Privacy Notice for Rapala VMC Website
This Privacy Notice describes how Rapala VMC Corporation (“Company”) collects and processes your personal data in connection with www.rapalavmc.com website (including other domains directing to this site). The terms, “Rapala”, “we”, “us” and “our” as used herein refers to Rapala VMC Corporation, a Finnish publicly listed corporation with a Finnish business ID 1016238-8. Also, all Rapala VMC Corporation subsidiaries apply this notice in their business if applicable.
Please read the following carefully to understand our policies and practices regarding your personal data and how we will treat it. This Privacy Notice may change from time to time so please check this Privacy Notice frequently for updates. Unless stated otherwise, this Privacy Notice applies to all information that we process about you as a website visitor, investor, shareholder, other stakeholder or a job applicant.
If you have any questions regarding this Privacy Notice or about the processing of your personal data or if you wish to exercise your rights as a data subject, please contact us at:
Rapala VMC Corporation
Mäkelänkatu 91
00610 Helsinki
Finland
email: privacy@rapalavmc.com
1. WHEN DO WE COLLECT YOUR PERSONAL DATA?
Most of the personal data we process is obtained directly from you, for example when you are in contact with, send an application, your resume or interact with us otherwise. We also receive technical device and log information, which is automatically collected when you interact with our online services. For example, this data can consist of your IP-address and the timestamp of your visit.
When you visit our website, we use cookies and similar tools to enhance your experience using our website, provide our services and to understand how you use our services so we can make improvements. This data includes for example unique cookie ID’s and information about the pages you have visited. You can manage your cookie preferences and read more about cookies here
1.1 WHEN WE COLLECT INFORMATION ON WEBSITE VISITORS, SHAREHOLDERS, INVESTORS AND OTHER STAKEHOLDERS
Messages and communications data. We collect your information when you contact us. This includes the contents of the messages that you have sent, and the method(s) used for communication.
Investor services. Through our investor services and webpages, we offer investors more targeted communication, including tools such as an investment calendar, live webcasts of financial results and other company events, and opportunities for interactive discussions. Investor related services allows investors to stay informed about the company performance and market insights through press release subscriptions and share alerts. We collect your data for example when you choose to subscribe for our press releases. This information includes for example your email address, your name and language preference. When you subscribe for share alerts, we collect your contact details such as your first name, last name, and email. On our website we use technologies and tools to display real-time financial data, stock analyses, and market insights on websites.
Shareholder register. We maintain a list of major shareholders on our website. This data includes the name of the shareholder, the number of company shares in their possession and share related transactions. We use a third party service provider, that retrieves this data from Nasdaq Helsinki.
Technical information. When using our online services, we automatically receive technical data such as your IP-address and information about your device.
Website analytics. We collect information from the website visits, such as clicks and time you spend on our website to understand how our website is used and to detect potential usability issues.
Whistleblowing service. Our whistleblowing service can be used to alert us about serious risks of wrongdoings that affect individuals, our company, the society, or the environment. All messages are encrypted and will be handled confidentially. The whistleblowing channel is administrated by an external service provider. Please read more about personal data processing regarding our whistleblowing channel here
Social media content. Our website utilizes user-generated content from social media platforms. If you share content with our hashtags, we can feature user-generated content from social media on our website. If you wish to withdraw your content from our website, please contact us at privacy
Data that we collect directly from you.
We collect data directly from you when you for example subscribe for our press releases or share alerts, contact us, or interact other ways on our website.
| Category | Data element examples |
| Contact information | Such as name, email address, subscription |
| Messages, communication, insights | Messages related to your subscription, other communication, or interactions with us. |
Data obtained from third parties
| Category | Data element examples |
| Shareholder information | Name, number of company and share related transactions |
| Investor relations | Statistics and analysis of gathered feedback |
| Social media content | Pictures and other social media content that you have shared with us |
1.2 WHEN WE COLLECT INFORMATION ON JOB APPLICANTS
Applying for an open position or sending an open application. We naturally receive your personal data when you apply for an open position or send an open application to us. All the applications are individually assessed by HR.
Recruiting services. At times we may use headhunters or other service providers in our recruiting process. If those services are used, we set the terms for processing personal data and make sure that the third party commits to the data processing agreement and follows the given instructions.
Reviewing applications and interviewing candidates. Our HR team assesses your application when you apply for an open position or send an open application to us. During your recruitment process, you are interviewed either using videoconference tools or meeting our representatives locally. The recruiting services and or our HR may build a candidate profile during your recruiting process.
Communication with the candidates. We do our best to keep you informed during the whole recruitment process. After the interview, we will keep you informed on the status of your application.
