ChatPrivacy policy: Customer register
Privacy statement for Alko customer register.
23.4.2024
Contents:
Introduction.
1. Personal data to be processed
2. The use and processing of personal data.
3. Sensitive data: Alko does not process any sensitive personal data relating to its customers.
4. Data disclosure and transfer.
5. Data security.
6. Access to information and exercising your rights.
7. Data retention.
8. Use of cookies.
9. Amendments to this privacy policy.
10. Controller and contact details.
Introduction
Alko Oy (Alko) is committed to protecting your privacy and processing your personal data transparently and in accordance with current legislation and best practices. This privacy policy covers the processing of personal data that Alko undertakes in order to enable commerce, provide customer service, collect customer feedback, and organise customer events. This privacy policy applies to the personal data of users of Alko’s digital services for consumer and corporate customers. Digital services include, for instance, registration and login services, customer data management services, online store services and mobile applications.
This privacy policy details exactly how Alko is committed to collecting, processing and protecting your personal data during and after your customer relationship with us.
Below you will find more detailed definitions of the concepts we have used in this privacy policy.
“Personal data”
Personal data means all the identified and identifiable data relating to a person. For example, name, social security number, location data, network identification information, and address details.
“Processing personal data”
Processing personal data means all of the information processing operations that are targeted at personal data, either automatic or manual. Examples of processing personal data include collecting, saving, storing, editing, altering, removing or deleting data.
“Data subject”
The identified or identifiable natural person whose data is being processed. For example, a customer or employee.
“Controller”
A natural person, legal person, authority, agency or other body that, either together or with another party, defines the purposes and methods for processing personal data.
1. Personal data to be processed
The following personal data is processed in Alko’s customer register:
| Basic information | Name, date of birth, language, gender, place of residence, Advisor membership |
| Contact information | Email address, telephone number, address |
| Order information | Order date, place and date of delivery, order content at product level, payment method, information on the person who will collect (if applicable) or receive the order, handover date, type of ID shown, and a record that ID has been shown, message relating to a gift order (if applicable) and other similar information |
| Permissions and bans | Your decisions to opt in or out of various features, such as information about whether you have signed up for the newsletter |
| Used services | Information about the Alko services you have opted to use, such as: personal product reviews, personal lists, saved searches, reminders, favourite stores |
| Purchase ban information | Information about purchase bans, name and contact information of contact person or guardian, photo of the customer (provided by the customer) |
| Information about the use of digital services if optional cookies are permitted | Unique cookie or device identifier, information about the browser, browser version, operating system, and events during use of Alko’s digital services, and technical data on the device used |
| Device location data if location data processing is allowed | Location data |
| Customer service event information | Contact date, content of discussion and description of the potential issue, technical data on the device used, location data, products to be returned, reason for the complaint and product return date |
We will check with Suomen Asiakastieto Oy to verify the signatory rights of corporate customer representatives. For corporate customers, we also collect: company name and business ID, alcohol licence number and associated address, and the names and roles of other users related to the corporate account.
Personal data is primarily collected directly from you. For example, when you place an order in our online shop, seek the assistance of sales staff in our stores, or contact our customer service centre. When you shop in our online shop, we will verify your identity and age using strong electronic identification.
2. The use and processing of personal data
Personal data may be processed on the basis of your personal consent, an agreement you make with Alko, our statutory obligations, or a legitimate interest associated with our operations. We collect and process personal data only to the extent that is required for you to use Alko’s services for the following purposes.
The purpose for the processing of personal data will define what information we collect at any given time and for what purpose. We will only process the following personal data about you on the legal grounds specified below:
Contractual obligations
| Purpose of processing | Data to be processed |
| Placing an order for yourself, as a gift or for a company, either independently or with assistance from staff at an Alko store or customer service | Basic information, contact information, order information, mobile and online service usage information, location information |
| Collection of an order from a store or pickup point or receipt of a delivery at the customer’s address | Basic information, contact information, order information |
| Processing complaints and product returns | Basic information, contact information, customer service event information |
| Communicating with customers with regard to orders | Basic information, contact information, order information |
| Handling purchase ban agreements | Basic information, contact information, purchase ban information |
| Organising paid customer events | Basic information, contact information, order information |
| Maintaining customer relationship information regarding a registered customer | Basic information, contact information, order information |
Statutory obligations
| Purpose of processing | Data to be processed |
| ulfilling the obligations pursuant to the statutory and regulatory provisions governing Alko, as well as the fulfilment of responsibility | Basic information, contact information, order information |
| Ensuring the legitimacy of alcohol handovers, and preventing and investigating any misdemeanours and problematic situations | Basic information, contact information, order information |
Data subject’s consent
| Purpose of processing data | Data to be processed |
| Sending the newsletter to a subscriber | Contact information, permissions and bans |
| Communications and activities for Advisors | Basic information, contact information |
Legitimate interest*
| Purpose of processing data | Data to be processed |
| Creating a user ID for Alko’s digital services | Basic information, contact information |
| Processing customer surveys and feedback, including answering customer queries, solving problems, correcting errors, and investigating disturbances and threats | Basic information, contact information, order information |
| Measuring customer satisfaction and enhancing our customer experience | Basic information, contact information, order information |
| Developing customer service staff’s competence in order to guarantee high-quality service | Call recordings, chats |
| Product availability and store searches in the online shop and mobile app | Device location information |
| Quality control and assurance for Alko products | Basic information, contact information, customer service event information |
| Designing and developing Alko’s business and digital services, such as analysing the use of digital services and other analytics | Digital service usage data |
| Processing the contact details of the contact person for a purchase ban agreement | Purchase ban information |
| Analysing and keeping statistics on customer service events | Customer service event information |
| Processing court-ordered distraint measures | Basic information, contact information |
* “Legitimate interest” refers to data processing that forms an essential aspect of the controller’s business and that the customer can reasonably assume to be part of the controller’s operations. The controller often has to process personal data in order to carry out business-related tasks. In this context, the processing of personal data cannot necessarily be justified on the basis of a statutory obligation or contractual grounds. However, the processing of personal data can be justified on the basis of ‘legitimate interest’. Before personal data is processed on the basis of legitimate interest, the controller must always ensure that conducting business in accordance with this legitimate interest will not seriously violate the data subject’s rights and freedoms.
