Skip to content
Global Portal
Most Used Keywords
Applications
Products
Privacy statement concerning Valio’s consumer customers

Privacy statement concerning Valio’s consumer customers

In this privacy statement, we describe how Valio Ltd (“Valio” or “we”) processes consumers’ personal data for direct marketing and consumer survey purposes and for the organisation of events and campaigns, such as prize draws and contests.

We can update this privacy statement from time to time, when legislation changes, for example.

Please note that the processing of personal data concerning the users of Valio’s online and mobile services and persons who have submitted customer feedback is described in separate privacy statements. The privacy statement concerning online and mobile services is available at https://www.valio.com/privacy-statement/privacy-statement-for-valios-website/. The privacy statement concerning customer feedback is available at https://www.valio.com/privacy-statement/privacy-statement-concerning-valios-customer-feedback-register/.

1. Data controller

Valio Ltd (Business ID: 0116297-6)

Meijeritie 6

FI-00370 Helsinki

2. Contact information

If you wish to exercise your rights under this privacy statement or if you have questions about the processing of your personal data, please contact us by email at privacy.office@valio.fi or by calling +358 10 381 2185.

3. For what purposes and on what basis do we process your personal data?

We process your personal data for the following purposes:

  • To market Valio’s products and services
  • To organise events or campaigns and collect feedback concerning these
  • To organise market research or other surveys to be able to better understand our customers.

Your personal data is processed on the basis of 1) Valio’s legitimate interest (to implement the purposes described above) or 2) the implementation of an agreement between you and Valio (e.g. if you participate in a campaign, you agree to comply with its rules). In electronic direct marketing, the basis for processing is your consent.

You have the right, at any time, to object to the processing of your personal data for direct marketing and to withdraw your consent for direct marketing in accordance with section 10 of this privacy statement.

4. What personal data do we process?

  • Your first name and last name, your email address
  • Your phone number and address (we collect this information if necessary)
  • Your dietary requirements and any food allergies (for events or studies)
  • Photos, videos or audio recordings of you (concerning events, campaigns or studies)
  • Information you have provided in connection with an event, campaign or study
  • Information about newsletters you have subscribed to and other materials you have ordered
  • Information about whether you have permitted or prohibited direct marketing messages

5. Where do we collect your personal data?

We collect personal information from you when you participate in our events, campaigns, studies or surveys or sub-scribe to Valio’s newsletter. With regard to events and campaigns, we can collect your personal data from a friend or another person who signs you up for the event or campaign. In addition, with regard to studies in which you have participated, we collect your personal data from partners that carry out consumer and other studies.

6. Who processes your personal data and to whom do we disclose your data?

We process your personal data within the Valio Group. Your personal data is only processed by employees who need such data to perform their duties. In addition, your personal data is processed by subcontractors working for us and on our behalf, such as IT service providers, service providers carrying out marketing and analytics measures and part-ners participating in the organisation of campaigns. Subcontractors process personal data for Valio and on Valio’s behalf.

We do not regularly transfer your personal data to other data controllers. On a case-by-case basis, we disclose your personal data to restaurants, hotels and similar partners that organise Valio’s events and process your personal data on their own account. In addition, we disclose your personal data, if necessary, to auditors to process personal data on their own account or on our behalf, depending on the case. On a case-by-case basis, we also disclose your personal data to the authorities if there are legal grounds for doing so.

7. Do we transfer your personal data outside the EU or the EEA?

Some of our subcontractors have access to your personal data from outside the EU and the EEA. In such situations, we will ensure that your personal data is transferred lawfully in one of the following ways:

  • By verifying whether the European Commission has issued a decision on the adequacy of data protection in the country in question (e.g. Canada)
  • By ensuring appropriate safeguards as required by law, such as by signing the standard contractual clauses ap-proved by the European Commission
  • By ensuring the lawfulness of the transfer in other ways, such as requesting your express consent for transferring your personal data.

8. How long do we store your personal data?

We will store your personal data that we have processed for marketing purposes until you cancel your marketing per-mission or subscription. If you prohibit the processing of your personal data for direct marketing purposes, we will store information about the fact that you have refused to receive direct marketing messages.

If you have registered for an event or campaign that we have organised, we will process your personal data during the event or campaign, after which we will erase the personal data no later than six months after the end of the event or campaign. Please note that we have the right to publish the names of prize draw winners, as well as any other infor-mation in accordance with the rules applicable to the prize draw.

If you have participated in a consumer survey organised by us, we will process your personal data over the duration of the survey and for one year after the survey, after which we will erase the personal data.

We will store your personal data for longer to the extent that this is required by mandatory legislation (e.g. accounting obligations), a legal requirement concerning us or a statute of limitations or complaint period based on the law or an agreement. In such a case, we will only store the data required by the legislation, statute of limitations or complaint period or the data required to process a legal claim and will erase any other data.

9. How do we ensure the security of your personal data?

We ensure the information security of your personal data through appropriate administrative and technological safe-guards. We have restricted the processing of personal data to those persons whose duties include the processing of such data. The systems containing your personal data can only be accessed using personal user identifiers and pass-words issued separately.

10. What rights do you have?

In accordance with the applicable data protection legislation, you have, at any time, the right to:

  • Object to direct marketing
  • Withdraw your consent for electronic direct marketing
  • Access your personal data (right of inspection)
  • Require any inaccurate or incorrect personal data to be rectified or completed
  • Object to the processing of your personal data to the extent that Valio processes your personal data on the basis of a legitimate interest
  • Require your personal data to be erased
  • Require the processing of your personal data to be limited (e.g. while you are waiting for a response to a request concerning the rectification of your personal data)
  • Receive in electronic form the personal data you have submitted to us and transfer the data to another controller, provided that the processing of the personal data in question is based on an agreement and that we process your personal data electronically.

You must submit a request to exercise your rights in accordance with section 2. With regard to electronic marketing messages such as newsletters, the easiest way to refuse to receive such messages is through the link provided at the end of the message. If you refuse to receive a newsletter or other electronic marketing messages, we will no longer send you such messages.

If you object to the processing of your personal data, you must specify in your request the purpose or purposes of processing that you oppose. In addition, if you object to the processing of your personal data for purposes other than direct marketing, you must specify in your request the grounds on which you object to the processing of your personal data (e.g. you no longer wish to participate in the campaign that you signed up for). If you object the processing of your personal data in connection with a prize draw in which you have participated, we will no longer be able to take you into account in the prize draw.

We may ask you to verify your identity or further specify your request before implementing your request. We may also refuse to implement your request on grounds set out in data protection legislation, in which case we will inform you of such grounds.

11. Your right to file a complaint with the supervisory authorities

You have the right to file a complaint with the appropriate supervisory authorities if you believe that we have not processed your personal data in accordance with the applicable data protection legislation. You can file a complaint with the supervisory authorities in the EU member state where your permanent place of residence or employment is located or where the alleged personal data breach has occurred.

Version 1.2, updated on 14 February 2022

Changes to the privacy statement: February 2022: The following amendments have been made to the privacy statement: we have updated the contact in-formation and removed the reference to the Privacy Shield arrangement.

January 2020: The following changes have been made to the privacy statement: we have added a mention of personal data disclosure based on auditing of the accounts and the law, updated the privacy statement with regard to personal data transfer, added a mention of longer personal data storage periods due to the law, a legal claim, a complaint period or a statute of limitations, combined the description of data subjects’ rights under one paragraph, simplified the language used and made the content more concise to make the privacy statement easier to read.

Search