Including the Social Media and Analytic Tools
Name and Contact Data of the Processing Controller and of the Works Data Protection Officer
This data protection information applies to the data processing by
Controller: Johannes Kinnunen
Tel.: +358 41 533 6211
The works data protection officer for Provinssi is Johannes Kinnunen and can be reached at the address Vaasantie 11, Seinäjoki or else under firstname.lastname@example.org
Collection and Storage of Personal Data and the Nature and Purpose of its Use
a) During a Visit to the Website
On calling up our website www.provinssi.fi information is automatically sent to the server of our website by the browser used by your terminal device. This information is temporarily stored in a so-called log file. The following information is thereby recorded without your involvement and is stored until its deletion:
the IP address of the visiting computer
the date and time of access
the name and URL of the file called up
the website from which the access took place (referrer URL)
the browser used and, sometimes, the operating system of your computer and the name of your access provider.
The data mentioned is processed by us for the following purposes:
to ensure comfortable use of our website
for evaluation of the system’s security and stability
for further administrative purposes.
The legal basis for the data processing is provided by article 6, paragraph 1, sentence 1, letters a and b of the General Data Protection Regulation (GDPR). Our legitimate interest arises from the above-listed purposes for data collection. On no account do we use the data collected for purposes of drawing inferences to your person.
In addition to this, during visits to our website we employ cookies and analytic services. More detailed explanations on this can be found under points 4 and 5 of this data-protection statement.
On Registering for our Newsletter
If, in keeping with article 6, paragraph 1, sentence 1, letter a. of GDPR you have explicitly consented to this, we will make use of your e-mail address for purposes of regularly sending you our newsletter. For receipt of the newsletter disclosure of an e-mail address is sufficient.
Cancellation is possible at any time, e.g. via a link at the end of each newsletter. Alternatively, you can send your cancellation by e-mail to email@example.com at any time.
On Using Our Contact Form
With enquiries of whatever sort we offer you the possibility of contacting us via a form provided on the website. Here the disclosure of a valid e-mail address is necessary, so that we know where the enquiry came from and are able to send a reply. Further disclosures can be made voluntarily.
The data processing for purposes of establishing contact with us is undertaken in keeping with article 6, paragraph 1, sentence 1, letter a of GDPR on the basis of your willingly given consent.
The personal or person-specific data collected by us for use of the contact form is deleted after conclusion of the enquiry made by you.
Passing On of Data
No transfer of your personal data to a third party for purposes other than those listed below takes place.
We only give your personal data to a third party if
you have consented to this, in keeping with article 6, paragraph 1, sentence 1, letter a and/or letter b of GDPR, for fulfilment of contractual relationships and/or if this is for necessary implementation of pre-contractual measures and there are no reasons to believe that you might have a predominant legitimate interest in the non-transfer of your data,
a statutory obligation exists for the transfer, in keeping with article 6, paragraph 1, sentence 1, letter c of GDPR, and
this is legally permissible, and in keeping with article 6, paragraph 1, sentence 1, letter b of GDPR, is necessary for the processing of contractual relationships with you.
Information that in each case has to do with the specific terminal device deployed is stored in the cookie. This does not mean, however, that we thereby have direct knowledge of your identity.
In addition to this, we also make use of temporary cookies, which are stored on your terminal device for a certain fixed period and serve to optimize user-friendliness. When you visit our site again in order to make use of our services it is automatically recognized that you have previously visited us and which input and settings you made use of, i.e. you need not enter these again.
We also employ cookies to statistically record and evaluate the use made of our website and for purposes of optimizing of our offer for you (see point 5). These cookies make it possible for us to automatically recognize, on a renewed visit to our site, that you have previously visited us. These cookies are automatically deleted, in each case, after a stipulated period.
The data processed by cookies is necessary for the specified purposes and for safeguarding our legitimate interests and those of third parties, in keeping with article 6, paragraph 1, sentence 1, letter b of GDPR.
Most browsers automatically accept cookies.
You can, however, configure your browser such that no cookies are stored on your computer, or that an indication is always given before a new cookie is deployed. The full deactivation of cookies can, however, result in your being unable to make use of all of the functions of our website.
The tracking measures listed below and deployed by us are implemented on the basis of article 6, paragraph 1, sentence 1, letter b of GDPR. With the tracking measures used we want to ensure a needs-oriented design and the progressive optimization of our website. We also employ tracking measures to statistically record and evaluate the use made of our website, and for purposes of optimizing of our offer for you. These interests are to be seen as legitimate in the sense of the above-mentioned regulation.
