VILPE Oy social media privacy policy

This text sets out VILPE Oy’s social media privacy practices. These privacy policies apply if you like or follow VILPE Oy’s Facebook, Instagram, LinkedIn or YouTube accounts. 

1. Controller

VILPE Oy (business ID 0558172-1). Kauppatie 9, 65610 Mustasaari.  

2. Contact details for register matters 

VILPE Oy 
Communications coordinator Essi Saarenpää 
Kauppatie 9, 65610 Mustasaari 
Tel. (switchboard) +358 20 123 3200 
some@vilpe.com 

3. The personal data processor 

The personal data processors are the aforementioned social media sites. Their data protection principles can be accessed via the following links:

Facebook, Instagram, LinkedIn and YouTube are the main responsible parties for the data security and rights of data subjects under the General Data Protection Regulation (GDPR) associated with their services. VILPE has no influence over the processing of the data, since the services in question exclusively carry out the processing of the data. You can manage the privacy settings for the service in question within the service itself.  

4. Purpose of processing personal data 

The purposes for processing personal data are set out in information given by the service providers in question:

5. Basis for the processing of personal data 

The basis for processing personal data is the legitimate interest of the controller. 

6. Data sources and data processed in the processing of personal data 

VILPE receives a registered name or username from Facebook, Instagram, LinkedIn and YouTube, a public profile picture, any other information identified by the data subject in the application as public, as well as data contained in the data subject’s own comments and instant messaging service. Data is collected even if the user is not registered for the service or is not logged in to their account.

7. Retention time for personal data 

The social media service provider retains personal data until it is no longer needed or until the person in question deletes their account. VILPE has access to the data until the data subject removes or stops following VILPE’s Facebook, Instagram, YouTube, or LinkedIn accounts. 

8. Disclosure of data 

VILPE does not disclose personal data collected in the service to third parties. 

9. Transfer of data outside the EU or EEA 

VILPE does not transfer data outside the EU or EEA. Social media providers, by contrast, share data globally.

10. Principles of register protection 

A. Manual data 

The controller does not convert data to a manual format. 

B. Data saved in electronic format 

The controller’s employees and any external parties operating in the controller’s name who participate in the processing of data have a confidentiality obligation regarding all registered personal data. Administrator’s rights or usernames for VILPE’s Facebook, Instagram, YouTube and LinkedIn accounts have been made available only to those responsible for the service.  

11. Profiling 

The controller may also use data for profiling purposes. Profiling is carried out by using identifiers, with which data generated about data subjects during the use of the service can be merged. As a result, profiles can, for example, be compared with profiles of other data subjects. 

The purpose of profiling is to identify the demand for services and customer behaviour. 

12. The right of data subjects to object to the processing of personal data and direct marketing 

The data subject has the right to object to profiling and other processing operations concerning the data subject. The data subject can choose to hide ads from VILPE.

13. Other rights of data subjects related to the processing of personal data 

RIGHT OF ACCESS TO PERSONAL DATA (RIGHT OF INSPECTION) 

The data subject has the right to check from the data of the social media service provider what information is stored pertaining to the data subject in the customer register of that social service provider. VILPE does not transfer data from social media services to its own registers.

RIGHT TO REQUEST THAT DATA IS CORRECTED OR ERASED AND THAT PROCESSING IS RESTRICTED 

The data subject may, if they have detected an error, themselves correct, delete or restrict their personal data as far as is made possible by the social media service provider. The data subject may also contact the social media service provider to have their personal data corrected, deleted or restricted.

RIGHT TO TRANSFER DATA FROM ONE SYSTEM TO ANOTHER 

Insofar as data subjects have themselves added data to the register and this data is processed on the basis of the data subject’s consent or assignment, data subjects have the right to have this data transferred to themselves or to another controller, primarily in a machine-readable format. The provision of this information to the data subject is the responsibility of the social media service in question. VILPE does not transfer data from the data subject’s social media service to its own customer registers.

RIGHT TO FILE A COMPLAINT WITH THE SUPERVISORY AUTHORITIES 

Data subjects have the right to file a complaint with the competent supervisory authority if the controller has not complied with applicable data protection regulations in their activities. 

OTHER RIGHTS 

If personal data is processed on the basis of the data subject’s consent, the data subject has the right to withdraw their consent by discontinuing their use of the social media service in question. VILPE has no power to influence the use of personal data by the social media services in question.

14. Contact 

For questions relating to the processing of personal data and in situations relating to the exercise of their own rights, the data subject must contact the social media service provider in question, whose contact details are given on the service provider’s website.

If the data subject has questions about VILPE’s processing of personal data from the social media service, they should contact the person specified in section 2 above. If necessary, the controller or the person specified in section 2 can ask data subjects to specify their request in writing, and the identity of data subjects can be verified before taking any further action.