1. DATA CONTROLLER

The following subsidiaries of the Makua Foods Group:

• Makulaku Lakritsa Oy (0968765-4), Työpajatie 24, 06150 Porvoo
• Impuls Tukku Oy (2450087-8), Laukaantie 4, 40320 Jyväskylä
• KOy Porvoon Työpajatie 20-24 (1561162-1), Työpajatie 24, 06150 Porvoo

2. DATA PROTECTION OFFICER

The Data Protection Officer for the Makua Foods Group is Pekka Wikstedt, pekka.wikstedt@makuafoods.fi

3. NAME OF THE REGISTER

Makua Foods Group Customer Register

4. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

Personal data is collected for specific, explicit, and lawful purposes to fulfill contractual obligations in customer relationships. The register collects information from customer and stakeholder sources.

Personal data is collected in accordance with this privacy policy and will under no circumstances be used, modified, or transferred in any manner other than as stated in this privacy policy.

5. DATA CONTENT OF THE REGISTER

The register contains information about Makua Foods Group customers, including company name and business ID, contact person’s name and contact information, billing information, and delivery terms and methods.

6. REGULAR DATA SOURCES

Personal data in the customer register is collected from the data subjects themselves.

7. REGULAR DISCLOSURE OF DATA

The data controller does not disclose data to third parties or automatically to other partners of the data controller. The data controller may disclose a data subject’s information to a designated party on a case-by-case basis if the data subject requests the data controller to act in the aforementioned manner, or if a legally binding authority requires the data controller to disclose specifically identified information from the data controller’s database based on legislation.

8. TRANSFER OF DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATION

Data is not transferred to a third country or international organization.

9. RIGHT OF ACCESS

The data subject has the right to verify what information concerning them has been stored in the register. Additionally, upon submitting a sufficiently precise and specific access request, they have the right to obtain information concerning themselves and contained in the records. Access requests should be addressed to the data controller’s Data Protection Officer.

10. RIGHT TO DEMAND CORRECTION AND DELETION OF INFORMATION

The data controller must correct incorrect information in the personal data register as indicated by the data subject. The data controller also has an obligation through proactive measures to verify the accuracy and currency of information in the register. The data subject may also request the data controller to delete information concerning them from the register. The Data Protection Officer leads the handling of the procedure.

11. OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

The data subject has the right to request restriction of the processing of personal data. The data subject also has the right to receive personal data concerning them that they have provided to the data controller in a structured, commonly used, and machine-readable format, and the right to transfer such data to another data controller. Additionally, the data subject has the right to object to data processing, automated decision-making, and profiling.

12. DELETION OF DATA AND RETENTION PERIOD

The data controller deletes customer information from the register when there is no longer a business basis for processing the data, or if the data subject themselves requests the data controller to delete information concerning them based on law. Data is deleted when there is no longer a basis for processing or retaining the data. However, data will not be deleted if the law stipulates otherwise, or if a competent authority has initiated a process that requires the data controller to retain the data, or another party has obtained a preservation order for the data from Finnish courts.

13. APPROVAL OF THE PRIVACY POLICY

This privacy policy has been approved as ongoing and reviewed on September 24, 2024.