UPDATED ON 4.6.2018
Below you can find more information on:
- Identity of the controller and contact details
- Types of personal data we process
- Where we obtain your data
- How we use your personal data and the legal basis of processing
- Disclosures of your personal data
- Your rights as the data subject
- Data retention
- Data security principles
- Changes to this policy
Identity of the controller and contact details
Cross Wrap Oy
Teollisuustie 6, 71800 Siilinjärvi, Finland
tel. +358 17 287 0270
Types of personal data we process
Cross Wrap only processes such personal data that is necessary for predefined purposes. We typically process the following types of personal data about you:
- Information about our business customers and their contact persons. In case you are the contact person for our business customer, we may collect and process the following information about you and your company, which we will combine and process together for as long as you are the contact person for that company:
- Information concerning the company and the customer relationship, such as name, business number, address, invoicing and payment details (including possible payment failures), order/purchase history, possible direct marketing opt-outs
- Information about you as the contact person, such as name, title and role in the company, contact details (such as email, phone number and address), details and contents of correspondence with us, possible direct marketing opt-outs
- Information about our partners. Cross Wrap has many partners that operate in different capacities and include, for example, companies that are our suppliers and companies that we do other commercial and non-commercial co-operation with (such as providers of maintenance services, our agents and other representatives, and journalists in media companies). In this relation we may collect and process the following information about you:
- Your name, details of the company you represent, title and role in the company, contact details (such as email, phone number and address), possible invoicing and payment details and order history, possible direct marketing opt-outs
- Information we use for marketing purposes (potential customers). We also collect certain information about companies and their contact persons that have expressed their interest in the products and services Cross Wrap provides or who we otherwise believe would be interested in receiving information about our products and services. In this relation we may collect and process the following information about you:
- Your name, details of the company you represent, title and role in the company, contact details (such as email, phone number and address), topics of interest, details and contents of correspondence with us, possible direct marketing opt-outs
Where we obtain your data
We obtain the data we process principally from you when you are in contact with us through our website by submitting contact forms or in other ways such as by email or calling us. We also obtain your data when our business customer enters into an agreement with us or submits requests for proposal, or in other business connections.
We may also collect and update your information through our own representatives or partners or from publicly available sources (such as company websites, databases of authorities etc.), campaigns, publications, fairs, from business cards and otherwise. We may also receive your data through third party services, such as professional social media sites, where Cross Wrap has presence and where you have opted to follow us.
How we use your personal data and the legal basis of processing
Cross Wrap uses your personal data for the following purposes:
- Execution of agreement and management of customer relationship: We process your personal data to fulfil the agreement that you or your company has made with Cross Wrap and to enforce the rights and obligations relating to that agreement, including processing your personal data in relation to requests for proposal.
We also process your data to manage and develop the customer relationship, such as to contact you, send you updates on your order, for invoicing and debt collection and invite you to customer surveys.
The processing of your personal data is in these cases based on an agreement or necessary to take steps preceding entering into such agreement.
- Direct marketing and other communication with you. We may process your personal data for direct marketing purposes both by electronic means (email, SMS) and by phone or post. We also process your personal data to send you updates relating to our products, services and business (such as newsletters), and other content you may have requested. In case you are the representative of Cross Wrap’s other business partner than customer, we also process your data to communicate with you in matters relevant to that relationship.
We may target and customise our marketing and other content in order to serve you with more relevant content and create profiles and customer segments based on your title and role, order history, topics of interest, your interactions with our content and other information we have collected from you. You can always opt out of receiving direct marketing and other updates, and object to profiling.
We process your data for the abovementioned purposes based on an agreement you/your company has with Cross Wrap or our legitimate interest if we consider your company as a potential customer, if the agreement between us has ended and you have not opted out of direct marketing, or your company has another business relationship with Cross Wrap. If we have requested your consent for the foregoing activities, we process your personal data based on that consent.
- Development and analysis. We process your personal data as well as the data we collect automatically to analyse and develop our products, services and business, and to better understand how our services are used. We will not use your information in an identifiable form if it is not necessary for the abovementioned purposes.
- Processing based on a legal obligation. We may be obligated to process certain of your personal data based on a legal obligation under the Finnish accounting and other mandatory law, also after the customer relationship has ended. In these cases, the processing is based on that legal obligation.