3. Sensitive data
Certain categories of personal data are classified as “sensitive personal data”. Sensitive personal data will reveal personal characteristics such as race or ethnic origin, political opinions, religious or philosophical beliefs, union membership, genetic or biometric data, or information about a natural person’s health, sexual behaviour or sexual orientation.
Alko does not process sensitive customer data except in exceptional cases. Exceptions relate to sensitive information that may be provided by the customer during the product return, consent is asked from the customer before the information is recorded.
4. Data disclosure and transfer
Alko is committed to protecting the confidentiality of your personal data, and we will only disclose your data to specific partners when necessary, for example, in order to process payments and deliver orders.
When processing the data we have collected, we also use subcontractors and service providers to assist us in areas such as technical system maintenance and customer service. These partners have the right to process your personal data only to the extent that is necessary in order to provide the services in question. This means that they cannot use your data for their own purposes. Our contractual terms and conditions require our partners to comply with data processing legislation and ensure adequate data security.
We use subcontractors for the processing of personal data. Data is transferred in limited manner outside the European Union (EU) or the European Economic Area (EEA) for the provision, technical maintenance and support of services. Our service partners are bound by appropriate agreements to meet the data protection and security requirements of EU law.
5. Data security
Alko has implemented appropriate technical and organisational data security mechanisms to prevent the deletion and misuse of your personal data, as well as any other similar unlawful access to data. These mechanisms include firewalls, encryption and machine room security.
The processing of your personal data is also restricted by access control and the management of user rights. Your personal data will only be processed by employees that have the right and need to do so in order to carry out their job.
6. Access to information and exercising your rights
You have the right to check what data we have collected about you and to say how we may use that data. You can decide whether you wish to receive email communications from us. In certain circumstances, you have the right to have your data removed or request your data to be transferred to another controller. In this section, we will detail your rights under current legislation and how to exercise them:
- Right to withdraw consent
When your personal data is being processed on the basis of personal consent from you, you have the right to withdraw this consent at any time, For example, you may at any time end your subscription to our newsletter by withdrawing your consent.
- Right to check and correct data
You have the right to check what data we have collected about you, or to receive assurance that no data about you is being held in our filing system. If there are any errors, inaccuracies or other deficiencies in your data, you can request us to correct or add information.
- Restricting or objecting to data processing
If your data is incorrect in some respect (for example, it is outdated), you have the right to request a temporary restriction on the processing of your data until we have verified its accuracy. Whenever the processing of your personal data is based on the controller’s legitimate interest, you have the right to object to the processing of your personal data. We will then no longer be able to process your personal data, unless we can present a justifiable reason why this processing is so important and why it can be considered weighty enough to supersede your rights. We will also be allowed to continue processing your data if we need it to prepare, present or defend a legal claim.
- Right to have data removed (Right to be forgotten)
In certain circumstances, you have the right to be forgotten. In that case, we will remove all the data we have collected about you, unless this data is still required for the purposes it was originally collected for (such as to investigate a misdemeanour). Unless there are other justifiable grounds for processing your data, we will also remove your data if you object to the processing of your personal data, or if the processing of your personal data is based on your personal consent and you withdraw this consent. However, please note that we may have statutory legal obligations to retain your personal data for a certain period of time.
- Right to transfer data from one system to another
You may request your personal data to be transferred, in which case we will send your personal data to you in machine-readable format, so you can either retain it yourself or transfer it to another controller. If it is technically possible, we will also transfer your data directly to another controller at your request. This is only possible in situations in which we are processing your personal data on the basis of your personal consent or contractual grounds, and only covers data that you have provided us with yourself.
- Right to appeal
In addition to the aforementioned rights, you also have the right to appeal to the supervisory authorities with regard to the processing of your personal data.
How can I submit a request to check personal data?
You can submit a request to check your personal data at an Alko store or by emailing us at tietosuoja@alko.fi. If you have created a user ID for digital services , you can submit a request to check personal data via your Profile at alko.fi.