Explanations of the respective purposes of the data processing, as well as data categories, can be found in the corresponding tracking tools.
For purposes of a needs-oriented design and continuous optimization of our pages we use Google Analytics, a web-analysis service of Google Inc. (https://www.google.de/inrl/de/about) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). In this connection, pseudonymized user profiles are created and cookies (see under point 4) are used. The information created by the cookie on your use of this website, such as
browser type/version operating system used referrer URL (the site previously visited) host name of the accessing computer (IP address) time of server enquiry
is transferred to a Google server in the USA and is stored there. The information is utilized to evaluate the use made of the website, to compile reports on the website activities and to produce further services associated with the use made of the website and of the Internet, for purposes of market research and needs-oriented design of these Internet pages. Where appropriate, this information is also passed on to third parties, provided this is legally prescribed, or to the extent that third parties process this data on commission. On no account will your IP address be used in connection with other Google data. The IP addresses are anonymized so that allocation is not possible (IP masking).
You can prevent the installation of the cookies by adjusting the browser-software settings appropriately. In this case, however, we draw your attention to the fact that not all of the functions of this website may then be fully available.
You can also prevent the recording of the data generated by the cookie and relating to your use of the website (incl. your IP address) and the processing of this data by Google in that you download and install the browser add-on (https://tools.google.com/dlpage/gaoptot?hl=de).
As an alternative to the browser add-on, particularly in cases of browsers on mobile terminal devices, you can also prevent recording by Google Analytics in your settings. This sets an opt-out cookie that prevents future recording of your data during your visit to this website: The opt-out cookie applies only in this browser and only for our website. It is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
You can find further information on data protection in connection with Google Analytics in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=de).
Google Adwords Conversion Tracking and Remarketing
In order to statistically assess the use made of our website and for purposes of optimizing its evaluation of your data, we also make use of Google Conversion Tracking. In this connection, a cookie (see point 4) is placed on your computer by Google Adwords, provided you reached our website via a Google advertisement.
These cookies lose their validity after 30 days and do not serve the purpose of personal identification. If the user visits certain pages of the website of the Adwords customer and the cookie has still not expired, Google and the customer can see that the user clicked the advertisement and was forwarded to this page.
Each Adwords customer receives a different cookie. Cookies cannot thereby be subsequently tracked over the web pages of Adwords customers. The information collected by conversion cookies serves in the creation of conversion statistics for Adwords customers that have opted for conversion tracking. The Adwords customers are told the total number of users who have clicked their advertisement and have been forwarded to a page containing a Conversion Tracking tag. No information is contained, however, which allows users to be personally identified.
If you do not want to participate in the tracking procedure, you can also refuse the placement of the cookie necessary for this procedure – by changing the browser settings, for example, to generally deactivate the automatic employment of cookies. You can also deactivate cookies for conversion tracking in that you change the settings of your browser so that cookies from the domain www.googleadservices.com are blocked. You can find Google’s data-protection information on conversion tracking here (https://services.google.com/sitestats/de.html).
For further details on data processing by Google Adwords we refer you to the corresponding data-protection statements:
· Google Adwords: https://policies.google.com/privacy?hl=en&gl=uk
In connection with the use of Google Adwords, your personal data is transferred to the USA. In the case of the USA, the EU Commission has not decided that an appropriate or adequate level of protection of personal data in the sense of GDPR exists; such an adequacy decision (article 45 of GDPR) does not exist. Google LLC. is nevertheless subject to the EU-U.S. Privacy Shield. Adequate protection of your personal data is thereby ensured. You can call up the complete text of the US Privacy Shield Framework using the following link:
We make use of Google Adwords for our website. Google AdWords is an online advertising program from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In this connection we make use of the remarketing function. This allows us, with the help of cookies, to present advertisements to the users of our website that appeal to their interests. To this end the interaction of the user with our website is analyzed, e.g. to determine which offers interested him or her, which allows us to also show the user, after the end of the visit to our website, target-oriented advertising on other pages. The cookies deployed serve to clearly identify a web browser on a specific computer and not to identify a person; personal data is not stored. You can deactivate the cookies used by Google by following the subsequent link and downloading and installing the plug-in available there: https://www.google.com/settings/ads/plugin.
You can find more detailed information on Google remarketing, as well as Google’s data-protection statement, under: http://www.google.com/privacy/ads/.
We furthermore make use of the Google AdWords service in the context of so-called conversion tracking. When you click an advertisement inserted by Google, a cookie for conversion tracking is placed on your terminal device. These cookies lose their validity after 30 days, do not hold any personal data, and therefore do not serve the purpose of personal identification. The information collected by conversion cookies serves in the creation of conversion statistics for Adwords customers that have opted for conversion tracking.
You can prevent the storage of the cookies by adjusting your browser-software settings appropriately. In this case, however, we draw your attention to the fact that you may not then be fully able to use all of the functions of this website. Moreover, in your browser you can deactivate interest-related advertisements on Google, as well as interest-related Google advertisements in the web (within the Google display network), in that you activate, under http://www.google.de/settings/ads, the icon Off “Aus”, or in that you deactivate under http://www.aboutads.info/choices/. Further information on your setting options, in this connection, and on data protection at Google can be found under https://www.google.de/intl/de/policies/privacy/?fg=1.
d) Facebook Pixel
When you visit our web pages, we observe and document your user behaviour so that, on the basis of this data, we can make individual recommendations for you on our web pages. To this end we process the following personal data:
· IP address
· UU ID
· WEB ID
· device fingerprints
· browser fingerprints
· cookies (add reference to cookies)
· Geo IP location
We process your personal data for reasons constituting our legitimate interest in making product recommendations and
carrying out marketing measures, on the basis of article 6, paragraph 1, sentence 1, letter f of GDPR.
For the processing we make use of Facebook Pixel. Here we make use of the standard functions only. For further details on data processing by Facebook Pixel we refer you to the corresponding data-protection statements:
· Facebook Pixel: https://www.facebook.com/privacy/explanation
In connection with the use of Facebook Pixel, transfer of your personal data to the USA takes place. In the case of the USA, the EU Commission has not decided that an appropriate or adequate level of protection of personal data in the sense of GDPR exists; such an adequacy decision (Art. 45 GDPR) does not exist. Facebook, Inc. is nevertheless subject to the EU-U.S. Privacy Shield. Adequate protection of your personal data is thereby ensured. You can call up the complete text of the US Privacy Shield Framework using the following link:
e) Facebook Custom Audiences
(1) The website also uses the remarketing function “Custom Audiences” from Facebook Inc. (“Facebook”). With this, in the context of a visit to the social network Facebook or to other websites also using this procedure, users of the website can be shown interest-related advertisements (“Facebook ads”). We thereby pursue the intention of showing you advertising that is interesting to you, thereby also making our website more interesting for you.
(2) Due to the marketing tools deployed, your browser automatically makes a direct connection to the Facebook server. We have no influence on the extent and the further utilization of the data collected by Facebook through the use of this tool and can therefore only inform you about what we do know. Through the integration of Facebook Custom Audiences, Facebook receives the information that you have called up on the corresponding web pages of our Internet presentation, or learns that you have clicked an advertisement shown by us. If you are registered by the Facebook service, Facebook can assign the visit to your account. Even if you are not registered by Facebook, or have not logged on, there is the possibility that the provider can discover and store your IP address and further identifying characteristics.
(3) Deactivation of the function “Facebook Custom Audiences” is possible here and for logged-on users under https://www.facebook.com/settings/?tab=ads#_
The legal basis for the processing of your data is article 6, paragraph 1, sentence 1, letter f of GDPR. You can find further information on data processing by Facebook under https://www.facebook.com/about/privacy
Social Media Plug-Ins
On our website we make use, on the basis of article 6, paragraph 1, sentence 1, letter b of GDPR, of social plug-ins from the social networks Facebook, Twitter and Instagram, as a means of making our business better known. The underlying advertising purpose is to be seen as a legitimate interest in the sense of GDPR. The responsibility for operation in conformity with data protection belongs to their respective providers. The integration of these plug-ins by us is undertaken by way of the so-called two-click method, as a means of protecting visitors to our website as far as possible.
Social media plug-ins from Facebook are used on our website, as a means of making their use more personal. For this we use “LIKE” or “SHARE” buttons. This is an OFFER FROM Facebook:
If you call up a page of our web appearance that contains such a plug-in, your browser links directly to the servers of Facebook. The content of the plug-in is transmitted directly from Facebook to your browser and is integrated by this in the website.
Due to the integration of the plug-ins Facebook receives the information that your browser has called up the corresponding page in our web presentation, even if you have no Facebook account or are not logged-in to Facebook at the time. This information (including your IP address) is transferred by your browser directly to a Facebook server in the USA and is stored there.
If you are logged-in to Facebook, Facebook can assign the visit to our website directly to your Facebook account. If you interact with the plug-in, for example if you click the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and is stored there. The information is also published on Facebook and is shown to your Facebook friends.
Facebook can use this information for purposes of advertising, market research and needs-oriented design of the Facebook pages. To this end usage, interest and relationship profiles are created by Facebook, e.g. as a means of evaluating your use of our website in terms of the advertisements slotted in for you by Facebook, to inform other Facebook users about your activities on our website and to provide further services associated with the use of Facebook.
If you don’t want Facebook to assign the data gathered on you, via our web presentation, to your Facebook account, you must leave Facebook by logging off, before your visit to our website.
For more on the purpose and extent of the data acquisition, and further processing and utilization of the data by Facebook, and your rights in this connection, and the setting options for protection of your private sphere, please refer to the data-protection information provided by Facebook (https://www.facebook.com/about/privacy/).
Our Internet pages integrate plug-ins of the short-message network of Twitter Inc. (Twitter). You can recognize the Twitter plug-ins (tweet button) by the Twitter logo on our page. An overview of the tweet buttons can be found here (https://about.twitter.com/resources/buttons).
If you call up a page on our website that contains such a plug-in, a direct link between your browser and the Twitter server is made. Twitter is thereby informed that you, with your IP address, have visited our pages. If you click Twitter’s “tweet button” while you are logged on to your Twitter account, you can link the contents of our pages to your Twitter profile. Twitter can thereby assign the visit to our pages to your user account. We draw attention in this connection to the fact that we, as the provider of the pages, receive no information as to the content of the data transferred or as to the use made of it by Twitter.
If you do not want Twitter to be able to assign the visit to our pages, please log off your Twitter user account.
Further information relating to this topic can be found in the data-protection statement made by Twitter (http://twitter.com/privacy).
On our website the social media plug-in from Instagram is also used, this being operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).
The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”.
If you call up a page on our website that contains such a plug-in, your browser creates a direct link to the servers of Instagram. The content of the plug-in is transmitted directly from Instagram to your browser and is integrated in the page. Due to this integration Instagram receives the information that your browser has called up the corresponding page in our web presentation, even if you have no Instagram profile or are not logged-on to Instagram at the time.
This information (including your IP address) is transferred by your browser directly to an Instagram server in the USA and is stored there. If you are logged-on to Instagram, Instagram can assign the visit to our website directly to your Instagram account. If you interact with the plug-in, for example if you click the “Instagram” button, this information is also transmitted directly to an Instagram server and is stored there.
The information is also published in your Instagram account and is shown there to your contacts.
If you don’t want Instagram to assign the data gathered on you via our web presentation directly to your Instagram account, you must leave Instagram by logging-off before your visit to our website.
You can find further information on this in the Instagram data-protection statement (https://help.instagram.com/155833707900388).
aa) We have integrated YouTube videos in our online offer, these being stored on http://www.YouTube.com and directly playable from our website. They are all integrated in “extended data-protection mode”, i.e. no data on you as the user is transferred to YouTube, if you do not play the videos. Only if you play the videos is the data itemized in paragraph 2 transferred. We have no influence on this data transfer.
bb) From the visit to the website YouTube receives the information that you have called-up the corresponding sub-page of our website. Furthermore, the data itemized under point 2 a of this statement is transferred. This occurs regardless of whether YouTube makes a user account available, via which you are logged on, or whether no user account exists. If you have logged on with Google, your data will be directly assigned to your account. If you do not want the assignment to your profile with YouTube, you must log off before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or needs-oriented design of its websites. Such evaluation is undertaken (even for non-logged-on users) particularly for provision of requirement-specific advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, although you must contact YouTube in order to exercise this right.
cc) You can obtain further information on the purpose and extent of the data acquisition and its processing by YouTube in the data-protection statement. There you can also obtain further information on your rights and setting options to protect your private sphere: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in den USA and is subject to the EU-US-Privacy-Shield (https://www.privacyshield.gov/EU-US-Framework).
7) Mobile Apps
a) In addition to our online offer we can offer you a mobile app that you can download to your mobile terminal device. In what follows we provide information on the collection of personal data when using our mobile app. Personal data is data that relates to you personally, e.g. name, address, e-mail addresses, user behaviour.
b) Controllers, in accordance with article 4, paragraph 7 of the EU General Data Protection Regulation (GDPR) are named at the beginning of this data-protection statement, under point 1. These are also responsible for the mobile apps.
c) If, for individual functions of our offer, we have to rely on commissioned service companies, or if we would like to use your data for advertising purposes, we will inform you below in detail about the respective procedures. We will also thereby indicate the fixed criteria for the storage period.
d) On downloading the mobile app the necessary information is transferred to the app store, in particular the user name, the e-mail address and the customer number of your account, the time of the download, payment information and the individual device identifying number. We have no influence on this data collection and are not responsible for it. We process the data only to the extent that this is necessary for the downloading of the mobile app to your mobile terminal device.
e) When you use the mobile app we collect the personal data described below, in order to make using the functions more comfortable. When you decide to use our mobile app, we collect the following data that for us is technically necessary to be able to offer you the functions of our mobile app and to guarantee stability and security. The legal basis is article 6, paragraph 1, sentence 1, letter f of GDPR.
