Privacy Notice

This Privacy Notice describes how Rapala VMC Corporation (“Company”) collects and processes your personal data in connection with www.rapalavmc.com website (including other domains directing to this site). The terms, “Rapala VMC”, “we”, “us” and “our” as used herein refers to Rapala VMC Corporation, a Finnish publicly listed corporation with a Finnish business ID 1016238-8. Also, all Rapala VMC Corporation subsidiaries apply this notice in their business if applicable.

Please read the following carefully to understand our policies and practices regarding your personal data and how we will treat it. This Privacy Notice may change from time to time so please check this Privacy Notice frequently for updates. Unless stated otherwise, this Privacy Notice applies to all information that we have about you as investor, website visitor or job applicant.

If you have any questions regarding this Privacy Notice or about the processing of your personal data or if you wish to exercise your rights as a data subject please contact us at:

Rapala VMC Corporation
Mäkelänkatu 87
00610 Helsinki
Finland
Phone: +358 9 7562 540
email: privacy@rapalavmc.com

What personal data do we collect & process?

Much of the personal data we process is obtained directly from you, for example when you register and provide your contact details. We also receive technical device and log information, which is automatically collected when you interact with our online services. For example, this may be your IP-address and the timestamp of your visit.

The following principle generally applies: If we request you to provide your personal data, you can decide what information you want to share with us. However, in certain situations personal data is needed to provide our services. For example, you can’t subscribe for press releases or stock alarms without trusting us with your email address.

Applying for an open position or leaving an open application. We naturally receive your personal data when you apply for an open position or send an open application to us. All the applications are individually assessed by HR. Please read more on our privacy notice for job applicants .

Cookie information. We use cookies and similar technologies to gather data from your visits on our websites and the interactions you do on these sites. This data includes for example unique cookie IDs and information about the pages you have visited. We use cookies and similar tools to enhance your experience using our website, provide our services and understand how you use our services so we can make improvements. Please read more on our cookie notice .

Messages and communications data. We collect your information when you contact us or we contact you. This includes the contents of the messages that you have sent and the method(s) used for communication.

Press release subscription. We collect your data when you choose to subscribe for our press releases. This information includes your email address, your name and language preference.

Share alerts. When you subscribe for share alerts, your contact details such as your first name, last name, email and your profession, company and country will be processed. Share alerts are provided by a third-party service provider Euroland .

Shareholders register. We maintain a list of major shareholders on our website. Data includes the name of the shareholder, the number of company shares in their posession and share related transactions. Euroland, the service provider, retreives this data from Nasdaq Helsinki .

Technical information. When using our online services, we automatically receive technical data such as your IP-address and information about your device.

Website analytics. We collect information from the website visits, such as clicks and time you spend on our website in order to understand how our website is used and to detect potential usability issues.

Whistleblowing service. Our whistleblowing service can be used to alert us about serious risks of wrongdoings that affect individuals, our company, the society or the environment. All messages are encrypted and will be handled confidentially. The whistleblowing channel is administrated by WhistleB , an external service provider. Please note the additional data processing clauses in our Whistleblowing Guidelines .

For what purposes do we process your personal data?

With your consent
Based on your consent we deliver press releases and stock alarms that you have subscribed for.

If you have given your consent, we use cookies and similar technologies on our website to gather statistics on website visitors and visited pages.

With your consent we may save your job application for further openings that you may be interested of.

Legal obligations
As a company, we are subject to various legal obligations that require us to process your personal data. We may disclose your personal data to certain authorities or other third parties, for example, to law enforcement agencies in the countries where the Company or third parties acting on our behalf are operating.

We are required to maintain a shareholder register where we process personal data. The list of major shareholders is available on our website. An updated list is provided by a third-party service provider, Euroland. Read more on Euroland’s privacy statement .

EU Whistleblower Protection Directive requires us to have a whistleblowing service, which enables reporting and informing Rapala VMC on any suspicions of misconduct in confidence. Whistleblowing service is an important compliance tool for us to detect risks or wrongdoings.

Processing is necessary for the performance of a contract to which you are party or about to become a party.
When you apply for an open position, we naturally process your data to match your application to any open positions.

Legitimate interests.
We may also process your personal data when it is necessary for the prevention of a misconduct or violation.

Please note that you have always the right to object the processing of your personal data that is based on legitimate interests

Do we share your personal data with 3rd parties?

