We make life tastier - today and tomorrow
  1. Contact us ยป
  2. Frequently asked questions

HKScan Privacy – Q&A

1. What is personal data?

Personal data means any information relating to an identified or identifiable natural person. Such data includes for example your name, email, telephone number, date of birth, home address and licence plate number.

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. What personal data we collect?

Depending on your role, (i.e. whether you are for example a job applicant, a consumer, HKScan’s business partner, or a website visitor) we collect different personal data. Personal data that we collect may be divided, based on the source of the data, into three categories: 1) Personal data that you give us directly; 2) Personal data that we collect about you automatically; and 3) Personal data that we collect from other sources than you (e.g. provided to us by your colleague or from an authority).

Personal data that you give us may, depending on your role, include personal data that you provide by filling in forms on our website (or other forms we may ask you to complete). Such data may include, for instance, your contact information and information about your business relationship with HKScan or information about your professional role, background and interests.

Personal data that we collect about you automatically refers primarily to your visits on our website. When you visit our website, it will automatically collect some personal data about you and your visit, including internet protocol (IP) address used to connect your device to the internet and some other information such as your browser type and version and the pages on our site that you visit. Our website may also store “cookies” to your device – this is described in a separate cookie notice. Furthermore, some of our premises have closed circuit TV systems (CCTV) which may record you if you visit our premises, for security and safety purposes – this recording may contain your personal data if you may be identified from the CCTV records.

Personal data that we collect from other sources concerns, for instance, personal data that we collect from your colleagues or other business contacts if we have a business relationship with the organization that you represent. Such personal data may include your contact details or details of your role in the organization. Furthermore, we may also collect information from third parties, such as authorities, for anti-money-laundering, background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations.

3. In what roles does HKScan usually process my personal data?

HKScan processes personal data mainly as a controller. HKScan acts as a controller, for instance, when we process personal data of consumers who contact us through contact forms on our websites. Furthermore, we act as a controller when we process personal data of job applicants who send their job applications to us.

A controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

However, if you are employed at HKScan or one of its subsidiaries, please note that one of the HKScan companies may also be processing your personal data in the role of a data processor. This may take place, for example, if your employer acting as a controller has outsourced payroll activities to another HKScan company. In such a case, the HKScan company that is providing payroll services for your employer is acting in the role of a data processor.

A processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

4. To whom is my personal data disclosed?

We do not disclose your personal data in any other situations than the ones listed below:

  • We may disclose personal data to trusted subcontractors or service providers with whom we have an existing personal data processing agreement, under which such subcontractors or service providers act as data processors
  • In certain situation there is a legal obligation to disclose personal data as public authorities may have a right of access based on applicable legislation
  • In exceptional situations, we may disclose your personal data to third parties provided that you have given your consent
  • If we sell, merge or otherwise reorganize our business, your personal data may be disclosed to the transferee

The recipients of personal data have been further informed and stipulated in each relevant privacy notice.

5. For which purposes is my personal data collected?

Your personal data is collected for the purposes specified in each relevant privacy notice. We do not process personal data for any other purposes than those specified in privacy notices.

For example regarding job applicants, we process personal data for recruiting purposes. In respect of consumers, personal data is being processed for the purposes of executing and maintaining consumer services, such as handling of feedbacks and other contacts.

In order to work efficiently with our business partners, we also collect personal data in order to conclude agreements and fulfill our obligations related to them.

6. What kind of data subject’s requests can I make?

You can send a request for access to your personal data by filling out the form on our website. If the conditions for your access to personal data are fulfilled, we will a copy of your personal data to you.

Furthermore, you have the following rights under applicable data protection law (however, note that the applicability of your rights varies depending on the purposes and legal basis of processing):

  • You have the right to have your incomplete personal data completed as well as have your incorrect data corrected.
  • You can send a request concerning the removal of your personal data from the register. Your data shall be deleted if there are no longer legitimate grounds for processing them.
  • You have the right to receive the information you have submitted to us in a machine-readable form. You also have the right to transfer the data from one system to another, subject to consent or agreement, and automated processing.
  • We may process your personal data on a legitimate basis, that is, as part of our business, having considered that the processing does not violate the protection of your personal data. In these situations, you have the right to object to the processing of your personal data on personal grounds.
  • You may have the right to restrict the processing of your personal data. When processing is restricted, in general, the controller will not process your data except by retaining the data.

Please check the applicability of the rights set above from each relevant privacy notice in order to see what kind of requests you may make.

