KUUSAKOSKI WEBSITE PRIVACY POLICY STATEMENT AND COOKIE POLICY
INTRODUCTION
We at Kuusakoski (Kuusakoski Oy, business ID 1589236-3, “Kuusakoski”) respect your privacy.
This page contains information about how we process your personal data as the data controller when you visit our website at Kuusakoski.com or the other websites listed below under [Kuusakoski websites] (ours and our group companies’). Please note that this page concerns the processing of personal data related to visits to our website, such as processing based on cookies and other tracking technologies. If you leave your information with us for contacting you (by filling in a form, for example), you are treated as a potential customer of Kuusakoski, whose personal data is processed according to [this] policy.
For more information on personal data processing, see [here] for partner companies and [here] for personal data processing at other Kuusakoski group companies.
For information about your rights, see [Information about data subject rights and how to exercise them] below.
We may update this privacy policy as needed to keep up with legislation, for example, and we will inform the data subjects of all material changes.
WHAT PERSONAL DATA IS PROCESSED?
Kuusakoski identifies the IP address of all visitors to its website. We also use cookies and other tracking technology to collect data about website visitors that may be connected to a specific person, including:
-
browser type or version
-
operating system (web browser)
-
referrer URL (previous web page)
-
server request timestamp
-
website events, browsing data, links clicked
-
information entered on forms
-
IP address
-
configured settings, including language selection
-
individual (cookie) ID.
By default, cookies are not used to identify the visitors of our website. If you have entered your personal data on our website during login, for example, we may attach a unique cookie identifier to your data with your consent. The cookies used on our website are described under [Cookies and similar technologies] below.
WHAT IS THE PURPOSE AND BASIS FOR PROCESSING PERSONAL DATA?
We process personal data based on the following:
-
Your consent (when you have consented). This means cookies and similar technologies that are used to customise the website’s content, operate chat bots, analytics and targeted advertising, for example. You always have the right to revoke your consent.
-
Legitimate interest (when one exists). A legitimate interest exists when we process data about your IP address to maintain the information security of the website and investigate abuse, for example.
-
We are legally allowed to save so-called essential cookies on your device if this is absolutely required for the website’s operation. Essential cookies require the processing of your IP address.
Please note that we only use cookies and similar technologies when it is necessary for the operation of our website, or when you have given us your consent.
HOW LONG IS PERSONAL DATA KEPT?
We keep personal data only for as long as is necessary for the purpose of said data. In the case of personal data related to website visits, IP addresses are typically kept for six months. The cookie retention times are available in the [cookie management panel] where you can also revoke your consent. Please note that if you enter contact information on our website (through a chat bot or form, for example), we may combine the information you entered with the data we collected on the website, which will collectively become customer data.
Your personal data may be kept for longer if required by mandatory legislation, legal claims presented to us, or a period for filing a suit or claim based on law or an agreement.
If you revoke your consent, we will delete your data. You have the right to request the erasure of your data and we will always comply, unless we have a specific reason to keep the data.
Once your personal data is unneeded, it is erased or anonymised beyond recovery.
COOKIES AND SIMILAR TECHNOLOGIES
“Cookies” are small files saved on a website visitor’s terminal device (computer, phone, tablet, etc.) that collect data about their activities online.
The Kuusakoski website uses cookies to provide certain services (chat bots, for example) and country-specific information, as well as for statistics, marketing and user experience improvements. You can learn more about the cookies currently used on the Kuusakoski website, their data collection, purpose of use and retention policy by using the [cookie management panel] visible on the website. It allows you to manage the cookies in use and your consent for the use of cookies.
HOW IS PERSONAL DATA PROTECTED?
The databases containing your personal data are protected by firewalls, passwords, and other technical means. The databases and their backups are located in secure facilities. We ensure that the data is only accessible by those Kuusakoski employees and the employees of companies working for Kuusakoski who need it to carry out their work.
HOW IS PERSONAL DATA COLLECTED?
When you visit our website, we receive data from third-party cookies and similar technological services, among other things.
