Privacy Statements

This Privacy Statement describes how Nokian Tyres in the context of its business process the personal data of consumers and corporate business contacts (“customer”). Protection of customer’s privacy is important to us. Nokian Tyres is committed to processing personal data transparently and in compliance with applicable data protection laws. 

CONTROLLER AND CONTACT INFORMATION 

Nokian Tyres plc is the controller of our customers’ personal data. Any questions regarding our customers’ privacy can be directed to us: 

Nokian Tyres plc 
Privacy 
Pirkkalaistie 7 
37100, Nokia, FINLAND 
[email protected] 

PURPOSES OF PROCESSING, CATEGORIES OF PERSONAL DATA & LEGAL BASIS 

CUSTOMER – CORPORATE BUSINESS CONTACT 

Personal data is primarily obtained in situations where a corporate customer has acquired products or services from Nokian Tyres or when a corporate business contact has registered into our digital services. Personal data is processed for the following purposes:  

• To deliver products and services for our corporate customers.   

Personal data processed for this purpose includes contact information, billing information and other information that customer or employee of a customer has provided us during the provision of our products. 

• To maintain business relationship with our corporate customers in context of customer service and communication, managing customer meetings and leads.  

Personal data processed for this purpose includes information related to customer service such as contact information, information submitted via surveys and feedback forms, information about participation to events and campaigns, newsletter subscriptions or other data provided to us in the context of customer service requests. Phone calls to customer service are recorded in order to ensure the quality of customer service.  

• To develop our products and services in context of customer surveys and reviews, and website analytics.  

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers, data related to our customers online activity and preferences, and data that might be inferred. Usually, the personal data will be aggregated, or other ways anonymised for compiling statistics and reports for business and product development. More information about our practice regarding cookies is available here.  

• To sell and market our products and services such as online and postal advertisement. 

Personal data processed for this purpose includes contact information, behavioural information, terminal equipment identifiers, online identifiers and purchase information. Collected personal data is further processed in order to create target audiences and offer targeted content. Targeted content is always based on segments or audiences and not on our customers individual behaviour.  

• To provide Nokian Tyres Dealer Services for our corporate customers. 

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers and information related to identity management such as authorization information.  

• To organize and manage customer events such as trade fairs and Nokian Tyres product launches.  

Personal data processed for this purpose includes contact information and travel and accommodation information.  

• Fulfilling statutory obligations and any other official rules and regulations 

Personal data processed for this purpose includes any information relevant regarding a statutory requirement.  

Legal basis for processing our corporate customer’s personal data is always one of the following:  

• Consent 

With regards to newsletter subscription, we process personal data only if a customer has given consent for it. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

• Contract 

We process our corporate customer’s personal data on a contractual basis when providing our Marketing Toolbox -service.  

• Legal Obligation 

In relation to fulfilling our statutory obligations the legal basis of processing is our legal obligation.  

• Legitimate interest 

We process personal data based on our legitimate interest in the context of developing, selling, marketing, delivering and providing our products and services, to maintain business relationship with our customers, and to organize and manage customer events. 

To ensure that a significant and pertinent relationship exists between Nokian Tyres and a customer, and to demonstrate that our legitimate interest does not cause any significant intrusion of our customers’ privacy, or any other undue impact on interests and rights, we assess the processing with balancing tests. More information on the balancing test can be requested by contacting [email protected]. 

PURPOSES OF PROCESSING, TYPES OF PERSONAL DATA & LEGAL BASIS 

CONSUMER CUSTOMER 

Personal data is primarily obtained during the sign-up for our services, when ordering our publications such as newsletters, or in connection with our surveys and competitions. In addition, personal data may also be obtained and derived from service use. We process personal data for the following purposes:  

• To deliver newsletter and other publications to recipients who have subscribed to receiving these. 

Personal data processed for this purpose includes contact information such as contact information, terminal equipment identifiers and behavioural information.   

• To provide customer service for our consumer customers 

Personal data processed for this purpose includes information related to customer service such as contact information, information submitted via feedback forms or other data provided to us in the context of customer service requests. Phone calls to customer service are recorded in order to ensure the quality of customer service.  

• To market and advertise our products and services such as online and postal advertisement.   

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers, behavioural data, data related to our customers online activity and preferences, and data that might be inferred from other data we collect. Collected personal data is further processed in order to create target audiences and offer targeted content. Targeted content is always based on segments or audiences and not on our consumer customers’ individual behaviour. More information about our practice regarding cookies is available here.  

• To offer our services such as Aramid guarantee or Nokian Tyres’ Satisfaction Promise.  

Personal data processed for this purpose includes contact information, vehicle and tire information and purchase information.  

• To organize competitions and draws for our consumer customers. 

Personal data processed for this purpose includes contact information and possible competition specific information. 

• To develop our products and services based on our customers feedback, product reviews and online activity. 

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers, behavioural data, customer feedback and product reviews. More information about our practice regarding cookies is available here.  

• Fulfilling statutory obligations and any other official rules and regulations 

Personal data processed for this purpose includes any information relevant regarding a given statutory requirement.  

