Ensuring data protection is part of the Port of Loviisa Ltd’s (hereinafter the Port of Loviisa) operations and socially responsible operating principles. We process personal data in compliance with data protection legislation as well as good data management and processing practices.
Our data protection practices may change as we develop new services or as legislation changes. Up-to-date information on our practices is provided on this website.
The Port of Loviisa is committed to protecting the privacy of its customers, partners and employees. This Privacy Notice describes how the Port of Loviisa collects and processes the personal data that it collects as a controller.
This Privacy Notice concerns all of the Port of Loviisa’s information systems, online services, websites and other services that are used to collect and process personal data.
Using this site and other Port of Loviisa services constitutes acceptance of this Privacy Notice.
What is personal data?
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
What information is collected?
We collect or may collect the following information:
- information that you provide directly
- information that you provide via a website
- information related to invoicing, contacts and other business operations with us
- event registration
- information in job applications
- information related to feedback
- information related to the passenger assistance service
- information collected for the user authentication of information systems
- credit/debit card information (parking fee refunds).
Information collected directly:
- sex, language, occupation or rank
- information related to employment is collected from personnel
- information related to user accounts: account name, encrypted password
- any consent given, sent messages
- reported areas of interest
- information related to facility lease and parking space rental agreements; information on contacts, payment methods, billing addresses
- information provided related to work: company/employer name and contact details, other information related to the service relationship
- other information collected based on explicit and voluntary consent provided in advance (including public social media profiles)
- other information collected based on your consent.
Information collected in connection with the use of our website, information systems or other services:
- event invitation information: customer events, campaigns and services and their use and participation in them
- processing of contact requests and related communications
- information collected from other potential sources (such the website of the company that you represent) that can be linked to your personal data
- the processing of job applications; information related to the application
- monitoring and measuring of the use of our websites; browser data, operating system, device model, browsing and search data, IP address, connection establishment time and duration
- location data (including Wi-Fi hotspot data, GPS coordinates or corresponding location data)
- we may collect information from public registers maintained by the authorities.
We use a third party for processing payments, the website of whom is subject to the terms and conditions of the service provider in question. We do not collect personal data from underaged children.
Grounds for processing
The Port of Loviisa considers it important that personal data is processed confidentially and appropriately.
The processing of personal data is based on legislation, contract, the person’s consent and the legitimate interest of the Port of Loviisa.
The collection of personal data by the Port of Loviisa is based on one or more of the following legal grounds:
- we have received consent (in writing, orally or online) in advance for processing personal data.
- processing is necessary in connection with a contract established with the Port of Loviisa (contractual need).
- processing is in our legitimate interest due to reasons related to managing, carrying out or promoting our business operations (legitimate interests).
- the EU regulation on enhancing ship and port facility security (EC No 725/2004), the EU directive on enhancing port security (2005/65/EC) and the Act on Security Measures on certain Ships and in Ports serving them and on monitoring the Security Measures (11 June 2004/485)
- other grounds based on legislation
You have the right to withdraw your consent for processing personal data (see Contact details, cancellation and erasure requests). The Port of Loviisa does not collect sensitive data from its customers/cooperation partners.
Use of personal data
The collection of personal data is related to the use of the Port’s online services, information systems and invoicing.
We use the information that we collect from you for the following purposes, among others:
- providing services, marketing communications
- providing information via mail or phone, including SMS
- electronic communications: e-mail and newsletter
- measuring the total number of visitors on our website
- conducting certain measurements concerning our services
- detecting, investigating and preventing illegal activity; we may provide your data to law enforcement authorities upon request, based on legal grounds. We may disclose your personal data to other parties by order of a competent court.
Service development and anonymised reporting
We may process your personal data in order to improve our current services and develop new ones. We use anonymised data for reporting purposes. Anonymised data cannot be used to identify individuals.
Retention period for personal data
We retain personal data for at least the duration of the customer relationship. After the conclusion of the customer relationship, the data retention period depends on the data and the purpose that it is used for. As a controller, we comply with legislative obligations regarding data retention and erasure.
We strive to keep the personal data in our possession accurate and up-to-date by updating outdated data and erasing unnecessary information. Retention periods for personal data can be found here.
Disclosure of personal data to others
- We do not disclose personal data to third parties.
- We do not sell personal data to third parties.
- We may disclose your personal data to processors and authorised external suppliers who process the data on our behalf in accordance with applicable legislation. Their processing of the data is restricted by contracts.
- Personal data may be disclosed to companies that carry out services such as customer satisfaction surveys and analysis of the results on our behalf in compliance with applicable legislation.
- We process personal data primarily within the European Union or the European Economic Area.
- For purposes such as e-mail communications and managing an e-mailing list, we may use a service outside of the EU/EEA that is committed to complying with EU Standard Contractual Clauses (SCCs) with which an adequate level of privacy protection can be guaranteed..
- We may disclose information in the event that doing so is necessary to comply with requests based on legislation, to prevent fraud, in connection with mergers or corporate acquisitions or to protect our interests.
- Sensitive data concerning users is not saved.
Personal data protection measures – data security
We comply with the obligation of diligence as required by legislation on the protection of personal data, and the systems that contain personal data are appropriately protected. As a controller, we ensure the confidentiality, integrity, availability and resilience of data with the help of technical and organisational measures and procedures.
Ensuring access control and observance of the rights and obligations of the processor in the processing of personal data are integral parts of data protection. Personal data is only processed by authorised individuals.
Manually saved and processed printed information that may contain your personal data is stored in locked facilities. Only separately authorised employees or authorised third parties have access to such facilities or the right to process this type of information.
The aim of using cookies is to develop our website to make it more user-friendly and provide new services in the future. The services that we use include services provided by Google (Google Analytics and Google my Business) and social media services (such as Facebook, Instagram, Twitter, LinkedIn)
Your rights as a customer – actions that you can take in regard to the processing of your personal data
You have the right to
- access the information concerning you
- demand that incorrect or inaccurate information be corrected or erased
- restrict the processing of personal data
- prohibit marketing
- request the erasure of your personal data (see Contact details, cancellation and erasure requests). Personal data is not removed from the backup.
Third party websites
Certain functions on our website are provided by third parties and thus subject to the data protection practices of third parties.
Our websites and services include functions that enable content to be shared on social media, such as Facebook’s ‘Share’ button. Such functions are directly provided by external service providers (Facebook, Twitter, Instagram, LinkedIn).
Contact details, cancellation and erasure requests
In general data protection matters, matters related to your personal data and matters related to the cancellation of newsletters, event invitations and marketing communications, please contact:
Tel. +358 (0)44 055 5731
The concepts used in this Privacy Notice are subject to the following definitions:
- ‘Controller’ means a party that decides how and why personal data is processed. In many jurisdictions, the controller has primary responsibility for compliance with applicable data protection legislation.
- ‘Personal data’ means any information relating to an identified or identifiable natural person.
- The expressions ‘to process’ and ‘processing’ mean anything that is performed on personal data, by means of automated data processing or manually, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- ‘Processor’ means a person or party that processes personal data on behalf of the controller (other than the Controller’s employees).
- Data ‘anonymisation’ means removing the identifiability of personal data so that it can no longer be attributed to a specific individual.
Other additional information
Privacy statements have been drawn up for systems that contain personal data.
17 April 2018 – the right to make changes is reserved