Privacy Statement for Customers and Stakeholders
1. DATA CONTROLLER
Tamro Corporation (0533965-2), Rajatorpantie 41 B, FI-01641 Vantaa, Finland
2. CONTACT PERSON FOR MATTERS CONCERNING DATA
Tamro Legal, switchboard +358 20 44511
3. NAME OF THE DATA FILE
Tamro’s customer and stakeholder file
4. THE PURPOSE AND BASIS FOR PROCESSING PERSONAL DATA
The primary basis for processing personal data is a customer relationship between the customer and Tamro, the customer’s consent, an assignment given by the customer, or other pertinent connection, such as implementing an agreement with a company represented by the customer.
Personal data can be processed for the following purposes:
- Management, implementation, development and monitoring of the customer relationship, customer service and the related communication and marketing.
- Analysis, grouping and reporting of customer relationships and other purposes related to the development of the overall customer account and Tamro’s business.
- Collecting and handling customer feedback and customer satisfaction information.
- Implementing market surveys and opinion polls.
- Recording calls to the customer service centre to verify service events, ensure legal protection and safety, and train customer service personnel and develop the quality of customer service.
5. INFORMATION CONTENT OF THE DATA FILE
The information that can be stored for a data subject includes the following:
Name, the name normally used, personal identity number, customer number, sex, language, address, telephone number, e-mail address and other relevant contact details.
Information on service use and purchases, as well as information on marketing and communication that have taken place through different channels, such as online services and automated services, including the recording of calls to the customer service centre.
Content produced by the data subject, such as customer feedback, and additional information provided by the data subject, such as wishes related to the customer relationship, customer satisfaction information, interests and other similar information.
Other information related to the customer relationship, including information collected about the use of websites that can be connected to the customer, such as the user’s IP address, time of visit, the pages visited, the type of browser used (e.g., Internet Explorer or Firefox), the network address from which the user moved to the website, and the server from which the user accessed the website.
Necessary information related to the use of identification and verification tools and services.
Information related to the processing of data, such as the date of recording the data and the source of the data.
6. PERSONAL DATA RETENTION PERIOD
Tamro will store personal data for as long as is necessary based on the management of a contractual or customer relationship or the requirements of the authorities.
7. REGULAR SOURCES OF DATA
The data is primarily obtained from the following sources:
The data subjects themselves, from the company which he/she represents, events related to their customer relationship, service use, communication and business.
Parties providing identification, verification, address, update and credit information services and other similar services.
8. REGULAR DISCLOSURE OF THE DATA AND TRANSFERRING THE DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA
The data is disclosed to Tamro’s group companies for the purposes described in section 4 of this privacy statement and to potential other Tamro’s personal data files, while always observing privacy legislation and acting within the limits imposed therein.
The data is disclosed to Tamro’s selected business partners in accordance with the purpose described in this privacy statement.
The data is not disclosed to anyone outside Tamro or parties participating in the production, development or maintenance of services and communication on behalf of Tamro, except by agreement, a separate consent and/or specific regulations.
The information is not regularly transferred outside the EU or the European Economic Area. However, Tamro has outsourced some of its IT services to outside service providers on whose servers the personal data are stored. In cases where Tamro’s outside service providers use subcontractors which are located outside the EU or the European Economic Area, Tamro makes sure that the personal data in question is protected according to the privacy legislation in force from time to time by using among other measures the EU Commission model clauses and other required measures.
9. DESCRIPTION OF THE PRINCIPLES OF PROTECTING THE DATA FILE
Any manually handled material is stored in a locked room that can only be accessed by persons with a specific authorization. Digital material can only be accessed with the personal user ID and password of an authorized employee, contractor or business partner. There are several levels of access rights, and each user is given an access right that is sufficient for their task, while being as limited as possible.
10. RIGHTS OF THE DATA SUBJECT CONCERNING THE PROCESSING OF PERSONAL DATA
The data subject’s right to access the data (inspection right)
The data subject is entitled to inspect which data concerning the data subject has been recorded in Tamro’s customer data file. The inspection request shall be made in accordance with section 11 of this privacy statement. The inspection right can be denied on grounds specified in the legislation. As a rule, exercising of the inspection right is free of charge.