Legal basis for processing our consumer customer’s personal data is always one of the following:  

• Consent 

With regards to newsletter subscription, we process personal data only if a customer has given consent for it. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

• Contract 

Legal basis for processing is contract when we process personal data for the purpose of organizing competitions or draws, or with regards to product guarantees where processing is necessary for a contractual relationship and enforcing the service contract.   

• Legal Obligation 

In relation to fulfilling our statutory obligations the legal basis of processing is our legal obligation.  

• Legitimate interest 

We process personal data based on our legitimate interest to develop our products and services, to provide customer service, and to market and advertise our products and services.  

To demonstrate that our legitimate interest does not cause any significant intrusion into our customer’s privacy, or any other undue impact on interests and rights, we assess the processing with balancing tests. More information on the balancing test can be requested by contacting [email protected].  

PERSONAL DATA TRANSFERS AND DISCLOSURES 

Personal Data Transfers 

As a global company, Nokian Tyres uses subcontractors and service providers to operate our business efficiently. For example, we use subcontractors to carry out campaigns and direct marketing or service providers for payment and billing management.  

The processing of personal data in relation to our subcontractors is always commissioned by Nokian Tyres and the other parties will act only on our behalf as personal data processors. Such processing is always protected with contractual arrangements to ensure that our service providers and partners process our customers’ personal data in accordance with the laws and good data processing practices.  

In a case our subcontractor or service providers is located outside the European Union (EU) or the European Economic Area (EEA) we ensure the adequate level of protection of our customers’ personal data with appropriate safeguards by using standard contractual model clauses approved by the European Commission or another valid mechanism provided under applicable legislation.

Personal Data Disclosures  

We only disclose personal data that is strictly necessary for complying with the statutory requirement. Example, when we give assistance in investigations of accidents, we need to disclose relevant information to support the investigative authorities.  

We might disclose personal data to other companies within Nokian Tyres group. This usually happens for the purposes of customer service, customer relationship management and marketing.  

In a case we sell, merge or otherwise re-arrange our business operations or assets, we need to disclose personal data to purchaser or prospective seller or buyer of such business or assets in compliance with applicable laws. In such a case we process personal data based on our legitimate interest to ensure our business continuity. In case a customer objects to such processing, the purchaser of our business may not be able to provide services anymore.  

SECURITY OF PERSONAL DATA  

We use technical and organisational measures to ensure the security of personal data from loss, misuse or other similar unlawful access. Such methods include the use of firewalls, encryption technologies and safe server premises. Access to personal data is limited on “need-to-know” basis and controlled by system access rights, as well as through granting and controlling access rights.  

In the event of a personal data breach, we will notify local supervisory authorities and everyone whose personal data may have been endangered in accordance with applicable legislation.  

DATA SUBJECT RIGHTS  

As a responsible company we want to be open and transparent on the processing of our customers’ personal data. This means we give our customers the opportunity to control the processing of personal data.  

Right of Access. Customers have the right to receive a confirmation whether we are processing their personal data, what personal data we process about them and to receive a copy of their personal data.  

Right to Rectification. In case personal data of our customers is inaccurate or incomplete, customers have the right to request rectification or completion of their data.  

Right to Restrict Processing. Customers have the right to request restriction by contesting the accuracy of their personal data. In such a situation, the processing activities are restricted for the period of time taken to verify the accuracy of personal data.  

Right to Object. Customers have the right to object to the processing of their personal data. Our customers have the right to object the processing of their personal data for the purposes of direct marketing at any time.  

Right to be Forgotten. Customers have the right to request their personal data to be erased. In some cases, there may still be an overriding purpose for processing and retaining personal data e.g. in order to fulfil legal obligations or for the warranty needs.  

Right to Data Portability. Customers have the right to request their personal data in machine-readable format in situations where we process personal data based on contract or consent. This only applies to personal data customers have provided us with.  

Right to Withdraw a Consent. Customers have the right to withdraw their consent at any time. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

If customers consider that the processing of personal data infringes their rights, customers may contact the supervisory authority and lodge a complaint about our processing of personal data.  

Any questions or requests regarding above mentioned rights can be sent via email to [email protected].  

RETENTION PERIODS 

Personal data is retained as long as is necessary for the purpose they were collected for, or until we receive a request for erasure – unless we have a legal obligation to retain it for a longer period. The retention period of personal data is determined by the following criteria: 

• If a customer has a Dealer Service account with us, we will retain personal data while your account is active or for as long as needed to provide services to customer.  

• For guarantees and other product related programmes we need to retain personal data for the duration of the validity of the guarantee or programme in each specific case and in any case until any possible claims towards Nokian Tyres have expired. 
• For purposes of organizing competitions or draws, personal data will be retained until the competition has ended and all the following measures has been carried out. More information on retention periods is always provided in the competition terms. 
• When a customer has subscribed into receiving electronic direct marketing communications, we process personal data for those purposes as long as their subscription remains in force. In case a customer withdraws their consent, we will discontinue the processing of personal data and erase personal data if there is no other valid purpose for processing. 

Any questions regarding retention periods of our customers’ personal data can be sent via email to [email protected].  

REVISIONS TO THIS PRIVACY STATEMENT  

We are continuously developing our services and this privacy statement is subject to changes. Changes may also be based on changes in legislation. We recommend our customers to visit this privacy statement in regular basis in order to keep track of possible changes. 

