Description of the personal data file

Personal Data Act (523/1999)         
section 10 and 24

Date of drafting: March 29, 2010

1. Controller
Ahlstrom Corporation 
Alvar Aallon katu 3 C, FI-00100 Helsinki
P.O. Box 329, FI-00101 Helsinki
Tel: +358 (0)10 8880
Fax: +358 (0)10 888 4709
2. The person in charge and/or contact person  
Reetta Peltonen
Alvar Aallon katu 3 C, FI-00100 Helsinki
P.O. Box 329, FI-00101 Helsinki
Tel: +358 (0)10 8880  
3. Name of the register
Ahlstrom Corporation’s register for feedback and contact details.
4. The purpose of processing the personal data / the purpose of the use of a register
The purpose of the use of the register is to enable the handling and maintenance of the client or other business relationship between the controller and the data subject and the processing of feedback issued to the controller.
5. Content of the register

The register consists of the following sub-registers the contents of which are described below:

Feedback and contact register

The feedback and contact register contains data that the data subject has sent to the controller through the feedback and general inquires forms and through other similar forms located on the controller’s website. This data may include, among other things, the name and contact details of the data subject and the issued feedback and inquiries. 

Electronic mailing lists

The electronic mailing lists contain the e-mail adresses of those data subjects that have registered themselves to the mailing lists  
as subscribers of the controller’s newsletter or other similar publications (such as annual and interim reports and bulletins). 

6. Regular sources of information
The source of the information included in the register is the data subject himself/herself.
7. Regular destinations of disclosed data and whether the data is transferred to countries outside the European Union or the European Economic Area

The distribution of the controller’s electronic publications may be performed by a subcontractor of the controller. For the purpose of such distribution the electronic mailing lists may be disclosed to the controller’s subcontractor. The subcontractor will not use the electronic mailing lists for other purposes that for carrying out the distribution descried above.  

The procedures described in the controller’s Privacy Policy will be applied in all situations where data is disclosed or transferred.

8. The principles how the data file/register is secured.

The users register for the webpage and the information therein is stored on the controller’s system, which is protected through the operating system’s protection methods. Access to the system requires the use of a username and password. The system is also protected with a firewall and other technical measures. Only certain designated employees of the controller have access to and the right to process the register data stored in the system. The data contained in the register is located in locked and guarded premises.  

9. Right of access and realization of the right of access
The data subject has the right to inspect the data in the register relating to him/her. The inspection right is free of charge. The inspection request shall be made in writing by a personally signed letter. The contact details of the controller are set forth above in section 1 of this description.   
10. Rectification and realization of the rectification

The controller shall, on its own initiative or at the request of the data subject, without undue delay, rectify, erase or supplement personal data contained in the register if it is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing.

The controller shall also prevent the dissemination of such data, if this could compromise the protection of the privacy of the data subject or his/her rights. If the controller refuses the request of the data subject to rectify an error, a written certificate to this effect shall be issued. The certificate shall also mention the reasons for the refusal. In such case, the data subject may bring the matter to the attention of the Data Protection Ombudsman.

The controller shall notify the rectification to the recipients to whom the data have been disclosed and to the source of the erroneous personal data. However, there is no duty of notification if this is impossible or unreasonably difficult.

The contact details of the controller are set forth above in section 1 of this description. 

Share this pageShare this page