Cookies and privacy
Last updated: November 2021
This Cookies Policy is aimed at providing you with some information about how we manage cookies and other trackers when you use our site available at https://www.jcdecaux.fi, and how you can manage your choices in relation to such cookies and trackers.
Access to the Cookies Preferences Platform
1. What is a cookie?
A cookie is a small text file stored by the browser on your equipment (computer, phone…) that records information relating to your navigation on a website or mobile application.
We use the term “cookies” to designate cookies, trackers and similar technologies.
Cookies have multiple uses: they enable identifying you so that you can access to your account, managing a shopping cart, memorizing your browsing language, follow your navigation for statistics analysis or advertising purposes…
2. What are the different types of cookies?
Cookies can be classified depending on:
• Their lifetime:
- Session cookies, which are temporary and kept in the memory of your browser only when it is open. As soon as you shut your browser, these cookies are deleted from your history.
- Persistent cookies, which have a predefined lifetime, determined on the basis of their purpose. These cookies remain on your equipment until they expire or until you delete them manually by using the functionalities of your browser.
• Their source:
- First party cookies, which are deposited directly by the publisher of the website or the mobile app you are consulting, or by its service providers on its behalf.
• Their purposes:
- Necessary cookie, which are strictly necessary to the good functioning of the website or deposited to provide an online communication service requested expressly by the user. Several purposes may be covered by these cookies, such as recording cookies preferences chosen by the user, authentication with a service, keeping a shopping cart in memory, invoicing purchased products or services, customizing the user interface (e.g.: language choice, presentation of a service), maintaining the security of the website…
- Other cookies, which may have various purposes (analytics, advertisement, social networks sharing…).
3. What types of cookies are used on our website and for what purposes?
On our website, we use the following cookies:
• Necessary Cookies
These cookies enable us to:
- Ensure the proper functioning of the website’s content management system (Drupal)
- Safeguard the language of navigation chosen by the user
- Safeguard cookies preferences and transfer consent information to partners
- Protect the website against spam enquiries on contact form
These cookies are managed by us and service providers acting on our behalf.
• Audience Measurement Cookies
These cookies enable us to improve user’s experience and the quality of our services by establishing anonymous audience and frequentation statistics of the website.
• Social networks sharing cookies
These cookies enable us to display and upload a toolbar to share content on the main social networks.
We inform you that if you click on a social network link proposed on our website, you will be redirected directly to the website of such social network. Your data will then be processed according to the privacy rules of such network.
• Video Cookies
These cookies enable you to read videos posted on our website when you click on them.
On our website, we use Vimeo and YouTube.
4. How can you manage your cookies preferences?
Necessary cookies are not subject to your prior consent.
They will be automatically deposited on your terminal when you connect to the website.
You can still object to them and delete them by using the settings of your browser but please be informed that in this case, your user experience may be highly degraded, and the website may not function as expected.
In addition, please be informed that your choices regarding acceptance or rejection of cookies are managed by cookies deposited by our Consent Management Platform, Didomi. If you deactivate these cookies in the settings of your browser, we will no longer be able to remember your choices.
Other cookies are subject to your prior consent.
They will be deposited only if you explicitly accept them, either globally or individually, by clicking on the agreement buttons. If you click on the refusal buttons, on the Continue without agreeing link (as the case may be) or if you continue navigating without making any choice, these cookies will not be deposited.
You may modify your choices at any time via the Cookies Preferences Platform.
You may also configure your browser to prevent cookies from being deposited on your equipment. The configuration of each browser is different:
If you have any questions regarding this Cookies Policy, you may contact us:
By email: email@example.com
By post: JCDecaux Finland Oy, Mekaanikonkatu 11, 08800 Helsinki, Finland
for JCDecaux Finland Oy’s Corporate Customer, Supplier, Partner and Marketing Register
1 Data Controller and Contact Details
JCDecaux Finland Oy (Business ID 0201696-2)
Mekaanikonkatu 11, 00880 Helsinki, Finland
Contact details for any data protection questions and requests:
• by email: firstname.lastname@example.org
• by telephone: +358 20 7758 200
2 Legal Bases and Purposes of Personal Data Processing
The data controller processes personal data based on the following legal bases and for the following purposes:
- implementation of a contract between the data controller and a company being its customer, supplier, subcontractor, landlord or co-operation partner (hereinafter, the ”Company”) and the carrying out of actions preceding the conclusion of the contract upon the data subject’s request, e.g. responding to queries, quotation requests, etc., provision and obtaining of agreed products and services, administration of contracts and orders, invoicing and debt collection;
- the creation, management, maintenance and development of a customer or other relationship between the data controller and the Company, in accordance with a legitimate interest based upon the contractual relationship between the data controller and the Companies; design and development of business, products and online as well as other services and customer service; customer and other satisfaction surveys, along with any other communications based upon the relationship between the Company and the data controller;
- carrying out the data controller’s statutory obligations, as well as the detection, prevention and investigation of any fraud, money laundering and other criminal action and malfeasances, in accordance with the data controller’s legitimate interests;
- in accordance with the data controller’s legitimate interests, the direct marketing of its products and services and targeting of same (incl. sending a newsletter) by telephone, by letter, email, SMS message or otherwise in electronic form; carrying out of surveys and market research, arranging marketing contests and other events;
- in accordance with the data controller’s legitimate interests, for analysing, profiling, segmentation and compiling statistics of the data subjects and their data in conjunction with the aforementioned purposes and for the purposes of same.
