmation whether we are processing their personal data, what personal data we process about them and to receive a copy of their personal data. Because of the sensitive nature of the data processing in whistleblowing process, it is necessary to balance all interests involved in a right of access request. Therefore, all information about personal data processing in the context of whistleblowing purposes upon a right of access request cannot in all cases be submitted to the data subject, because that could adversely affect the rights or freedoms of others.

Right to Rectification. In case personal data of our data subjects regarding the whistleblowing process is inaccurate or incomplete, data subjects have the right to request rectification or completion of their data.

Right to Restrict Processing. Data subjects have the right to request restriction by contesting the accuracy or lawfulness of their personal data. In such a situation, the processing activities are restricted for the period of time taken to verify the accuracy of personal data. The right to restriction of processing is assessed on a case-by-case basis. In cases which are likely to have legal effects on the data subject, the data may still be processed, subject to the establishment, exercise or defense of legal cases or for the protection of the rights of another natural or legal person or, despite the request for restriction of the data subject.

Right to Object. Data subjects have the right to object to the processing of their personal data, when the processing is based on our legitimate interest. We may restrict the data subjects’ right to object the personal data processing for the establishment, exercise or defense of legal claims.

Right to be Forgotten. Data subjects have the right to request their personal data to be erased. In some cases, there may still be an overriding purpose for processing and retaining personal data e.g. in order to fulfil legal obligations or for the establishment, exercise or defense of legal claims.

If data subjects consider that the processing of personal data infringes their rights, they may contact the supervisory authority and lodge a complaint about our processing of personal data.

Any questions or requests regarding above mentioned rights can be sent via email to [email protected].

Retention Periods

Personal data is retained as long as is necessary for the purpose they were collected for, or until we receive a request for erasure – unless we have a legal obligation or legitimate interest to retain it for a longer period.

The personal data will be processed and retained as long as necessary to process and investigate the whistleblowing notification, or, if applicable, as long as necessary to initiate sanctions or to meet any legal or financial requirement. In any case, if judicial or disciplinary proceedings are initiated, the personal data provided will be kept until those proceedings are definitively closed. Nokian Tyres retains all received whistleblowing notifications and their related material, which have been seen as significant for the investigation or conclusion of investigation, including any possible summaries or document listings, for ten years from the date on which the case has been resolved or deemed not to require further investigative measures, based on legal obligations.

Any questions regarding retention periods of our data subjects’ personal data can be sent via email to [email protected].

Revisions to this Privacy Statement

We are continuously developing our operations and this privacy statement is subject to changes. Changes may also be based on changes in legislation. We recommend our data subjects to visit this privacy statement in regular basis in order to keep track of possible changes.