Kärkimedia Oy is a sales and marketing organisation jointly owned by 32 of the largest circulation newspapers in their regions. We are committed to processing your personal data in accordance with current data protection legislation. This privacy statement sets out in greater detail how we process the personal data of our customers and potential customers, and users of our website. Further details are also available concerning:
- who to contact in matters related to personal data processing
- what kind of data we process
- the purposes for which we process data and the grounds for processing
- the duration for which your data are retained
- how you can influence the processing of your personal data
- the parties to which we may transfer or disclose information
- how we protect the personal data that we process
- how this privacy statement can be amended
The data controller for the personal data processing described in this privacy statement is Kärkimedia Oy. In matters related to processing of your personal data, contact:
Kärkimedia Oy (business ID 1006523-8)
Alvar Aallon katu 3 CPL 1180, FI-00101 Helsinki
tel. +358 75 757 8550
The personal data processed
We only process personal data that is required for predefined purposes. When collecting data, we seek to advise you as to the information that is required for using services, and of the information that you may choose to provide. We typically collect the following information:
Details of our corporate clients and contact persons:
- Corporate client information, such as name, business ID, industry, address and possible prohibition of direct marketing
- Name of contact person, name of business, job designation or title, telephone number, e-mail address, and details of direct marketing authorisations and prohibitions
- Details related to the client relationship, such as comments, complaints, invoicing and payment information
- Details related to the use of services, such as a user name and password
- Responses to surveys and questionnaires where research requires an analysis of responses at individual respondent level
Information for use in marketing: name of individual, name of the business that the individual represents, job designation or title and possible area of responsibility, e-mail address, telephone number and details of direct marketing authorisations and prohibitions, and details of measures taken in response to marketing communications (such as whether a message has been opened). We do not collect information on consumer customers for use in marketing.
Automatically collected information on use of our online services: We automatically collect information about how you use our services (e.g. the duration and time of your visit), which websites and website areas you visit, and how you use the content of our marketing communications or notices (such as clicks and history data). This information is collected automatically in server logs and associated with a cookie recorded on the user’s terminal device.
The information that we collect may vary depending on your use of our service or the type of service that you have subscribed to, and we may not necessarily collect all of the foregoing information.
We generally collect information from individuals in person. We also collect information when an individual enters into an agreement with us related to our services or products, or uses our digital services. We may also collect information from publicly available commercial and open sources (including corporate websites, the Asiakastieto information service, registers of the Finnish Patent and Registration Office and other sources).
Purposes and legal basis for processing personal data
We process information for the following purposes:
- Discharging a contract: We process personal data in order to discharge the contract for a service that you have ordered, and for other contractual relationship management, such as maintaining contact and dispatching notices, enabling logins, and the purposes of invoicing and collection. We have to process personal data in order to make offers, discharge contracts, invoice for our services, or contact you in matters related to the contract and customer relationship. Processing of personal data is based on a contract in these cases.
- Marketing: We process your personal data in order to send you direct marketing about our products and services. We may also target direct marketing on the basis of working duties, interests and other information that we receive. We process personal data for these purposes based on a legitimate interest. You may object to processing in the manner described below.
- R&D and reporting: We process data for analysis of services and business operations, and for R&D and reporting in order to enhance our services. For example, customer comments and responses to various questionnaires or surveys help us understand how we can improve our services. This processing is based on our legitimate interest. Processing related to research may also be based on your consent.
- Preventing and investigating abuse: We occasionally have to use information to prevent and investigate abuse. For example, automatically collected log data enables us to monitor and investigate the actions of a user of the information system, and the permissibility of using the data in accordance with our legitimate interest.
- Consent-based processing: If we have requested your consent for specific purposes, then we process personal data for these purposes based on consent. You may withdraw your consent at any time in the manner described below.
- Compliance with legal obligations: We may also be required to process some of your personal data after the customer relationship ends in order to comply with accounting or other mandatory legislation. Processing is then based on compliance with a legal obligation.
Personal data retention period
We always retain personal data based on a customer relationship for at least the duration of that relationship, and for a reasonable period thereafter, after which we delete the detailed information relating to the customer relationship unless there are pending complaints or other disputes that require further processing of the information. Even after this period, we will retain certain information to the extent that is necessary for compliance with legal obligations (such as accounting legislation), or in order to send you direct marketing. If you prohibit the use of information for marketing and there are no other grounds for processing, then we retain information concerning this prohibition and contact information in order to enable compliance with the prohibition.
