Privacy policy

Privacy policy and information document in accordance with the Data Protection Act

Our customer service at security@soprano.fi will answer any questions and feedback concerning the register within a week.

1. Controller

Soprano Oyj (later on referred to as ”Soprano”)
Business ID FI05481704
Mannerheimintie 15, 00260 Helsinki

2. Contact person in register matters

Contact person
Esa Lahtela, Chief Information Officer

3. Register name

Customer register of Soprano and its group companies in Finland and Sweden

4. The register’s purpose of use

The primary basis for processing personal data is the customer relationship between Soprano’s customer and Soprano, the customer’s consent, a commission issued by the customer or other professional context.

Personal data can be processed for the following purposes of use:

  • Managing, implementing, developing and tracking the customer relationship and customer services as well as communications and marketing related to them.
  • Analysing, grouping and reporting of customer relationships, implementing a customer programme and other purposes of use related to the development of the overall account management and Soprano’s business operations.
  • Collecting and processing customer feedback and customer satisfaction information.
  • Implementing market research and surveys.
  • Recording the phone calls of the customer service centre to verify service transactions, ensure legal protection and security, train the customer service personnel and improve the quality of customer service.

Profiling purposes, which have been specified in section 10 of this privacy policy.

These processing assignments can be outsourced to Soprano’s group companies and/or external service providers in accordance with the data protection legislation and to the extent it allows.

5. Register’s data content

Among other information, the following categories of data can be saved to the register, concerning the data subject:

  • Official and commonly used names, customer number, gender, language, address, phone number, email address and other necessary contact information.
  • The services’ user and purchase information, the level and term of validity of the valid loyal customer’s bonus programme, and the marketing and communication methods in different service channels, such as the online services and automated services, including recorded phone calls with the customer service centre.
  • Content produced by the data subject, such as customer feedback, and additional information given by the data subject, such as any wishes concerning the customer relationship, customer satisfaction, interests and other, similar information.
  • Services requested and used by the data subject and their payment information.
  • Information of people who have served the data subject. Other wishes or notes concerning professionals, services, operational units and other matters.
  • Choices made by the data subject, such as prohibitions, restrictions and consent.
  • Other data related to the customer relationship, e.g. information concerning the website use that can be linked back to the customer, such as their IP address, time of their visit, visited pages, the type of the browser used (e.g. Internet Explorer, Firefox), the internet address through which the user accessed the website and the server through which the user accessed the website.
  • Necessary data related to the use of authorisation and verification devices and services.
    Information related to data processing such as the date the data was saved and the data source.

6. Storage period of personal data

The company will store the personal data in its customer register until the customer relationship between the data subject and Soprano can be considered having ended. The end date is determined by the data subject’s last service contact or contact request, plus eight years.

Due to legal obligations, some data may have to be stored longer than this. Data can be erased upon the customer’s request or if the customer relationship is ended.

7. Regular data sources

The customer’s basic data will be regularly saved from training registrations, phone calls or other notifications made by the customer to the controller during the customer relationship. Name and address data and information about the data subject’s death will be received by the actions of the customers and their communities. Direct marketing prohibition and the prohibition to record purchase information will be recorded based on separate notifications made by the customer to the controller.
Personal data can also be collected and updated from publicly available data sources, such as company websites and through service providers (e.g. Suomen Asiakastieto Oy) and through public and private registers.

8. Regular data disclosure and data transfer outside EU or European Economic Area

Soprano can disclose customer data to the extent allowed by the valid legislation. Soprano can use subcontractors for data processing. Data will not be transferred outside the European Union or the European Economic Area, unless this is necessary in order to provide the service. In such cases, Soprano will continue to ensure sufficient level of data protection as required by the law, for example by utilising the EU’s model clauses about data transfers to third countries. Soprano can disclose its customers’ contact information for research purposes (e.g. for master’s thesis projects), in accordance with the valid legislation.

