Privacy Statement

Introduction

Componenta Corporation (“Componenta” or “controller”) is committed to protecting your privacy and will process your personal data in compliance with the applicable data protection legislation and good data processing practice.

In this privacy statement, we tell you about the processing of personal data at Componenta in general and provide you with information on how we collect, process and protect your personal data in the course of our operations.

This privacy statement concerns filing systems of the following persons (data subjects):

  • Componenta’s customer register, which includes the contact persons of Componenta’s present, former and potential corporate customers (such as clients)
  • Componenta’s supplier and partner register, which includes the contact persons of Componenta’s present, former and potential suppliers and partners (such as service providers, subcontractors and other partners)
  • The visitor register of the componenta.com website that includes website users (including the feedback given by users on the website)
  • The tenant register, which includes the contact persons of tenants
  • The company’s insider registers, which include the individuals that belong to insiders or persons closely associated with them in the lists maintained by the company on a statutory basis

Componenta has separate privacy statements for its employee and jobseeker registers.The rights described in this privacy statement are based on the data protection laws of the European Union.

Data Controller and Contact Information

If you have any questions or requests regarding this privacy statement or the personal data Componenta holds concerning  you, please contact:

Componenta Corporation (business identity code: 1635451-6)
Teknobulevardi 7
FI-01530 Vantaa
Finland
Tel. +358 10 403 00

Contact person/Data Protection Team: dataprotection@componenta.com

The Componenta Group comprises the following companies: Componenta Corporation (1635451-6), Componenta Finland Ltd (0114490-3), Componenta Främmestad AB (556188-0765), Karkkilan Valimokiinteistö Oy (0618348-5), Pietarsaaren Vanha Valimo Oy (0791516-6), Oy Högfors-Ruukki Ab (0871292-6).

Purposes of the processing of personal data

We only collect and process personal data insofar as this is necessary for our business operations for purposes such as offering and developing our products and services. We collect and process your personal data for purposes such as the following:

Customer register and supplier & partner register:

  • for the production, provision, ordering and delivery of products and services
  • for invoicing, payments and refunds
  • for customer service and the management of contractual relationships
  • for communications
  • for sales, marketing and advertising
  • for the management of contacts
  • for the processing of inquiries
  • for the development of products and services
  • for the preparation and execution of contracts
  • when required by law or enabled by our legitimate interests.

Website visitor register:

  • to ensure efficient and secure use of the website
  • to develop the website for improved quality and services, among other things
  • to give feedback/contact you
  • to collect statistics (such as which parts of our websites are visited most frequently)

Tenant register

  • preparation and execution of a lease

Insiders and persons closely associated with them who belong to the company’s insider registers/lists

  • compliance with the provisions of Regulation (EU) No 596/2014 of the European Parliament and of the Council on market abuse (MAR) concerning insiders and persons closely associated with them

Legal bases for the processing

The processing of personal data by Componenta may be based on a contractual relationship, statutory obligation (e.g. accounting obligation or provisions of the MAR), Componenta’s legitimate interest or the data subject’s consent. Componenta will request the data subject’s consent for the processing of personal data when the applicable laws require this.

The main legal bases for processing for different data subject groups are presented below.

Personal data included in the customer and supplier & partner registers

The legal basis for the processing of data contained in the registers is primarily the execution of a contract to which the data subject or the company represented by them is a party, or execution of actions preceding the conclusion of a contract at the data subject’s request. When the processing is based on a contract, the processing of personal data is necessary for the provision of a product or service. For example, products or services cannot be produced or provided without the contact information of the contact person of the company concerned.

The processing of the personal data contained in the registers is also necessary to exercise the legitimate interests of the controller or a third party. Legitimate interest means processing essential for the controller’s operations and which the data subject may reasonably expect to be part of the controller’s operations. The processing of personal data may not in this instance necessarily be justified based on a statutory obligation or contract, but the processing of personal data may be justified based on “legitimate interest”. In this case, the processing of personal data based on legitimate interest must always be evaluated beforehand so that the activity based on legitimate interest will not cause significant harm to the rights and freedoms of data subjects. As a controller, Componenta processes data based on legitimate interest for purposes such as processing and analysing feedback, developing products and services, and investigating cases of misconduct or defects. If a data subject submits their personal data to the Componenta website to make a contact request, the personal data will be processed based on legitimate interest.

Website visitor register (including giving feedback on the website)

The principal legal basis for the processing of personal data related to website visits collected via the website is the afore-described Componenta’s legitimate interest. If the feedback given on the website relates to Componenta’s other registers, such as the customer or tenant register, the further processing of the feedback is included in the other registers discussed in this section. The recruitment page has a separate privacy statement for jobseekers which is applied in recruitment in lieu of this privacy statement.