3 Data Subjects and Data Content of Register
The register contains the following information concerning the decision-makers and contact persons of the current and potential customer, subcontractor and co-operation partner companies and entities:
- Basic information: name, rank or occupation, status or position in the company, company details, work-related contact details (mailing and visiting address, email address, telephone number), year of birth, gender, mother tongue, service language, preferred mode of communication;
- Marketing information: information concerning tasks and position in business life or in public office, professional interests, other information disclosed by the data subject; marketing measures directed at the data subject, attendance at events, direct marketing and other permissions and consents, as well as prohibitions and restrictions;
- Information on the use of electronic services: e.g. registration details required by the right of use, such as user ID, alias, password and any other individualising identification; information concerning the reading of newsletters, utilisation and browsing information concerning services collected with the aid of cookies, advertising identifiers or other comparable technical means of monitoring, displayed advertisements as well as details of clicking on advertisements; site from which the user has transferred to the data controller’s site, device model, individual device and/or cookie identifier, data collection channel (internet browser, mobile browser, application), browser version, IP address, session identifier, session time and duration, as well as screen resolution and operating system, positioning data.
- Information related to communications: e.g. feedback and communications, emails, electronic communications forms, chats, telephone call recordings, other measures undertaken by the data subject on behalf of the company it represents
- Profiling and classification information: customer/user and marketing segments and analyses formulated on the basis of analysing and profiling the information described above, as well as classification etc. information collected from regular data sources.
4 Regular Data Sources
The information in the register is as a rule collected from the data subject themselves in connection with their use of services and the website, filling out a contact request or other form, conclusion of an agreement or other personal, electronic or telephone dealings or in connection with attendance at events. Furthermore, personal data may be collected and updated from publicly available information sources, such as from corporate websites, trade register, postal operators, contacts services (for instance Suomen Asiakastieto Oy, Fonecta Oy, Posti Oy) as well as from other comparable corporate and decision-making registers and other public and private registers.
5 Disclosure and Transfer of Personal Data
The data controller may disclose information recorded in the register to the data controller’s group companies and co-operation partners, when necessary for carrying out the intended purposes of the register, e.g. to deliver the agreed products or services. Otherwise information is not disclosed to third parties without the data subject’s consent.
The data controller also has the right to utilise subcontractors for carrying out the intended purposes of the register. Such subcontractors include, for instance:
- ICT service providers
- Analytics services providers: Google
Marketing automation: Hubspot
Personal data may be transferred to be processed also in a country outside of the EU/EEA. Unless the European Commission has decided that the level of data protection in the processing country is acceptable, the data controller ensures appropriate data protection by concluding with its subcontractors written agreements using the standard clauses approved by the European Commission (Decision C (2010)593) or through another lawful procedure.
6 Principles of Protecting the Register and Data Retention Period
The right of use to the data is limited to only the persons who by virtue of their work are entitled to process the information in the register. The data is retained in locked premises, protected by access control. Electronic data has been protected with firewalls, access rights control and other technical means. Each user has their own user ID and password to the system. The data controller ensures the actualisation of data security in its subcontractors’ services by means of data processing agreements to be concluded with its subcontractors processing personal data.
Personal data is retained for as long as necessary for the intended purpose. As a general rule, the information is deleted when 1.5 years have elapsed from the cessation of the customer, supplier or other relationship between the data controller and the Company, or once the data controller has been informed that the data subject is no longer a contact person of the Company, with the following exceptions:
- Utilisation data of electronic services and information related to communications is retained for five years from the said time. (The data controller retains the information of corporate customers on other bases, i.e. information of such use of the data controller’s products and services, correspondence and other communications that the data subject has carried out on behalf and in the name of the corporate customer, in its capacity as its representative. It is not used for purposes concerning the data subject and it does not constitute personal data.)
- Anonymised data may be retained permanently.
- The basic details of the data subject and the marketing information may be retained permanently for the purposes of direct marketing.
- Data collected on the basis of consent shall be retained in accordance with the consent.
- In circumstances permitted by the legislation in force from time to time, beyond the above-mentioned retention periods.
The data controller assesses the necessity of retaining data on a regular basis and takes all reasonable measures to ensure that no personal data concerning the data subject that are incompatible with the purposes of the processing, outdated or incorrect are retained in the register.
7 Inspection Right, Rectification Right and other Rights of the Data Subject
Each data subject has the right to inspect their data recorded in the register of persons and to have any incorrect, outdated, unnecessary or unlawful information be rectified or erased. The data subject also has the right to retract at any time the personal data processing consent they have previously granted. Retracting consent shall not affect the lawfulness of the processing that occurred prior to retracting consent.
The data subject has the right to object to personal data processing or to request a restriction on the processing, as well as to lodge a complaint to the data protection officer regarding personal data processing.
If the data subject has submitted their personal data to the data controller and the processing is based upon consent or agreement, they have the right to obtain such information for themselves in a structured, generally used and machine-readable form and the right to transfer the data to another data controller in accordance with the legislation in force.
When the basis for the processing of personal data is a legitimate interest, the data subject has the right to object to the processing of their data on a basis related to their particular personal situation. In connection with filing the request, the data subject must specify the particular situation that the objecting is based upon.
Requests concerning the exercise of the above-mentioned rights must be sent to the email address mentioned under Clause 1. If necessary, the data controller may request the data subject to specify their request in writing and to prove their identity.