Supplier Data Protection Notice

 

This notice provides you with information on how Sampo Rosenlew Ltd., Konepajanranta 2, P.O.Box 50, FIN-28101 Pori, Finland („we“) will process your personal data.

 

  1. 1.        Purposes for which we process your data

We will process your personal data (as set out in point 2 below) for the following purposes:

a)      Supply chain collaboration;

b)      Strategic sourcing;

c)      Procurement;

d)      Contract lifecycle management;

e)      Spend analysis;

f)       Supplier management;

g)      Financial supply chain management;

h)      Invoice management;

i)        Dynamic pricing;

j)        Payments; and

k)      Supplier discovery.

 

We collect this data either directly from you, from our distribution partners, or your employer.

 

The provision of personal data is voluntary. However, if you do not provide your personal data, we may not be able to perform relevant business processes, including purchasing and distribution processes.

 

  1. 2.        Processed data categories and legal basis of the processing

We may process the following categories of your personal data on the basis of our prevailing legitimate interest (according to Article 6(1)(f) GDPR), which lies in achieving the purposes as set out in point 1 above:

 

a)      Master data

-        Name

-        Academic title

-        Salutation/sex

-        Company name

-        Address

-        Phone number

-        Email address

-        Other contact details of the supplier

-        Corporate evaluation report

-        Supplier contact person’s name

-        Job position and role within a project team

-        Department

-        Language

-        Work related contact details

-        Partner roles of the suppliers needed for invoicing and ordering

-        Government-issued identification number

-        Information on the use of any online services provided by us or any affiliated group company, including IP address, authentication data (e.g., username and password), URLs visited, time and date of the use of an online service or a particular feature thereof, name and version of the client software used, location data, and the webpage (URL) visited before accessing the online service

 

b)      Accounting and payment information

-        VAT number

-        Tax code

-        Country key

-        Bank key

-        Bank account

-        Name of the account holder

-        Account key

-        Bank category

-        Reference details

-        SWIFT code

-        IBAN

-        Bank name and address

-        Attachment of confirmation documents

-        Terms of payment

-        Accounting correspondence

 

c)      Supplier classification

-        Vendor portfolio

-        Product categories

-        Main product category

-        Additional product categories

-        Vendor category

 

d)      Supplier qualification

 

e)      Information on goods and/or services offered by supplier

-        Quantity and quality of offered goods and/or services

-        Other commercial terms of the offer

 

f)       Contract information

-        Commercial terms of the contract

-        Legal terms of the contract

-        Any other contractual documentation

-        Information about contract performance and instances of non-performance

 

  1. 3.        Transfer of your personal data

For the purposes set out above, we will transfer some of your personal data to the following recipients:

  • IT service providers that we use
  • Group entities
  • Our distribution and business partners if they are involved in the product/service delivery

 

Some of the recipients referred to above are located or process personal data outside of your country. The level of data protection in another country may not be equivalent to the one in your country. Therefore, we take measures to guarantee that all recipients provide an adequate level of data protection. We do this for example by entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EC and/or 2004/915/EC). Such agreements are accessible upon request from webmaster@sampo-rosenlew.fi.

 

  1. 4.        Retention periods

Your personal data will only be kept for as long as we reasonably consider necessary for achieving the purposes set out in point 1 above and as is permissible under applicable laws. We will, in any case, retain your personal data for as long as there are statutory retention obligations or potential legal claims are not yet time-barred.

 

  1. 5.        Your rights in connection with your personal data

Under applicable law, you have, among others, the rights (under the conditions set out in applicable law): (i) to check whether and what kind of personal data we hold about you and to request copies of such data, (ii) to request correction, supplementation or deletion of your personal data that is inaccurate or processed in non-compliance with applicable requirements, and (iii) to request us to restrict the processing of your personal data, (iv) in certain circumstances, to object for legitimate reasons to the processing of your personal data or to revoke consent previously granted for the processing, (v) to request data portability, (vi) to know the identities of third parties to which your personal data are transferred and (vii) to lodge a complaint with the competent authority (in Finland: Tietosuojavaltuutetun toimisto, Ratapihantie 9, 6. krs, 00520 Helsinki, tietosuoja@om.fi). Withdrawing your consent does not affect the lawfulness of processing based on your consent before your withdrawal.

 

  1. 6.        Our contact details

Please address your requests and any other questions concerning this notice to:

 

Sampo Rosenlew Ltd.

Konepajanranta 2

P.O.Box 50

FIN-28101 Pori

Finland

 

Email: webmaster@sampo-rosenlew.fi

 

 

If there are no requests or questions concerning this notice, no further action is required from your side.