Ouneva Group Supplier Survey - Privacy policy

This is the Ouneva Group’s register and privacy policy for supplier surveys in accordance with the Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Last modified on 08.01.2024.

1. Registry holder

Name: Ouneva Group
Business ID: 0157948-0
Address: Teollisuustie 21
Postal Code: FI-82730
Postal Address: TUUPOVAARA
Email: tietosuojavastaava@ouneva.fi

2. Data Protection Officer

Name: Ouneva Group
Business ID: 0157948-0
Address: Teollisuustie 21
Postal Code: FI-82730
Postal Address: TUUPOVAARA
Email: tietosuojavastaava@ouneva.fi

3. Name of the register

Ouneva Group Supplier Survey Register

4. Purpose of the register

Personal data in our register is used, on the basis of voluntary consent, for the evaluation of suppliers of companies belonging to the Ouneva Group. This information may be received by us through a form filled in via the Microsoft Forms service.

In addition, the information in the register is used to update the contact details of existing suppliers and to collect contact details of new suppliers.

5. Grounds for data collection and processing

The collection and processing of data is based on the consent of the user, which is required separately when filling in the form. The form contains a separate section requesting explicit consent to the processing of personal data. If this separate consent is not given, the user’s data will not be sent or processed in any way. This means that no personal data will be collected or processed without the explicit consent and agreement of the user to the processing.

6. Data content of the register

The following information is mandatory: first and last name, title, company, supplier’s business ID, supplier’s visiting address, turnover in the previous financial year, number of employees, bank details (SWIFT/IBAN), contact details of the account manager (name, email, phone number), contact details of the order processor (name, email, phone number) and whether the supplier fulfils one or all of the following certifications: ISO 9001, ISO 14001, ISO 45001 or ISO 13485.

In addition, it is mandatory to indicate on the form whether the supplier complies with Finnish laws and regulations, the Ouneva Group’s Supplier Code of Conduct and whether the supplier can provide certificates related to REACH, ROHS and/or Conflict Minerals.

Alternatively, the supplier’s website address, electronic billing address, contact details (name, e-mail, phone number) of the logistics contact person and contact details (name, e-mail, phone number) of the quality contact person can be provided.

7. Data retention period

Personal data related to the supplier survey and supplier evaluation will be deleted within 12 months from the moment the supplier relationship with Ouneva Group companies has ended.

8. Regular sources of information

The information entering the register is collected and transmitted using Microsoft Forms. This form serves as the channel through which the completed data is collected and transmitted.

This form collects the information described in Section 6.

You can access the information collected by Microsoft Forms here: https://www.microsoft.com/fi-fi/servicesagreement

9. Regular disclosures and transfers of data outside the EU or the European Economic Area

As a rule, data is not disclosed outside the companies belonging to the Ouneva Group. Companies belonging to the Ouneva Group are:
– Alsiva Oy (business ID: 0962501-5)
– Jotwire Oy (Business ID: 0657122-6)
– Ouneva Oy (Business ID: 0157948-0)
– Valukumpu Oy (Business ID: 2126932-4)
– Top Speed Oy (Business ID: 2677355-4)
– Ase Utra Oy (Business ID: 1743053-3)

Except as mentioned above, your personal data will not be transferred outside the EU or EEA.

10. Protection of the register

The data is transferred over an SSL-secured connection.
Electronic data is protected by a firewall, usernames and passwords.

Access to the data is restricted to those persons employed by the controller who need the data for their tasks.

11. Automatic decision-making

No automated individual decisions (Article 22 of the EU General Data Protection Regulation) are taken.

12. Rights of the data subject

The data subject has the right to check what data concerning him or her has been stored in the personal data register. The written request for inspection must be signed and sent to the person responsible for the register.

The right of inspection is free of charge and is exercised no more than once a year.

The data subject has the right to request the rectification or erasure of inaccurate or outdated data or the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with Articles 18 and 21 of the EU General Data Protection Regulation.

Data subjects have the right to withdraw their prior consent to the processing of their data or to lodge a complaint with a supervisory authority about the processing of their personal data.

Data subjects also have the right to object to the use of their data for direct marketing purposes.