Data protection at Antell

WEBSITE REGISTRY AND PRIVACY POLICY

Personal Data Act (523/1999) Sections 10 and 24 

This privacy policy applies to personal data that we collect from users of our website. 

1. Data Controller

Katri Antell Oy
Poratie 5 B, 90140 Oulu 

Business ID: 0187176-4
info@antell.fi

2. Name of the register

Antell Group Antell.fi Website Register and Privacy Policy

3. Contact person for register matters

Commercial Director Mari Kähkönen 

Katri Antell Ltd
Poratie 5B, 90140 Oulu 

+358 20 770 2076
mari.kahkonen@antell.fi

4. Purpose and legal basis for processing personal data

The purpose of the register is to manage customer relationships and maintain contact with customers. 

The setting of cookies that are not necessary for the functioning of the website is based on the consent you have given in the Cookiebot tool. The data collected by cookies is processed on the basis of your consent for the following purposes, for example: website analysis and statistics. 

The controller processes personal data in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (2016/679) and the Data Protection Act (1050/2018). 

The purposes of processing personal data are: 

• customer relationship and customer service management
• exercising the rights and obligations of the customer and the controller 
• processing of personal data of stakeholders (suppliers, other partners) 
• processing of website visitor data to ensure and develop website functionality 
• processing of personal data for purposes related to the controller’s products and services, such as the development, provision, implementation and marketing of products and services 
• prize draws and votes 

The legal grounds for processing personal data are, depending on the purpose of the processing, the controller’s legal obligations, contract, consent and legitimate interest. 

The legitimate interest of the controller is the basis for processing when there is a relevant connection between the data subject and the controller. Such a relevant connection exists, for example, when the data subject contacts the controller on their own initiative, or when the controller processes the data subject’s personal data in connection with, for example, business or cooperation activities between the data subject’s employer and the controller.

5. Data content of the register

The information content of contact requests, product orders, prize draws and votes is determined on the basis of the information provided by the customer. 

The information may include: 

• Person’s first name and surname 
• Email address 
• Telephone number 
• Company name 
• Information related to the use of the website (e.g. form submission details) 
• Information provided in surveys and studies 
• Customer relationship-based information, such as contact history, feedback, and tracking information 
• Additional information provided by the data subject 
• Other information collected with the user’s consent 

Information collected through cookies and analytics tools used on the website is explained on the Antell.fi website under Cookies used on our website. 

6. Regular sources of information

The register is mainly compiled from the following sources of information: 

• Directly from the registered person themselves for the purpose of managing the customer relationship (e.g. by submitting their contact details via the contact form, order form or prize draw form on the website). 
• From a representative of a registered employer or other controller who has a customer, business, cooperation or contractual relationship with the data subject.
• Through the use of cookies or other similar technologies. 

7. Regular disclosure of personal data

The controller will not disclose the personal data of data subjects outside the Antell Group, unless required to do so by law or by compelling legislation. The controller may use reliable service providers in connection with the provision of its services, who may process personal data on behalf of the controller in accordance with the requirements of data protection legislation in order to provide these services. 

8. Cookies used by our website

The Antell.fi website uses cookies to maintain user sessions, improve the user experience and implement various additional functions, such as chatbot customer service.  

A cookie is a small text file sent to the customer’s browser, which usually contains an anonymous identification number. The pages can also be used without cookies, but in that case some functions may not work. Cookies help us understand how our website is used and how it should be developed. 

 Third-party cookies

Visitors to the Antell.fi website are asked for their consent to the use of cookies. Cookies can be modified using the “Cookie settings” button at the bottom right of the website. The cookies used on the website and their properties can be found in the “Details” menu of the cookie banner. Note: Blocking cookies may affect the functionality of the service and the targeting of content on other platforms. 

These cookies do not store any identifiable personal information, but they can identify your browser and the device you are using to access the internet.  

Below are instructions on how to block cookies in the most common browsers. 

• Google Chrome: Change your cookie settings by clicking on “Settings” and “Privacy”. 
• Microsoft Edge: “To change your cookie settings, click on ‘Settings’ and then ‘Privacy, search and services’.” 
• Firefox: Settings can be found under “Tools”, “Settings” and “Privacy”. 
• Safari: Change your cookie settings by clicking on “Settings” and “Privacy”. 

You can block Google cookies at: https://policies.google.com/?hl=fi 

9. Transfer of data outside the EU or EEA

No data will be transferred outside the EU or EEA.  

