Nokian Tyres plc (“Nokian Tyres” or “we”) is the controller for the personal data concerning our corporate business contacts, namely the representatives or contact persons of corporate customers. Nokian Tyres is also the controller for the personal data concerning consumers who have registered for our services or might have subscribed for various publications (i.e. Nokian Tyres newsletter).
This Privacy Statement describes how Nokian Tyres in the context of its business process the personal data of consumers and corporate business contacts (“customer”). Protection of customer’s privacy is important to us. Nokian Tyres is committed to processing personal data transparently and in compliance with applicable data protection laws.
Nokian Tyres plc is the controller of our customers’ personal data. Any questions regarding our customers’ privacy can be directed to us:
Nokian Tyres plc
37100, Nokia, FINLAND
Personal data is primarily obtained in situations where a corporate customer has acquired products or services from Nokian Tyres or when a corporate business contact has registered into our digital services. Personal data is processed for the following purposes:
Personal data processed for this purpose includes contact information, billing information and other information that customer or employee of a customer has provided us during the provision of our products.
Personal data processed for this purpose includes information related to customer service such as contact information, information submitted via surveys and feedback forms, information about participation to events and campaigns, newsletter subscriptions or other data provided to us in the context of customer service requests. Phone calls to customer service are recorded in order to ensure the quality of customer service.
Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers, data related to our customers online activity and preferences, and data that might be inferred. Usually, the personal data will be aggregated, or other ways anonymised for compiling statistics and reports for business and product development. More information about our practice regarding cookies is available here.
Personal data processed for this purpose includes contact information, behavioural information, terminal equipment identifiers, online identifiers and purchase information. Collected personal data is further processed in order to create target audiences and offer targeted content. Targeted content is always based on segments or audiences and not on our customers individual behaviour.
Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers and information related to identity management such as authorization information.
Personal data processed for this purpose includes contact information and travel and accommodation information.
Personal data processed for this purpose includes any information relevant regarding a statutory requirement.
Legal basis for processing our corporate customer’s personal data is always one of the following:
With regards to newsletter subscription, we process personal data only if a customer has given consent for it. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.
We process our corporate customer’s personal data on a contractual basis when providing our Marketing Toolbox -service.
In relation to fulfilling our statutory obligations the legal basis of processing is our legal obligation.
We process personal data based on our legitimate interest in the context of developing, selling, marketing, delivering and providing our products and services, to maintain business relationship with our customers, and to organize and manage customer events.
To ensure that a significant and pertinent relationship exists between Nokian Tyres and a customer, and to demonstrate that our legitimate interest does not cause any significant intrusion of our customers’ privacy, or any other undue impact on interests and rights, we assess the processing with balancing tests. More information on the balancing test can be requested by contacting email@example.com.
Personal Data Transfers
As a global company, Nokian Tyres uses subcontractors and service providers to operate our business efficiently. For example, we use subcontractors to carry out campaigns and direct marketing or service providers for payment and billing management.
The processing of personal data in relation to our subcontractors is always commissioned by Nokian Tyres and the other parties will act only on our behalf as personal data processors. Such processing is always protected with contractual arrangements to ensure that our service providers and partners process our customers’ personal data in accordance with the laws and good data processing practices.
In a case our subcontractor or service providers is located outside the European Union (EU) or the European Economic Area (EEA) we ensure the adequate level of protection of our customers’ personal data with appropriate safeguards by using standard contractual model clauses approved by the European Commission.
Where our subcontractor or service provider is located in the United States, we guarantee that the service provider we use ensures adequate level of data protection contractually, or by relying on the Privacy Shield agreement between the EU and the United States.
Personal Data Disclosures
We only disclose personal data that is strictly necessary for complying with the statutory requirement. Example, when we give assistance in investigations of accidents, we need to disclose relevant information to support the investigative authorities.
We might disclose personal data to other companies within Nokian Tyres group. This usually happens for the purposes of customer service, customer relationship management and marketing.
In a case we sell, merge or otherwise re-arrange our business operations or assets, we need to disclose personal data to purchaser or prospective seller or buyer of such business or assets in compliance with applicable laws. In such a case we process personal data based on our legitimate interest to ensure our business continuity. In case a customer objects to such processing, the purchaser of our business may not be able to provide services anymore.
We use technical and organisational measures to ensure the security of personal data from loss, misuse or other similar unlawful access. Such methods include the use of firewalls, encryption technologies and safe server premises. Access to personal data is limited on “need-to-know” basis and controlled by system access rights, as well as through granting and controlling access rights.
In the event of a personal data breach, we will notify local supervisory authorities and everyone whose personal data may have been endangered in accordance with applicable legislation.
As a responsible company we want to be open and transparent on the processing of our customers’ personal data. This means we give our customers the opportunity to control the processing of personal data.
Right of Access. Customers have the right to receive a confirmation whether we are processing their personal data, what personal data we process about them and to receive a copy of their personal data.
Right to Rectification. In case personal data of our customers is inaccurate or incomplete, customers have the right to request rectification or completion of their data.
Right to Restrict Processing. Customers have the right to request restriction by contesting the accuracy of their personal data. In such a situation, the processing activities are restricted for the period of time taken to verify the accuracy of personal data.
Right to Object. Customers have the right to object to the processing of their personal data. Our customers have the right to object the processing of their personal data for the purposes of direct marketing at any time.
Right to be Forgotten. Customers have the right to request their personal data to be erased. In some cases, there may still be an overriding purpose for processing and retaining personal data e.g. in order to fulfil legal obligations or for the warranty needs.
Right to Data Portability. Customers have the right to request their personal data in machine-readable format in situations where we process personal data based on contract or consent. This only applies to personal data customers have provided us with.
Right to Withdraw a Consent. Customers have the right to withdraw their consent at any time. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.
If customers consider that the processing of personal data infringes their rights, customers may contact the supervisory authority and lodge a complaint about our processing of personal data.
Any questions or requests regarding above mentioned rights can be sent via email to firstname.lastname@example.org.
Personal data is retained as long as is necessary for the purpose they were collected for, or until we receive a request for erasure – unless we have a legal obligation to retain it for a longer period. The retention period of personal data is determined by the following criteria:
Any questions regarding retention periods of our customers’ personal data can be sent via email to email@example.com.
We are continuously developing our services and this privacy statement is subject to changes. Changes may also be based on changes in legislation. We recommend our customers to visit this privacy statement in regular basis in order to keep track of possible changes.