Tenant register

The legal basis for the processing of personal data related to leases is the contract and its preparation.

Insider registers

The legal basis for the processing of personal data contained in insider registers is the statutory obligation (MAR provisions).

Regular sources of data

The purpose of the processing defines the kind of data we collect in each situation and for what purpose. We only process your personal data mentioned below on legal grounds for pre-defined purposes.

Personal data pertaining to companies’ contact persons is primarily collected from the data subjects themselves or from the company the data subject represents. Data is collected in connection with a request for tender, order or contract, for example, or during the execution of a contract. Data is also collected in connection with meetings.

Data is collected by phone, email, electronic/printable forms (for example, when feedback is given) or another hardcopy document. In customer service situations, communications between a data subject and Componenta such as emails can be recorded for developing customer service and for verifying its content.

Furthermore, we obtain personal data from public and private filing systems, such as the company and credit register maintained by Asiakastieto.

You can also submit your personal data in connection with customer feedback if you wish.

In certain situations, we also collect data from other external sources with the data subject’s express consent or to the extent permitted by law, such as data on potential customers for sales contact purposes.

Visitors to the website disclose their data themselves when they visit the website, or their data is collected when a person uses the website.

Data subject and personal data groups

Componenta only collects and processes such personal data that is necessary for the aforementioned purposes. Listed below are the data subject groups and the groups of personal data collected on them.

Representatives of customers, suppliers and partners (including former and potential ones)

  • Identification data such as last name and first name
  • Contact information such as work email and phone number and workplace address
  • Position in the company
  • Inquiries and feedback

Website visitors

  • Technical identification data, including cookie information such as IP address and browser type (see the “Cookies” section below)
  • Website usage, such as the web pages and items accessed and the duration of the connection
  • Feedback given on the website and the name and email address

Tenant’s contact person and/or tenant

  • Contact person’s name
  • Contact information such as email, phone and address
  • Inquiries and feedback

Insiders or persons closely associated with them

  • Data required under MAR provisions, such as identification data and contact information, the basis and date of commencement of the insider or closely associated person status, and the number of Componenta shares held.

Transfer of personal data

Componenta may use third parties such as service providers to collect, store and process personal data on our behalf (for purposes such as technical maintenance or execution of marketing). Such service providers are only allowed to process your personal data to the extent necessary for them to provide the pervice we have requested from them. As a rule, they are not allowed to use your personal data for the benefit of their own business.

To protect your privacy, we require that all our service providers keep the personal data we provide them confidential and sufficiently secured. They are also required to abide by data processing agreements and the applicable data protection legislation.

Your personal data may be disclosed to the following parties:

  • Banks (invoicing and payments)
  • Logistics services, such as post and transport companies
  • Website administrator (website feedback)
  • Euroclear Finland (insider information)
  • Auditors

Additionally, we may transfer personal data in the following cases:

  • Within the group: Componenta may disclose data to companies or organisations belonging to the same group of companies or other comparable economic grouping that are subject to an obligation of confidentiality similar to that imposed on Componenta.
  • Authorities: we may need to disclose certain data to authorities or those applying the law in cases where there is a legally mandated requirement to do so. We will only do so if required by current legislation, a valid court decision, or an order or subpoena from a public authority.
  • Mergers and acquisitions: when a corporate acquisition or corporate reorganisation takes place, the acquiring party may obtain access to data contained in our filing systems (e.g. transfer of business where the business is transferred to another company).
  • Consent: we may disclose your personal data to third parties if you have given your consent for us to do so.

Transfer of personal data outside the EU/EEA

Due to technical and practical requirements, some of the personal data may be processed by subcontractors located outside the European Union or European Economic Area or at the subcontractors' servers outside the European Union or European Economic Area.

When data is transferred outside the EU or EEA, Componenta ensures an adequate level of protection as required under law by, among other things, utilising the standard contractual clauses for the transfer of personal data to third countries approved by the EU Commission.

Data security

We haveappropriate technical and organisational data security measures in place to protect personal data against loss, abuse or other similar unlawful access.

Manual material containing personal data is stored in locked facilities to which only the individuals concerned have access. Such material will be appropriately disposed of as data security waste.

Digital material is password-protected. Additionally, they are subject to Componenta’s or its subsidiaries’ or subcontractors’ general principles concerning data contained in information systems, such as firewalls and other appropriate technical and organisational safeguards. The access control system is used to ensure that only the separately designated employees of Componenta or its subsidiaries or subcontractors have access to the users’ personal data contained in the filing system data.

