This Privacy Notice describes how Rapala VMC Corporation ("Company") collects and processes your personal data in connection with www.rapalavmc.com website (including other domains directing to this site). The terms, “Rapala”, “we”, “us” and “our” as used herein refers to Rapala VMC Corporation, a Finnish publicly listed corporation with a Finnish business ID 1016238-8. Also all Rapala VMC Corporation subsidiaries apply this policy in their business if applicable.
If you have any questions regarding this Privacy Notice or about the processing of your personal data or if you wish to exercise your rights as a data subject please contact us at:
F.A.O – Rapala VMC Corp.
Privacy Manager Mr. Kimmo Valkkio
Rapala VMC Corporation
Phone: +358 9 7562 540
Fax: +358 9 7562 5440
WHAT PERSONAL DATA DO WE COLLECT & PROCESS
Much of the personal data we process is obtained directly from you, for example when you register and provide your contact details. We also receive technical device and log information which is automatically collected when you interact with our online services. This may, for example, be your IP-address and the timestamp of your visit.
The following principle generally applies: If we request you to provide your personal data, you can decide what information you want to share with us. However, in certain situations personal data is needed to provide our services. For example, you can’t register for newsletter if you don’t provide your email address.
Release subscription. We collect your data when you choose to subscribe for our press releases. This information includes your email address, your name and language preference.
Share alerts. If you subscribe for share alerts, your contact details such as your first name, last name, email and your profession, company and country will be processed.
Messages and communications data means the information collected when you contact us or our we contact you. This includes the contents of the messages you send and the method(s) used for communicating with us.
Technical information. When using our online services, we automatically receive technical data such as your IP-address and information about your device.
A cookie is a small text file containing a string of characters that is stored on your computer when you visit a website. When you visit the site again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information to enhance your experience on the site or be used to track you when you navigate to other sites that also use services from third party cookies.
Strictly necessary cookies that are necessary for our website to work.
Whistleblowing service. The whistleblowing service can be used to alert us about serious risks of wrongdoings that affect individuals, our company, the society or the environment. All messages will be handled confidentially and are encrypted. The whistleblowing channel is administrated by WhistleB, an external service provider. Link to our Whistleblowing Guidelines
Website analytics. We collect information from the website visits, such as clicks and time you spend on our website in order to understand how our website is used and to detect potential usability issues.
Shareholders register. We maintain a list of major shareholders on our website. Data includes the name of the shareholder, the number of company shares in their possession and share related transactions.
Applying for an open position. We naturally receive your personal data when you apply for an open position or send an open application. All the applications are assessed by HR individually.
FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
With your consent
Based on your consent we deliver press releases and stock alarms that you have subscribed for.
As a company, we are subject to various legal obligations that require us to process your personal data. We may disclose your personal data to certain authorities or other third parties, for example, to law enforcement agencies in the countries where the Company or third parties acting on our behalf are operating.
We are required to maintain a shareholder register which requires us to process personal data. The list of major shareholders is available on our website.
In addition, EU Whistleblower Protection Directive requires us to have a whistleblowing service, which enables reporting and informing Rapala VMC on any suspicions of misconduct in confidence. Whistleblowing service is an important compliance tool for us to detect risks or wrongdoings.
Processing is necessary for the performance of a contract to which you are party or about to become a party.
When you apply for an open position we naturally process your data to match your application to any open positions.
We may also process your personal data when it is necessary for the prevention of a criminal activity.
Please note that you have always the right to object the processing of your personal data that is based on legitimate interests
DO WE SHARE YOUR PERSONAL DATA WITH 3RD PARTIES?
Rapala only shares your personal data if this is allowed by law. The principal recipient of your personal data is Rapala VMC Corporation We also work particularly closely with certain service providers, for example with technical service providers (e.g. companies running data centers where we host our IT-systems). These service providers may generally only process your data on our behalf under special conditions.
Group companies. Many systems and technologies are shared within Rapala VMC Corporation which us to offer you a more economical, secure, unified and personalized service. Therefore, companies within Rapala group which require access to your data to fulfill our contractual and legal obligations, or to fulfill their respective functions within our group, receive your personal data.
IT & Data centre providers. We work with different IT service providers in order to be able to provide our services. These service providers include, for example, IT-system providers, Cloud providers and data centre providers.
Website analytics. With your consent we may share your browsing data across platforms that analyze website statistics, such as Google Analytics.
Other. In addition we may also disclose your personal data to third parties for us to comply with any court order or another legal obligation. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. In the event of merger, acquisition, or any form of sale of some or all of our assets, in which case personal information held by us could be among the assets transferred to the buyer.
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE EUROPEAN ECONOMIC AREA?
Outside the European Union Rapala VMC Corporation receives and transfers personal data to and from the United States of America in order to provide the web site and it’s services. All relationships are covered with necessary data protection agreements and we go great lengths to ensure all our international partners are following necessary legislation.
When your personal data is transferred to a Third Country, the level of protection guaranteed in the GDPR might decrease. Therefore, before any transfer, we aim to take necessary measures to ensure the high level of protection of your personal data as required by the GDPR. Such measures we have implemented include the use of so called ‘standard contractual clauses’ (“SCC’s”) approved and provided by the EU Commission as part of our agreements we enter into with the recipients of personal data in Third Countries. You can read more about the SCC’s here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
HOW LONG DO WE KEEP YOUR DATA?
Generally your personal data may not be kept in a form which permits identification longer than is necessary for the purposes for which the personal data is processed for. Therefore we must delete or alter the data so that in is not identifiable anymore when there is no use for the data anymore. Rapala has strict practices on data retention in place and we are doing our very best to remove any old and unused data.
As the purposes of processing (please check the part HOW DO WE USE THE PERSONAL DATA? above) vary so does the retention times of your personal data. As long we have your consent it is our honor to send you our press releases and reports, or any other material that you may be interested in.
We process your personal data as long as we have a valid legal reason to do so. This might be for example for us to enforce our legal rights in which case the data will be kept until the legal matter has been fully ceased.
HOW DO WE KEEP YOUR DATA SAFE?
Rapala applies strict and up-to-date data security means to protect your personal data. It is important for us to protect confidentiality and integrity of your personal data when we are processing it. We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure.
Your personal data is protected by physical, organizational and technical means. Data is mainly stored on servers securely located at our own offices behind firewalls and when we are using our partners to process your personal data we require them to follow the same rules that we follow. Only authorized persons are allowed to access the data and we keep up different kind of technical measures to protect the data and control the access. All of this is done by us to reduce any risk of loss, misuse or unauthorized access, disclosure or modification of your personal data in our possession.
YOUR RIGHTS AS A DATA SUBJECT
As according to the General Data Protection Regulation of the European Union you have certain rights you may exercise to limit the usage, control and protect your personal data.
First of all you have a right to request from us an access to and rectification or erasure of your personal data as well as the right to data portability. Moreover you may demand us to restrict processing of your data or you may object the processing. Where the processing of your personal data is based on your consent, as is the case with our marketing (press release subscription), you have a right to withdraw your consent at any time.
When exercising your rights, please be prepared to prove your identity by means specified by Rapala.
On our website you can cancel your consent on your subscription visiting rapalavmc.com/subscribe-releases on the website.
And remember, if you believe that we have not followed the data protection obligations applying to us, you always have the right to lodge a complaint with your local supervisory authority.