The data subject’s right to demand the rectification or erasure of data or the restriction of its use
The data subject can make a request to rectify their data in accordance with section 11 of this privacy statement.
The data subject also has the right to demand the data controller to restrict the processing of the data subject’s personal data, for instance, in a situation where the data subject is waiting for Tamro’s response to a request to rectify or erase their data.
The data subject’s right to transfer the data from one system to another
To the extent that the data subject has provided data to the customer data file to be processed based on the data subject’s consent or assignment, the data subject has the right to obtain such data for their personal use, primarily in machine-readable format, as well as to transfer the data to another data controller.
The data subject’s right to lodge a complaint to the supervising authority
The data subject is entitled to lodge a complaint to the competent supervising authority if the data controller has not observed the applicable privacy regulations in its actions.
Other rights
If personal data is processed based on the consent of the data subject, the data subject has the right to withdraw their consent by notifying Tamro of this in accordance with section 11 of this privacy statement.
The data subject can issue consents or prohibitions concerning direct marketing to Tamro.
11. CONTACTS
In all questions related to the processing of personal data and in situations related to the exercising of one’s rights, the data subject shall contact Tamro by sending an e-mail to the address asiakaspalvelu@tamro.com, at Tamro’s office or by post, using the address Tamro Corporation / Data Protection Officer, Rajatorpantie 41 B, FI-01641 Vantaa, Finland. If necessary, Tamro may request the data subject to further clarify their request in writing, and the identity of the data subject may be verified before taking any other action.
Privacy statement regarding records of telephone calls and meetings
1. DATA CONTROLLER
Tamro Oyj (0533965-2), Rajatorpantie 41 B, 01640 Vantaa
2. CONTACT PERSON FOR MATTERS CONCERNING DATA FILES
Tamro Legal, switchboard +358 20 44511
3. NAME OF THE DATA FILE
Tamron puhelu- ja kokoustallennerekisteri (Tamro’s telephone call and meeting records register)
4. THE PURPOSE AND BASIS FOR PROCESSING PERSONAL DATA
Personal data is processed for developing customer service and for ensuring its quality. When developing customer service, the records can be used for training customer service personnel, in service level surveys and for developing the instructions. Virtual meetings are recorded for documenting the discussions taking place in Tamro’s internal meetings, and in meetings between Tamro and the customer when the discussions concern the implementation of an agreement.
In addition, Tamro may record the telephone calls taking place in internal meetings and briefings. The purpose of these records is to share information internally within Tamro. In these cases, recording is based on Tamro’s legitimate interest.
The primary basis for recording data is a customer relationship between the customer and Tamro, the customer’s consent, an assignment given by the customer, or other pertinent connection, such as implementing an agreement with a company represented by the customer.
5. INFORMATION CONTENT OF THE DATA FILE
Tamro records all telephone calls to the customer service and those Skype calls where recording is mentioned in their invitation. The entire discussion during the telephone call, including the shared presentations and chat discussions, is recorded. In addition, the data file contains information related to the processing of data, such as the date of recording and the source of the data. It also contains the name and contact details of the person associated with the call, if Tamro has learned them in connection with participation in the telephone call or meeting.
6. PERSONAL DATA RETENTION PERIOD
Tamro will only retain the data as long as necessary for fulfilling the purpose for which it was collected.
7. REGULAR SOURCES OF DATA
Data is obtained from the customer or from the participant in the call, of from the Tamro employee participating in the call.
8. REGULAR DISCLOSURE OF THE DATA AND TRANSFERRING THE DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA
The data is disclosed to Tamro’s group companies for the purposes described in section 4 of this privacy statement and to potential other Tamro’s personal data files, while always observing privacy legislation and acting within the limits imposed therein.
