Privacy statement

Privacy statement

Customers and stakeholders

1. Controller

Ponsse Plc
Business ID: 0934209-0
Ponssentie 22
74200 Vieremä

Tel. +358 20 768 800,

2. Contact person for register matters

Marketing Manager Juha-Matti Raatikainen

Ponsse Plc
Ponssentie 22
74200 Vieremä

+358 20 768 800

3. Name of register

Ponsse’s customer, stakeholder and marketing register

4. The legal grounds and the purpose of personal data processing

Personal data are processed on the grounds of the company’s legitimate interest based on customer or other significant relationships, the performance of a contract, compliance with legal obligations, or separate consent given to the processing of personal data.

Personal data are processed for the following purposes:

  • delivering and developing our products and services;
  • keeping our contractual and other promises and fulfilling our obligations;
  • managing our customer relationships and communication activities;
  • organising events;
  • collecting data about feedback, non-conformities, satisfaction and other similar customer experience indicators;
  • analysing and profiling the behaviour of customers and other data subjects;
  • carrying out direct electronic marketing;
  • targeting advertising in our online services and those of other parties; and 
  • fulfilling the controller’s legal obligations regarding the prevention of money laundering, terrorism and market abuse, the reporting of violations, sanctions and other similar official lists, and auditing.

We use automated decision making (and profiling) to identify the personal profile, online behaviour, age and consumption habits of data subjects, for example. We use these types of data to target marketing measures and develop services.

5. Registered data

We process the following personal data about customers and other data subjects, including trainees, in the customer register:

  • basic data about data subjects, including the name, date of birth, customer number, user ID and/or other identifier, password, job title, native language, and (if required) a copy of the passport;
  • contact details of data subjects, including the email address, telephone number and postal address;
  • data about companies and their contact people, including the business ID and the names, roles and contact details of contact people;
  • data about customer relationships and agreements, including previous and current agreements and orders, as well as other business data, including user profiles created based on customer relationships, correspondence and other communication maintained with the customer or data subject, cookies and data about their use, data about payment services and accounts, and data entered voluntarily in the system by customer companies;
  • consent given or not given to direct marketing;
  • data about event participants and any data about events, including dietary and accessibility requirements;
  • data about sanctions (if national law so requires or permits); and
  • insider lists, including data about when an individual has accessed the insider data in question.

Ponsse does not collect or process any special categories of personal data related to data subjects’ sexuality, sexual orientation, racial or ethnic origin, disabilities, ethnic or social background, religion or religious beliefs, political or other societal opinions (except for situations where these types of data are related to a data subject’s position in business life or a societal role, and where such data can therefore be considered to have been made public by the data subject), or minority groups, unless it is necessary to collect such data so that Ponsse can fulfil its legal obligations.

6. Regular sources of data

Personal data are mainly obtained from data subjects or the companies or organisations they represent by telephone, online, at meetings or by other similar means.

Personal data may also be collected and updated from the Population Information System, the authorities, credit rating companies, contact information service providers and other similar reliable parties. Personal data may also be collected and updated for the purposes defined in this privacy policy based on data obtained from other public sources and the authorities or other third parties within the limits laid down by applicable law. Data may be updated manually or automatically.

7. Disclosure of data

Data about data subjects can be disclosed to Ponsse’s subsidiaries or retailers for the aforementioned purposes. Data can be disclosed to the authorities based on mandatory regulations.

We use subcontractors in the processing of personal data, including companies that conduct customer satisfaction surveys. We have outsourced IT management to an external service provider and store personal data on a server managed and protected by it.

We can transfer personal data outside the EU or EEA to Ponsse’s subsidiaries and retailers if this is necessary for the aforementioned purposes of processing. We ensure that any transferred data are protected appropriately, and we use standard clauses approved by the EU.

8. Protection and retention of data

Only employees who have the right to process customer data as part of their work are authorised to use the system that contains customer data. Each user has their own username and password for the system. Only those of our employees who have the right to process customer data as part of their work are authorised to use the system that contains personal data.

Data are collected in databases that are protected with firewalls, passwords and other technical means. Databases and their backup copies are located in locked premises, and only certain pre-defined persons have access to data.

We retain personal data for as long as is necessary for the purposes of processing. We regularly assess the need for the retention of data, considering applicable law. In addition, we use reasonable measures to ensure that personal data about data subjects that are inconsistent, outdated or inaccurate for the purposes of processing are not retained in the register. We will rectify or erase such data immediately.

9. Other rights of data subjects related to personal data processing

As a data subject, you have the right to access your data kept in the personal data register and request any inaccurate data to be rectified or erased. You also have the right to withdraw or change your consent.

As a data subject, you have the right to object to the processing of your data or request the processing of your data to be restricted, and to file a complaint about the processing of personal data with the supervisory authority.

For specific personal reasons, you also have the right to object to profiling and other processing means targeted at you if data is processed on the grounds of a customer relationship between us. In your request, describe the situation on the basis of which you object to processing. We can only reject a request to object to processing on grounds laid down by law.

As a data subject, you also have the right, at any time and free of charge, to object to processing, including profiling, insofar as it concerns direct marketing.

10. Communication

All notifications and requests concerning this privacy policy must be submitted in writing or in person to the contact person mentioned in Section 2.

11. Amending the privacy policy

If we amend this privacy policy, we will highlight and date the changes in this policy. If any significant amendments are made, we may also announce them otherwise, including by email or by publishing a notification on our website. We recommend that you visit our website regularly to check any amendments made to this privacy policy.

Privacy statement


This privacy policy describes Ponsse's practices concerning the collection and processing of job applicants' personal data.