Conducting personal and suitability assessments. For certain positions we may use partners that perform suitability assessments, credit, or health checks on the employee suitability for that specific role. Assessments and checks are performed only with the candidate’s explicit consent.
When you want to stay informed on open positions, your job application may be saved for other open positions with your consent.
Maintaining candidate information. We do our best to ensure that all your information is handled with care and that all data is securely maintained. With your consent, we will be able to keep in touch with you if we open other positions that may interest you.
Data that we collect directly from you.
We collect data directly from you when you for example subscribe for our press releases or share alerts, contact us, or send an application, your resume or interact with us otherwise.
| Category | Data element examples |
| Contact information | Such as name, street address, phone number, email address, city, and country |
| Content and documents | Such attachments as application letter, CV, interview information including video interviews, and recommendation letters. We may ask you to participate in employee suitability assessment, health checks or credit checks before entering into agreement with you. |
| Employment and education information | Such as previous employers, work history, titles, education, qualification, and certifications |
| Other identifying information | Such as social security number and/or birthdate, picture, or other proof of identity |
| Salary preferences | Salary expectations |
Data obtained from third parties
We use third parties to for example provide professional recruiting services and health checks.
| Category | Data element examples |
| Employee suitability assessments, health checks and credit checks | Report on qualification |
| Recruiting services | Name, phone number, email, and work history. Depending on assignment they create a candidate profile for interviews. |
| References or previous employers | References and qualifications |
| Video footage | If your interview is held locally, your visit may be stored on CCTV that we have in our premises. |
2. FOR WHAT PURPOSES AND ON WHAT LEGAL BASES DO WE PROCESS YOUR PERSONAL DATA?
| 2.1 WITH YOUR CONSENT | |
| Data subjects | Purpose |
| Website visitors Shareholders Investors Other stakeholders Job Applicant | Based on your consent we deliver press releases and stock alarms that you have subscribed for. If you have given your consent, we use cookies and similar technologies on our website to gather statistics on website visitors and visited pages.1 |
| Job Applicant | With your consent we may save your job application for further openings that you may be interested of. We may collect information about you from sources other than from yourself. Conduct personal and suitability assessments. |
| 2.2 THE PROCESSING IS NECESSARY FOR THE PERFORMANCE OF A CONTRACT | |
| Data subjects | Purpose |
| Job Applicant | Pre-employment measures for those candidates who advance through the recruitment process. |
| 2.3 LEGAL OBLIGATIONS | |
| Data subjects | Purpose |
| Website visitors Shareholders Investors Other stakeholders Job Applicants | As a company, we are subject to various legal obligations that require us to process your personal data. We may disclose your personal data to certain authorities or other third parties, for example, to law enforcement agencies in the countries where the Company or third parties acting on our behalf are operating.We are required to maintain a shareholder register where we process personal data. The list of major shareholders is available on our website. List is updated by a third-party service provider.EU Whistleblower Protection Directive requires us to have a whistleblowing service, which enables reporting and informing Rapala VMC on any suspicions of misconduct in confidence. Whistleblowing service is an important compliance tool for us to detect risks or wrongdoings. |
When your personal data is processed based on legitimate interest, you have right to object to the processing of your personal data in certain situations. Read more in the section YOUR RIGHTS AS A DATA SUBJECT below.
3. DO WE SHARE YOUR PERSONAL DATA WITH 3RD PARTIES?
Rapala only shares your personal data if this is allowed by law. The principal recipient of your personal data is Rapala VMC Corporation. We also work particularly closely with certain service providers, for example with technical service providers (e.g. companies running data centers where we host our IT-systems). These service providers may generally only process your data on our behalf under special conditions.
Group companies. Many systems and technologies are shared within Rapala VMC Corporation. This allows us to offer you a more economical, secure, unified, and personalized service. Therefore, companies within Rapala group, which require access to your data to fulfill our contractual and legal obligations, or to fulfill their respective functions within our group, receive your personal data.
IT & Data center providers. We work with different IT service providers to be able to provide our services. These service providers include, for example, IT-system providers, Cloud providers and data center providers.
Website analytics. With your consent we collect your browsing data and analyze website statistics from your website visits.
Investor relations, share alerts and press releases. For example, when you subscribe for a share alert, your personal data is shared with the third party that provides the service.
Recruiting service providers and other professional services. At times we use the help of carefully chosen professional service providers. For instance, in reviewing applications and performing employee suitability assessments or health checks.
Other. In addition, we may also disclose your personal data to third parties for us to comply with any court order or another legal obligation. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. In the event of merger, acquisition, or any form of sale of some or all our assets, in which case personal information held by us could be among the assets transferred to the buyer.
4. DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE EUROPEAN ECONOMIC AREA?
We use several third parties to provide our services, which leads to situations where your personal data is transferred to a country outside the European Union or the European Economic Area (‘third countries’). For example, some of the data systems we use to store personal data are in third countries and in these cases some of our business partners’ subcontractors may have limited access to personal data.
When your personal data is transferred to a third country, the level of protection may decrease from the level guaranteed by the EU General Data Protection Regulation. Therefore, before each transfer, we strive to implement the necessary measures to ensure the high-level protection of your personal data under the EU General Data Protection Regulation requirements. Some of the measures we implement include ensuring that the recipient of personal data is certified under the EU-US Data Privacy Framework and using the standard contractual clauses approved and published by the European Commission as part of agreements we make with those entities to whom we transfer personal data to third countries. More information about the EU-US Data Privacy Framework can be found here: https://www.dataprivacyframework.gov/s/ and about the standard contractual clauses here: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_fi”
5. HOW LONG DO WE KEEP YOUR DATA?
Generally your personal data may not be kept in a form which permits identification longer than is necessary for the purposes for which the personal data is processed for. Therefore, we must delete or alter the data so that it is not identifiable anymore when there is no use for the data anymore. Rapala has strict practices on data retention in place and we are doing our very best to remove any old and unused data.
As the purposes of processing (please check the part FOR WHAT PURPOSES DO WE USE YOUR PERSONAL DATA? above) vary so does the retention times of your personal data. As long we have your consent, we send you our press releases and reports, or any other material that you may be interested in.
We process your personal data if we have a valid legal reason to do so. This might be for example for us to enforce our legal rights in which case the data will be kept until the legal matter has been fully ceased.
If you are a job applicant, we store your applicant data for 12 months.
6. HOW DO WE KEEP YOUR DATA SAFE?
Rapala applies strict and up-to-date data security means to protect your personal data. It is important for us to protect confidentiality and integrity of your personal data when we are processing it. We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
Your personal data is protected by physical, organizational, and technical means. Data is stored on secure servers, behind firewalls and when we are using our partners to process your personal data, we require them to follow the same rules that we follow. Only authorized persons are allowed to access the data and we keep up different kind of technical measures to protect the data and control the access. All of this is done to reduce any risk of loss, misuse or unauthorized access, disclosure, or modification of your personal data in our possession.
7. YOUR RIGHTS AS A DATA SUBJECT
The data protection legislation gives you the right to control how your personal data is collected and used. However, please note that these rights are not absolute, and there are certain limitations. Please also note that we are obliged to keep your personal data confidential, so be prepared to prove your identity when exercising these rights.
Where the processing of your personal data is based on your consent, as is the case with our marketing (press release subscription), you have a right to withdraw your consent at any time. You can cancel your consent on your subscription visiting our website at rapalavmc.com/subscribe-releases.
To exercise the rights listed below, please contact us at privacy@rapalavmc.com
Right to transparent information. You have the right to receive transparent information about the processing of your personal data. You can always ask more details about the processing by contacting us at the email address above.
Right to access your personal data. You have a right to know whether we are processing your personal data. In addition, you have the right to know what personal data we have on you, the purposes of processing it, the recipients to whom your personal data have been or will be disclosed, the retention periods, information about the sources of your personal data as well as information about transfers of your personal data to third countries. If you wish, we will also provide you with a copy of all your personal data undergoing processing.
Right to rectification. If you feel that your personal data is inaccurate, incomplete, or out-of-date, you have the right to have such data rectified or completed.
Right to erasure. In certain situations, you have a right to get your personal data erased. Please note that this right applies in limited situations; for example, we can’t delete personal data that we must retain to comply with a legal obligation.
Right to data portability. You have a right to get your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller (where technically feasible). Please note, however, that this right applies only to personal data processed by automated means that you have provided to us and that we are processing relying on your consent or contract.
Right to object and right to restrict the processing of your personal data. Based on a specific personal reason, you have the right to object to the processing of personal data. However, this does not mean the general right to oppose all processing, but is limited, for example, to situations where the processing is based on a legitimate interest of ours or a third party. We have the right to continue to process your personal data if we have a compelling reason to do so.
Right to lodge a complaint. If you suspect your personal data has been processed unlawfully or are not happy about our privacy practices, you always have the right to lodge a complaint to your local data protection supervisory authority. Find the contact details of the supervisory authorities below:
Finland: https://tietosuoja.fi/en/notification-to-the-data-protection-ombudsman