The data is not disclosed to anyone outside Tamro or parties participating in the production, development or maintenance of services and communication on behalf of Tamro, except by agreement, a separate consent and/or specific regulations. The data is not regularly transferred outside the EU or the European Economic Area. However, some of Tamro’s IT services have been outsourced to external service providers who administer and protect servers in which personal data is recorded. In cases where Tamro’s service providers use subcontractors located outside the EU or the European Economic Area, it is ensured that the data concerned is protected appropriately and in the manner required by the data protection legislation in force at the time by using model clauses by the EU Commission or by ensuring that the recipient of data is included in the scope of the Privacy Shield system.
9. DESCRIPTION OF THE PRINCIPLES OF PROTECTING THE DATA FILE
Digital material can only be accessed with the personal username of an authorized employee, contractor or business partner. Furthermore, some files are protected by passwords. There are several levels of access rights, and each user is given an access right that is sufficient for their task, while being as limited as possible.
10. RIGHTS OF THE DATA SUBJECT CONCERNING THE PROCESSING OF PERSONAL DATA
The data subject’s right to access the data (inspection right)
The data subject is entitled to inspect which data concerning the data subject has been recorded in Tamro’s customer data file. The inspection request shall be made in accordance with section 11 of this privacy statement. The inspection right can be denied on grounds specified in the legislation. As a rule, exercising of the inspection right is free of charge.
The data subject’s right to demand the rectification or erasure of data or the restriction of its use
The data subject can make a request to rectify their data in accordance with section 11 of this privacy statement. The data subject also has the right to demand the data controller to restrict the processing of the data subject’s personal data, for instance, in a situation where the data subject is waiting for Tamro’s response to a request to rectify or erase their data.
The data subject’s right to transfer the data from one system to another
To the extent that the data subject has provided data to the customer data file to be processed based on the data subject’s consent or assignment, the data subject has the right to obtain such data for their personal use, primarily in machine-readable format, as well as to transfer the data to another data controller.
The data subject’s right to lodge a complaint to the supervising authority
The data subject is entitled to lodge a complaint to the competent supervising authority if the data controller has not observed the applicable privacy regulations in its actions.
Other rights
If personal data is processed based on the consent of the data subject, the data subject has the right to withdraw their consent by notifying Tamro of this in accordance with section 11 of this privacy statement.
The data subject can give Tamro a consent to direct marketing or prohibit it.
11. CONTACTS
In all questions related to the processing of personal data and in situations related to the exercising of one’s rights, the data subject shall contact Tamro by sending an e-mail to asiakaspalvelu@tamro.com, at Tamro’s office or by post, using the address: Tamro Corporation / Data Protection Officer, Rajatorpantie 41 B, 01641 Vantaa, Finland. If necessary, Tamro may request the data subjects to further clarify their request in writing, and the identity of the data subject may be verified before taking any other action.
Privacy Statement for Special Delivery Service Customers
1. CONTROLLER
Tamro Corporation (0533965-2), Rajatorpantie 41 B, 01640 Vantaa, Finland
2. CONTROLLER’S CONTACT PERSON
Tamro Special Delivery Services, switchboard 020 44511
3. NAME OF PERSONAL DATA REGISTER
Tamro Special Delivery Service register
4. PURPOSE AND LEGAL BASIS OF PROCESSING
The primary legal basis for processing is the customer relationship between the customer and Tamro, an assignment placed by customer or other relevant connection, such as the execution of a contract with a company represented by the customer.
Personal data may be processed for the following purposes:
Management of a customer relationship, performance of an order placed by the customer
5. CATEGORIES OF PERSONAL DATA
Tamro may collect the following types of personal data of data subjects, among others:
- Name, calling name, personal identity code, customer number, gender, language, address, phone number, email address and other necessary contact information.
- Necessary information related to the use of authentication and verification tools and services.
- Information related to data processing, such as date of collection and data source.
6. RETENTION PERIOD OF PERSONAL DATA
Tamro retains personal data for as long as necessary for the execution of the contract or management of the customer relationship or required by the authorities.
7. REGULAR SOURCES OF DATA
Tamro collects data primarily from the following sources:
- Events related to the data subject’s customer relationship, use of services, communications and transactions from data subjects themselves.
- From the third party providing services for authentication, verification, address information, updates and credit information and similar services.
8. REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA
Tamro discloses data with selected partners according to the purpose of processing described in this privacy notice.