This Privacy Statement describes how Vianor in the context of their business process the personal data of consumers and corporate business contacts (“customer”). Protection of customer’s privacy is important to us. Vianor is committed to processing personal data transparently and in compliance with applicable data protection laws.  

CONTROLLER AND CONTACT INFORMATION  

Vianor Oy is the controller of our customers personal data. Any questions regarding privacy can be directed to us:  

Vianor Oy  
c/o Nokian Tyres plc 
Privacy 
Pirkkalaistie 7 
37100, Nokia, Finland 
[email protected] 

PURPOSES OF PROCESSING, TYPES OF PERSONAL DATA & LEGAL BASIS 

CONSUMER CUSTOMER 

Personal data is primarily obtained in connection with providing our products and services, when consumer registers into our digital services, subscribes for our newsletters, or takes part in our surveys and competitions. In addition, personal data may also be obtained and derived from online service use. We process personal data for the following purposes:  

• To sell and deliver our services such as tyre hotel, car services and tire services. 

Personal data processed for this purpose includes contact information, information related to service, order information, vehicle and tire information, myVianor account information and online identifiers   

• To sell and deliver our products for consumers via online shop. 

Personal data processed for this purpose includes contact information, information related to service, order information, vehicle and tire information, myVianor account information and online identifiers.  

• To market our products and services for consumers. 

Personal data processed for this purpose includes contact information, terminal equipment information, online identifiers, behavioral information and other data that has been inferred or derived from other data we collect. Collected personal data is further processed in order to create target audiences and offer targeted content. Targeted content is always based on segments or audiences and not on our customers individual behavior. More information about our practice regarding cookies is available on our website.   

• To organize draws and competitions  

Customers’ contact information is processed for this purpose.  

• To provide customer service such as customer communication, and managing customer feedback and complaints 

Personal data processed for this purpose includes contact information, vehicle and tire information, order information, service information, customer feedback and complaints related information. Phone calls to customer service are recorded in order to ensure the quality of customer service.  

• To develop our products and services based on our customers feedback, product reviews and online activity. 

Personal data processed for this purpose includes contact information, vehicle and tire information, customer feedback, customer communication, online identifiers, terminal equipment information, behavioral information and other data that might be inferred. Usually, the personal data will be aggregated, or other ways anonymised for compiling statistics and reports for business and product development. More information about our practice regarding cookies is available on our website.  

• To provide and manage myVianor service 

Personal data processed for this purpose includes contact information and myVianor service-related information.  

• To fulfil statutory obligations and any other official rules and regulations 

Personal data processed for this purpose includes any information relevant regarding a statutory requirement.  

Legal basis for processing our consumer customer’s personal data is always one of the following:  

• Consent 

With regards to newsletter subscription, we process personal data only if a customer has given consent for it. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message. Legal basis for processing our customers’ personal data is consent also where it is processed for the purpose of organizing draws and competitions.  

• Contract 

We process our consumer customers’ personal data on contractual basis when we process it for the purposes of selling and delivering our services and products.  

• Legal Obligation 

In relation to fulfilling our statutory obligations the legal basis of processing is our legal obligation.  

• Legitimate Interest 

Legal basis for processing our consumer customer’s personal data is our legitimate interest to develop our products and services, to provide customer service, and to market our products and services. 

To ensure that a significant and pertinent relationship exists between Vianor and a customer, and to demonstrate that our legitimate interest does not cause any significant intrusion of our customers’ privacy, or any other undue impact on interests and rights, we assess the processing with balancing tests. More information on the balancing tests can be requested by contacting [email protected].  

PURPOSES OF PROCESSING, CATEGORIES OF PERSONAL DATA & LEGAL BASIS 

CUSTOMER – CORPORATE BUSINESS CONTACT  

Personal data is primarily obtained in situations where a corporate customer has acquired products or services from Vianor or when a corporate business contact has registered into our digital services. Personal data is processed for the following purposes  

• To sell and deliver our services 

Personal data processed for this purpose includes contact information, service information, vehicle and tire information, order information, online identifiers and eVianor account related information.  

• To sell and deliver our products 

Personal data processed for this purpose includes contact information, order information and eVianor account information.  

• To market our products and services for corporate customers. 

Customers’ contact information is processed for this purpose.  

• To organize and manage customer events and trade fairs 

Personal data processed for this purpose includes contact information, travel information and dietary information.  

• To provide customer service such as customer communication, and managing customer feedback and complaints 

Personal data processed for this purpose includes contact information, service information, vehicle and tire information and order information. Phone calls to customer service are recorded in order to ensure the quality of customer service.  

• To develop our products and services based on our customers feedback, product reviews and online activity. 

Personal data processed for this purpose includes contact information, vehicle and tire information, customer feedback, product reviews, online identifiers, behavioural information and other data that might be inferred. Usually, the personal data will be aggregated, or other ways anonymised for compiling statistics and reports for business and product development. More information about our practice regarding cookies is available on our website.  

• To manage Vianor partner program 

Personal data processed for this purpose includes contact information and partnership related information.  

• To fulfil statutory obligations and any other official rules and regulations 

Personal data processed for this purpose includes any information relevant regarding a statutory requirement.  

