We have added to section 1 the information that we also collect data from newsletter subscriptions and that we also process the personal data of press representatives and influencers and obtain influencer information from our service provider Cision.
In section 2, we have specified the types of data we process.
In section 4, we have specified the legal bases for the processing purposes.
In section 6, we have described in more detail the disclosure of data based on legal obligations and the partners we use in our operations, which are processors of personal data.
Fazer Group has established Fazer Poland sp. z o.o., added to section 10 as data controller.
We have added information in section 2, that personal data of representatives of companies or other organisations is also collected in connection with access management or participation in training.
In section 6, we have added information that we may disclose personal data related to product feedback and enquiries to a retail operator or brand owner for the purpose of smooth handling of feedback and enquiries.
Fazer Group has acquired Trensums Food AB, which has been added to the list of data controllers in section 10.
In the section regarding service-specific information, we have added information about our new Shop-in-Shop bakery’s online store.
We have added information in section 4. regarding processing of data for purposes of fraud prevention and compliance.
We have added Fazer Café's cakeshop and order and pick up service into the service specific information and into section 7.7, which describes Fazer's online stores. We have removed Fazer Bakeries' online store from the same sections after it ceased operations.
We've removed from section 10. the following controllers that have merged with other Fazer companies: Kaslink Aito Oy, Kaslink Foods Oy, Kaslink Oy and Fazer Konfektyr AB.
From service specific data, we have removed data about the My Gateau mobile app after we have stopped providing the app and clarified the data by adding information about the MyFazer mobile app also under the heading for mobile apps.
We have added information in section 1. regarding where we collect data that we may purchase contact information of business customers and other stakeholders from service providers.
Section 7. “Do we transfer your data beyond the borders of the EU or EEA (“third countries”)?” has been updated to include the implications of the Schrems 2 ruling of the European Court of Justice and the fact that the EU US Privacy Shield transfer mechanism is no longer in use.
The passages concerning Fazer Brainhow service and MyFazerCafé application have been deleted from the service specific information as the services have been discontinued.
We have added information regarding new webshops into Section 7. “Do we transfer your data beyond the borders of the EU or EEA (“third countries”)?”
Information regarding the up-and-coming merger of the three Kaslink companies into Fazer Finland Oy has been added to the listing of data controllers.
We have added information regarding Gateau mobile application.
The section about the MyFazer loyalty programme has been updated to refer to cookies and other similar technologies.
In the Controllers section, we have removed the five companies divested by Fazer Group in June 2019, namely Fazer Food Services Oy, Fazer Food Services AB, Fazer Food Services AS, Fazer Food Services A/S and Fazer Food OÜ after their ownership has changed.
Information about data transfers beyond the borders of the EU or EEA has been updated to reflect the implementation of a user interface development tool whose service provider and a subcontractor it uses are in the United States.
We have added information in the section “From where we collect data?” concerning signing up for events organized by Fazer.
We have added details to the description of how long we store your data regarding the added sections on video surveillance systems and access control systems.
The service-specific information has been updated
- Fazer Candy Store has changed its name to Fazer Store. Fazer Store Online store section has been updated with the information regarding processing of personal data in connection with the Online store reminding the customer of the so-called abandoned shopping cart.
- Section on processing of personal data received from Fazer Facebook pages and related joint controllership with Facebook Ireland Limited.
- Descriptions of video surveillance systems and access control systems at Fazer’s facilities.
In the Controllers section, we have added the three companies acquired by Fazer Group in June 2019, namely Kaslink Oy, Kaslink Aito Oy and Kaslink Foods Oy. Oy Karl Fazer Ab acts as a joint controller of personal data together with the above-mentioned three new subsidiaries belonging to the Fazer Group which are controllers regarding their own operations.
Information about data transfers beyond the borders of the EU or EEA (“third countries”) has been updated to reflect the implementation of an inventory and shipping management service provider located in the United States which uses subcontractors located in third countries.
The service-specific information has been updated
- Old MyFazer service section has been removed, as the new My Fazer customer loyalty programme replaces the previous service.
- My Fazer customer loyalty programme has been added to the service-specific information.
Fazer Group has continued and accelerated its preparations for the EU General Data Protection Regulation that will enter into force in May 2018. At the same time, we have revised our Privacy Statement. As a result, we are more accurately and clearly able to describe how we process your personal data. In addition, we have improved the layout of the Privacy Statement so that it is easier to read.
The central changes are the following:
Currently, our Privacy Statement also describes how we process your personal data when you contact us as a representative of a company or another organisation.
We have specified the From where do we collect data? section.
In Service-specific details, we describe what personal data we collect in each service and for what purposes we use this data. From now on, you can easily check all matters related to the processing of your data in each service.
In the What kind of data do we collect? section, we have specified the examples of the type of personal data we collect about you. For example, we have specified the description of how we process personal data related to your health.
We have specified the description of what your data is used for. Our aim is to tell you as clearly as possible for what purposes we use your personal data and why.
We have added details to the description of how long we store your data. We only store your data for as long as is required for the purpose for which your data was collected. We have added a table for you to check the service-specific purposes of use and criteria for data storage periods.
Furthermore, we have specified the description of who can process your data. For example, we use third parties in some services to which we disclose your data so that we can fulfil our contractual obligations. These parties include providers of payment transfer and transportation services.
We have specified the description of how we transfer your data outside the EU/EEA, i.e. third countries.
In addition, we have specified the description of who you can turn to if you have any questions concerning the processing of your data.
In the Controllers section, we have listed all controllers within the Fazer Group. Oy Karl Fazer Ab acts as a controller of personal data, together with subsidiaries belonging to the Fazer Group which are controllers regarding their own operations.
Fazer Group is preparing for the EU’s General Data Protection Regulation that will enter into force in May 2018. We have harmonised and centralised the processing of personal data in companies belonging to Fazer Group to be able to protect your personal data in the best way possible.
The most significant change is that in the future, Oy Karl Fazer Ab will be the controller of personal data together with subsidiaries belonging to the same Group, which are controllers for their own operations. In the updated Privacy Statement, we will describe in more detail how your personal data is processed in Fazer companies and how you can exercise your rights as easily and effectively as possible.
The central changes are the following:
We have refined the From where do we collect data? section.
In the What kind of data do we collect? section, we have refined the examples of the types of personal data we collect about you. Our goal is that in the future, you will be more aware of what kinds of data we record concerning you.
We have refined the description of what your data is used for. Our goal has been to be increasingly clear on the basis for using your data.
We have added details to the description of how long we store your data.
We have refined the description of who can process your data.
We have included a section where we describe how you can exercise your rights and affect the processing of your personal data.
We have also included a section where we describe how you can follow the changes in our Privacy Statement