9. Register protection

Soprano follows a strictly regulated confidentiality obligation. Information concerning an individual customer will only be reported due to a reporting obligation based on a law, for example upon the customer’s own request or due to a legal authority request.

Manual materials will be kept in locked facilities that only separately authorised people can access.

Digital materials can only be accessed with the personal login and password of an authorised employee or partner. There are different levels of user licences, and each user will be granted a sufficient licence for managing their work, but these rights will be kept as limited as possible. The system is protected with a firewall and other technical measures that secure system contacts coming outside Soprano.

10. Profiling

As a part of processing measures of the personal data saved in the customer register, Soprano can also utilise the data for profiling purposes. Profiling is done by creating a customer ID for the data subject, which is then used to link together the various sets of data that are created in connection to using the service. As described above, the created profile can then be compared with profiles of other data subjects, for example..

The purpose of profiling is to review demand for the services and customer behaviour.

11. Cookies

When you visit our site for the first time, you will be notified of the cookies we use and you can choose to enable optional cookies and tracking devices. Some cookies and tracking devices are necessary to the functionality of services and cannot be removed from use with a cookie acceptance tool/banner. If you want to remove these from use, you can do this via your browser settings.

Cookies are small files saved on your computer. Cookies help us:

  • Understand the ways our website is browsed
  • Understand the visitor numbers of our website and the visited pages
  • Remember you when you return to our website so that we can provide you with a more customised experience.

Most of the cookies will be erased when you close your browser. These are referred to as session cookies. Other, permanent cookies will be saved onto your computer until you erase them or their validity ends.

Cookie classes in our use:

  • Necessary cookies

These cookies are vital to the functionality of our website and cannot be removed from our systems. They are usually set in response to functions concerning service-related requests, such as determining data protection settings, logging in or filling in forms. You can set your browser to prevent these cookies or notify you of them, but this means that some website functionalities will not work. All these cookies come directly from our website or from data processors that work on behalf of data processors, such as Paytrail, which provides online payment services. All these cookies are counted as “first party cookies” despite the fact that they come from different internet domains.

  • Preference cookies

Preference cookies enable the website to remember information that change the behaviour or appearance of the website, such as preferred language or your geographical location.

  • Statistic cookies

Statistic cookies help us understand how visitors interact with websites by collecting anonymous data

  • Marketing cookies

Marketing cookies are used to track website visitors. Their purpose is to show the visitor meaningful and interesting advertisements, which are more valuable to their publishers and third-party advertisers.

The cookies our website uses, their purpose of use and storage period are described in more detail on our website.

12. The data subject’s right to object to processing their personal data and direct marketing (right to ban)

Based on personal, special circumstances, the data subject has the right to object to profiling targeted at them and other processing measures which Soprano targets at their personal data, when the basis of processing the data is the customer relationship between Soprano and the data subject.

The data subject can object to the processing of their data in accordance with section 13 of this privacy policy. When presenting this claim, the data subject must identify the special circumstances due to which they object to the processing. Soprano may refuse the claim based on legal grounds.

The data subject may give their consent or prohibit Soprano’s direct marketing operations channel-specifically, including profiling carried out for the purposes of direct marketing.

13. The data subject’s other rights related to personal data processing

13.1 The data subject’s right to access the data (inspection right)

The data subject has the right to inspect the data concerning them that have been saved in Soprano’s customer register. The inspection request must be submitted in accordance with section 13 of this privacy policy. The inspection right can be declined based on legal grounds. Exercising one’s inspection right is principally free of charge.

13.2 The data subject’s right to demand the rectification or erasure of personal data or restrict the processing of personal data

After learning about an error or observing an error, the data subject or user should, to the extent they are able to act independently, rectify, erase or complement the erroneous, unnecessary, inadequate or outdated data in the register without delay.