Legal basis for processing our corporate customer’s personal data is always one of the following:  

• Consent 

With regards to newsletter subscription, we process personal data only if a customer has given consent for it. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

• Legal Obligation 

In relation to fulfilling our statutory obligations the legal basis of processing is our legal obligation.  

• Legitimate Interest 

Legal basis for processing our corporate customer’s personal data is our legitimate interest to provide and develop our products and services, to provide customer service, to deliver, sell and market our products and services, and to organize and manage customer events and trade fairs.  

To ensure that a significant and pertinent relationship exists between Vianor and a customer, and to demonstrate that our legitimate interest does not cause any significant intrusion of our customers’ privacy, or any other undue impact on interests and rights, we assess the processing with balancing tests. More information on the balancing tests can be requested by contacting [email protected].  

PERSONAL DATA TRANSFERS AND DISCLOSURES  

Personal Data Transfers  

Vianor uses subcontractors and service providers to operate our business efficiently. For example, we use subcontractors to carry out campaigns and direct marketing or service providers for payment and billing management.  

The processing of personal data in relation to our subcontractors is always commissioned by us and the other parties will act only on our behalf as personal data processors. Such processing is protected with contractual arrangements to ensure that our service providers and partners process our customers’ personal data in accordance with the laws and good data processing practices.  

In a case our subcontractor or service provider is located outside the European Union (EU) or the European Economic Area (EEA) we ensure the adequate level of protection of our customers’ personal data with appropriate safeguards by using standard contractual model clauses approved by the European Commission or another valid mechanism provided under applicable legislation. 

Personal Data Disclosures  

We disclose personal data if it is strictly necessary for complying with the statutory requirement. Example, in vehicle inspections, we need to disclose relevant information to supervising authority.  

Personal data is disclosed when our services are provided in collaboration with our partners, such as in collaboration with a car leasing company.  

Vianor is part of Nokian Tyres Group and we occasionally disclose personal data to other companies within Nokian Tyres Group. This usually happens for the purposes of customer service, customer relationship management and marketing.  

In a case we sell, merge or otherwise re-arrange our business operations or assets, we need to disclose our customers’ personal data to a purchaser or a prospective seller or buyer of such business or assets in compliance with applicable laws. In such a case we process personal data based on our legitimate interest to ensure our business continuity. In case a customer objects to such processing, the purchaser of our business may not be able to provide services anymore.  

SECURITY OF PERSONAL DATA  

We use technical and organisational measures to ensure the security of personal data from loss, misuse or other similar unlawful access. Such methods include the use of firewalls, encryption technologies and safe server premises. Access to personal data is limited on “need-to-know” basis and controlled by system access rights, as well as through granting and controlling access rights.  

In the event of a personal data breach, we will notify local supervisory authorities and everyone whose personal data may have been endangered in accordance with applicable legislation.  

DATA SUBJECT RIGHTS  

As a responsible company we want to be open and transparent on the processing of our customers’ personal data. This means we give our customers the opportunity to control the processing of personal data.  

Right of Access. Customers have the right to receive a confirmation whether we are processing their personal data, what personal data we process about them and to receive a copy of their personal data.  

Right to Rectification. In case personal data of our customers is inaccurate or incomplete, customers have the right to request rectification or completion of their data.  

Right to Restrict Processing. Customers have the right to request restriction by contesting the accuracy of their personal data. In such a situation, the processing activities are restricted for the period of time taken to verify the accuracy of personal data.  

Right to Object. Customers have the right to object to the processing of their personal data. Our customers have the right to object the processing of their personal data for the purposes of direct marketing at any time.  

Right to be Forgotten. Customers have the right to request their personal data to be erased. In some cases, there may still be an overriding purpose for processing and retaining personal data e.g. in order to fulfil legal obligations or for the warranty needs.  

Right to Data Portability. Customers have the right to request their personal data in machine-readable format in situations where we process personal data based on contract or consent. This only applies to personal data customers have provided us with.  

Right to Withdraw a Consent. Customers have the right to withdraw their consent at any time. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

Any questions or requests regarding above mentioned rights can be sent via email to [email protected].  

If customers consider that the processing of personal data infringes their rights, customers may contact the supervisory authority and lodge a complaint about our processing of personal data.  

RETENTION PERIODS  

Personal data is retained as long as is necessary for the purpose they were collected for, or until we receive a request for erasure – unless we have a legal obligation to retain it for a longer period. The retention period of personal data is determined by the following criteria:  

• If a customer has an account with us, we will retain personal data while your account is active or for as long as needed to provide services to customer or as long as we are legally obligated.  
• For purposes of organizing competitions or draws, personal data will be retained until the competition has ended and all the following measures have been carried out. More information on retention periods is provided in the competition terms. 
• When a customer has subscribed into receiving marketing communications, we process personal data for those purposes as long as their subscription remains in force. In case a customer withdraws their consent, we will discontinue the processing of their data immediately. 

Any questions regarding retention times of our customers’ personal data can be sent via email to [email protected].  

REVISIONS TO THIS PRIVACY STATEMENT  

We are continuously developing our services and this privacy statement is subject to changes. Changes may also be based on changes in legislation. We recommend our customers to visit this privacy statement in regular basis in order to keep track of possible changes. 

