Data protection
We are committed to high standards of personal data protection.
Metsä Conservation Foundation is committed to complying with legislation and good personal data processing practices when processing the personal data of its stakeholders. We require the same from our partners.
Your privacy is important to us. This page contains information on how Metsä Conservation Foundation collects, uses and protects your personal data. You will also find information here on your privacy rights and how to exercise them.
Privacy statement – Metsä Conservation Foundation
In this privacy policy, we describe how Metsä's Conservation Foundation processes the personal data of forest owners and other stakeholders. We may update this privacy policy from time to time, and the latest version of the privacy policy can be found on our website.
1. Data controller
Metsä Conservation Foundation, registered address Revontulenpuisto 2, 02100 Espoo, Finland (hereinafter referred to as the “Foundation”)
2. Contact person
Please contact us by email metsafoundation@metsagroup.com
3. The purpose and legal basis of processing personal data
The data subjects are the owners of the Foundation's current and future conservation sites, other forest owners involved in or associated with the Foundation's activities, and other potential stakeholders, such as donors.
Personal data is processed for the purposes of the Foundation's public benefit activities, to manage stakeholder relations, to increase awareness of the Foundation, and in connection with the use of the Foundation's website.
Our legal basis for collecting and processing personal data is the legitimate interest based on a potential or existing stakeholder relationship between us. Processing activities related to the administration of the Foundation may also be based on compliance with the Foundation's legal obligations.
4. Personal data processed
The Foundation may process the following personal data:
- Name
- Street address, postcode, city, country
- Telephone
- Language
- Required forest resource information and property register number
- Other information related to a possible donation
5. Regular sources of information
Personal data is mainly collected from the data subject in the beginning of or during the cooperation.
6. Regular disclosure of personal data and transfer of data outside the EU or EEA
The Foundation will not disclose personal data to third parties unless there is a justified reason for doing so. The Foundation may disclose the personal data of forest owners to the competent authority, such as the Finnish Supervisory Agency (Lupa- ja valvontavirasto), in matters related to forest conservation decisions. The Foundation may also disclose personal data to other third parties if this is necessary, for example, due to applicable legislation or an enforceable request from an authority.
The Foundation may use external service providers. These service providers and their possible subcontractors act as the Foundation’s data processors. They process personal data on behalf of the Foundation only for the provision of services to the Foundation The service providers have no independent right to use the personal data for any independent purposes.
The personal data can be processed within EU/EEA and outside EU/EEA. The Foundation will only transfer your personal data outside the EU/EEA in accordance with one of the legal grounds described below:
- The European Commission considers that the recipient country provides an adequate level of data protection for your personal data;
- we have implemented appropriate safeguards for the transfer of personal data and used the European Commission's standard contractual clauses for the transfer of personal data to third countries; or
- the transfer is based on another legal basis under applicable data protection legislation
7. Data security
Personal data is processed with care and confidentiality. Personal data is only processed by persons who need to use it for their work tasks.
Systems containing personal data are protected by appropriate and up-to-date access control practices.
All data is protected by regularly reviewed and appropriate technical and organisational security measures to prevent access, alteration, destruction or other processing of data, including unauthorised disclosure or transfer of data by accident or unlawfully. These measures include, among other things, adequate firewall arrangements, encryption of telecommunications and messages where applicable, and secure server rooms.
8. Rights of the data subject
You have the right to:
- access your personal data and update, delete and correct your personal data;
- object to the use of your personal data on grounds relating to your particular situation;
- request that the Foundation restricts the processing of your personal data
You can exercise the above rights by contacting the Foundation by email: metsafoundation@metsagroup.com. Alternatively, you can contact us in person or by post at the address below. The Foundation may ask you to specify your request in writing and, if necessary, verify your identity before processing your request.
Requests can be submitted in writing to:
Metsä Conservation Foundation
Revontulenpuisto 2
02100 Espoo
Finland
Requests can be submitted in person:
Revontulenpuisto 2
02100 Espoo
Please note that we may not be able to fulfil all your rights if we have a legal basis for doing so.
If you are dissatisfied with how we process your personal data, you have the right to make a complaint to the competent supervisory authority responsible for monitoring compliance with applicable data protection legislation. In Finland, the competent authority is the Data Protection Ombudsman (tietosuoja(at)om.fi).
9. Data retention policy
Personal data is only kept for as long as it's needed and justified, or as required by applicable law, or if it's needed for claims, legal proceedings, or internal investigations.
The personal data of the Foundation's stakeholders is actively managed throughout the entire cooperation cycle.