Before disclosing personal data, we will need to verify your identity, so that we do not disclose your data to the wrong person. You can identify yourself either at an Alko store in connection with a request to check data or by logging into alko.fi or the mobile app.
7. Data retention
We will retain your personal data for the duration of your customer relationship or for as long as it is required in order to fulfil the purpose for which the data was collected, or for as long as we are required to do so to fulfil legal obligations.
| Retention period | |
| Customer service chats | 3 months |
| Customer service call recordings | 6 months |
| Cookie consent | 12 months |
| Unregistered orders | 2 years |
| Your customer feedback | 5 years |
| Email communications with customer service | 5 years |
| Location information | For the duration of the session or your consent |
| Use of digital services if the processing of optional cookies is permitted | *During the customer relationship |
| Personal data in Alko’s digital services | *During the customer relationship |
| Orders placed while registered | *During the customer relationship / for no longer than 10 years, unless a longer period has been agreed |
*During the customer relationship: if you have created a user ID for Alko’s digital services, your personal data will be anonymised after you have been inactive for five years (e.g. you have not logged into digital services, have unsubscribed from the newsletter).
You can also request us to remove your data at any time, in which case we will erase all of your data that we are not required to retain by law or to execute the agreement. After this, your data will either be erased or made unidentifiable by irreversibly converting it into a format from which individual persons can no longer be identified.
Registered customers can edit their customer data by logging into their account. Please regularly check that your data is correct. You can also request rectification of your data by contacting tietosuoja@alko.fi.
8. Use of cookies and social plugins
You can edit cookie settings here: Cookie Settings
This web service uses cookies and other similar technologies. We refer to all of the above technologies as a “cookie” unless, on a case-by-case basis, it is necessary to use the name of a particular technology or identifier.
A cookie is a tiny text file that your browser stores on your computer. Cookies contain a unique identifier, and we use them to identify and count visitors to our website. Cookies can be used for measurement and research purposes, for example, to develop websites or to determine how and how much a service is used.
The Service is implemented using strictly necessary, functional, analytical, and marketing cookies to enable the functionality of the Service and the measuring of Service usage.
Some of the cookies used by Alko’s e-services are so-called necessary cookies. These cookies are necessary for the service to function properly, as they perform tasks such as transferring products to your shopping basket or enable discussion in the chat function.
By analytics cookies we mean measurement techniques, such as Google Analytics. The measurement is used to calculate the number of visitors and to identify possible compatibility and usage issues, as well as development targets. Cookies are also used to identify the customer groups which use the Service and aim the communications of the Service accordingly. Individual customers are not identified when categorising customer groups.
Marketing cookies mean cookies, which are directed to help us to target Alko’s services, and to communicate in a more personal manner. For example, we are able to create categorised audiences and send them targeted communications, such as additional information regarding existing and upcoming services of Alko. Marketing cookies are not used to market individual alcohol brands. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Social media plugins
Alko's websites also have so called social media plugins to third party websites (e.g. Facebook's and Twitter's Share buttons). These social plugins are uploaded on these third-party service providers' servers. Social media service providers process data as controllers and as joint controllers with Alko when applicable.
The platform providers collect via social media plugins information regarding users' visited sites.
Data relating to a data subject is disclosed only when data subject actively shares material through social media plugins, e.g. Share button.
Cookie management
You can manage your cookie settings by clicking “Change settings” in the cookie banner. Later on, you can access preferences in the website’s Cookie Settings.
Cookie removal
You can disable use of cookies in browser settings. Google Analytics cookies can be deleted here. If you wish to disable to cookies from marketing networks, who share information between different networks, you can do it here.
If you wish, you can delete afterwards cookies which you have accepted. You will find instructions how to delete cookies by clicking the link nex to the right browser.
Please notice, that if you use multiple browsers, the cookies must be deleted from each browser separately.
9. Amendments to this privacy policy
We will regularly update this privacy policy, both as we develop our data protection practices and as a consequence of legislative amendments. We recommend that you check for changes in our privacy policy from time to time.
A summary of the latest changes to our privacy policy has been placed at the beginning of this document, to make it as easy as possible for you to monitor the processing of your personal data.
10. Controller and contact details
Controller
Alko Inc
Arkadiankatu 2
P.O. Box 99, 00101 HELSINKI
Tel. +358 20 711 11
Fax +358 20 711 5386
Business ID: 1505551-4
Domicile: Helsinki
Contact person in matters related to the register
Alko Customer Service
Arkadiankatu 2
P.O. Box 99, 00101 HELSINKI
tietosuoja@alko.fi
+358 (0)20 692 771 (local network rate)
Archived privacy policy: Customer register - valid until 22.4.2024
Archived Privacy Statements - valid until 24 August 2023
Archived Privacy Statements - valid until 15 March 2023
Archived Privacy Statements - valid until 28 February 2023
Archived Privacy Statements - valid until 2 November 2021
Archived Privacy Statement - valid until 12 November 2020
Archived Privacy Statement – valid until 7 May 2020
Archived privacy statement – valid until 20 March 2019
Archived Privacy Statement – valid until 24 May 2018
Archived Privacy Statement – valid until 19 June 2017