INTRODUCTION

Nokian Tyres Oyj (“Nokian Tyres” or “we”) acts as the controller for personal data processed in connection with the INTUITU™ service (hereinafter “Intuitu”). We process personal data transparently and in accordance with applicable data protection laws. In this privacy statement, we explain how and for what purposes we process the personal data in connection with the Intuitu service.

The Intuitu service is an active tire condition monitoring system, which consists of a sensor system that is physically connected to the tire and an Intuitu application that presents tire data. The Intuitu service can be used in two ways. If a user has smart tires with sensors, they can register as a user of the Intuitu application, in which case tire data is automatically collected in the application from the tire sensors. The Intuitu service can also be used without a sensor mounted on the smart tire. In this case, the user can download the application and enter the information related to their tires into the application manually.

CONTROLLER AND CONTACT INFORMATION

PURPOSES OF PROCESSING & LEGAL BASIS

For the implementation and development of the Intuitu service, the personal data of both private and business customers (service user) are processed for the following purposes:

• To provide Intuitu service to customers

Nokian Tyres processes the personal data of Intuitu users in order to provide the Intuitu service. Personal data is used to analyze the condition and use of the tires of the vehicle registered on the service, to handle possible claims regarding Nokian Tyres' products and services, to communicate with customers and to personalize the user experience.

At the time of product registration, vehicle information is collected so that we can determine the correct tire settings during the registration phase and instruct on their optimal use. Vehicle data is also collected to provide additional benefits or services to the purchaser of our products. If the application is not connected to a smart tire, the application provides users with information about the products and related operating instructions.

With user´s consent, location data is processed in the background of the application for the purpose of technically enabling the Bluetooth connection between the sensor and the application. In addition, the speed of the vehicle is stored and processed to provide information about the safe use of tires to users.

• Development of the Intuitu service and other Nokian Tyres services

We utilize the data collected through the Intuitu service both in the implementation and further development of the Intuitu application and service, and more generally in the implementation of Nokian Tyres' product and service development, for example by combining personal data from different Nokian Tyres services.

• Marketing and advertising

We process user information related to the Intuitu service to market and advertise our products. Marketing and advertising is either traditional printed advertising, or electronic direct marketing for which we always ask a separate consent from the user. The Intuitu service includes simple profiling of users so that the tire data collected can be used to derive vehicle-specific and driver-specific analyses (tire use and driving behaviour) used to generate Intuitu hint texts and other announcements, user segmentation and ad targeting.

• Warranty issues

By registering tires on Nokian Tyres' Intuitu application, Nokian Tyres can offer its users an additional guarantee for the normal tire warranty, as well as a direct communication channel with Nokian Tyres. The additional warranty is valid under the warranty terms applicable in each case. In the event of warranty and claims, it can be verified on the basis of the data collected from the tires if the usage of tires has been in accordance with the instructions.

The legal basis for the processing of personal data is always one of the following:

• Contract

With regard to the providing the service, the processing of personal data is based on a service agreement between the registered user and Nokian Tyres. Verification of the use of the tire in accordance with the instructions in the warranty cases on the basis of the tires-related data collected in the application is based on the terms of use approved by the service user.

• Legitimate interest

The processing of personal data is based on the legitimate interest of Nokian Tyres when we develop or market our products, services or business and when we provide customer service.

With regard to advertising and marketing, user segmentation and the production of hint texts and announcements based on it are based on Nokian Tyres' legitimate interest in providing additional services that it deems useful to its customers.

We have assessed the processing of personal data based on our legitimate interests through balancing tests to ensure that there is a relevant and appropriate relationship between Nokian Tyres and the service user and to demonstrate that our legitimate interest does not significantly interfere with or override our users' privacy or rights.

• Consent

Location data is processed only with the consent of the service user. Location data is processed in the background of the application for the purpose of technically enabling the Bluetooth connection between the sensor and the application. Location data is not stored by the service. The speed of the vehicle is stored and processed to provide information about the safe use of tires to users. Users of the service may at any time revoke their consent to the processing of location data through the settings of operating system. If the user withdraws consent, the tires cannot be connected to the sensors.

With regards to electronic direct marketing, such as newsletters, we process personal data only if service user has given consent for it. Service users can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.

CATEGORIES OF PERSONAL DATAAND SOURCES TO BE PROCESSED

We collect data primarily through the Intuitu sensor solution, from the mobile device, and from the users of the service themselves. In addition, the system generates technical information to enable analysis. Data that can be linked to users is also derived from raw data using analytics.

In connection with the Intuitu service, we collect personal data from the following data sources:

• service users
• service measurement electronics (sensors attached to the tires)
• mobile application of the service
• mobile device (speed information, device model, device type)
• other registers of Nokian Tyres Group companies

The Intuitu application starts processing data after the application is activated and the user registers for the service. If a registered user adds a vehicle to the Intuitu service that includes tires with an Intuitu sensor, the data generated during the use of the service is automatically collected in the application by using a Bluetooth connection, provided that consent for location processing has been given by the user. The speed of the vehicle is stored and processed to provide information about the safe use of tires to users. The Intuitu application allows the user to view relevant information about the use of their tires derived from the data thus collected. The application periodically sends the collected data to the system's cloud service, where the application's information is stored.