Rights of a data subject
You may influence processing of your personal data in accordance with data protection legislation. The following list sets out various ways in which you can influence the processing of data:
- Verification, correction and deletion of data: You have the right to inspect the personal data that we retain concerning you. Upon your request, we will correct, supplement or delete any personal data that are inaccurate, incomplete or out of date for the purpose of processing. You also have the right to seek deletion of your data under circumstances in which this is permitted under data protection legislation.
- Transfers of data: Data protection legislation also enables you to transfer the personal data that you have provided and that we process automatically on the basis of consent or contract.
- Prohibition of direct marketing: You may object at any time to processing of your data for the purpose of direct marketing.
- Right to object and restrict: You may object to processing of your personal data based on a legitimate interest on grounds relating to your personal circumstances. In these circumstances, for example, processing will be restricted while the grounds for the objection are evaluated. Processing may also be restricted, for example, if the data subject disputes its accuracy, in which case processing is restricted for the time taken for us to verify the accuracy of the data.
- Withdrawal of consent: You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing completed prior to withdrawal.
- Right to complain: You may submit a complaint to a public authority if you believe that your data have been processed in a manner that is contrary to this privacy statement and to current legislation. The contact details of the public authority are available at www.tietosuoja.fi.
Transfers and disclosures of personal data
We will not sell or otherwise disclose your information to third parties except under the following circumstances:
- Public authorities: We may disclose your personal data to the competent authorities, as required by current legislation
- Consent: We may disclose your information to third parties if we have requested and secured your consent to this.
- Mergers and acquisitions: Your personal data may be disclosed to parties involved in any sale, merger or restructuring of our business.
- Collection and legal claims: We may disclose your personal data to third parties if this is necessary for discharging a contract, recovering claims, investigating any violations, or preparing, submitting or defending a legal claim.
We use subcontractors in data processing, who may access your personal data in order to provide services. We have made contractual arrangements with subcontractors ensuring that data are always processed in accordance with current data protection legislation.
We do not generally transfer your personal data outside the European Union or European Economic Area. Some of our partners may be based outside the European Union or the European Economic Area. If we transfer data outside the European Union or the European Economic Area, then we will ensure an adequate level of protection of personal data, including by agreeing on issues related to the confidentiality and processing of personal data as required by law, for example through the use of standard contractual clauses approved by the European Commission, and otherwise so that the processing of personal data complies with this privacy statement. The transfer of data outside the European Union or European Economic Area may also be based on your consent.
Principles of personal data protection
We carefully protect your personal data by applying appropriate organisational and technical security measures. Your personal data will be accessed and processed by employees of Kärkimedia Oy or its partners who need to process your personal data in order to discharge their duties. Each user has a personal user name and password for the system, and is bound by the appropriate duty of confidentiality. The information system hardware involved in processing personal data is housed in closed data centres. Regular backup copies of the data are made as a safeguard against malfunctions. A firewall shields the systems against external intrusion. Hard copy materials are stored in locked premises. The data processing agreements concluded with our service providers stipulate the confidentiality of information and its protection in the manner required by data protection legislation.
We may collect information concerning the terminal device of a user of our services automatically using server logs, cookies and other corresponding technologies. A cookie is a small text file that the browser stores on the user’s terminal device. Cookies often contain an anonymous unique identifier that enables us to identify and count the number of browsers that visit our site.
Cookies are not exchanged online as such, but are installed on the user’s terminal device only with a website that the user calls. Only the server that sent the cookie can subsequently read and use it. Cookies or other technologies do not harm the user’s terminal device or files, and they cannot be used to access software or distribute malware.
The information that we collect automatically includes the following:
- service feature usage and browsing information
- the page from which the user transferred to our website
- the hardware model
- the browser and browser version
- the visitor’s IP address
- the time and duration of the session, and
- the screen resolution and operating system
- a unique device or cookie identifier
First-party cookies are installed by the website shown in the browser address bar. Our services also use third-party cookies, relating to such sources as advertising networks, measurement and monitoring service providers, and social media services.
We use both single-session and persistent cookies. Single-session cookies expire when the user closes the web browser. Persistent cookies remain on the user’s device for a certain period, or until the user deletes them. The validity of persistent cookies typically varies from a few months to a few years.
You may clear cookies from your browser at any time, whereupon you change the unique identifier and the profile associated with the previous identifier will be cancelled. You may also modify your browser settings to block cookies.
Amendments to this privacy statement
We reserve the right to amend this privacy statement due to legislative amendments or changes in services. We shall announce any changes in our services.