Tamro will not disclose data to parties other than partners involved in the production, development or maintenance of services and communications for or on behalf of Tamro, except by agreement and with separate consent and/or specific regulations.
Tamro does not regularly transfer data outside the EU or EEA. However, some of Tamro’s IT services are outsourced to third-party service providers that administer and protect servers used to store personal data. In cases where Tamro’s service providers use subcontractors located outside the EU or EEA, Tamro ensures that such data are appropriately safeguarded in accordance with the requirements of data protection legislation in force at the time, including by using standard clauses adopted by the European Commission and other necessary safeguards.
9. DESCRIPTION OF PROTECTION MEASURES
Personal data in manual format are stored in a locked space and accessible only by separately authorised persons. Personal data in a digital format are accessible only with the personal username and password of an authorised employee, self-employed person or partner. Tamro employs different levels of access rights to ensure that users’ access to data for carrying out a task is as limited as possible.
10. RIGHTS OF DATA SUBJECTS
Data subject’s right to access data (right of access)
Data subjects have the right to access their personal data stored in Tamro’s customer register. The request for access must be made in accordance with section 11 of this privacy notice. The request for access may be refused on grounds specified by law. In most cases, exercising the right of access is free of charge.
Data subject’s right to request the rectification or erasure of data or restriction of processing
Data subjects can request the rectification of their personal data in accordance with section 11 of this privacy notice.
Data subjects also have the right to demand that the controller restrict the processing of their personal data while the data subject waits for Tamro to respond to a request to rectify or erase the data, for example.
Data subject's right to transfer data to another controller
To the extent that the data subject has personally provided data that are processed in the customer register on the basis of the data subject’s consent or mandate, the data subject has the right to receive the data in a machine-readable format whenever available and the right to transfer the data to another controller.
Data subject’s right to lodge a complaint with the supervisory authority
Data subjects have the right to lodge a complaint with the competent supervisory authority in the event that the controller has failed to comply with applicable data protection legislation.
Other rights
If personal data are processed on the basis of the data subject’s consent, the data subject has the right to withdraw consent by notifying Tamro in accordance with section 11 of this privacy notice.
Data subjects may consent to or refuse direct marketing by Tamro
11. CONTACT INFORMATION
In all questions related to personal data processing and the exercise of their rights, data subjects should contact Tamro by email at asiakaspalvelu@tamro.com, by visiting Tamro’s office in person, or by mail to the address: Tamro Oyj / Tietosuojavastaava, Rajatorpantien 41 B, 01640 Vantaa. If necessary, Tamro may ask the data subject to specify his or her request in writing and the verify the identity of the data subject may be verified before taking any other action.
Privacy Statement for MyTamro eLearning Customers
1. DATA CONTROLLER
Tamro Oyj (0533965-2), Rajatorpantie 41 B, 01640 Vantaa, Finland
2. CONTACT PERSON FOR MATTERS CONCERNING DATA
MyTamro eLearning Services,, switchboard +358 20 44511
3. NAME OF THE DATA FILE
Tamro’s My Tamro eLearning service file
4. THE PURPOSE AND BASIS FOR PROCESSING PERSONAL DATA
The primary basis for processing personal data is Tamro’s legitimate interest in processing personal data to provide the eLearning service to customers and manage the customer relationship between Tamro and the customer.
Personal data can be processed for the following purposes:
Management of the user’s training file. A training file is formed when the user generates personal learning data for the service by opening, using and completing online courses and learning paths and earning digital competence badges, for example. This data can also be used for marketing and the development of the service.
5. INFORMATION CONTENT OF THE DATA FILE
The following information is stored for a data subject (a contact person using the service):
All users: first name, last name, contact information, organisation, user group, user name.
In addition, the following information is collected based on the user group:
- Tamro personnel users: ID number, supervisor status, supervisor’s name, unit, areas of responsibility
- Pharmacy and dispensary users: customer number, name of pharmacy chain, right to supply medication, pharmacist status (yes/no)
- Transport companies and Tamro service providers: As regards transport companies and Tamro’s service providers, use of the service requires strong identification, the service provider of which is Telia Tunnistus. The strong identification service stores the person’s personal identifier (personal identity code) and date of birth. In addition, during login the system collects information on the user’s employer company and the dispensary to which the user delivers.