10. Data retention period

The data is stored in the system for the period specified below, after which it is deleted. The data from the order, prize draw, voting and contact forms on Antell’s website, i.e. the WordPress system (Antell.fi), is stored in the system for the duration of the order delivery period. All form data will be deleted from the system after six months at the latest.  

11. Principles of register protection

There is no manual material. 

Electronic data is stored on a server located in Finland and managed by the data controller. Access to the data content of the register is restricted by user IDs and passwords, and access is limited to those persons whose job duties include handling customer contacts.  

12. Automated decision-making and profiling

Personal data is not used for automated decision-making or profiling. 

13. Right of access

All communications concerning register matters shall be addressed by email or letter to the register administrator’s contact person for register matters. 

Right to access personal data
The data subject has the right to obtain information on whether personal data concerning him or her is being processed and, if so, to obtain a copy of that personal data.
Right to rectification
The data subject has the right to request the correction or completion of inaccurate or incorrect data concerning him or her.
Right to erasure
The data subject has the right to request the erasure of personal data concerning him or her.
Right to restriction of processing
The data subject has the right to restrict the processing of personal data concerning him or her in certain situations.
Right to object
The data subject has the right to object at any time to the processing of personal data concerning him or her.
Right to transfer data from one system to another
The data subject has the right to receive personal data concerning him or her and provided by him or her in a structured, commonly used and machine-readable format.
Right to withdraw consent
The data subject has the right to withdraw their consent to processing at any time.
Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a supervisory authority about the way in which the controller processes the data subject’s personal data. In Finland, the national supervisory authority is the Data Protection Ombudsman. 

14. Updating the privacy policy

Katri Antell Oy may make changes to this privacy policy without prior notice, provided that the use of personal data is not expanded. If the use of personal data is expanded, the new privacy policy will be announced through Antell’s communication channels. 

LEADOO CHAT SERVICE REGISTRY AND DATA PROTECTION STATEMENT

Personal Data Act (523/1999) Sections 10 and 24

This privacy policy applies to personal data that we collect from users of the Leadoo Chat service on our website.

1. Data Controller

Katri Antell Oy
Poratie 5B, 90140 Oulu

Business ID: 0187176-4
info@antell.fi

2. Name of the register

Antell Group website Leadoo Chat service register and data protection statement.

3. Contact person for register matters

Commercial Director Mari Kähkönen

Katri Antell Oy
Poratie 5B, 90140 Oulu

+358 20 770 2076
mari.kahkonen@antell.fi

4. Purpose and legal basis for processing personal data

The purpose of the register is to manage customer relationships and maintain customer contact.

The controller processes personal data in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (2016/679) and the Data Protection Act (1050/2018).

The purposes of processing personal data are:

• customer relationship and customer service management
• processing of personal data for purposes related to the controller’s products and services, such as the development, provision, implementation and marketing of products and services
• prize draws and votes

The legal basis for processing personal data is the consent of the data subject and the legitimate interest of the controller when the data subject contacts the controller on their own initiative. The controller processes the data subject’s personal data for the purpose of managing the customer relationship.

5. Data content of the register

The information content of contact requests, product orders, prize draws and votes is determined on the basis of the information provided by the customer.

The information may include:

• Person’s first name and surname
• Email address
• Telephone number
• Company name
• Information related to the use of the website (e.g. form submission details)
• Information provided in surveys
• Customer relationship-based information, such as contact history and feedback
• Additional information provided by the data subject
• Other information collected with the user’s consent

 6. Regular sources of information

The register is mainly compiled from the following sources of information:

• Directly from the data subject themselves for the purpose of managing the customer relationship
• Using cookies or other similar technologies

7. Regular disclosure of personal data

The controller will not disclose the personal data of data subjects outside the Antell Group, unless required to do so by law or by compelling legislation. The controller may use reliable service providers in connection with the provision of its services, who may process personal data on behalf of the controller in accordance with the requirements of data protection legislation in order to provide these services.

8. Transfer of data outside the EU or EEA

No data will be transferred outside the EU or EEA.

9. Data retention period

The data is stored in the system for two years, after which it is deleted.

10. Principles of register protection

There is no manual material.

Electronic data is stored on servers located in Europe. Access to the data contained in the register is restricted by user IDs and passwords, and access is limited to those persons whose duties include handling customer contacts.

11. Automated decision-making and profiling

Personal data is not used for automated decision-making or profiling.

12. Right of access

All communications concerning register matters shall be addressed by email or letter to the controllser’s contact person for register matters.

