Processing of customer and supplier personal data by Valmet

This processing may include direct marketing, which may be specially tailored for the receiver. The processing may also include obtaining, analyzing and maintaining credit information, and other legitimate counter-party information.  The data may also be used for managing user access to Valmet services and materials.

The legal basis for the processing is legitimate interests pursued by the controller. The data items processed can include names of contact people, their companies, titles, business addresses, and other contact details such as telephone numbers, fax numbers, and email addresses. Usernames and passwords are processed for authentication and authorization.

The data may be accessed by relevant personnel within the Valmet group, as well as data processors Valmet is contracting for supporting its business. By default, the data will be stored in the EU. However, when needed, the data may be accessed by Valmet personnel from outside of the EU. EU Model Clauses are used as appropriate safeguards for the access from outside of the EEA. The data will be stored for a Valmet business relevant duration. Valmet will maintain customer and supplier relationship information for a period which may exceed 10 years.

Valmet will support the applicable data subject’s rights. This includes their rights of access to, rectification of, or erasure of personal data or restriction of processing concerning the data subject or to object to processing including direct marketing. The data subject has the right to lodge a complaint with a supervisory authority (data protection authority).