Retention of data

We will retain your personal data for as long as required for the purposes of processing, as long as the law requires us to do so, or until we receive a deletion request.

After this, the data will either be destroyed or made unidentifiable by irreversibly modifying it into a form from which an individual person can no longer be identified.

As a rule, personal data related to contracts (such as those concerning a customer, supplier, partner or tenancy relationship) will be retained until the expiry of the contract and potential warranty (or complaint) period. Additionally, Componenta is liable to retain any personal data related to accounting materials for 10 years after the end of the financial year. Vouchers and receipts can already be disposed of 6 years after the end of the financial year.

Data on potential (including former) customer, suppliers, partners and tenants will be retained for a maximum of 3 years from the date when the data was collected, provided that the contacts made have not resulted in tenders or other cooperation. The currentness of personal data is checked regularly. In connection with this, any unnecessary data will be deleted.

Contact details related to feedback will be retained until the feedback has been processed unless it is retained as part of the details of a specific contractual relationship, in which case its retention period will be determined based on the contractual relationship concerned (see above). In future, data can be retained in the form of anonymous statistical and archival data.

Data on individuals included in insider registers will be retained as provided by law. If you need further information, contact Componenta.

Concerning website technical identification data and cookies, see the “Cookies” section below.

Automatic decision making and profiling

Data will not be used for automatic decision making or profiling.

Cookies

Componenta may store pieces of data known as “cookies” on your device to allow us to identify you. Cookies are small text files stored on your device based on which the website can recognise your device. Of permanent cookies, we only collect your choice of language; otherwise the cookies we use collect session-specific statistical information on which of our web pages visitors visit, from which page our website was accessed, and how long the visit lasted.

We use cookies to collect information about your IP address, operating system and browser type, for example. This information usually includes data from which information pertaining to a specific user cannot be directly identified.

Data collected by means of cookies is used for statistical and analytical purposes, such as maintaining statistics regarding the use of the website, conducting surveys to improve the website and/or Componenta’s other products and services, determining which parts of the website are the most popular, and optimising the use of the website.

If you do not wish to receive cookies, you can disable them by changing your browser settings. Note, however, that disabling cookies may prevent websites from working normally, because some functionalities will be disabled.

The IP address will not be stored in the statistics. The IP address will be retained in the website administrator’s server log data for 52 weeks.

Links to third-party websites

The Componenta website may contain links to third-party websites. Componenta is not responsible for the privacy practices or content of any such third-party website. Since this privacy statement only pertains to this website, we recommend that you read the privacy statements of the other websites if you intend to use them.

Data subject's rights

As a data subject, you may exercise the rights listed below and/or express any concern you may have on the use of your personal data by contacting Componenta. The contact details are provided in the section entitled "Controller and contact information". You may submit your duly signed request in writing or come personally on-site to review your data at an agreed time. We will answer your request within one (1) month at the latest.

Right of access

The data subject has a statutory right to access their data and check which personal data has been recorded concerning them.

Right to rectification

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them.

Right to object to the processing of personal data

The data subject has the right to object to the processing of personal data if they feel that personal data has been processed unlawfully.

Right to restriction of processing

The data subject has the right to restrict processing if the criteria required under law are met. The controller will assess the opportunities for restricting the processing on a case-by-case basis.

Right to erasure (“right to be forgotten”)

The data subject has the right to request that their data be erased if its processing is not necessary. The request for erasing data will be processed, after which data will be erased, or the data subject will be provided with justification for why data cannot be erased.

It should be noted that the controller may have a statutory or other right not to erase the data requested to be erased. The controller is obliged to retain accounting materials for the period (10 years) defined in the Accounting Act (Chapter 2, Section 10). For this reason, material related to accounting cannot be erased prior to the expiry of this period.

Right to transfer personal data from one system to another

The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format, and the right to transmit that data to another controller if the processing is based on consent or on a contract, and the processing is carried out by automated means.

Withdrawal of consent

If the processing of personal data concerning the data subject is solely based on consent and not, for example, on a customer relationship, the data subject may withdraw their consent.

Direct marketing ban

The data subject has the right to deny the use of their data for direct marketing purposes.

Right to lodge a complaint

The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they feel that our processing of their personal data violates the current data protection laws.

Contact details of the Data Protection Ombudsman: https://tietosuoja.fi/en/contact-information

Updates to the privacy statement

Componenta regularly develops its products and services, and therefore reserves the right to make changes to this privacy statement. Changes to the content of the privacy statement may also be due to changes in legislation. We will separately inform data subjects of any significant changes, such as a change in the purpose of the processing of personal data. Otherwise, the changes will only be updated in this privacy statement. We recommend that you revisit this privacy statement occasionally to review potential changes.