Additionally, information necessary for the use of identification and certification tools and services is collected from all users.
In addition, the MyTamro eLearning Service collects the following information from all users during its use:
- the courses, exercises and learning paths opened and completed by the user, related grades and issued certificates and digital competence badges
- a list of the files that the user has downloaded from the service, including personal data
- information related to data processing, such as recording date, the expiration date of a completed unit and data source.
6. PERSONAL DATA RETENTION PERIOD
Tamro will store personal data for 12 months following the end of the customer relationship.
7. REGULAR SOURCES OF DATA
The data is primarily obtained from the following sources:
- The data subjects themselves, events related to their customer relationship, service use, communication and business.
- Parties providing identification, verification, address, update and credit information services and other similar services, such as Telia Tunnistus.
8. REGULAR DISCLOSURE OF THE DATA AND TRANSFERRING THE DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA
The data is disclosed to Tamro’s selected partner companies for the purposes described in this privacy statement, such as to Telia Tunnistus for the strong identification of users. The data may also be disclosed to the authorities in connection with audits.
The data is not disclosed to anyone outside Tamro or parties participating in the production, development or maintenance of services and communication on behalf of Tamro, except by agreement, a separate consent and/or specific regulations.
The data is not regularly transferred outside the EU or the European Economic Area. However, some of Tamro’s IT services have been outsourced to external service providers who administer and protect servers in which personal data is recorded. In cases where Tamro’s service providers use subcontractors located outside the EU or the European Economic Area, it is ensured that the data concerned is protected appropriately and in the manner required by the data protection legislation in force at the time by using model clauses by the EU Commission and other required protection measures.
9. DESCRIPTION OF THE PRINCIPLES OF PROTECTING THE DATA FILE
The material is digital and can only be accessed with the personal user ID and password of an authorised employee, contractor or business partner. There are several levels of access rights, and each user is given an access right that is sufficient for their task, while being as limited as possible.
10. RIGHTS OF THE DATA SUBJECT CONCERNING THE PROCESSING OF PERSONAL DATA
The data subject’s right to access the data (inspection right)
The data subject is entitled to inspect which data concerning the data subject has been recorded in Tamro’s customer data file. The inspection request shall be made in accordance with section 11 of this privacy statement. The inspection right can be denied on grounds specified in the legislation. As a rule, exercising of the inspection right is free of charge.
The data subject’s right to demand the rectification or erasure of data or the restriction of its use
The data subject can make a request to rectify or erase their data in accordance with section 11 of this privacy statement.
The data subject also has the right to demand the data controller to restrict the processing of the data subject’s personal data, for instance in a situation where the data subject is waiting for Tamro’s response to a request to rectify or erase their data.
The data subject’s right to object to the processing of personal data
The data subject has the right, in relation to special personal circumstances, to object to the processing of their personal data by the data controller, insofar as the processing is based on the legitimate interest of the controller. The objection must be made in accordance with section 11 of this privacy statement, and the data subject must specify in their objection the special circumstances on the basis of which they object to the processing.
The data subject’s right to transfer the data from one system to another
To the extent that the data subject has provided data to the customer data file to be processed based on the data subject’s consent or assignment, the data subject has the right to obtain such data for their personal use, primarily in machine-readable format, as well as to transfer the data to another data controller.
The data subject’s right to lodge a complaint with the supervisory authority
The data subject is entitled to lodge a complaint with the competent supervisory authority if the data controller has not observed the applicable privacy regulations in its actions.
Other rights
If personal data is processed based on the consent of the data subject, the data subject has the right to withdraw their consent by notifying Tamro of this in accordance with section 11 of this privacy statement.
The data subject can issue consents or prohibitions concerning direct marketing to Tamro.