Right to access personal data
The data subject has the right to obtain information on whether personal data concerning him or her is being processed and, if so, to obtain a copy of that personal data.
Right to rectification
The data subject has the right to request the correction or completion of inaccurate or incorrect data concerning him or her.
Right to erasure
The data subject has the right to request the erasure of personal data concerning him or her.
Right to restriction of processing
The data subject has the right to restrict the processing of personal data concerning him or her in certain situations.
Right to object
The data subject has the right to object at any time to the processing of personal data concerning him or her.
Right to transfer data from one system to another
The data subject has the right to receive personal data concerning him or her and provided by him or her in a structured, commonly used and machine-readable format.
Right to withdraw consent
The data subject has the right to withdraw their consent to processing at any time.
Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a supervisory authority about the way in which the controller processes the data subject’s personal data. In Finland, the national supervisory authority is the Data Protection Ombudsman.

13. Updating the privacy policy

Katri Antell Oy may make changes to this privacy policy without prior notice, provided that the use of personal data is not expanded. If the use of personal data is expanded, the new privacy policy will be announced through Antell’s communication channels.

MAILCHIMP SERVICE REGISTRY AND DATA PROTECTION STATEMENT

1. Data controller

• Company: Katri Antell Oy
• Address: Poratie 5B, 90140 Oulu
• Business ID: 0187176-4
• Email: info@antell.fi

Katri Antell Oy acts as the controller of this register and is responsible for the lawfulness of the processing of personal data. The personal data of data subjects is processed in accordance with the EU General Data Protection Regulation (GDPR), the Data Protection Act and other applicable legislation.

2. Name of the register

Antell Group’s Mailchimp service marketing register.

3. Contact person for register matters

• Name: Commercial Director Mari Kähkönen
• Address: Katri Antell Oy, Poratie 5B, 90140 Oulu
• Telephone: +358 20 770 2076
• Email: mari.kahkonen@antell.fi

The contact person is responsible for responding to requests concerning the register and the exercise of the rights of data subjects.

4. Purpose and legal basis for processing personal data

The Mailchimp service registry stores information about individuals who have subscribed to Antell’s lunch manu via the Mailchimp link on the restaurant’s website.

The purpose of the processing is:

• Sending the restaurant’s lunch menu as a newsletter once a week
• No other marketing communications will be sent to persons who have signed up for the lunch menu.

The legal basis for processing is the person’s consent; the person has subscribed a lunch menu from the restaurant’s website. The data subject may withdraw their consent at any time (see section 11).

5. Data content of the register

The following information may be stored in the register:

• e-mail address
• consent information indicating that the person has requested to subscribe to the lunch menu
• Information generated by Mailchimp about email usage (e.g. message opening and click data, IP address, browser and device type, and approximate location)

6. Regular sources of information

Personal data is obtained:

• registered by filling in the lunch order form (online)

7. Regular disclosure and transfer of personal data

The controller shall not sell or disclose the data subjects’ data to external parties. Data may be disclosed to authorities when required by law or when compelled by mandatory legislation.

The data registered for the register is stored in the Mailchimp service (The Rocket Science Group LLC d/b/a Mailchimp, part of the Intuit Group).

Mailchimp is certified under the EU-US Data Privacy Framework, which allows personal data to be transferred from the European Union to the United States. In addition, Mailchimp uses Standard Contractual Clauses approved by the European Commission in its data processing agreement, which provide legal safeguards for the transfer of personal data outside the EU. If the Data Privacy Framework is ever invalidated, Mailchimp will continue to transfer data in accordance with these Standard Contractual Clauses.

8. Data retention period

The data subject’s data will be stored in the register for as long as the data subject’s consent is valid. After withdrawal of consent, we will delete the contact details from the register within two (2) years at the latest. Mailchimp may retain the data in backups and log files for a short period after withdrawal of consent, but it will not be used for marketing purposes.

9. Principles of register protection

The register is not maintained as manual material. Electronic material is stored in the Mailchimp service and in Antell’s own systems. Mailchimp uses advanced technical and organisational security measures to protect personal data and report security breaches. Antell restricts access to the register to only those employees who have the right to process the data due to their job duties. Access to the data is protected by personal user IDs and passwords, and two-factor authentication is used on devices.

10. Automated decision-making and profiling

Personal data is not used for automated decision-making.

