Last update 22.5.2018


Description on processing of shareholders’ data

1 Introduction

This document describes how Scanfil Oyj (hereinafter ”Scanfil”) and its staff process the personal data of the shareholders of Scanfil. Scanfil acts as a controller to such personal data. 

As a controller, Scanfil is responsible for such personal data, and for the processing of such personal data. Protecting the data subjects’ privacy and personal data is of utmost importance to Scanfil. Scanfil is committed to complying with the requirements of data protection regulation applicable to us in the processing of your personal data. The means and purposes of processing the personal data of Scanfil’s shareholders are described in more detail in this document.

2 Data controller and contact person 

Data Controller

Scanfil Oyj
(Business ID: 2422742-9)
Yritystie 6
85410 Sievi
Tel.: +358 (0)8 4882 111

Contact Person

Jussi Kukkonen
c/o Scanfil Oyj
Tel.: +358 40 861 4885

3 legal bases for processing shareholders’ personal data

The EU General Data Protection Regulation (EU) 2016/679 (“GDPR”) applies to all processing of personal data as a general law. Processing of personal data must always be based on a legal ground set forth in the GDPR, throughout the entire processing time from collecting of data till anonymization of data.

Processing of shareholders’ data is based on the following grounds:

  • Scanfil’s legal obligation
  • Data subject’s consent under applicable legislation
  • Legitimate interest pursued by Scanfil or by a third party (such as current or future business partners, suppliers or customers). 

A legitimate interest may be, for instance, Scanfil’s group-wide information sharing, marketing and CRM administration activities, prevention of fraud or misuse of IT systems or money laundering, physical as well as IT and network security, as well as potential merger and acquisition activities. The provision of personal data of the shareholder as described in this document is necessary in order for Scanfil to comply with legal obligations to which Scanfil is subject.

4 Categories of personal data processed by Scanfil and purposes of processing

Scanfil processes the following shareholders’ personal data for the purposes of complying with legal requirements, for organizing General Meetings as well as collecting meeting participation information.

Shareholders’ personal data processed by Scanfil:

  • name
  • personal identity code
  • address
  • email address
  • phone number

Furthermore, Scanfil may process adjustments data of the above mentioned data categories. 

5 Regular sources of personal data

Scanfil collects data concerning shareholders primarily from the shareholder him/herself. Data is also collected from systems that record data processed in the register as well as from other permitted sources, including public sources as allowed in applicable legislation.

In addition, Scanfil may collect data from other sources based on the shareholder’s consent.

6 Transfer and disclosure of personal data

Scanfil may transfer shareholders’ personal data to third parties in the following manner in order to fulfil the purposes of processing described in this document. When personal data are transferred to a body which processes personal data on behalf of Scanfil (i.e. data processor) Scanfil has through contractual arrangements ensured that personal data is processed only in accordance with Scanfil’s written instructions and merely for the purposes described in this document and that access to personal data is only allowed for persons who need access to data based on their tasks.

  • Data processors: Scanfil may transfer personal data to processors in order that the processors perform services and tasks assigned to them. Data processors’ tasks relate, for instance, to data systems and software as well as offering other data processing services.
  • Transfers or disclosures to Group companies

Some of the data processors used by Scanfil are located outside the EU or EEA area. Scanfil has contractually ensured that these entities undertake to apply an appropriate level of data protection in their processing practices, and thus the data transfers are subject to appropriate safeguards. More information on cross border transfers of personal data and on the appropriate safeguards applied thereto from time to time is available from the contact person mentioned under Section 2 of this document. 

In addition, Scanfil discloses personal data with the entities belonging to the same group of companies with Scanfil for a number of different purposes (such as centralized group functions, including without limitation intra-group communication, coordination and reporting). Such an exchange of information involves intra-group transfers of personal data between Scanfil group entities located in different parts of the world. Scanfil may additionally disclose personal data for instance to authorities within the limits allowed or required in currently applicable legislation. 

7 Data retention period

Scanfil or such data processor that processes personal data on behalf of Scanfil retains personal data in accordance with applicable legislation for as long as data retention is necessary for the purposes of processing. When Scanfil no longer needs the data for the purposes described in this document, the data are removed from Scanfil’s and/or processors’ data systems and other data files and irrevocably anonymized. The aforementioned does not, however, apply to data subject to statutory retention period. 

Where the personal data is collected on the basis of an obligation based on applicable law, the retention time of personal data may also be subject to explicit statutory requirement. Scanfil may also retain certain personal data after the termination of the initial processing purpose, should such retention of personal data be necessary to comply with other applicable laws or should Scanfil need the personal data to establish, exercise or defend a legal claim, on a need to know basis only.

8 Security of personal data

Scanfil ensures the safety and protection of personal data against security breaches with firewalls, passwords and other technical safeguards. Data systems and their backups are located in locked facilities. Access is allowed only for persons who need access to the data in order to perform tasks or for fulfilling the purposes of processing. Persons processing the data are not allowed to disclose these data to third parties.

9 Rights of the data subject

The General Data Protection Regulation provides the data subject with several rights based on which the data subject can in many situation himself/herself decide on the processing of his/her personal data. The data subject may use the following rights with regard to Scanfil to the extent Scanfil acts as the controller to the personal data of the data subject in question.

  • Right of access: The data subject has the right to obtain a confirmation from the controller on whether the controller processes personal data concerning the data subject and the right to access such data. The data controller may ask the data subject to specify his/her access request, amongst others, with regard to the details of the data to be delivered.
  • Right to rectification: The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him/her processed by the controller, or to have incomplete personal data processed by the controller to be completed.
  • Right to be forgotten: The data subject has the right to obtain from controller the erasure of personal data related to him/her and the controller has the obligation to erase such data in case there is no longer a legal ground for the processing of such data or, where the legal or contractual obligation binding the controller related to the storing of the personal data has ended or, where the data subject has withdrawn his/her consent to the processing of his/her personal data.
  • Restriction of processing: In certain cases, where so prescribed by law, the data subject may have the right to obtain from the controller restriction of processing of his/her personal data.
  • Right to data portability: The data subject may, subject to certain conditions prescribed by law, have the right to receive the personal data concerning him/her processed by the controller in a commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from the original controller. 
  • Right to object to processing of his/her personal data: In certain cases, the data subject may have the right to object to processing of personal data concerning him or her. The right to object is applicable in such situations in particular where the processing of personal data is based on the controller’s legitimate interest. In such situations the controller has to follow the data subject’s request, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  • To the extent the processing of personal data has been based on the data subject’s unambiguous consent, the data subject has, at any time, the right to withdraw his/her consent regarding the processing.

Requests relating to the aforementioned rights shall be directed to the contact person mentioned in section 2 of this document. 

In addition, the data subject has the right to lodge a complaint with the supervisory authority on the processing of the personal data by the controller. The complaint shall be made to the competent supervisory authority, in Finland to the Data Protection Ombudsman, in accordance with its instructions. The website of the Data Protection Ombudsman can be found here.

10 Changes to this document

Scanfil may, from time to time, change this document. You can tell when changes have been made to this document by referring to the “Last Updated” legend at the top of each page of this document. Scanfil encourages you to review this document regularly for any changes. 

© Copyright Scanfil 2018. All rights reserved.

Invest to the
future growth