Business ID: FI20655637
Meijeritie 3, FI-61600 Jalasjärvi
Tel. +358 (6) 456 6800
In addition, the following companies of the Juustoportti group serve as joint controllers where applicable:
Juustoportti Food Oy, Business ID: FI21046059
Juustoportti ILO Oy, Business ID: FI09570835
Kasvis Galleria Oy, Business ID: FI15278988
Pekka Alakoski, Human Resources Specialist
tel: +358 40 8252 790
Other contact details:
Juha Taivalmäki, Head of ICT
tel: +358 40 8334 640
Employees of the group with relevant access rights.
Great Slogan Oy: Employees working in customer service tasks and in customer projects.
Personal data is processed in activities related to customer contacting, marketing and sales, improvement of service quality, customer relationship management and customer communications undertaken by Juustoportti Oy (FI20655637) and its subsidiaries, particularly Juustoportti Food Oy (FI21046059), Juustoportti ILO Oy (FI09570835) and Kasvis Galleria Oy (FI15278988).
The processing for marketing purposes is based on legitimate interest and the processing for the purposes of customer relationship management is based on the performance of an agreement. Based on their consent, data subjects are sent customer satisfaction surveys and electronic direct marketing emails
In more detail, the processing is based on the following.
Data subject’s consent: Data is received either directly from the customer or from the central retail companies, which enter the personal data of those responsible for different activities in the system. Information saved for contacting purposes are saved based on consent received for a certain activity or on separately asked consent.
The personal data processing involves no automatic decision-making or profiling.
The registry only includes data with contact details on companies and persons who are current or potential customers of Juustoportti group’s food industry business operations or named as contact persons for such companies.
Personal data related to customer relationships and sales promotions is saved in the registry, for example:
Company name and Business ID for the purposes of customer contacting and sales promotion
A person’s name as background data or as a contact person for the purposes of customer relationship management
A person’s title for the purposes of targeting communications and responsibilities
A person’s or company’s phone number for customer contacting
Customer history (e.g., customer communication event, changes to services, visits by representatives, campaigns)
Direct marketing bans and consents
Information relating to the use of websites and online services administered by Juustoportti group
Information related to marketing and sales promotion, such as marketing activities directed at the data subject and participation in them (e.g., participation in events)
Technical data and cookies saved on the data subject’s browser and data related to the cookies
The system includes no special categories of personal data
The personal data in the registry is regularly reviewed and information is erased when there no longer is a legitimate basis for storing it.
Cookies are used for a variety of purposes, which are related to, for example, the functions of websites, analytics and marketing.
We monitor our websites with the third-party analytics and monitoring service Google Analytics. The service collects data on the number of visitors, the way they browse our website and the devices they use to access the website. This information helps us monitor and improve the functioning of the website.
The website includes cookies from third-party marketing services, such as Facebook and Google AdWords. The cookies collect data on, for example, the visitors’ interests, age and location. This data helps us to better target our marketing and to reach the people who are interested in Juustoportti and our activities.
The cookies also collect the following information:
The collection of data subjects’ personal data is based on an existing customer relationship or other contact with Juustoportti group. The data is collected at different stages of the customer relationship. Data subjects’ data is primarily received from the data subjects’ themselves or from their employers as follows:
The central retail company submits the up-to-date information of their retailers/representatives in an Excel workbook to their suppliers in the agreed-on manner.
Data available from public sources, such as company websites.
Personal data is also bought from registries external to Juustoportti group and collected from public sources for one-time marketing purposes.
Personal data can be disclosed within the Juustoportti group.
Personal data related to customer relationships is stored on a server partition dedicated to Juustoportti. Access is granted only to those who process the data and to the CRM service provider (for more information, please contact the registry contact person). The server provider does not have access to the customer information and marketing system. Only certain IP addresses and VPN tunnels can connect to the server.
Each user has personal access rights to the CRM system. All users can access all information stored in the system, but the number of users of the CRM system is closely monitored and restricted to only those, who truly need to use system in the performance of their work.
Information can only be exported into Excel files or printed from the system. Transferring information outside the system is forbidden.
The system collects log data based on which all actions taken in the system can be traced to a user by the system supplier. Maintaining log data is important for the integrity of the system and for tracing in any possible incidents. The system steers the information use in our company’s statutory tasks, so the information must be monitored and traceable.
The personal data is regularly verified in connection to customer contacting. In addition, the central retail companies regularly send updated information on their contact person information, which is used to correct and erase old data. The correctness of personal data within the CRM system is ultimately decided by the person entering the data, but the party sending the data is responsible for the correctness of the data they send.
Personal data is erased from the system upon a customer’s or a company representative’s request, if the erasure of the data is not prejudicial to any interest gained on the basis of an agreement or any other interest to be protected. Data is also erased if it is deemed incorrect or when a person is no longer employed by a customer and the person responsible for maintaining the data at Juustoportti group becomes aware of this.
Personal data can be disclosed within the Juustoportti group, but not transferred outside the group.
Personal data is not transferred outside the EEA.
Data subjects have the right to request access to the personal data saved on them in the registry by calling a person employed by Juustoportti group. The data subject is identified based on their phone number and by examining the data saved that can be used to identify the person. Access rights to the personal data stored in the system is not provided to data subjects, unless the data subject is also in a role that entitles them to have access rights to the system.
The personal data saved is not sensitive in nature and the phone numbers are owned by companies.
The system being breached is highly unlikely, and the only practical data breach risk is posed by the processors. If a data breach is suspected to have occurred, the person responsible for it can be traced with the log data collected by the system. Data breaches caused by viruses or other malware are theoretically possible, but due to the excellent level of information security ensured by the controller, it is deemed unlikely.
The risk of a data breach is non-existent.
To control the risk, the system can only be accessed with personal access rights and access to the server where the system is located is restricted.