The following categories of personal data are processed in connection with the Intuitu service:

• User information about Intuitu service registered users (name, login information, contact information, company contact information) and unregistered users (e-mail address, recipient of the invitation, sender of the invitation, status of the invitation). When the service is used as a member of a corporate customer company, the user data can be combined with both company data and data of other registered users of the same company. Service users in the same organization can see the names and email addresses of other service users of the organization. In addition, the Intuitu service can process the e-mail addresses of non-logged-in persons to send service activation invitations.
• Vehicle information, such as the vehicle model and the vehicle description and registration number provided by the service user. Each user of the service can be linked to at least one vehicle in the user account information of the application. If the service user does not have a smart tire with sensors, the serial number of the tires and their location in the vehicle can be manually entered into the application.
• Vehicle tire measurement results such as tire pressure, wear, temperature, and the exact time and place of the measurement. Tire measurement data can be linked to an individual service user using technical identifiers.
• The speed of the vehicle. With the user´s consent, the location information is processed in the background for the purpose of technically enabling the Bluetooth connection between the sensor and the application. In addition, the driving speed is stored. Real-time information about whether a vehicle is in active mode (vehicle is moving) is visible to all users that are members of a same organization. No history data regarding the vehicle status and no vehicle location data is disclosed to organizations’ users. By stopping the application from collecting data either by logging out from the application, or turning off Bluetooth, user can stop sharing the vehicle status to other users.
• Behavioral information, such as how often the application is used and for how long, and on what type of device the application is used. With the help of analytics, we create statistics and other aggregation-based reports on the usage habits of service users, from which an individual service user cannot be identified.
• Information for handling customer feedback and customer support requests , such as the customer's contact information for fulfilling the request and responding to the feedback, and the content of such request or feedback.
• Technical identifiers and other technical information that can be used to identify service users, tires, mobile devices and vehicles. Such information includes e.g. technical data for establishing connections (IP address and MAC address of the device) and technical data resulting from data modification, deletion and error situations.

Cookies

Nokian Tyres uses cookies and other standard automated data processing methods and tools on the Intuitu website and in newsletters. Cookies and technical features make it possible to monitor the effectiveness of online and other advertising, and some of them are necessary for the functionality of the website and/or the flexible usability of the service. Please find more information about our use of cookies from our www.nokiantyres.com/privacy-statement/

PERSONAL DATA TRANSFERS AND DISCLOSURES

Personal Data Transfers

As a global company, Nokian Tyres uses subcontractors and service providers to operate our business efficiently. We use partners, for example, in the technical maintenance and development of the Intuitu service. We use service providers also for commonly used support functions indirectly related to the Intuitu service, such as data and analytics services, and advertising and marketing services to perform certain tasks involving the processing of personal data on our behalf.

The processing of personal data in relation to our subcontractors is always commissioned by Nokian Tyres and the other parties will act only on our behalf as personal data processors. Such processing is always protected with contractual arrangements to ensure that our service providers and partners process our customers’ personal data in accordance with the laws and good data processing practices.

In case our subcontractor or service providers is located outside the European Union (EU) or the European Economic Area (EEA) we ensure the adequate level of protection of our customers’ personal data with appropriate safeguards by using standard contractual clauses approved by the European Commission or another valid mechanism provided under applicable legislation.

Personal data disclosures

We only disclose personal data that is strictly necessary for complying with the statutory requirement.

We disclose personal data to other companies within Nokian Tyres group. This usually happens for the purposes of customer relationship management and marketing.

In a case we sell, merge or otherwise re-arrange our business operations or assets, we need to disclose personal data to purchaser or prospective seller or buyer of such business or assets in compliance with applicable laws. In such a case, we process personal data based on our legitimate interest to ensure our business continuity. If the Nokia Tyres’ customer or Intuitu’s service user objects to such processing, the purchaser of our business may no longer be able to provide the services.

SECURITY OF PERSONAL DATA

We use technical and organisational measures to ensure the security of personal data from loss, misuse or other similar unlawful access. Such methods include the use of firewalls, encryption technologies and safe server premises. All employees handling personal information are committed to confidentiality. Access to personal data is limited on “need-to-know” basis and controlled by system access rights, as well as through granting and controlling access rights. We regularly train our employees to ensure that your personal data is processed lawfully and according to best practices.

In the event of a personal data breach, we will notify local supervisory authorities and everyone whose personal data may have been endangered in accordance with applicable legislation.

DATA SUBJECT RIGHTS

As a responsible company we want to be open and transparent on the processing of our customers’ personal data. This means we give our customers the opportunity to control the processing of personal data.

Right of Access. Users of the service have the right to receive a confirmation whether we are processing their personal data, what personal data we process about them and to receive a copy of their personal data.

Right to Rectification. In case personal data we process is incorrect or incomplete, the user of the service has the right to request the rectification or completion of the personal data.

Right to Restrict Processing. In certain situations, the service user has the right to request for a restriction on the processing of personal data. This may be the case, for example, if the data subject disputes the accuracy of his or her personal data. In such a situation, the processing activities are restricted for the period of time taken to verify the accuracy of personal data.

Right to Object. Users of the service have the right to object the processing of their personal data for the purposes of direct marketing at any time. The user of the service also has the right to object to the processing of personal data for reasons related to a specific personal situation when we process personal data on the basis of our legitimate interests.