Ponsse is committed to protecting the privacy of its job applicants and complies with data protection legislation and good data protection practices in its operations.​​​​​​​

1. Controller

Privacy statement on personal data to be collected during Ponsse’s recruitment process.

Ponsse Plc

Business ID: 0934209-0

Ponssentie 22

FI-74200 Vieremä, Finland,

Phone +358 20 768 800,​​​​​​​

2. Contact information for data file-related matters

HR Manager Sari Kiiskinen, phone +358 40 4829 205​​​​​​​

3. Name of data file

Ponsse’s recruitment data file​​​​​​​

4. Ground for and purpose of processing personal data

The ground for processing personal data is

  • compliance with the obligations and specific rights of the controller and the data subject in the field of labour law; and/or
  • an express consent by the data subject to the processing of his or her personal data.

The purpose of processing personal data is to collect and maintain information on candidates (‘data subject’) who apply for a vacancy at Ponsse. A person may create a profile in the recruitment system to apply for a certain vacancy or to file an open application and to receive information on job opportunities at Ponsse.

Personal data are collected and maintained for the following purposes:

  • Measures related to recruitment, management of the recruitment process, and support for personnel resourcing
  • Management of the applicants’ data related to the application process for contacting the applicants, if necessary
  • Decision-making in the filling of vacancies​​​​​​​
5. Content of data file

Data provided by the applicant himself or herself in the application and its attachments as well as any further data entered by Ponsse during the recruitment process.

The register may include the following personal data on the applicant which are relevant for the recruitment process and vacancy:

  • Basic information, such as the name, date of birth, gender, mother tongue, user name and/or another identifier, password
  • Contact information, such as a private email address, private phone number and address information
  • Information related to the vacancy applied for by the applicant, such as information on the form and type of employment relationship and information on the person designated as the person responsible for the application process. More detailed information is given in the vacancy announcement;
  • Other information the applicant has given to the controller during the application process on himself or herself or on his or her background etc., such as a photograph, information on studies and other education, profession, information on employment history (such as employers, starting time and duration of employment relationships and type of duties), language skills, other expertise, description of personal characteristics, various certificates and assessments, references to portfolios and profiles available on the Internet or to other sources, as well as references
  • Information on the progress of the applicant’s recruitment process, such as information on a further interview or on interruption of the process
  • Data generated during Ponsse’s recruitment process and by external shareholders, such as information related to interviews and tests
  • Any other information the applicant has voluntarily provided in connection with the recruitment process or data separately collected by the controller at the data subject’s consent


6. Information sources of data file

The primary source of information of the data to be saved in the data file is the applicant himself or herself. The data also consist of information saved during the recruitment process, where all parties participating in the recruitment process, including recruitment consultants, may be sources of information. Other information sources are used within the limits laid down by law. If necessary, we also use recruitment consultants as an information source.

By filing a job application the applicant gives a permission to collect his or her data from a profile published by him or her for a professional purpose to the extent that collecting the data is necessary with regard to recruitment and is related to assessing the applicant’s performance at work, considering the vacancy in question.


7. Disclosure and transfer of data

The recruitment data are only intended for Ponsse’s internal purposes. Applicants’ personal data stored in the data file are disclosed on the basis of the applicant’s consent to the companies of the Group in order to bring applicants and employers together.

We disclose personal data as permitted and obligated by applicable legislation only to parties which have the right to receive data from the data file under an act and/or a contract.  We may also disclose data for other purposes in accordance with the Finnish legislation.

In the processing of personal data we use subcontractors acting on our behalf. In addition, we use subcontractors in the processing of personal data for the following services:

- recruitment services

- legal services

- providers of IT systems

We have concluded necessary processing agreements with our subcontractors in order to protect the data subject’s data.  We cannot name all our subcontractors because of, for example, projects in the development phase. We have consequently decided to name only the types of subcontractors. 

We do not disclose data from the data file to any other than the above-mentioned external parties, unless a separate consent has been requested and obtained from the data subject for disclosing the data.

Personal data can be transferred outside of the EU/EEA if the applicant has applied for a vacancy outside of the EU/EEA. We have taken care of appropriate protection measures in relation to data transfer, and we use standard contractual clauses adopted by the EU.


8. Protection and storage of data

Only our employees who have the right to process applicants’ data as part of their duties are entitled to use databases containing personal data. The data file is protected with necessary technical and organisational measures. Data are collected into databases protected with a user name, password, firewall and other technical means. The data file is stored on the technical administrator’s protected servers, and the electronic connection has been protected. The persons processing data are under a secrecy obligation in respect of the data they have obtained. Databases and their backup copies are located in locked premises, and only persons designated in advance have access to the data.

We store personal data as long as this is necessary for their purpose of use. In principle, data can be used for recruitment for one (1) year. The data will be destroyed within two (2) years. If we recruit the applicant, we store the information he or she has provided in the application process in his or her personnel profile in accordance with our privacy statement concerning our employees’ data.

We regularly assess the need for the storage of data, considering the applicable legislation. In addition, we take reasonable measures to ensure that no data on the data subject are stored in the data file which are incompatible, outdated or inaccurate with respect to the processing purposes. ​​​​​​​

9. Rights of data subject

The data subject has the right to check his or her personal data stored in the personnel data file and the right to request that inaccurate data be rectified and data be erased. The data subject also has the right to withdraw his or her consent if the processing of his or her data is based on a consent. Requests concerning the matter must be submitted in person or in writing to the contact person referred to in item 2.

The data subject has the right to object to the processing of his or her personal data within the limits required by law or to request restriction of the processing of his or her data and to file an appeal on the processing of personal data with a supervisory authority.​​​​​​​

10. Contacts

With regard to all questions and requests concerning personal data, the data subject should contact the person responsible for Ponsse’s personal data file referred to in item 2.​​​​​​​