Privacy Notice for Visitors

Read more below.

HKScan Oyj, 0111425-3, or any affiliate entity owned or controlled by HKScan Oyj (“HKScan”, “we”, “us”) is the data controller in relation to the processing of your personal data as a visitor in HKScan’s premises.

On this page, we describe how we collect, process and share the personal data that we receive, collect and store. Personal data means any information which may be used to identify an individual.

It is important to us that you feel safe with how we handle your personal data. We take measures to ensure that your personal data is protected and that the processing of your personal data is carried out in accordance with applicable data protection regulations and our internal policies and procedures. In order to obtain more specific information of the retention periods of personal data, please see your local language version of this privacy notice.

Premises” means HKScan’s office premises, production facilities and other premises where you visit.

Please see the table below to get more information on who is the data controller in respect to the processing of your personal when you visit at different HKScan premises.

Data controller

Premises

HKScan Oyj

  • Turku

HKScan Finland Oy

  • Eura, Forssa, Mikkeli, Outokumpu, Rauma, Vantaa

Paimion Teurastamo Oy

  • Paimio

HKScan Sweden AB

  • Halmstad, Kristianstad, Linköping, Skara, Stockholm

HKScan Denmark A/S

  • Skovsgaard, Vinderup, Århus

AS HKScan Estonia

  • Loo, Rakvere, Tabasalu, HKScan’s own farms

AS Rakvere Farmid

  • Viljandi, Rakvere Farmid’s own farms

AS HKScan Latvia

  • Jelgava, Riga

HKScan Poland Sp. zo.o

  • Swinoujscie

We may collect your personal data in the following ways:

Personal data that you give to us, e.g. by filling in digital or manual forms or when corresponding with us by telephone or email.

Personal data that we collect or generate automatically, e.g. when using devices, applications, systems or networks provided by us, as well as when we carry out video surveillance on our premises (read more about the processing of your personal data through video surveillance here).

Personal data that we collect from other sources, e.g. if you are visiting our premises as part of a company visit, your colleagues may give us personal data about you prior to your visit.

We process your personal data for the following purposes:

Investigative and security reasons

We process your personal data for security reasons; for example, when registering access to premises, issuing visitor badges and managing access and permission rights to our IT resources. Similarly, we process your personal data in connection with logging and following up usage of our IT systems.

We may also, where necessary, process your personal data in connection with incident management, for example, in the case of security incidents or when carrying out security investigations.  

Categories of personal data

Legal basis

  • Identity details
  • Contact details
  • Visit data
  • Organizational details
  • Login data
  • Incident data

Legitimate interest. Processing is necessary in order to fulfil our legitimate interest in processing your data in connection with investigations and for security reasons; for example, when registering access to the building, issuing passes and managing access and permission rights to our IT resources.

Retention period: For the purposes of issuing visitor badges and managing access and permission rights, we process your personal data during your visit and thereafter for as long as it is necessary in order to fulfil our legitimate interest in handling and meeting any legal requirements. For the same purpose, login information is retained for as long as it is necessary in order to fulfil our legitimate interest in handling and meeting any legal requirements.

Similarly, your personal data is retained for the purposes of managing incidents for the period of the investigation and for that required thereafter in order for us to fulfil our legitimate interest in handling and meeting any legal requirements.

 

Ensure food safety and prevent spreading of infectious diseases

Prior to permitting access to relevant food handling areas, we collect your personal data on health questionnaire form for the purposes of ensuring food safety and prevent spreading of infectious diseases. In this regard, we have a legal obligation to prevent any person suffering of a disease or being a carrier of a disease, likely to be transmitted through food, from entering food handling areas on our premises.

Categories of personal data

Legal basis

  • Identity details
  • Contact details
  • Visit data
  • Organizational details
  • Travelling information
  • Health data

Legitimate interest. The processing is necessary in order to ensure food safety and prevent spreading of infectious diseases.

The data subject has given explicit consent to the processing (Article 9 (2) (a) GDPR). We may process relevant special categories of personal data, such as health data, in order to ensure food safety and prevent spreading of infectious diseases only if your visit concerns access to food handling areas. We ask for your express consent before processing any health related data.

Storage period: Your personal data will be retained for this purpose during your visit and thereafter for as long as it is necessary in order to fulfil our legitimate interest in handling and meeting any legal requirements.

 

Manage and secure IT systems and services

In order to manage and protect our services and related IT systems, e.g. when you sign in to our network, upon logging, troubleshooting, backup, change and problem management in systems and in connection with potential IT incidents, we may process, to the extent necessary, your personal data.

Categories of personal data

Legal basis

  • Identity details
  • Contact details
  • Visit data
  • Organizational details
  • Login data

Legitimate interest. The processing is necessary in order to fulfil our legitimate interest of managing and protecting our website, services and related IT systems.

Storage period: Your personal data is stored during the same period that is stated in relation to each purpose of the processing of your personal data above. Personal data in logs are stored for as long as necessary for troubleshooting and incident handling. Data contained in backup can be stored for longer periods in order to properly protect IT systems in accordance with backup and disaster recovery procedures.

 

Comply with legal obligations

We process your personal data in order to fulfil legal obligations, e.g. to meet our legal obligations relating to food safety and quality.

Categories of personal data

Legal basis

All categories of personal data that have been col­lected and which are necessary in order to fulfill each legal obligation.

Legal obligation. The processing is necessary in order to fulfill our legal obligations.

Storage period: Your personal data is stored for such period that is necessary in relation to each legal obliga­tion.

 

Establish, exercise and defend legal claims

We process your personal data, to the extent it is necessary, to handle and defend legal claims, e.g. in case of a dispute or litigation.

