You are here

Vendor Contact Data Protection Description

Data Protection Description

Finnish Personal Data Act (523/1999), Sections 10 and 24
October 13, 2016

Data Controller: Konecranes Plc, Finnish Business ID 0942718-2
Address: P.O.Box 661 (Koneenkatu 8),
05801 Hyvinkää, Finland

Telephone: +358 (0)20 427 11

Contact Persons in Matters Related to Data File: Lasse Toivonen (Data Protection Manager)

Mailing address and telephone number as above.

Data File Name: Vendor Contact Data File
Purpose of Use of the Personal Data: 1) Business development and reporting;
2) Quality management;
3) Research and development of KC Group IT infrastructure;
4) Purchasing activities;
5) Inventory management and activities;
6) Manufacturing of products;
7) Delivery of products;
8) Vendor and subcontractor management (incl. access to KC digital channels and as appropriate to KC IT systems and products); and
9) Invoicing, taxation and related financial transactions.

General prerequisites for personal data processing: Finnish Personal Data Act, Section 8, paragraphs 1(5), 1(6) and 1(7).

Data Subjects Employees and other natural persons representing customer companies of Konecranes Group (Konecranes Plc and its affiliated companies).
Data Content First name;
Last name;
Company (employer);
Job role;
Street Address;
Postal Code;
Contact Method;
Telephone number;
Mobile phone number;
Telephone extension;
Fax number;
Email address;
Miscellaneous business information (free text field);

Personal identification number (for some vendors only and only in certain countries: Spain, Portugal, U.S.)

Indicator of access to Konecranes Group digital platforms;
Accepted data protection policy version;
Last data processing activity (time stamp);
Geographical location consent;
Cookie consent;
Data request date (if any);

Regular Sources of Data: Vendor contact persons themselves, other persons employed by or otherwise representing the vendor companies of the Konecranes Group, employees and other persons working for or representing Konecranes Group.
Regular Disclosures of Data and Transfer of Data to countries outside EU and/or EEA: Personal data are not disclosed regularly except within companies of Konecranes Group and even then at all times in accordance with applicable laws.

Personal data are transferred outside EU and/or EEA only as allowed by and in accordance with applicable laws.

If personal data is transferred to external data processors (subcontractors or vendors) appropriate contractual arrangements, as required by the applicable laws, are executed to secure lawful and appropriate processing of personal data.

Security Principles of Data File: Personal data is protected by technical and organisational measures against accidental and/or unlawful access, alteration, destruction or other processing including unauthorized disclosure and transfer of personal data.

Such measures include but are not necessarily limited to proper firewall arrangements, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) providing and implementing IT systems and services are retained.

Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Access to personal data is available only in the internal networks of Konecranes Group. Personnel processing personal data as part of their tasks is trained and properly instructed in data protection and data security matters.

Rights of Data Subject: In accordance with the law the data subject has right to:

1) access the personal data on him/her in the data file and at request, receive a copy of the recorded personal data;
2) request inaccurate personal data to be rectified, incomplete personal data to be supplemented and outdated or obsolete personal data to be erased; and
3) prohibit the processing of personal data for the purposes of direct marketing, market research and opinion polls.

In order to use these rights the data subject shall contact the above mentioned contact persons in writing.