– IP Address
– Date and Time of Access
– Time-Zone Difference to Greenwich Mean Time (GMT)
– Content of Enquiry (specific page)
– Access Status / HTTP Status Code
– Data Quantity Transferred in Each Case
– Website From Which the Enquiry Comes
– Operating System and Its Surface
– Language and Version of the Browser Software.
f) We furthermore process your device identification, the explicit number of the terminal device (IMEI = International Mobile Equipment Identity), the explicit number of the network user (IMSI = International Mobile Subscriber Identity), the mobile-telephone number (MSISDN = Mobile Station Integrated Services Digital Network), the MAC address for WLAN utilization, the name of your mobile terminal device, and the e-mail address.
g) The mobile app employs no cookies.
8) Rights of Persons Affected
You have the right:
in accordance with article 15 of GDPR, to demand information on your personal data processed by us. In particular, you can demand information on the purposes of the processing, the category of the personal data, the categories of recipients with respect to whom your data has been or will be disclosed, the planned period of storage, the existence of a right to correction, deletion, limitation of the processing or objection to it, the existence of a right of objection, the origins of your data, if this has not been collected by us, and about the existence of an automated decision-making process including profiling and, where applicable, meaningful information on the related details;
in accordance with article 16 of GDPR, to demand the immediate correction of incorrect data, or to have any incomplete personal data of yours stored by us, completed;
in accordance with article 17 of GDPR, to demand the deletion of your personal data stored by us, provided the processing is not necessary for the exercising of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons that are in the public interest, or for assertion, exercising or defence of legal entitlements;
in accordance with article 18 of GDPR, to demand limitations on the processing of your personal data, if the correctness of the data is contested by you, if the processing is unlawful but you reject the deletion of the data and we no longer require it, though you need it for assertion, exercising or defence of legal entitlements, or if you have protested against its processing, in accordance with article 21 of GDPR;
in accordance with article 20 of GDPR, to demand to be sent personal data of yours, that you have provided us with, in a structured, standard and machine-readable format, or to demand its transfer to another controller.
in accordance with article 7, paragraph 3 of GDPR, to revoke your previously given consent, with respect to us, at any time. This has the consequence that, from then on, we will no longer be entitled to undertake data processing dependent on this consent;
in accordance with article 77 of GDPR, to lodge a complaint with a supervisory authority. As a rule you can choose, for this purpose, the supervisory authority at your customary place of residence or workplace, or that at the place of registered address of our business.
Right of Objection
If your personal data is processed, on the basis of legitimate interests, in accordance with article 6, paragraph 1, sentence 1, letter f of GDPR, you have the right, in accordance with article 21 of GDPR, to protest against the processing of your personal data, provided there are reasons for doing so that arise from your special situation, or the objection is aimed at direct advertising. In the latter case you have a general right of objection that will be implemented by us without the need for details referring to a special situation.
If you wish to make use of your right of revocation or your right of objection, it is sufficient to send an e-mail to: firstname.lastname@example.org
During the visit to the website we make use of the much used SSL (secure socket layer) procedure in conjunction with the respective highest encryption level that is supported by your browser. This is normally a 256-bit encryption. If your browser does not support a 256-bit encryption, we resort instead to 128-bit v3 technology. You can see whether a single page of our Internet presentation can be transferred encrypted from the closed depiction of the key or lock symbol in the lower status bar of your browser.
We otherwise make use of appropriate technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.
Current Validity of and Amendments to this Data-Protection Statement
This data-protection statement is valid for now.
Due to the further development of our website and the offers presented in it, or due to changes in statutory or official specifications, it may prove necessary to alter this data-protection statement. The respective, current data-protection statement can be called up by you on the website, under https://www.provinssi.fi/rekisteriseloste, at any time.
12) Supervisory authority data protection
Visiting address: Ratapihantie 9, 6th floor, 00520 Helsinki
Postal address: PL 800, 00521 Helsinki
Tel: +358 29 566 6700