11. Rights of the data subject

The data subject has the following rights:

• Right of access: The data subject may request confirmation as to whether personal data concerning him or her are being processed and obtain a copy of the data.
• Right to rectification: The data subject may request the correction of inaccurate or incorrect data.
• Right to erasure: The data subject may request the erasure of their personal data, for example when withdrawing their consent.
• Right to restrict processing: In certain situations, the data subject may restrict the processing of their personal data.
• Right to object: The data subject may object to direct marketing directed at him or her at any time.
• Right to transfer data: The data subject may request that their data be transferred in a machine-readable format.
• Right to withdraw consent: The data subject may withdraw their consent at any time.
• Right to lodge a complaint with a supervisory authority: The data subject may lodge a complaint with the Data Protection Commissioner if he or she considers that personal data has been processed unlawfully.

For requests and questions, the data subject should contact the contact person for register matters (see section 3) by letter or email.

12. Updating the privacy policy

Katri Antell Oy may update this privacy policy, for example, due to changes in legislation or services. Any significant changes will be announced on Antell’s website or other communication channels.

FEEDBACKLY SYSTEM REGISTER AND DATA PROTECTION STATEMENT

Personal Data Act (523/1999) Sections 10 and 24

This privacy policy applies to personal data that we collect from individuals who provide feedback through the Feedbackly feedback system.

1. Data controller

Katri Antell Oy
Poratie 5B, 90140 Oulu

Business ID: 0187176-4
info@antell.fi

2. Name of the register

Antell Group’s Feedbackly system register and privacy policy.

3. Contact person for register matters

Commercial Director Mari Kähkönen

Katri Antell Oy
Poratie 5B, 90140 Oulu

+358 20 770 2076
mari.kahkonen@antell.fi

4. Purpose and legal basis for processing personal data

The purpose of the register is to collect feedback from Antell’s customers.

The controller processes personal data in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (2016/679) and the Data Protection Act (1050/2018).

The purposes of processing personal data are:

• customer relationship management and product and service development

The legal basis for processing personal data is the consent of the data subject and the legitimate interest of the controller when the data subject contacts the controller on their own initiative. The controller processes the data subject’s personal data for the purpose of managing the customer relationship.

5. Data content of the register

The information content of contact requests is determined based on the information provided by the customer.

The information may include:

• Person’s first name and surname
• Email address
• Telephone number
• Company name
• Information provided in surveys
• Customer relationship-based information, such as feedback
• Additional information provided by the data subject
• Other information collected with the user’s consent

6. Regular sources of information

The register is mainly compiled from the following sources of information:

• Directly from the data subject themselves for the purpose of managing the customer relationship

7. Regular disclosure of personal data

The controller will not disclose the personal data of data subjects outside the Antell Group, unless required to do so by law or by compelling legislation. The controller may use reliable service providers in connection with the provision of its services, who may process personal data on behalf of the controller in accordance with the requirements of data protection legislation in order to provide these services.

8. Transfer of data outside the EU or EEA

No data will be transferred outside the EU or EEA.

9. Data retention period

The data is stored in the Feedbackly system for six months, after which it is deleted.

10. Principles of register protection

There is no manual material.

Electronic data is stored on servers located in Europe. Access to the data contained in the register is restricted by user IDs and passwords, and access is limited to those persons whose duties include handling customer feedback.

11. Automated decision-making and profiling

Personal data is not used for automated decision-making or profiling.

12. Right of access

All communications concerning register matters shall be addressed by email or letter to the controller’s contact person for register matters.

Right to access personal data
The data subject has the right to obtain information on whether personal data concerning him or her is being processed and, if so, to obtain a copy of that personal data.
Right to rectification
The data subject has the right to request the correction or completion of inaccurate or incorrect data concerning him or her.
Right to erasure
The data subject has the right to request the erasure of personal data concerning him or her.
Right to restriction of processing
The data subject has the right to restrict the processing of personal data concerning him or her in certain situations.
Right to object
The data subject has the right to object at any time to the processing of personal data concerning him or her.
Right to transfer data from one system to another
The data subject has the right to receive personal data concerning him or her and provided by him or her in a structured, commonly used and machine-readable format.
Right to withdraw consent
The data subject has the right to withdraw their consent to processing at any time.
Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a supervisory authority about the way in which the controller processes the data subject’s personal data. In Finland, the national supervisory authority is the Data Protection Ombudsman.

13. Updating the privacy policy

Katri Antell Oy may make changes to this privacy policy without prior notice, provided that the use of personal data is not expanded. If the use of personal data is expanded, the new privacy policy will be announced through Antell’s communication channels.