WHO IS PERSONAL DATA SHARED WITH? (PARTNERS AND THIRD PARTIES)
We may transfer your data to third parties, such as service providers, if it is necessary for the purpose of your personal data’s processing. If we transfer personal data to a party who processes it on our behalf (data processor), we have contractual and other arrangements in place to ensure that the personal data is only processed according to our written instructions and only for the purposes specified in this privacy policy. Furthermore, we ensure that access to the personal data is restricted to people who need it for their work. For more information about the above service providers, see the [cookie management panel].
Based on legitimate interests, your personal data may also be processed by other companies within the Kuusakoski group. If Kuusakoski sells its personal data processing business or a part thereof or otherwise reorganises its operations, Kuusakoski may hand over personal data to the buyers and their advisors in accordance with the current regulations.
IS PERSONAL DATA TRANSFERRED OUTSIDE THE EUROPEAN ECONOMIC AREA?
The above service providers may process the data collected by cookies outside the European Economic Area (EEA). Kuusakoski operates as a single global organisation, and the employees of companies belonging to the Kuusakoski group have non-EEA access to your personal data as required (from China, the UK and the USA, for example). In such cases, we ensure that these parties are committed to a sufficient level of data protection in personal data processing by
-
verifying that the European Commission has issued a decision on sufficient data protection in the target country; OR
-
verifying that the data transfer is based on the protections required by the European Union’s General Data Protection Regulation (GDPR), such as the standard contractual clauses approved by the European Commission.
For more information on cross-border data transfers and the applicable protection, please contact Kuusakoski’s customer service (see the contact information at the end of the page).
KUUSAKOSKI WEBSITE
The personal data processing principles presented on these pages apply to the following website: www.kuusakoski.com.
SOCIAL MEDIA EXTENSIONS
The Kuusakoski website includes links and social media extensions (AddThis) that lead to third-party websites, such as Facebook and Twitter. These applications are subject to their respective third-party terms of service and other terms and conditions, and Kuusakoski assumes no responsibility for their content. For more information about these services’ privacy policies, please visit their websites.
The AddThis extension uses targeted cookies, which are explained further in the [cookie management panel].
INFORMATION ABOUT DATA SUBJECT RIGHTS AND HOW TO EXERCISE THEM
The GDPR gives you a set of rights that you may exercise in different situations to dictate how your personal data is processed. You may exercise the following rights with Kuusakoski when Kuusakoski is the data controller of your data:
-
Right of access: You have the right to receive confirmation of whether Kuusakoski is processing your personal data and also the right to access and review your information.
-
Right to rectification: You have the right to have inaccurate or incorrect personal data rectified and have incomplete data completed.
-
Right to erasure: You have the right to have your personal data erased and Kuusakoski is obligated to delete such data once there is no legitimate basis for their processing or you have revoked your consent for the processing of data.
-
Right to restriction of processing: You have the right to request the restriction of your personal data’s processing (when waiting for a response to a request to correct or erase your personal data, for example).
-
Right to object: You have the right to object to the processing of your personal data when Kuusakoski processes it based on a legitimate interest. In this case, Kuusakoski is obligated to comply with your request, unless compelling legitimate grounds can be demonstrated that override the interests, rights, and freedoms of the data subject, or the processing is required for the establishment, exercise, or defence of legal claims.
-
When personal data processing is based on your consent, you have the right to revoke the consent for processing at any time.
You can use the [cookie management panel] to revoke your consent. You may contact Kuusakoski’s customer service for any requests regarding your other rights (see the contact information below).
Customer service contact information:
Betooni 12, 13816 Tallinn, Estonia
Phone number: 13660
Email address:
Upon your request, Kuusakoski will take immediate action and will generally deliver a report of its actions within one month of receiving your request.
In addition, you have the right to lodge a complaint with the supervisory authority regarding Kuusakoski’s processing of personal data. The complaint must be addressed to the competent supervisory authority – in Finland, this is the Data Protection Ombudsman – in accordance with their instructions. The Office of the Data Protection Ombudsman has a website, www.tietosuoja.fi.
The competent authorities for Kuusakoski’s other countries of operation are listed below.
-
Sweden: Integritetsskyddsmyndigheten, www.imy.se.
-
Estonia: Andmekaitse Inspektsioon, www.aki.ee.
-
United Kingdom: The Information Commissioner’s Office, www.ico.org.uk.
This page was last updated on: 26/10/2021