HES-PRO CUSTOMER REGISTER:
PRIVACY POLICY

Updated on 04 April 2022

Hes-Pro is committed to protecting the privacy of its customers. In this privacy policy, we will explain how Hes-Pro Oy (hereinafter referred to as “Hes-Pro” or “we”/”us”) process the personal data of their customers (hereinafter referred to as the “Customer”/”Customers”) within the EU and the EEA.  Personal data is data on the basis of which the Customer can be identified, such as their name and telephone number. 

1.  Why do we process your personal data?

We process personal data, for example, when we receive customer feedback from the Customer or the Customer contacts us in order to find a suitable product for them or their company. 

Personal data can be processed based on the Customer’s consent, an agreement concluded with Hes-Pro, our legal obligation or a legitimate interest.

We process personal data only to the extent that it is necessary for the following purposes of use: 

  • Managing and developing the customer relationship between Hes-Pro and the Customer, e.g.:
    • Processing and answering customer feedback (processing criterion: legitimate interest)
    • Processing and answering credit requests or reclamations (processing criterion: legal obligation)
  • Holding drawings and contests, delivering prizes and publishing the names of the winners in accordance with the contest rules (processing criterion: legitimate interest)
  • Web page development, use analysis and the targeting of marketing (processing criterion: consent). You can learn more about the cookies used by Hes-Pro under our “Cookie Policy”.

As a prerequisite for processing, a legitimate interest is based on the law and its application requires that the interests and rights of the data subject are taken into extremely precise consideration. Legitimate interest refers to processing, which is materially related to the operations of the controller, and which the Customer can reasonably assume to belong within the sphere of those operations.

Personal data may only be processed for specifically prescribed purposes. On the basis of personal data provided by the Customer, the Customer may not be, for example, solicited with direct marketing without the express consent of the Customer, nor may their personal data be processed in any way that violates the terms of this privacy policy.  

2.  What kind of data concerning me is collected and what are the sources of the data?

Data is collected directly from the Customer when the Customer contacts Hes-Pro, such as to give feedback or makes an inquiry about our products or participate in a contest. This data includes the Customer’s name, address, email address, phone number and  lottery and contest response information. 

Data is also collected in connection with use of the web pages. User data, such as IP address, browser information and the time of use, is collected when using the Hes-Pro website. 

3.  Who processes personal data?

At Hes-Pro, personal data is processed by personnel whose job descriptions include the maintenance and management of the services in question. To process the matter, the data may be transferred within the Hesburger Group.

In processing personal data, we also use third-party services. We require the data to be used only to carry out the purposes of use described above. 

Data may be transferred to the following parties outside of Hes-Pro: 

  • Data is transferred to service providers, which are responsible for the maintenance and development of Hes-Pro’s IT services.
  • Data is transferred to payment intermediation service providers and transport service providers.
  • Data is transferred to law enforcement agencies and other authorities if this is necessary due to a law, regulation or legal request or for the investigation of a crime or the exercise or defence of a legal claim.
  • Data is transferred to insurance companies for the processing of damage claims. 
  • Data can be transferred, in the event of a business acquisition or merger, to the purchaser of the business.

4.  Data transfers to third countries, safeguard measures for the transfers

Hes-Pro may use also subcontractors in the processing of personal data and in this context, data is also processed outside the European Union (EU) and the European Economic Area (EEA). If personal data is transferred outside the EU or the EEA, we ensure an adequate level of personal data protection, for example, by using standard contractual clauses approved by the European Commission. 

5.  Data protection

Hes-Pro employs technical and organisational measures to prevent the unauthorised use, transfer, deletion or other processing of personal data that may jeopardise data protection. The register is kept in electronic form. Use of the register, altering data and processing are only done using multilevel user identification by means of an encrypted application. Only appointed persons tasked with maintaining and managing the system are allowed to use the register. Register data is protected against being accessed from outside and use of the register is monitored.

6.  How long is the data stored?

Data is stored as follows: 

  • Customer feedback and credit requests: Data is deleted one (1) year after the date on which the Customer submitted feedback. However, data may be stored for a longer period of time if there is a justifiable reason for doing so, such as customer credit given on the basis of customer feedback, compensation for damages, or any other legal reason. 
  • Lottery and contest participant information: The data is deleted when the winner has been contacted and the prizes have been awarded.
  • Website data: The particulars of cookie retention periods are available in our separate “Cookie Policy”.
  • Other Customer data: Data is stored for as long as it is necessary to process data for one of the above-mentioned purposes.

8.  Information about automatic decision-making (profiling)

Hes-Pro does not engage in any automatic decision-making, such as profiling, based on the Hes-Pro customer register.

9.  Customer rights

The Customer may exercise the rights mentioned below by contacting the controller by mail or email.

Right of access

The Customer has the right to inspect their own data in the register. 

Right to request correction of incorrect or incomplete data

The Customer has the right to request that incorrect or incomplete data be corrected. 

Right to erasure

The Customer has the right to request that their personal data be deleted from the register ("Right to be forgotten"). At the Customer’s request, the controller shall make every effort to delete the data without undue delay, except in cases where there are legal reasons for denying the deletion of data. 

Right to restrict and oppose processing

The Customer has the right to restrict and oppose the processing of their personal data. When the Customer has submitted a request, controller may no longer process the Customer’s personal data, unless there is a legal reason for processing.

Right to transfer data from one system to another 

The Customer has the right to receive their personal data in a structured and commonly used form, in which the customer is able to transfer the data to another controller.

10.  Right to file a complaint

The Customer may file a complaint concerning the processing of personal data with the competent authority in their country of residence. Detailed information on National Data Protection Authorities can be found here: 

http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

11.  Who is the controller of your personal data and where can you contact them?

The controller is Hes-Pro (Finland) Oy.

Enquiries concerning the register may be made by post or email:

Hes-Pro (Finland) Oy

Terottajankatu 3

20780 Kaarina, Finland

privacy@hesburger.fi