Rapala VMC only shares your personal data if this is allowed by law. The principal recipient of your personal data is Rapala VMC Corporation. We also work particularly closely with certain service providers, for example with technical service providers (e.g. companies running data centers where we host our IT-systems). These service providers may generally only process your data on our behalf under special conditions.

Group companies. Many systems and technologies are shared within Rapala VMC Corporation. This allows us to offer you a more economical, secure, unified and personalized service. Therefore, companies within Rapala VMC group, which require access to your data to fulfill our contractual and legal obligations, or to fulfill their respective functions within our group, receive your personal data.

IT & Data center providers. We work with different IT service providers in order to be able to provide our services. These service providers include, for example, IT-system providers, Cloud providers and data center providers.

Website analytics. With your consent we collect your browsing data and analyze website statistics from your website visits.

Share alert service provider. When you subscribe for a share alert, your personal data is shared with Euroland that provides the service, please see Euroland’s privacy policy .

Other. In addition we may also disclose your personal data to third parties for us to comply with any court order or another legal obligation. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. In the event of merger, acquisition, or any form of sale of some or all of our assets, in which case personal information held by us could be among the assets transferred to the buyer.

Do we transfer your personal data outside european economic area?

Outside the european union rapala vmc corporation receives and transfers personal data to and from the united states of america in order to provide the website and its services. All relationships are covered with necessary data protection agreements and we go great lengths to ensure all our international partners are following the necessary legislation.

When your personal data is transferred to a third country, the level of protection guaranteed in the gdpr might decrease. Therefore, before any transfer, we aim to take necessary measures to ensure the high level of protection of your personal data as required by the gdpr. Such measures we have implemented include the use of so called ‘standard contractual clauses’ (“scc’s”) approved and provided by the eu commission as part of our agreements we enter into with the recipients of personal data in third countries. You can read more about the scc’s here .

How long do we keep your data?

Generally your personal data may not be kept in a form which permits identification longer than is necessary for the purposes for which the personal data is processed for. Therefore we must delete or alter the data so that it is not identifiable anymore when there is no use for the data anymore. Rapala vmc has strict practices on data retention in place and we are doing our very best to remove any old and unused data.
As the purposes of processing (please check the part for what purposes do we use your personal data? Above) vary so does the retention times of your personal data. As long we have your consent we send you our press releases and reports, or any other material that you may be interested in.
We process your personal data as long as we have a valid legal reason to do so. This might be for example for us to enforce our legal rights in which case the data will be kept until the legal matter has been fully ceased.

How do we keep your data safe?

Rapala VMC applies strict and up-to-date data security means to protect your personal data. It is important for us to protect confidentiality and integrity of your personal data when we are processing it. We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure.
Your personal data is protected by physical, organizational and technical means. Data is stored on secure servers, behind firewalls and when we are using our partners to process your personal data, we require them to follow the same rules that we follow. Only authorized persons are allowed to access the data and we keep up different kind of technical measures to protect the data and control the access. All of this is done to reduce any risk of loss, misuse or unauthorized access, disclosure or modification of your personal data in our possession.

Your rights as a data subject

As according to the General Data Protection Regulation of the European Union you have certain rights you may exercise to limit the usage, control and protect your personal data.
First of all you have a right to request from us an access to and rectification or erasure of your personal data as well as the right to data portability. Moreover you may demand us to restrict processing of your data or you may object the processing. Where the processing of your personal data is based on your consent, as is the case with our marketing (press release subscription), you have a right to withdraw your consent at any time.
When exercising your rights, please be prepared to prove your identity by means specified by Rapala VMC Corporation.
You can cancel your consent on your subscription visiting our website here .
And remember, if you believe that we have not followed the data protection obligations applying to us, you always have the right to lodge a complaint with your local supervisory authority

Cookie	Duration	Description
_flowbox	24 months	To show social media feed on our website.
ASP.NET_SessionId	session	Issued by Microsoft's ASP.NET Application, this cookie stores session data during a user's website visit.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
pll_language	1 year	The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wordpress_test_cookie	session	This cookie is used to check if the cookies are enabled on the users' browser.

Cookie	Duration	Description
_pk_id.*	1 year 27 days	Matamo set this cookie to store a unique user ID.
_pk_ses.*	30 minutes	Matomo set this cookie to store a unique session ID for gathering information on how the users use the website.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_pk_id.2551.926c	1 year 27 days	No description
_pk_ses.2551.926c	30 minutes	No description