Right to be Forgotten. Users of the service have the right to request for the deletion of their personal data. In some cases, there may still be an overriding purpose for processing and retaining personal data e.g. in order to fulfil legal obligations or for the warranty needs.

Right to Data Portability. Users of the service have the right to request their personal data in machine-readable format in situations where we process personal data based on contract or consent. This only applies to personal service users have provided us with.

Right to Withdraw a Consent. If the basis for processing personal data is consent, the service user has the right to withdraw the consent at any time. Consent to electronic direct marketing can be revoked by using “unsubscribe link” at the end of the received email message.

****

Please note that as a registered user, you can edit and delete your information directly in the application. You can also manage your consents in the application settings. Questions and requests regarding the rights of the data subject can be sent by e-mail to [email protected] .

If the data subject feels that his or her personal data are not being processed properly, he or she has the right to lodge a complaint with the supervisory authority. Up-to-date contact information and procedural instructions of the Data Protection Supervisor can be found on the Data Protection Supervisor's website https://tietosuoja.fi .

PERSONAL DATA RETENTION PERIODS

We have defined retention periods for personal data based on the processing purpose and applicable law. Unless otherwise required by law, Nokian Tyres will retain the personal data of Intuitu service users only for as long as is necessary to fulfill the purposes defined in this privacy statement:

• The identification data that can be linked to the user will be deleted or anonymised after the end of the customer relationship with the service and no later than five (5) years after the user’s last logged in to the service, unless required by applicable law to keep the user data longer. The customer relationship is considered terminated when the user submits a request to Nokia Tyres to delete their data.
• In connection with electronic direct marketing communications, we process personal data for as long as the consent given is valid. If the consent is revoked, we will suspend the processing of personal data for electronic direct marketing and delete the personal data if there is no other purpose for its processing.
• The Service does not contain any personal data of non-registered user, except for service activation invitations. Invitations are retained for 30 days.
• Vehicle data connected to the service will be erased after the service user removes the vehicle from the service. Where the user account belongs to an organization, vehicle data will be erased after the administrator user removes the vehicle from the service.

Any questions regarding retention periods of personal data can be sent via email to [email protected] .

REVISIONS TO THIS PRIVACY STATEMENT

We are constantly developing our services and this privacy statement is subject to changes. Changes may also be based on changes in legislation. We recommend our customers to visit this privacy statement on a regular basis in order to keep track of possible changes. Yet, if anything materially changes in our processing of personal information, we strive to openly notify customers of the changes. Information about material changes will be provided to registered users of the Intuitu service by e-mail to the address provided by the user to us upon registration or in the Intuitu application.

This Privacy Statement describes how Nokian Tyres processes personal data in the context of the whistleblowing process. Because personal data from various data subjects can be processed during the whistleblowing process, data subjects usually involve the person making a report (“the whistleblower”) and the person mentioned in a report (“the alleged wrongdoer”). Depending on the case under investigation, personal data of the investigator and witnesses can also be processed.

Protection of data subjects’ privacy is important to us. Nokian Tyres is committed to processing personal data transparently and in com­pliance with applicable da­ta pro­tec­tion laws.

Controller and Contact Information

Nokian Tyres plc is the controller of the personal data processed in the whistleblowing process. Any questions regarding our privacy practices can be directed to us:

Nokian Tyres plc 
Privacy 
Pirkkalaistie 7 
37100, Nokia, FINLAND 
[email protected]

Purposes of Processing & Legal Basis

Nokian Tyres whistleblowing process’s aim is to ensure the quality of Nokian Tyres governance system and to maintain trust towards Nokian Tyres group.  In addition, its objective is to encourage employees and other stakeholders to report any findings or suspicions of non-compliance with laws, Nokian Tyres’ business principles or other guidelines.

In connection to Nokian Tyres’ whistleblowing process, personal data is processed for the purposes of:

• preventing, identifying and   investigating   suspected   criminal   activity, internal   violations   and   other malpractices;
• preventing, identifying and investigating suspected activity, which is unethical or against Nokian Tyres’ Code of Conduct.

In the context of the whistleblowing process and an internal investigation, we will process your personal data based on the following legal grounds: 

• Legal basis for processing is our legitimate interest to monitor compliance with applicable laws and Nokian Tyres’ Code of Conduct and other guidelines. In this respect, we will always determine case by case whether our interests are not overridden by the interests, fundamental rights and freedoms of the data subjects involved. Also, the processing is necessary to comply with a legal obligation, given the fact that whistleblowing systems may be mandatory in some countries where Nokian Tyres operates.
• To the extent that the processing relates to special categories of personal data, the legal basis for such processing is that it is necessary for the purposes of carrying out the obligations and exercising the specific rights of Nokian Tyres in the field of employment and social security and social protection law, or that the processing is necessary for the establishment, exercise or defense of legal claims.

Sources & Categories of Personal Data

All whistleblowing investigations related to information received from the official whistleblowing channels are conducted or headed by Nokian Tyres’ internal audit unit. Initially personal data is primarily obtained through the official whistleblowing channels (via a specific whistleblowing e-mail address or via regular mailing address). Depending on the case under investigation, personal data is also obtained through the investigative measures.

