File description for Fazer Bakery Export Web Service’s User Data File

File description in accordance with Section 10 of the Personal Data Act (523/99)

1.     Controller, representative of Controller and contact information

Name: Fazer Leipomot Oy

Contact information: Fazerintie 6, Vantaa, PL 00941 HELSINKI

Representative for Controller: Sanna Vanhatalo
Tel. +358 9 87621

2. Name of data file

Fazer Bakery Export web service’s user data file
Drafted on 3 November 2014

3. Purpose of processing personal data

Data in the data file may be used for

-       provision, realization and maintenance of Fazer’s electronic services
-       development of customer service and business
-       analytical and statistical purposes, and
-       correspondence between the service provider and user.

Personal data may be used for direct marketing where the user has given their explicit consent thereto or where direct marketing is otherwise permitted by law. 

Website visitor amounts and other general anonymous data is monitored with use of cookies or other corresponding techniques.

4. Contents of the data file

The data file may contain for example the following information:

-       name
-       contact information such as email address and telephone number
-       company information
-       information relating to enabling communication and information relating to use of services,
-       other profiling or interest information possibly provided by the user,
-       other possible information collected at the user’s consent.

5. Regular sources of data

User data is regularly obtained from

-       the user while using the service

6. Regular transfers of data and transfer of data outside the EU or EEA

Personal data may be transferred to entities within the same group of companies with the controller as permitted by law.

Third parties may be used in processing personal data wherein personal data may be assigned for processing on behalf of the controller. Other processing of personal data requires consent of the data subject or is based on a specific provision of law.

Data is not regularly transferred outside European Union or the European Economic Area (EEA).


7. Principles of protection of the data file

Only designated employees having authorization to process user or customer data due to their work duties are entitled to use the system containing user data. Each user has personal user name and password to the system.

Data is stored in databases protected with firewalls, passwords and with other technical measures. Databases and their back up files are located in locked premises and the data is accessible only to designated persons. Servers are strongly protected.  

8. Inspection right

According to Section 26 of the Personal Data Act user of a service shall have a right to inspect what personal data has been collected in the data file or that no data has been stored.

Request for inspection may be presented as follows:

-       Written and signed request for inspection is sent to the representative of the collector to the address indicated in section 1 or sent by email to the representative of the collector.

-       Request for inspection is presented in person at the address indicated
in Section 1.

If there are errors in the data stored in the data file, the registered person may present a request for correction to the person in charge of data file matters indicated
in Section 1

9. Denial right

The registered person shall have right to deny the collector from processing personal data for the purpose of direct marketing, online selling and other personalized marketing and market research and survey as well as for public registers and genealogical research. In matters relating to such denial, we ask that the representative indicated in section 1 is contacted.