Register Log in
  • Front page
  • Products
  • Suppliers
  • Products
  • Dairy products, eggs
  • Meat, meat products
  • Fish, crustaceans
  • Bakery products
  • Fruit, berries, vegetables
  • Plant-based products
  • Ready meals
  • Drinks
  • Ice cream
  • Dry foods, canned foods
  • Snacks, sweets
  • Kitchen, setting, hygiene
  • Suppliers
  • Atria Suomi Oy
  • Froneri Finland Oy
  • HKFoods Finland Oy
  • Saarioinen Oy
  • Snellman Pro
  • Valio Oy
  • Show all
Service information
fisven
Back

Privacy Statement

VALO ORDER SERVICE™ PRIVACY POLICY

This privacy policy describes how Valio Ltd (“Valio”) processes personal data in its VALO Order Service™ (“VALO” or “VALO Service”) regarding its users and registered accounts. Such persons are, in this privacy policy, commonly referred to as “data subjects”.

Valio may update this privacy policy at any time, such as upon changes to legislation. Valio will inform data subjects of essential changes to this privacy policy in the manner it sees fit.

  1. Data controller

    Valio Ltd,
    Meijeritie 6
    FI-00370 Helsinki, Finland

  2. Contact

    If a data subject wishes to exercise their rights as stated in this privacy policy, or if they have questions on how their personal data is processed, they may contact Valio:

    • by email at  privacy.office@valio.fi,
    • by phone at +358 10 381 2185, or
    • by post at Valio Ltd data protection supervisor, Meijeritie 6 FI-00370 Helsinki, Finland.

  3. Purpose and grounds for processing personal data

    Valio processes the date subject’s personal data to provide the VALO Service as agreed, to manage and improve the Service, for customer communication, to market its services, and to meet its contractual obligations. VALO is a nationwide service for corporate customers that is open for registration to corporate customer agents, and through which they may place orders with the various suppliers available in the service (later referred to as the “Suppliers” as a whole). Upon the agent's registration for an account, they become a user of the VALO Service (“End User”). Valio provides and maintains the VALO Service and is, therefore, the data controller of the personal data stored in the service.

    Personal data is processed according to, depending on application, contractual obligation (by registering an account, the data subject agrees to the VALO terms of service), consent, or legitimate interest.

  4. Items of processed personal data

    Valio processes the following personal data of the data subjects:

    • VALO Service username and password;
    • first and last name;
    • email address and phone number;
    • company/organisation the End User represents, business ID, VALO customer number or supplier customer number, and customer contact details for shipment;
    • IP address;
    • cookie data (such as anonymous identifiers, visits to the service, location, device, browser);
    • possible marketing ban; and
    • other possible information provided on a case-by-case basis, such as regarding an individual shipment.

  5. Data sources

    Valio collects personal data directly from the data subject. As an exception, some data may be received from the Suppliers, who have received them as a part of the customer relationship between a Supplier and its corporate customers. Additionally, personal data is collected using analytics tools (such as Google Analytics and Hotjar).

  6. Personal data recipients

    The data subjects’ personal data is stored in the order system, to which the service provider has access to. Additionally, subcontractors may have access to the data for shipment and payment purposes.

    As the VALO Service also collects cookie data using third party services, Valio may disclose cookie data to the third party analytics providers.

  7. Transfer of personal data to outside the European Union or the European Economic Area

    Valio reserves the right to transfer the data subject's personal data outside of the European Union or the European Economic Area for storage or other processing, provided that privacy protections are guaranteed in the manner required by legislation, such as with EU Commission standard clauses or with EU-US Privacy Shield arrangements.

  8. Personal data retention period

    Data will be stored while the data subject has a registered account in the VALO Service and their licence is valid. The data subject may, at any time, delete their personal data or request Valio to remove their data from the system.

    Cookie data is stored for as long as the website user’s browser settings allow. Typically, cookies are stored either for the duration of the session, or at most, for two years.

  9. Personal data protection and security

    Valio ensures data security for personal data through appropriate administrative and technical protections. Valio has limited personal data processing to the persons whose tasks include the processing of said personal data. Access to the systems containing the data subjects’ personal data is granted only through separately granted, personal usernames and passwords.

    Valio's systems and databases that contain personal data are located either on servers that Valio has stored in a locked facility or in third-party cloud services, all of which can only be accessed by named persons that are authorised to do so due to their tasks. Valio has protected its servers and networks with an appropriate firewall and other technical protections. The server rooms are protected with access control system. Wherein the service is implemented using a cloud service that contains the data, that service provider's privacy policies also apply regarding personal data protection and security. In Microsoft cloud services (such as Azure), protection and security is carried out in accordance with  Microsoft’s procedures. We recommend that you read the linked privacy policy.

    The user is personally responsible for making sure that the password they use for their VALO Service account is secure.

  10. Data subject rights

    According to applicable legislation, data subjects have the right to:

    • access their personal data (obtain a copy of the personal data in electronic or other written format);
    • request a correction to inaccurate or erroneous personal data, or to supplement their personal data;
    • require that their personal data is deleted;
    • obtain a copy of the personal data they have provided in an electronic format, and the right to transfer their personal data to another data controller; and
    • restrict the processing of their personal data (for example, when the data subject is waiting for a response to their request to correct their personal data).

    Data subjects must present requests regarding their rights in accordance with section 2.

    Valio may ask the data subject to verify their identity or to specify their request before its fulfilment. Valio may also reject a data subject’s request based on grounds set forth in data protection laws, in which case Valio will notify the data subject of said grounds.

  11. Right to file a complaint with the authorities

    The data subject has the right to file a complaint to the competent authority if they believe that Valio has not processed their personal data in accordance with applicable data protection laws. The data subject may file such a complaint with the competent authority of the EU member state that their permanent residence or employment is located in, or where the alleged violation of data protection law took place.