Categories of personal data

Legal basis

All categories of personal data that have been col­lected and which are necessary in order to establish, exercise and defend legal claims.

Legitimate interest. The processing is necessary in order to fulfil our legitimate interest of handling and defending legal claims.

Storage period: Your personal data is stored for such period that is necessary for this purpose.

Where necessary, we share your personal data with others. The recipient is the data processor for the processing of your personal data, unless we have stated otherwise.

We share your personal data with:

Service providers

In order to fulfil the purposes of the processing of your personal data, we share personal data with service providers that we have engaged. These service providers provide IT (such as operation, technical support and maintenance of IT systems) and security services to us. The service providers may only process your personal data for these purposes and in accordance with our instructions and not for their own purposes. We are the data controller for the processing of personal data that the service providers carry out on our behalf.

Other recipients

In certain cases we share, if necessary, your personal data with other recipients for certain purposes e.g. when fulfilling our legal obligations or handling and defending legal claims.

Recipient

Purpose

Legal basis for the transfer

HKScan Group companies

We may share necessary personal data with other HKScan Group companies for internal administrative purposes, e.g. when acquiring IT support or hosting services.

Legitimate interest. The processing is necessary in order to fulfill our legitimate interests relating to internal administration purposes.

Public authorities

We share necessary personal data with public authorities if we are obligated under law to disclose the information.

Legal obligation. The processing is necessary in order to fulfill legal obligations.

External advisors

We share necessary information with external advisors, e.g. audit firms, and law firms if we are obligated under law to share the information or in order to manage and defend legal claims.

Legal obligation and legitimate interest. The processing is neces­sary in order to fulfill legal obli­gations or, alternatively, to fulfil our legitimate interest of managing and defending legal claims.

Courts, counterparties etc.

In order to manage and defend legal claims we share personal data to other parties.

Legitimate interest. The pro­cessing is necessary in order to fulfil our legitimate interest of managing and defending legal claims.

Law enforcement authorities, e.g. police

We share personal data with law en­forcement authorities, e.g. the police if we are obligated under law to disclose information.

Legal obligation. The processing is necessary in order to fulfill legal obligations.

Potential buyers and sellers

We share personal data with potential buyers and sellers in case of an acquisi­tion of the business or a merger.

Legitimate interest. The pro­cessing is necessary in order to fulfil our legitimate interest of carrying out the acquisition or the merger.

We always strive to store and process personal data within the EU/EEA. However, some of our service providers are located outside the EU/EEA and in such a case personal data will be processed outside the EU/EEA. In order to ensure that the personal data is protected we make sure that appropriate safeguards are in place in relation to the service providers which handles your personal outside the EU/EEA, e.g. by way of data transfer agreements (which include standard data protection clauses adopted by the EU Commission). If you have questions regarding to which countries your personal data is transferred and which safeguards we take to protect your personal data, or to request a copy of such safeguards and information, respectively, where they are available, please contact us at privacy@hkscan.com.

Under data protection regulations, you have certain rights in relation to the processing of your personal data. We process your personal data to the extent necessary in order to fulfill your rights. Please submit requests for exercising your rights through our data privacy website or by contacting us at privacy@hkscan.com.

You have the right to:

Access your personal data

You have the right to access personal data we process about you. You may request a copy of your personal data through our data privacy website, which can be found here. We will provide you with it unless we have lawful reasons not to share this data or if sharing the data would adversely affect the rights and freedoms of others.

Update your personal data

Furthermore, you have the right to request that incorrect or incomplete personal data is corrected or completed.

Withdraw consent

To the extent we rely on your consent to process personal data you have the right to at any time with­draw your consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Object to the processing of personal data

You have the right to object to the processing of your personal data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your personal data where the processing is based on a legitimate interest, unless we can show that the interest over­rides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.

Delete your personal data

Under certain circumstances you have the right to request that your personal data is deleted. However, we cannot delete your personal data if we for example are obligated under law to keep the data.

Restrict the use of your personal data

You have the right under certain circumstances to request that the processing of your personal data is restricted. If the processing of your personal data has been restricted we may only, besides storing the data, process your personal data with your consent, or in order to establish, exercise or defend legal claims or to defend rights of others.

Transfer your personal data (data portability)

Finally, you have the right to request a copy of the personal data that we store about you in a struc­tured, commonly used and machine-readable format (data portability). The right to data portability, compared to the right to access, only comprises such personal data you yourself have provided and which we process based on certain legal grounds, e.g. your consent.

We may occasionally update this information, e.g. if we would process personal data for new pur­poses, collect additional categories of personal data or share personal data with other recipients. In such a case we will notify you in an appropriate way. The latest version of the information is always published on this page.

If you have any questions regarding the processing of your personal data, please do not hesitate to contact us. See below for contact details. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority within your jurisdiction.

HKScan Oyj
Company registration number: 0111425-3
Lemminkäisenkatu 48, 20520 Turku
E-mail: privacy@hkscan.com

Please see the table below for further information regarding which categories of personal data that we process.

Category

Examples of Personal Data

Identity details

  • First name, lastname
  • User identity
  • Personal identity number
  • Signature

Contact details

  • Address
  • Telephone number
  • Email address

Visit data

  • Reason for visit
  • Visit host
  • Date and time of visit

Organisational details

  • Trade name
  • Your professional role

Login data

  • Time stamp
  • Log entry

Incident data

  • Security incidents
  • Accident at premises

Travelling information

  • Information on recently visited countries or regions

Health data

  • Information on diseases (e.g. infected wounds, skin infections, sores or diarrhoea)