PRIVACY POLICY

Latest update 09.10.2020

We are delighted that you have found our Website! At Ålands Penningautomatförening (Paf) we are committed to protecting your privacy and we will treat your information with respect.

It is important that you familiarise yourself with and read through this Privacy Policy and that you have confidence in Paf’s processing of your personal data. Paf may change or update this Privacy Policy from time to time and the date of the latest changes implemented can be found at the top of this Privacy Statement. If you have any questions regarding Paf’s processing of personal data, please feel free to contact Paf.

1. Controller

Paf is the controller and is responsible for all collected personal data by Paf or its subcontractors on Paf’s behalf, and for the processing of such personal data.

Controller

Ålands Penningautomatförening
Company Reg. No: 0280695-6
Lövdalsvägen 8
Box 241
AX-22101 Mariehamn, Åland
Finland
Email: info(at)paf.com
Tel: +358 20 7910 600

Paf has also appointed a Data Protection Officer.

Data Protection Officer

Lövdalsvägen 8
Box 241
AX-22101 Mariehamn, Åland
Finland
Email: dpo (at) paf.com

2. Collection of and purpose of processing personal data

By visiting our Website, Paf and/or its subcontractor will collect your IP address for the purposes of managing the operation of the Website as well as the administration of the Website. Paf processes also the IP addresses for the purpose of providing a secure Website.

By contacting Paf by email, telephone or by other communication channels, Paf will process the information provided by you in order fulfil the purpose of the communication.

The information gathered about you is collected primarily on the legal grounds of legitimate interests for processing personal data and some personal data will be processed by third parties as part of Paf’s business process which includes management of this Website.

Paf also processes your personal data based on consent, for example using certain cookies.

If you are visiting this Website for career opportunities, we recommend you to read the privacy statement under the career pages. 

Cookies and other similar technologies

As further described below under section 7, Paf and/or its subcontractors use cookies and similar technologies, such as web storage, tracking pixels, device identifiers, etc., to recognize you and/or your device(s). You can control cookies through your browser settings and by using other tools available to you.

3. Sources of information

Personal data is either provided by you or by Paf’s subcontractors which is offering services related to the processing of personal data.

4. Disclosure of and transfer of personal data

Paf processes your personal data in the strictest confidence and only discloses your personal data to third parties which processes the personal data on behalf of Paf and to persons authorised to process personal data, who have undertaken to observe confidentiality or are subject to appropriate statutory confidentiality. Otherwise, Paf will only share your personal data with a third party if you have given consent to such disclosure.

Where Paf has engaged a subcontractor, which provides services related to the processing of personal data to Paf, so called a processor, the subcontractor will only process the personal data in accordance with Paf’s written instructions.

Paf may also disclose your personal data within the Paf group. The sharing of your personal data is primarily for managing your personal data for various matters, for example referring you to one of our subsidiaries or being able to answer your questions.

Paf controls and ensures that each processor provides sufficient guarantees regarding the security, protection and confidentiality of personal data. Paf has written agreements with alldata processors that regulate the undertakings of the data processors where they, inter alia, undertake to comply with Paf’s written instructions, security requirements and the restrictions and requirements that apply to the transfer of personal data.

Paf may disclose your personal data in cases where Paf is required to do so by law, regulation or as a result of a request from an authority, for example the police, to disclose the personal data. Paf may also disclose your personal data in cases where Paf suspects that a crime has been committed.

Paf always strives to process your personal data as far as possible within the European Union (EU) and the European Economic Area (EEA). In cases where it is necessary to transfer personal data outside the EU/EEA, for example, for the sharing of personal data with a processor who, either himself or through a subcontractor, is established or storing personal data in a country outside the EU/EEA, