• En-Fi


What are cookies or other trackers?

You are informed that, when browsing our websites, cookies can be placed on your web browser to enable, in particular, optimal browsing. Cookies are data stored on your terminal equipment. Our websites use cookies to send information to your browser, enabling the browser to pass data back to the original website (for instance, a session ID, language preference or a date). Other types of trackers, such as Web beacons, can also be used. These beacons make calls to servers to display a pixel and enable us to share data with third parties for the purposes described below.

Cookies and other trackers do not allow, under any circumstances, any automatic access to any other file on your computer. No unauthorised third party can access the data stored in the cookie. We may, however, use technologies supplied by third parties that result in the placement and use of trackers for purposes of their own.


What kind of cookies and other trackers do we use?


Source Name Purpose
Technical cookie Drupal.tableDrag.showWeight Essential for the proper functioning of the content management system Drupal
Technical cookie has_js Essential for the proper functioning of the content management system Drupal
Session cookie (CMS Drupal) SESSc58e46ab033f687c56cbb7ff8805eed9 Essential for the proper functioning of the content management system Drupal
Google analytics (web analytics cookies) _ga We use Google Analytics to collect information about how visitors use this website.
Technical cookie cookies_enabled Essential for the proper functioning of the content management system Drupal
Technical cookie jcdecaux_listing_referer_path  Used to propose a back-button allowing you to return to the previous page.
AddThis __atuvc This cookie is used to operate the AddThis sharing Platform.
  __atuvs This cookie is used to operate the AddThis sharing Platform.
  bt2 This cookie is used to operate the AddThis sharing Platform.
  di2 This cookie is used to operate the AddThis sharing Platform.
  dt This cookie is used to operate the AddThis sharing Platform.
  loc This cookie is used to operate the AddThis sharing Platform.
  ssc This cookie is used to operate the AddThis sharing Platform.
  ssh This cookie is used to operate the AddThis sharing Platform.
  sshs This cookie is used to operate the AddThis sharing Platform.
  Uid This cookie is used to operate the AddThis sharing Platform.
  Um This cookie is used to operate the AddThis sharing Platform.
  Uvc This cookie is used to operate the AddThis sharing Platform.
  vc This cookie is used to operate the AddThis sharing Platform.

Some third-party services may use invisible pixels when sending external newsletters to subscribers. Loading invisible pixels enables them to measure certain behaviours such as the opening of the email or clicking on a link for audience measurement purposes.

When loading a share button bar on our websites, some third-party services may collect non-personal data, using cookies and invisible pixels. They may thus use information about your visits to our websites to offer you ads on other websites about goods and services of possible interest to you.


What choices do you have in terms of cookie management?

You have the choice of setting your browser to accept all cookies, block all cookies, or to inform you whenever a cookie is created, its period of validity and its content, and to refuse the registration of the cookie on your terminal, or else to delete cookies periodically. You can configure your Internet browser settings to disable cookies. However, bear in mind that if you block all cookies you may not be able to use some of the features of the website.

JCDecaux draws your attention to the fact that if you decline the placement or use of a cookie, a refusal cookie will be installed on your terminal equipment. If you delete this refusal cookie, it will not be possible to identify you as having refused the use of cookies. Similarly, when you consent to the use of cookies, a consent cookie is installed. Consent or refusal cookies must stay on your terminal equipment. These types of cookies expire after 13 months.

You can object to the registration of cookies by configuring your browser settings as follows:

For Mozilla Firefox:

  • Select the “Tools” menu, then go to "Options"
  • Click on the “Privacy” icon
  • Go to the “cookie” menu and select the options that suit you

For Microsoft Internet Explorer:

  • Select the “Tools” menu, then go to “Internet Options”
  • Click on the “Confidentiality” tab
  • Select the desired level using the cursor (moving the slider to the top to block all cookies)

For Safari:

  • In the menu bar, select “Edit”
  • In the dropdown menu, select “Preferences”
  • Select the “Security” icon
  • To block cookies, choose the “Always” option. On this browser it is not possible to block cookies on a case-by-case basis.

For Chrome:

  • Click on the Google Chrome menu in the browser’s toolbar
  • Click on “Settings”
  • Click on “Show advanced settings”
  • In the “Privacy” section, click on the button “Content settings”
  • In the “Cookies” section, you can change the following settings: Block all cookies: select the option “Block sites from setting any data”.

To find out more or object to third-party cookies, click on the following links:
•    Privacy Policy on Addthis share button bar
•    Privacy Policy for Google Analytics solution

If you want to object to the placement of cookies for advertising purposes, go the European industry coalition platform “Your Online Choices” on online behavioural advertising and use their cookie control tool.

Latest update - June 1, 2018


Privacy policy

for JCDecaux Finland Oy’s Corporate Customer, Supplier, Partner and Marketing Register

1    Data Controller and Contact Details

JCDecaux Finland Oy (Business ID 0201696-2)
Mekaanikonkatu 11, 00880 Helsinki, Finland

Contact details for any data protection questions and requests:
•    by email: gdpr@jcdecaux.fi
•    by telephone:  +358 20 7758 200

2    Legal Bases and Purposes of Personal Data Processing
The data controller processes personal data based on the following legal bases and for the following purposes:  

  1. implementation of a contract between the data controller and a company being its customer, supplier, subcontractor, landlord or co-operation partner (hereinafter, the ”Company”) and the carrying out of actions preceding the conclusion of the contract upon the data subject’s request, e.g. responding to queries, quotation requests, etc., provision and obtaining of agreed products and services, administration of contracts and orders, invoicing and debt collection;
  2. the creation, management, maintenance and development of a customer or other relationship between the data controller and the Company, in accordance with a legitimate interest based upon the contractual relationship between the data controller and the Companies; design and development of business, products and online as well as other services and customer service; customer and other satisfaction surveys, along with any other communications based upon the relationship between the Company and the data controller;
  3. carrying out the data controller’s statutory obligations, as well as the detection, prevention and investigation of any fraud, money laundering and other criminal action and malfeasances, in accordance with the data controller’s legitimate interests;
  4. in accordance with the data controller’s legitimate interests, the direct marketing of its products and services and targeting of same (incl. sending a newsletter) by telephone, by letter, email, SMS message or otherwise in electronic form; carrying out of surveys and market research, arranging marketing contests and other events;
  5. based on the data subject’s consent concerning the use of cookies, the processing of information regarding the use of online and mobile services and social media for analytics, segmentation, profiling as well as advertising the products and services of the data controller and of its co-operation partners and for the targeting of same in their own and other Internet and mobile media, services, applications and for any other purposes set forth in this policy. For further information on the use and management of cookies, see here [insert link to cookie information here];
  6. in accordance with the data controller’s legitimate interests, for analysing, profiling, segmentation and compiling statistics of the data subjects and their data in conjunction with the aforementioned purposes and for the purposes of same.


3    Data Subjects and Data Content of Register
The register contains the following information concerning the decision-makers and contact persons of the current and potential customer, subcontractor and co-operation partner companies and entities:


  • Basic information: name, rank or occupation, status or position in the company, company details, work-related contact details (mailing and visiting address, email address, telephone number), year of birth, gender, mother tongue, service language, preferred mode of communication;
  • Marketing information: information concerning tasks and position in business life or in public office, professional interests, other information disclosed by the data subject; marketing measures directed at the data subject, attendance at events, direct marketing and other permissions and consents, as well as prohibitions and restrictions;
  • Information on the use of electronic services: e.g. registration details required by the right of use, such as user ID, alias, password and any other individualising identification; information concerning the reading of newsletters, utilisation and browsing information concerning services collected with the aid of cookies, advertising identifiers or other comparable technical means of monitoring, displayed advertisements as well as details of clicking on advertisements; site from which the user has transferred to the data controller’s site, device model, individual device and/or cookie identifier, data collection channel (internet browser, mobile browser, application), browser version, IP address, session identifier, session time and duration, as well as screen resolution and operating system, positioning data.
  • Information related to communications: e.g. feedback and communications, emails, electronic communications forms, chats, telephone call recordings, other measures undertaken by the data subject on behalf of the company it represents
  • Information on use of social media: The data controller’s website may utilise social media functions (i.e. social media plugins), such as the ”Share” or ”AddThis” button intended for the sharing of content. When you utilise these buttons, the data controller and the provider of the social media plugin collect and share information in accordance with the cookie consent you have given on how you use the data controller’s website and social media. For further information on the use and management of cookies, see here [insert a link to the cookie information here]. The company providing the social media plugins bears responsibility for same. The privacy policy for the AddThis plugin is available at https://www.oracle.com/legal/privacy/addthis-privacy-policy.html
  • Profiling and classification information: customer/user and marketing segments and analyses formulated on the basis of analysing and profiling the information described above, as well as classification etc. information collected from regular data sources.