Disclosures of your personal data
Cross Wrap does not sell your information to third parties. We may, however, disclose your information in circumstances described below.
- Authorities: We may disclose your information to authorities when we have a legal obligation or other legitimate interest to do so under applicable law.
- Consent: Based on your consent we may disclose your information within the limits of the specific consent you have given. Information on revoking your consent is provided below.
- Business transactions: We may disclose your personal data in connection with a business transaction, if and to the extent necessary.
- Our legitimate interests: We may disclose your personal data if it is necessary in order to protect or defend our legitimate rights and interests, or those of our users, employees, directors or shareholders, and/or to ensure the safety and security of our services.
The principal place of processing of your personal data is in the EU and subject to the provisions of the EU General Data Protection Regulation and other national and EU privacy laws. In certain occasions we may use service providers located outside the EU/EEA in the provision and technical implementation of our services, in which case your personal data may be transferred outside the EU/EEA. In case we transfer your personal data outside the EU/EEA we have ensured that your personal data is afforded adequate level of protection by way of contractual obligations or by using other safeguards available under the EU data protection laws.
Your rights as the data subject
As the data subject, under data protection laws you can influence on how we process your personal data in the following ways:
- Right of access, rectification and erasure: You have the right to request access to your personal data we process. At your request we will also rectify any inaccurate, incomplete or outdated personal data relating to you. You also have the right to request your personal data to be erased (right to be forgotten) in accordance with applicable law.
- Data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller when we process your data automatically based on a contract or your consent.
- Right to object to direct marketing (including related profiling): In case you do not want to receive further marketing or other updates from us or wish to opt out of profiling we do in order to offer you tailored direct marketing, you have the right to object to processing of your personal data for those purposes. Should you use your right to object, you will no longer receive direct marketing from us. You can use your right to object either by contacting us or through the unsubscribe link on electronic messages we send you.
- Right to object data processing and right of restriction: You have the right to object to processing we carry out based on legitimate interest on grounds relating to your particular situation, unless we have compelling legitimate interests for the processing which override those interests. You also have the right to request the restriction of the processing of your personal data, for example, in case you object to processing as described above or contest the accuracy of your personal data.
- Revocation of consent: You may revoke a consent you have given at any time by contacting us or unsubscribing from further updates from us through the unsubscribe link on electronic messages we send you. Please note that revoking your consent does not affect the legality of the processing we have carried out prior to the revocation.
A “cookie” is a small data file containing a string of characters that is sent to your device when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. A cookie does not harm your device, and we do not get any information that is directly related to you (such as your name or email address) merely through cookies. The duration of how long a cookie will stay on your device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your device until they expire or until you delete them.
Most web browsers allow you to control and block cookies through their settings. Please note that if you limit the ability of our website to set cookies or block them entirely, the entire contents of our website may not be available and some of the features might not function properly. Below You can learn about how to control cookie settings on most common web browsers:
To prevent your data from being used by Google Analytics you can install the browser plug-in from Google which is available here.
If you would like more information about cookies, please visit www.allaboutcookies.org. More information about interest-based advertising, including how to opt-out of these cookies, can be found at www.youronlinechoices.com.
Information we process will only be retained as long as is necessary to fulfil the abovementioned purposes or as long as we have a statutory obligation to keep your information, after which it will be deleted from our files.
If you are our customer, we retain your data for at least the time you are our customer. After the customer relationship ends, the retention period depends on the data and its purpose of use. For example, we retain your personal data for direct marketing purposes until you have objected to it, and retain invoicing and payment information for 10 years after the agreement has ended. As a rule, we retain data on potential customers until that customer has objected to direct marketing or opted out of all of our communication, and we have no other grounds for retaining the personal data. We comply with statutory obligations in retaining data.
If you have exercised your right to object to direct marketing, we may still keep certain information about you to comply with that request.
Data security principles
We employ sufficient technical and organizational measures to protect your personal data against accidental and/or unlawful access, alteration, destruction or other processing (including unauthorized disclosure and transfer). These measures include proactive and reactive risk management, use of firewalls, encryption techniques and secure IT areas as well as access control and security systems, security planning, controlled granting and monitoring of access/user rights, ensuring skills through training for personnel involved in processing personal data and through assessments as well as careful selection of suppliers. We are continuously updating our in-house practices and guidelines in an appropriate manner.
Changes to this policy