PRIVACY POLICY

PRIVACY POLICY

PRIVACY POLICY – Information Received Based on the Postal Act

31.10.2023

PPP Group is a postal company providing postal services in accordance with the Postal Act, which maintains an address information system necessary for providing these postal services. In this privacy policy, we explain how PPP Group processes personal data received from Posti based on the Postal Act in its distribution activities.

1. Data Controller and Contact Information

The data controller for the processing described in this privacy policy is:

PPP Belgium SRL 

Avenue de Rusatira, 3

1083-Ganshoren 

Urbeez SRL

Avenue de Rusatira, 3

1083-Ganshoren 

PPP Finland Oy

Myllärinkatu 19

65100 VAASA

p.pada@dppp.fi  or in person at the address mentioned above.

2. Purpose and Legal Basis of Personal Data Processing

The personal data obtained from Posti and stored in our address information system are used for postal activities in accordance with the Postal Act, i.e., for the processing and distribution of postal items to their recipients. The maintenance of the address information system is based on section 38 of the Postal Act, and the processing is based on the provisions of the Postal Act, meaning that the processing of personal data is necessary to fulfill a legal obligation.

3. Content and Sources of the Data Register

Names and addresses of mail recipients:

  • Last name​
  • First name​
  • Street adress​
  • Postal code​
  • Locality​
  • Validity periods

Orders for changes in distribution:

  • Last name​
  • First name​
  • Street adress​
  • Postal code​
  • Locality​
  • Validity periods of the changes

The mail recipient can be either an individual or a company.

As a postal company in accordance with the Postal Act

As a postal company as defined by the Postal Act, we receive the personal data contained in our address system from Posti under section 38 of the Postal Act. These data are based on the information present in Posti's address system, which in turn are based on the information provided to Postior Bpost by mail recipients, the Population Register Center, and municipalities.

4. Data Retention Period

We adhere to the legally mandated retention periods for personal data. Historical data of mail recipients contained in the address system are not retained; we only process the most recent information we receive from Posti. Information related to orders for changes in distribution is retained for a maximum of five years.

5. Data Transfers and Disclosures

We do not transfer or disclose personal data from the register to third parties except in the situations mentioned in this section. Personal data may be transferred and processed between companies within our group for the purposes described in this privacy policy. Personal data may be disclosed to authorities based on a legal requirement. We use subcontractors in our operations (such as subcontractors involved in the processing and distribution of deliveries and IT service providers), to whom we may transfer personal data from the register as necessary to fulfill the subcontractor's tasks. In these cases, we ensure through contractual arrangements that the subcontractor processes your personal data in accordance with applicable data protection laws and our instructions. Data are not transferred outside the EU or EEA. If a transfer is necessary for the technical implementation of our services, we ensure through contractual arrangements and other necessary safeguards in accordance with data protection laws that your personal data are properly protected.

6. Register Protection Principles

Personal data are stored on a server protected by firewalls and other necessary technical measures. Access to the register is restricted at the application level or only to persons who need the data. Manual processing of data, if necessary, takes place on a separate firewall-protected computer, with encrypted data. Data transfer is always encrypted, and access control to the necessary servers during the transfer is carried out using a username-password procedure or a public key-based procedure.

7. Rights of the Data Subject

The data subject has the right to obtain confirmation of the processing of their personal data, to access their personal data, and to request the correction or completion of inaccurate or incorrect data by providing the necessary additional information.

Rights of the Data Subject

The data subject has the right, under the conditions provided by law, to request the deletion, restriction, or transfer of their personal data. To the extent that the processing is based on consent, the consent can be withdrawn at any time, without affecting the lawfulness of the processing carried out before the withdrawal.

Requests from the data subject are handled on a case-by-case basis, as when processing is based on compliance with a legal obligation, all rights may not be available to the data subject in all circumstances.

Each data subject has the right to file a complaint with the supervisory authority if they believe that their personal data has been processed in violation of this policy or data protection legislation. The contact details of the supervisory authority are available at www.tietosuoja.fi or https://www.autoriteprotectiondonnees.be/citoyen.www.tietosuoja.fi.

Description of the Register

  1. Data Controller:
    PPP Finland Oy
    Myllärinkatu 19, Vaasa
  2. Person in Charge of Register Matters:
    CTO, Patrik Pada
    p.pada@dppp.fi
  3. Name of the Register:
    PPP Falcon Distribution System
  4. Purpose of the Register:
    Management and maintenance of the distribution contract tasks between PPP Group and the user.
  5. Content of the Register:
    Information provided during registration: such as username, pseudonym, password. User's distribution tasks and annotations made in the electronic distribution log. Location data are processed only with the explicit consent of the user.
  6. Regular Sources of Information:
    Information collected from the user during the use of the application or provided by other means (by phone, internet, or email). Information observed on the use of the application.
  7. Regular Disclosures of Data and Transfer of Data Outside the EU or European Economic Area:Data in the register are generally not disclosed to third parties without the user's prior consent. PPP Group and companies within the same group have the right to use and disclose register data for justified purposes (such as direct marketing, remote sales, and other forms of direct marketing as well as for opinion and market research) in accordance with the Personal Data Act.
  8. Protection of the Register:
    Only employees who have the right to process customer information due to their job are authorized to use the system containing customer data. Each user has their own username and password to access the system. Data are collected in databases protected by firewalls, passwords, and other technical means.
  9. Rights of the Data Subject:
    The data subject has the right to check the information concerning them recorded in the register. Requests for access must be made in writing and signed to the address mentioned in point 1. If the recorded information is incorrect, the data subject can request correction of the error from the person responsible for register matters mentioned in point 2.