The data subject can demand the rectification or erasure of the erroneous, unnecessary, inadequate or outdated data or restrict their processing. The rectification request must be submitted in accordance with section 13 of this privacy policy.

The data subject also has the right to request the controller to restrict the processing of their personal data, for example while the data subject is waiting for Soprano’s response to a request concerning the rectification or erasure of their data.

13.3 The data subject’s right to transfer data between systems

To the extent the data subject has provided data for the customer register, which are processed based on the data subject’s consent or commission, the data subject has the right to receive such data for themselves, usually in a machine-readable format, and the right to transfer these data to another controller.

13.4 The data subject’s right to file a complaint with a supervisory authority

The data subject has the right to file a complaint with the competent supervisory authority if the controller has not adhered to the applied data protection regulations.

13.5 Other rights

If personal data are processed based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying Soprano of this in accordance with section 13 of this privacy policy.

14. Contacts

In all questions concerning processing of personal data and situations for exercising one’s rights, the data subject should contact Soprano.

Via email: security@soprano.fi
By post: Soprano Oyj/Asiakastietokanta/Mannerheimintie 15, 00260 Helsinki
By visiting the company’s office at Mannerheimintie 15, 00260 Helsinki

When necessary, Soprano may request the data subject to specify their request in writing and it has the right to verify the data subject’s identity, if necessary, before taking further measures.

Updated: 3 December 2019

***

Soprano’s temporary marketing register

Register name

Soprano’s and its Finnish group companies’ temporary marketing register.
Personal data’s purpose of use

The personal data will be used for the communications of Soprano and its group companies as well as electronic B2B direct marketing, based on the recipient’s area of responsibility within their company.
Register’s data fields

  • Person’s name
  • Person’s email address
  • Person’s title/area of responsibility
  • Person’s telephone number
  • Company’s name
  • Company’s contact information
  • Company’s business sector
  • Company’s revenue
  • Company’s personnel class

Register’s data sources

Suomen Asiakastieto Oy

Työpajankatu 10 A
P.O. Box 16, 00581 Helsinki

tel. +358 (0)10 270 7200 (companies)
tel. +358 (0)10 270 7300 (consumers)

asiakaspalvelu@asiakastieto.fi (companies)
omatieto@asiakastieto.fi (consumers)

Data disclosure

No regular data disclosures to third parties are conducted, unless they are required by the law or authority regulations.

Register protection and data storage period

The register is saved in Suomen Asiakastieto Oy’s password-protected system, which only authorised Soprano people can access.

The register’s user licence requires a login granted by the database’s administrator. The administrator also determines the user licence level granted to the users. Launching the application requires a personal password. The use of and login to the register are controlled.

The data are saved in shared databases that are protected with firewalls, passwords or by other technical measures.

Personal data are stored as long as necessary for their purpose of use.

Right to prohibit and right to demand the rectification of data

The recipient has the right to prohibit the use of their data for direct advertising and other marketing purposes at any time. All direct mail sent by Soprano and its group companies have a link required by law, through which the recipient can prevent such direct mail. The recipient may also prohibit direct marketing by contacting Soprano Oyj at:

Soprano Oyj
Väliaikainen markkinointirekisteri
Esa Lahtela
Mannerheimintie 15
00260 Helsinki

A notification of a mistake and rectified information should be sent to Soprano (info@soprano.fi), which will then inform the register administrator, Suomen Asiakastieto Oy.

With regards to matters not specified in detail in this privacy policy of a temporary marketing register, the regulations of the privacy policy of the customer register of Soprano and its Finnish and Swedish group companies will be applied.

Updated: 4 April 2018

***

Recording camera surveillance

Register name

Recording camera surveillance system of Soprano and its group companies.

Personal data’s purpose of use

The personal data are used to protect the assets of Soprano and its group companies, prevent us from becoming the victims of a crime as well as for investigating crimes that have already occurred and incidents that have taken place in our locations or close by.