4    Regular Data Sources
The information in the register is as a rule collected from the data subject themselves in connection with their use of services and the website, filling out a contact request or other form, conclusion of an agreement or other personal, electronic or telephone dealings or in connection with attendance at events. Furthermore, personal data may be collected and updated from publicly available information sources, such as from corporate websites, trade register, postal operators, contacts services (for instance Suomen Asiakastieto Oy, Fonecta Oy, Posti Oy) as well as from other comparable corporate and decision-making registers and other public and private registers.

5    Disclosure and Transfer of Personal Data
The data controller may disclose information recorded in the register to the data controller’s group companies and co-operation partners, when necessary for carrying out the intended purposes of the register, e.g. to deliver the agreed products or services. Otherwise information is not disclosed to third parties without the data subject’s consent.

The data controller also has the right to utilise subcontractors for carrying out the intended purposes of the register. Such subcontractors include, for instance:

  • ICT service providers
  • Analytics services providers: Google
  • Marketing automation: Hubspot

In such cases, personal data may be transferred to subcontractors in the extent necessary for the carrying out of the services. These subcontractors process personal data on behalf and in the name of the data controller, in accordance with the data controller’s instructions and this privacy policy. The data controller shall ensure through contractual means that personal data is processed in accordance with the legislation.

Personal data may be transferred to be processed also in a country outside of the EU/EEA. Unless the European Commission has decided that the level of data protection in the processing country is acceptable, the data controller ensures appropriate data protection by concluding with its subcontractors written agreements using the standard clauses approved by the European Commission (Decision C (2010)593) or through another lawful procedure.

6    Principles of Protecting the Register and Data Retention Period
The right of use to the data is limited to only the persons who by virtue of their work are entitled to process the information in the register. The data is retained in locked premises, protected by access control. Electronic data has been protected with firewalls, access rights control and other technical means. Each user has their own user ID and password to the system. The data controller ensures the actualisation of data security in its subcontractors’ services by means of data processing agreements to be concluded with its subcontractors processing personal data.

Personal data is retained for as long as necessary for the intended purpose. As a general rule, the information is deleted when 1.5 years have elapsed from the cessation of the customer, supplier or other relationship between the data controller and the Company, or once the data controller has been informed that the data subject is no longer a contact person of the Company, with the following exceptions:

  • Utilisation data of electronic services and information related to communications is retained for five years from the said time. (The data controller retains the information of corporate customers on other bases, i.e. information of such use of the data controller’s products and services, correspondence and other communications that the data subject has carried out on behalf and in the name of the corporate customer, in its capacity as its representative. It is not used for purposes concerning the data subject and it does not constitute personal data.)
  • Anonymised data may be retained permanently.
  • The basic details of the data subject and the marketing information may be retained permanently for the purposes of direct marketing.
  • Data collected on the basis of consent shall be retained in accordance with the consent.
  • In circumstances permitted by the legislation in force from time to time, beyond the above-mentioned retention periods.

The data controller assesses the necessity of retaining data on a regular basis and takes all reasonable measures to ensure that no personal data concerning the data subject that are incompatible with the purposes of the processing, outdated or incorrect are retained in the register.

7    Inspection Right, Rectification Right and other Rights of the Data Subject
Each data subject has the right to inspect their data recorded in the register of persons and to have any incorrect, outdated, unnecessary or unlawful information be rectified or erased. The data subject also has the right to retract at any time the personal data processing consent they have previously granted. Retracting consent shall not affect the lawfulness of the processing that occurred prior to retracting consent.

The data subject has the right to object to personal data processing or to request a restriction on the processing, as well as to lodge a complaint to the data protection officer regarding personal data processing.

If the data subject has submitted their personal data to the data controller and the processing is based upon consent or agreement, they have the right to obtain such information for themselves in a structured, generally used and machine-readable form and the right to transfer the data to another data controller in accordance with the legislation in force.

When the basis for the processing of personal data is a legitimate interest, the data subject has the right to object to the processing of their data on a basis related to their particular personal situation. In connection with filing the request, the data subject must specify the particular situation that the objecting is based upon.

Requests concerning the exercise of the above-mentioned rights must be sent to the email address mentioned under Clause 1. If necessary, the data controller may request the data subject to specify their request in writing and to prove their identity.