In most cases the personal data processed in connection to the whistleblowing process includes: 

• Data received via whistleblowing notification such as name and contact details of the whistleblower (unless notification is made anonymously) and the alleged wrongdoer, and a description of the suspected misconduct. Due to the nature of the whistleblowing channel and varying case contexts, the received data can vary significantly on each case. Depending on the received notification, processed personal data can also include special categories of personal data.
• Data obtained through investigative measures such as employment information, physical safety related information (e.g. CCTV, access control information), information related to system administration and network security, records of working hours, witness testimonies and case relevant information from public registers or other public or internal information or information from internal systems used in conjunction with other information.

Personal Data Transfers and Disclosures 

Personal data transfers

As a global company, Nokian Tyres may use subcontractors and service providers to process whistleblowing investigations. The processing of personal data in relation to our subcontractors is always commissioned by Nokian Tyres and the other parties will act only on our behalf as personal data processors. Such processing is always protected with contractual arrangements to ensure that our service providers and partners process personal data in accordance with the laws and good data processing practices to maintain high integrity of the investigation.

In a case our subcontractor or service providers is located outside the European Union (EU) or the European Economic Area (EEA) we ensure the adequate level of protection whistleblowing investigation related personal data with appropriate safeguards by using standard contractual model clauses approved by the European Commission or another valid mechanism provided under applicable legislation.

Personal Data Disclosures

We only disclose personal data that is strictly necessary for complying with the statutory requirement. If the investigated whistleblowing case involves illegal or criminal activities, the case may be reported to the appropriate authorities in accordance with applicable laws. Third parties to whom data can be disclosed based on a specific case context and local legislation include for example the law enforcement authorities, the tax administration, customs and in certain cases the insurance company or other case owners of the matter.

In a case we sell, merge or otherwise re-arrange our business operations or assets, we need to disclose personal data to purchaser or prospective seller or buyer of such business or assets in compliance with applicable laws. In such a case we process personal data based on our legitimate interest to ensure our business continuity.

Security of Personal Data

We use technical and organisational measures to ensure the security of personal data from loss, misuse or other similar unlawful access. Such methods include the use of firewalls, encryption technologies and safe server premises. Access to personal data is limited on “need-to-know” basis and controlled by system access rights, as well as through granting and controlling access rights.

In the event of a personal data breach, we will notify local supervisory authorities and everyone whose personal data may have been endangered in accordance with applicable legislation.

Data Subject Rights

As a responsible company we want to be open and transparent on the processing of personal data. This means we give our data subjects the opportunity to control the processing of personal data. However, because of the nature of the processing in whistleblowing investigations, we have the right to derogate from exercising the data subjects’ rights in certain situations based on legal grounds.

Right of Access. Data subjects have the right to receive a confirmation whether we are processing their personal data, what personal data we process about them and to receive a copy of their personal data. Because of the sensitive nature of the data processing in whistleblowing process, it is necessary to balance all interests involved in a right of access request. Therefore, all information about personal data processing in the context of whistleblowing purposes upon a right of access request cannot in all cases be submitted to the data subject, because that could adversely affect the rights or freedoms of others.

Right to Rectification. In case personal data of our data subjects regarding the whistleblowing process is inaccurate or incomplete, data subjects have the right to request rectification or completion of their data.

Right to Restrict Processing. Data subjects have the right to request restriction by contesting the accuracy or lawfulness of their personal data. In such a situation, the processing activities are restricted for the period of time taken to verify the accuracy of personal data. The right to restriction of processing is assessed on a case-by-case basis. In cases which are likely to have legal effects on the data subject, the data may still be processed, subject to the establishment, exercise or defense of legal cases or for the protection of the rights of another natural or legal person or, despite the request for restriction of the data subject.

Right to Object. Data subjects have the right to object to the processing of their personal data, when the processing is based on our legitimate interest. We may restrict the data subjects’ right to object the personal data processing for the establishment, exercise or defense of legal claims.

Right to be Forgotten. Data subjects have the right to request their personal data to be erased. In some cases, there may still be an overriding purpose for processing and retaining personal data e.g. in order to fulfil legal obligations or for the establishment, exercise or defense of legal claims.

If data subjects consider that the processing of personal data infringes their rights, they may contact the supervisory authority and lodge a complaint about our processing of personal data.

Any questions or requests regarding above mentioned rights can be sent via email to [email protected].

Retention Periods

Personal data is retained as long as is necessary for the purpose they were collected for, or until we receive a request for erasure – unless we have a legal obligation or legitimate interest to retain it for a longer period.

The personal data will be processed and retained as long as necessary to process and investigate the whistleblowing notification, or, if applicable, as long as necessary to initiate sanctions or to meet any legal or financial requirement. In any case, if judicial or disciplinary proceedings are initiated, the personal data provided will be kept until those proceedings are definitively closed. Nokian Tyres retains all received whistleblowing notifications and their related material, which have been seen as significant for the investigation or conclusion of investigation, including any possible summaries or document listings, for ten years from the date on which the case has been resolved or deemed not to require further investigative measures, based on legal obligations.

Any questions regarding retention periods of our data subjects’ personal data can be sent via email to [email protected].

Revisions to this Privacy Statement

We are continuously developing our operations and this privacy statement is subject to changes. Changes may also be based on changes in legislation. We recommend our data subjects to visit this privacy statement in regular basis in order to keep track of possible changes.