The processing is based on legitimate interest. Processing personal data is allowed when it is necessary for realising the legitimate interests of the controller or a third party. Soprano considers data processing for the aforementioned purposes to be necessary to protect Soprano’s assets and the employees’ personal safety, and the same interests cannot be achieved via other, lighter measures.

Register’s data sources

The register consists of time- and place-bound video recordings of a camera surveillance system. These comprise the register’s data content in its entirety. The camera surveillance system is in use in Soprano offices at Mannerheimintie 15, 00260 Helsinki and Karlavägen 108, 115 26 Stockholm, as well as on the yards and in the immediate vicinity of these locations.

The personal data categories to be processed include the customers and employees of Soprano and its group companies. In addition to these categories, other building users are included in the personal data categories to be processed.

The data subjects will be informed of the recording camera surveillance at the locations with highly visible “recording camera surveillance” signs and/or stickers.

Data processors

The data can be processed by Soprano group’s employees whose job description includes the maintenance and development of the camera surveillance system or people whose assignments include handling criminal or damage investigations.

Data disclosure

Personal data are disclosed to the police and other authorities that have a legal right to process the camera recordings. Personal data will also be disclosed to authorities in situations where processing them is necessary in order to draft, submit or defend a legal claim. Furthermore, personal data will be disclosed to insurance companies for processing and solving insurance cases.

Personal data will not be disclosed outside the EU or EEA.

Register protection and data storage period

The register is saved in a password-protected camera surveillance system, which only authorised Soprano people can access.

The register’s user licence requires a login granted by the database’s administrator. The administrator also determines the user licence level granted to the users. Launching the application requires a personal password. The use of and login to the register are controlled.

The data are saved in shared databases that are protected with firewalls, passwords or by other technical measures.

The camera recordings will be stored for two weeks counting from the moment of recording or as long as necessary for the personal data’s purpose of use when used for handling criminal or damage investigations.

The data subject’s other rights related to personal data processing

The data subject’s right to access the data (inspection right)

The data subject has the right to inspect the data concerning them that have been saved in Soprano’s camera surveillance register. The inspection request must be submitted in accordance with this privacy policy. The inspection right can be declined based on legal grounds. Exercising one’s inspection right is principally free of charge.

The data subject’s right to demand the rectification or erasure of personal data or restrict the processing of personal data

After learning about an error or observing an error, the data subject or user should, to the extent they are able to act independently, rectify, erase or complement the erroneous, unnecessary, inadequate or outdated data in the register without delay.

The data subject can demand the rectification or erasure of the erroneous, unnecessary, inadequate or outdated data or restrict their processing. The rectification request must be submitted in accordance with this privacy policy.

The data subject also has the right to request the controller to restrict the processing of their personal data, for example while the data subject is waiting for Soprano’s response to a request concerning the rectification or erasure of their data.

The data subject’s right to transfer data between systems

Primarily, the data subject has the right to receive their personal data in an organised, commonly used format that the data subject can use to transfer their data to the controller of another personal data register.

Due to the nature of the camera recordings, other people and their personal data may be included in the recordings. The data controller has the right to erase the possibility of identifying other people as well as their personal data from these data and files in a manner of their own choosing, and give the edited recordings to the data subject.

The police or other authorities may issue orders and prohibitions that prevent transferring the data to another system or disclosing them to the data subject, for example in connection to a criminal investigation.

The data subject’s right to file a complaint with a supervisory authority

The data subject has the right to file a complaint with the competent supervisory authority if the controller has not adhered to the applied data protection regulations.

Contacts

In all questions concerning processing of personal data and situations for exercising one’s rights, the data subject should contact Soprano.

Via email: security@soprano.fi
By post: Soprano Oyj/Kameravalvonta/Mannerheimintie 15, 00260 Helsinki
By visiting the company’s office at Mannerheimintie 15, 00260 Helsinki

Updated: 3 December 2019

Cookie information