Marketing register and privacy policy of Juustoportti group’s websites

This document contains the privacy and cookies policies for the websites administered by Juustoportti group. The privacy policy applies to all websites administered by Juustoportti group or its subsidiaries in Finland and globally.

1. Controller

Juustoportti Oy
Business ID: FI20655637
Meijeritie 3, FI-61600 Jalasjärvi
Tel. +358 (6) 456 6800

In addition, the following companies of the Juustoportti group serve as joint controllers where applicable:

Juustoportti Food Oy, Business ID: FI21046059
Juustoportti ILO Oy, Business ID: FI09570835
Kasvis Galleria Oy, Business ID: FI15278988

2. Contact person for matters related to the registry

Brita Maunuksela, Human Resources Specialist
tel: +35864566800

Other contact details:
Juha Taivalmäki, Head of ICT
tel: +358 40 8334 640

3. Processors:

Employees of the group with relevant access rights.
Great Slogan Oy: Employees working in customer service tasks and in customer projects.

4. Name of the registry

Marketing register and privacy policy of Juustoportti group’s websites.

5. Purpose and basis of the processing of personal data

Personal data is processed in activities related to customer contacting, marketing and sales, improvement of service quality, customer relationship management and customer communications undertaken by Juustoportti Oy (FI20655637) and its subsidiaries, particularly Juustoportti Food Oy (FI21046059), Juustoportti ILO Oy (FI09570835) and Kasvis Galleria Oy (FI15278988).
The processing for marketing purposes is based on legitimate interest and the processing for the purposes of customer relationship management is based on the performance of an agreement. Based on their consent, data subjects are sent customer satisfaction surveys and electronic direct marketing emails

In more detail, the processing is based on the following.
Data subject’s consent: Data is received either directly from the customer or from the central retail companies, which enter the personal data of those responsible for different activities in the system. Information saved for contacting purposes are saved based on consent received for a certain activity or on separately asked consent.
The personal data processing involves no automatic decision-making or profiling.

6. Data collected, storage period, description of special categories of personal data and basis for processing

The registry only includes data with contact details on companies and persons who are current or potential customers of Juustoportti group’s food industry business operations or named as contact persons for such companies.
Personal data related to customer relationships and sales promotions is saved in the registry, for example:
Company name and Business ID for the purposes of customer contacting and sales promotion
A person’s name as background data or as a contact person for the purposes of customer relationship management
A person’s title for the purposes of targeting communications and responsibilities
A person’s or company’s phone number for customer contacting
Customer history (e.g., customer communication event, changes to services, visits by representatives, campaigns)
Direct marketing bans and consents
Information relating to the use of websites and online services administered by Juustoportti group
Information related to marketing and sales promotion, such as marketing activities directed at the data subject and participation in them (e.g., participation in events)
Technical data and cookies saved on the data subject’s browser and data related to the cookies
The system includes no special categories of personal data

The personal data in the registry is regularly reviewed and information is erased when there no longer is a legitimate basis for storing it.

7. Cookies

Websites administered by Juustoportti group use cookies. Cookies are small text files saved on the visitor’s device. The purpose of these files is to collect information on the way visitors use the website. Cookies are not dangerous, and they do not harm the visitor’s device, files or internet connection.

Cookies are used for a variety of purposes, which are related to, for example, the functions of websites, analytics and marketing.
We monitor our websites with the third-party analytics and monitoring service Google Analytics. The service collects data on the number of visitors, the way they browse our website and the devices they use to access the website. This information helps us monitor and improve the functioning of the website.

The website includes cookies from third-party marketing services, such as Facebook and Google AdWords. The cookies collect data on, for example, the visitors’ interests, age and location. This data helps us to better target our marketing and to reach the people who are interested in Juustoportti and our activities.

The cookies also collect the following information:

  • visitor’s IP address
  • time of visit
  • pages visited
  • browser used
  • the web address from which the visitor was directed to the website
  • the server the website is accessed from
  • the domain name from which the visitor was directed to the website
  • Identifying individuals based on the analytics data collected is not possible. Cookies are also used, for example, for the purposes of registering and logging in on the website, if the website has such a function.

8. Clearing and disabling cookies

Visitors of websites administered by Juustoportti group can disable Google Analytics cookies with an add-on installed on their browser. Other cookies can be cleared or disabled from the settings of the browser used. Please note that some of the functions of our website require the use of cookies. Our website manager Great Slogan Oy cannot guarantee the website will function as intended, if such cookies are disabled.

9. Primary data sources

The collection of data subjects’ personal data is based on an existing customer relationship or other contact with Juustoportti group. The data is collected at different stages of the customer relationship. Data subjects’ data is primarily received from the data subjects’ themselves or from their employers as follows:
The central retail company submits the up-to-date information of their retailers/representatives in an Excel workbook to their suppliers in the agreed-on manner.

Data available from public sources, such as company websites.
Personal data is also bought from registries external to Juustoportti group and collected from public sources for one-time marketing purposes.

10. Disclosures of personal data

Personal data can be disclosed within the Juustoportti group.

11. Technical and organisational measures for personal data protection

Personal data related to customer relationships is stored on a server partition dedicated to Juustoportti. Access is granted only to those who process the data and to the CRM service provider (for more information, please contact the registry contact person). The server provider does not have access to the customer information and marketing system. Only certain IP addresses and VPN tunnels can connect to the server.
Each user has personal access rights to the CRM system. All users can access all information stored in the system, but the number of users of the CRM system is closely monitored and restricted to only those, who truly need to use system in the performance of their work.
Information can only be exported into Excel files or printed from the system. Transferring information outside the system is forbidden.
The system collects log data based on which all actions taken in the system can be traced to a user by the system supplier. Maintaining log data is important for the integrity of the system and for tracing in any possible incidents. The system steers the information use in our company’s statutory tasks, so the information must be monitored and traceable.

12. Verifying personal data, correctness of the data and erasing and disclosing personal data

The personal data is regularly verified in connection to customer contacting. In addition, the central retail companies regularly send updated information on their contact person information, which is used to correct and erase old data. The correctness of personal data within the CRM system is ultimately decided by the person entering the data, but the party sending the data is responsible for the correctness of the data they send.
Personal data is erased from the system upon a customer’s or a company representative’s request, if the erasure of the data is not prejudicial to any interest gained on the basis of an agreement or any other interest to be protected. Data is also erased if it is deemed incorrect or when a person is no longer employed by a customer and the person responsible for maintaining the data at Juustoportti group becomes aware of this.
Personal data can be disclosed within the Juustoportti group, but not transferred outside the group.
Personal data is not transferred outside the EEA.

13. Other rights of data subjects

Data subjects have the right to request access to the personal data saved on them in the registry by calling a person employed by Juustoportti group. The data subject is identified based on their phone number and by examining the data saved that can be used to identify the person. Access rights to the personal data stored in the system is not provided to data subjects, unless the data subject is also in a role that entitles them to have access rights to the system.

14. Risk assessment

The personal data saved is not sensitive in nature and the phone numbers are owned by companies.
The system being breached is highly unlikely, and the only practical data breach risk is posed by the processors. If a data breach is suspected to have occurred, the person responsible for it can be traced with the log data collected by the system. Data breaches caused by viruses or other malware are theoretically possible, but due to the excellent level of information security ensured by the controller, it is deemed unlikely.
The risk of a data breach is non-existent.
To control the risk, the system can only be accessed with personal access rights and access to the server where the system is located is restricted.

15. Updates to the privacy policy

Updates can be made to this privacy policy in connection to the development of business operations or when changes made to data protection practices or data protection legislation. All changes enter into force as soon as they are published.