Privacy statement

Privacy statement

Customers and stakeholders

1. Controller

Ponsse Plc
Business ID: 0934209-0
Ponssentie 22
74200 Vieremä

Tel. +358 20 768 800,

2. Contact person for register matters

Interim Marketing Manager Corinne Rönnholm

Ponsse Plc
Ponssentie 22
74200 Vieremä

+358 20 768 800

3. Name of register

Ponsse’s customer, stakeholder and marketing register

4. The legal grounds and the purpose of personal data processing

Personal data are processed on the grounds of the company’s legitimate interest based on customer or other significant relationships, the performance of a contract, compliance with legal obligations, or separate consent given to the processing of personal data.

Personal data are processed for the following purposes:

  • delivering and developing our products and services;
  • keeping our contractual and other promises and fulfilling our obligations;
  • managing our customer relationships and communication activities;
  • organising events;
  • collecting data about feedback, non-conformities, satisfaction and other similar customer experience indicators;
  • analysing and profiling the behaviour of customers and other data subjects;
  • carrying out direct electronic marketing;
  • targeting advertising in our online services and those of other parties; and 
  • fulfilling the controller’s legal obligations regarding the prevention of money laundering, terrorism and market abuse, the reporting of violations, sanctions and other similar official lists, and auditing.

We use automated decision making (and profiling) to identify the personal profile, online behaviour, age and consumption habits of data subjects, for example. We use these types of data to target marketing measures and develop services.

5. Registered data

We process the following personal data about customers and other data subjects, including trainees, in the customer register:

  • basic data about data subjects, including the name, date of birth, customer number, user ID and/or other identifier, password, job title, native language, and (if required) a copy of the passport;
  • contact details of data subjects, including the email address, telephone number and postal address;
  • data about companies and their contact people, including the business ID and the names, roles and contact details of contact people;
  • data about customer relationships and agreements, including previous and current agreements and orders, as well as other business data, including user profiles created based on customer relationships, correspondence and other communication maintained with the customer or data subject, cookies and data about their use, data about payment services and accounts, and data entered voluntarily in the system by customer companies;
  • consent given or not given to direct marketing;
  • data about event participants and any data about events, including dietary and accessibility requirements;
  • data about sanctions (if national law so requires or permits); and
  • insider lists, including data about when an individual has accessed the insider data in question.

Ponsse does not collect or process any special categories of personal data related to data subjects’ sexuality, sexual orientation, racial or ethnic origin, disabilities, ethnic or social background, religion or religious beliefs, political or other societal opinions (except for situations where these types of data are related to a data subject’s position in business life or a societal role, and where such data can therefore be considered to have been made public by the data subject), or minority groups, unless it is necessary to collect such data so that Ponsse can fulfil its legal obligations.

6. Regular sources of data

Personal data are mainly obtained from data subjects or the companies or organisations they represent by telephone, online, at meetings or by other similar means.

Personal data may also be collected and updated from the Population Information System, the authorities, credit rating companies, contact information service providers and other similar reliable parties. Personal data may also be collected and updated for the purposes defined in this privacy policy based on data obtained from other public sources and the authorities or other third parties within the limits laid down by applicable law. Data may be updated manually or automatically.

7. Disclosure of data

Data about data subjects can be disclosed to Ponsse’s subsidiaries or retailers for the aforementioned purposes. Data can be disclosed to the authorities based on mandatory regulations.

We use subcontractors in the processing of personal data, including companies that conduct customer satisfaction surveys. We have outsourced IT management to an external service provider and store personal data on a server managed and protected by it.

We can transfer personal data outside the EU or EEA to Ponsse’s subsidiaries and retailers if this is necessary for the aforementioned purposes of processing. We ensure that any transferred data are protected appropriately, and we use standard clauses approved by the EU.

8. Protection and retention of data

Only employees who have the right to process customer data as part of their work are authorised to use the system that contains customer data. Each user has their own username and password for the system. Only those of our employees who have the right to process customer data as part of their work are authorised to use the system that contains personal data.

Data are collected in databases that are protected with firewalls, passwords and other technical means. Databases and their backup copies are located in locked premises, and only certain pre-defined persons have access to data.

We retain personal data for as long as is necessary for the purposes of processing. We regularly assess the need for the retention of data, considering applicable law. In addition, we use reasonable measures to ensure that personal data about data subjects that are inconsistent, outdated or inaccurate for the purposes of processing are not retained in the register. We will rectify or erase such data immediately.

9. Other rights of data subjects related to personal data processing

As a data subject, you have the right to access your data kept in the personal data register and request any inaccurate data to be rectified or erased. You also have the right to withdraw or change your consent.

As a data subject, you have the right to object to the processing of your data or request the processing of your data to be restricted, and to file a complaint about the processing of personal data with the supervisory authority.

For specific personal reasons, you also have the right to object to profiling and other processing means targeted at you if data is processed on the grounds of a customer relationship between us. In your request, describe the situation on the basis of which you object to processing. We can only reject a request to object to processing on grounds laid down by law.

As a data subject, you also have the right, at any time and free of charge, to object to processing, including profiling, insofar as it concerns direct marketing.

10. Communication

All notifications and requests concerning this privacy policy must be submitted in writing or in person to the contact person mentioned in Section 2.

11. Amending the privacy policy

If we amend this privacy policy, we will highlight and date the changes in this policy. If any significant amendments are made, we may also announce them otherwise, including by email or by publishing a notification on our website. We recommend that you visit our website regularly to check any amendments made to this privacy policy.