7. How do I make data subject’s request through this portal?

You may submit a request for access to your personal data by filling out the form on our website. By centralizing requests to access personal data, to take place via our form, we want to ease the use of your rights. After receiving your request for personal data, you will receive an automatic reply to your email confirming that we have received your request. After this, we will contact you in order for you to verify your identity to us. If your identification is successful, we will start internal processes to fulfill your request.

8. How is my identity verified?

We will contact you and provide the necessary instruction in order for you to verify your identity to us. In Finland, Sweden, Denmark and Estonia, we use electronic verification methods. In other HKScan operating countries, we verify your identity manually.

Regardless of HKScan country in question, we will provide you with the necessary instructions for you to verify your identity.

9. How do I make sure that the data protection website is genuine and not a scam website?

The following is intended only for guidance purposes and it does not claim or necessarily mean that the website is genuine:

First, make sure that the address field at the top of the page says https://www.hkscan.com/en/contact-us/privacy-at-hkscan/.

The same address bar should also display the lock image, which you can click to view the certificate of the website. It should be in the form * .hkscan.com. In this case, you may assume that the website you are browsing is genuine.

10. The reply I received for my data subject’s request is not what I was expecting. Why did I not receive all information held about me?

We endeavor to fulfill all data subject requests. However, in some situations we may have to refuse the request. We may refuse your request if e.g. the right to obtain a copy of the data would have a detrimental effect on the rights and freedoms of others or if the request you have made is manifestly unfounded or excessive. The basis of refusal may only apply to a part of the data in which case we will provide you the remaining information and this may be why you have not received all information held about you.

In case we refuse to fulfill your request, we will inform you of the reason of refusal, unless this would jeopardize the purpose of refusal. You will always have the right to lodge a complaint concerning the refusal with the supervisory authority.

11. How do I object to the processing of my personal data for the purposes of direct marketing?

You may at any time object to the processing of your personal data for the purposes of direct marketing.

If you subscribe our newsletter, you can unsubscribe the newsletter via the link found on the bottom of each newsletter.

You can also contact us at privacy@hkscan.com to object the processing of your personal data for direct marketing purposes.

12. How can I erase or change information regarding myself in HKScan’s registers?

If you wish to erase or change information regarding yourself in HKScan’s registers, please contact us at privacy@hkscan.com. Note, however, that your right to erase personal data may not apply in all cases. Please check the relevant privacy notice to verify whether you have the right to erase your personal data.

13. How long is my personal data retained for?

Your personal data is not retained longer than what is necessary for the purposes it was collected. If you want more information on how long your personal data is retained, please refer to the applicable privacy policy or if necessary, contact us at privacy@hkscan.com.

14. I am a producer of HKScan, where can I get more information on the processing of my personal data?

If you are a producer of HKScan, you can find more information of the processing of your personal data from our Producer Privacy Notice, available here.

15. I bought HKScan’s products and contacted the consumer services. How are my personal data processed?

If you have purchased HKScan products and contacted the consumer services, please refer to our Consumer Privacy Notice, available here, in order to get more information on how your personal data are processed.

16. I am an employee of HKScan’s subcontractor and I work at HKScan’s production facility. How are my personal data processed?

If you are an employee of HKScan’s subcontractor, you can find more information of the processing of your personal data from our Business Partner Privacy Notice, available here.

17. I have visited HKScan’s premises and my personal data was collected. How are my personal data processed?

If you have visited one of our premises, you can find more information of the processing of your personal data from our Visitor Privacy Notice or CCTV Privacy Notice, available here and here.

18: I am a shareholder of HKScan. On what grounds can my information be published on the HKScan websites?

Based on the Finnish Companies Act, all companies must have a shareholders’ register. The shareholders’ register is public information where, for example, the names of the company’s shareholders are listed. HKScan’s shares are listed to the Finnish book-entry system maintained by Euroclear Finland Oy and the shareholders’ register is publicly available at Euroclear Finland’s premises.

We may use this publicly available information and publish it on our website in order to provide transparent information of our ownership structure in accordance with our corporate policy.

19. I have a question regarding HKScan’s data protection. Where can I find more information on this?

In order to get more information of data protection here at HKScan, please contact us privacy@hkscan.com.

20. When will I receive an answer to my data subject’s request?

In principle, we will answer your request within one month from receiving the request or one month from your successful identification. However, if you make numerous requests or your request is complex in nature, we may inform you that we need more time to process it. In this case, we may extend the deadline for answering your request by a maximum of two months. If we have to extend the deadline, we will also inform you about the basis of our justification.