11. CONTACTS
In all questions related to the processing of personal data and in situations related to the exercising of one’s rights, the data subject shall contact Tamro by sending an e-mail to the address asiakaspalvelu@tamro.com, at Tamro’s office or by post, using the address Tamro Corporation / Data Protection Officer, Rajatorpantie 41 B, FI-01640 Vantaa, Finland. If necessary, Tamro may request the data subject to further clarify their request in writing, and the identity of the data subject may be verified before taking any other action.
Privacy Notice: Video Surveillance
1. CONTROLLER
Tamro Corporation (0533965-2), Rajatorpantie 41 B, 01640 Vantaa, Finland
2. CONTROLLER’S CONTACT PERSON
Tamro Corporation / Facilities and Security, Mika Marttinen and Timo Lehtimäki, switchboard 020 44511
3. NAME OF PERSONAL DATA REGISTER
Tamro video surveillance register
4. PURPOSE AND LEGAL BASIS OF PROCESSING
Tamro Corporation uses the video surveillance system in order to ensure the safety of personnel and visitors and the security of business operations on the premises, carry out property maintenance and security, and hold liable parties responsible for loss or damage.
The system only collects data on matters necessary to carry out these tasks.
The system is used to collect data which Tamro Corporation, as the manager of the premises listed in section 1, needs in order to prevent crimes against users, customers, employees and property and to resolve liability issues in the event of loss or damage.
5. CATEGORIES OF PERSONAL DATA
The system collects images of persons moving and staying on premises owned by Tamro Corporation in the following areas:
- outdoor areas within the perimeter fence
- entrances of driveway gates
- entrances of buildings
- lobbies
6. RETENTION PERIOD OF PERSONAL DATA
Tamro retains video recordings for up to 3 months.
If property damage or some other offence is reported during the retention period, the recording of the act is retained for the time necessary to investigate the offence.
7. REGULAR SOURCES OF DATA
Surveillance cameras on the premises that collect data on areas under surveillance
8. REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA
OUTSIDE THE EUROPEAN UNION OR EUROPEAN ECONOMIC AREA
Tamro does not regularly disclose the data with third parties.
Data are disclosed only to the police in the event that a crime has been or is suspected to have been committed.
9. DESCRIPTION OF PROTECTION MEASURES
Data in the system are stored on computers that are located in locked facilities and accessible only by persons designated by the Chief Security Officer.
Each person authorised to process data in the system by the Chief Security Officer is assigned a unique username and password.
Data security is ensured by means of firewalls and up-to-date antivirus software.
10. RIGHTS OF DATA SUBJECTS
Data subject’s right to access data (right of access)
Data subjects have the right to access their personal data stored in Tamro’s customer register. The request for access must be made in accordance with section 11 of this privacy notice. The request for access may be refused on grounds specified by law. In most cases, exercising the right of access is free of charge.
Data subject’s right to request the rectification or erasure of data or restriction of processing
Data subjects can request the rectification of their personal data in accordance with section 11 of this privacy notice.
Data subjects also have the right to demand that the controller restrict the processing of their personal data while the data subject waits for Tamro to respond to a request to rectify or erase the data, for example.
Data subject's right to transfer data to another controller
To the extent that the data subject has personally provided data that are processed in the customer register on the basis of the data subject’s consent or mandate, the data subject has the right to receive the data in a machine-readable format whenever available and the right to transfer the data to another controller.
Data subject’s right to lodge a complaint with the supervisory authority
Data subjects have the right to lodge a complaint with the competent supervisory authority in the event that the controller has failed to comply with applicable data protection legislation.
Other rights
If personal data are processed on the basis of the data subject’s consent, the data subject has the right to withdraw consent by notifying Tamro in accordance with section 11 of this privacy notice.
Data subjects may consent to or refuse direct marketing by Tamro
11. CONTACT INFORMATION
In all questions related to personal data processing and the exercise of their rights, data subjects should contact Tamro by email at asiakaspalvelu@tamro.com, by visiting Tamro’s office in person, or by mail to the address: Tamro Oyj / Tietosuojavastaava, Rajatorpantien 41 B, 01640 Vantaa. If necessary, Tamro may ask the data subject to specify his or her request in writing and the verify the identity of the data subject may be verified before taking any other action.