Privacy statement

We have updated our privacy policy to comply with the EU’s General Data Protection Regulation (GDPR) and related legislation.

1. Controller

Grano Oy (jäljempänä “Grano”)
Y-tunnus: 2197935-0
Kuortaneenkatu 1
00520 Helsinki
Puh. 029 1800 400

2. Contact person for register matters

Harri Pekola

Puh +358 29 1800 400
Kuortaneenkatu 1
00520 Helsinki

3. Name of the register

Grano customer register

4. Basis and purpose of processing personal data

The processing of personal data is based on Grano’s legitimate interest, agreement or other substantive connection. The purpose of the personal data is to take care of, maintain, develop, analyse and keep statistics of customer relationships between Grano and its customers.

Furthermore, the data may be used for direct marketing (including newsletter subscriptions), targeting digital marketing, organising marketing contests, profiling, distance sales as well as opinion and market surveys by Grano and its allied companies and cooperation partners. The data may also be used for planning and developing Grano’s business operations and services.

5. Data content of the register

The register contains the following personal data on consumer customers:

  • the customer’s basic information: customer number, first and last name, postal address, telephone number, email address
  • customer and order history (e.g. monitoring information for deliveries, information related to invoicing and debt collection)
  • information about personal interests and related to profiling (e.g. Grano products and services relevant to the customer’s interests), segment information and other similar information
  • cookie and usage information
  • customer feedback and contacts
  • direct marketing restrictions and consents.

The register contains the following personal data regarding the decision-makers and contact persons of companies and communities:

  • name, title, company, postal address, email address, telephone number
  • customer history (e.g. contacts, orders, feedback, information related to invoicing and debt collection)
  • interest and profiling data
  • usage data, e.g. information regarding the use of services, such as browsing and search information, cookies
  • customer feedback and contacts
  • direct marketing prohibitions and
  • any other data necessary for the purpose of the register.

In addition, the register contains the following personal data on Grano’s suppliers:

  • the supplier’s basic information: first and last name, postal address, telephone number, email address and company identification information
  • information related to the customer relationship, other material connection and contractual relationship, such as information about the supplier’s training, work experience, specialisations, tools and assignment history
  • billing information needed to pay fees or expenses, such as bank and tax information.

6. Regular sources of data

The data in the register is collected regularly directly from the customer, consisting of data gathered from the customer’s use of services and the online service or other business conducted with Grano, as well as data gathered from and during making an agreement. Personal data may also be collected and updated from the population register, the credit information register and other similar public and private registers.

7. Regular disclosures of data and transfer of data outside the EU or the EEA

Grano does not regularly disclose data in the register to external parties. However, data may occasionally be disclosed in accordance with Finnish law. Grano may transfer a registered person’s personal data to Grano’s direct marketing register after the substantive connection has ended.

In order to carry out its services, Grano utilises cooperation partners operating outside the EU and the EEA. For this reason, usage data and personal data related to using the service is partially transferred to the USA. A sufficient level of data protection in processing the data is ensured by using the European Commission’s standard contractual clauses. A copy of these clauses is available upon request from the contact person specified in Section 2.

8. Protection principles and data retention period

Only employees whose job description entitles them to process customer data are entitled to use the system containing customer data. Each user has a personal username and password for the system. The data is collected into databases that are protected with firewalls, passwords and other technical means. The databases and their backups are located in locked facilities, and the data can only be accessed by certain persons designated in advance. Personal data is stored for as long as necessary for its purpose, with storage times prescribed by laws such as the Consumer Protection Act, the Accounting Act and the Prepayment Act taken into consideration.

9. Right of access and the right to have data corrected

The data subject has the right to access and inspect their personal data recorded into the register, as well as the right to demand to have data corrected or removed. Requests concerning this matter must be submitted personally or in writing to the contact person mentioned in Section 2.

10. Other rights related to the processing of personal data

The data subject has the right to prohibit the controller from processing their data for direct marketing or marketing and opinion surveys. Such a prohibition can be submitted to the contact person mentioned in Section 2 at any time.

In accordance with the General Data Protection Regulation (starting from 25 May 2018), the data subject has the right to object to or request restrictions to the processing of their personal data, as well as the right to file a complaint regarding the processing of personal data to the supervisory authority.

Anything you'd like to ask?

Our customer service is happy to help you with any questions and guide you to get started with the application.

Leave a contact request
Try for Free!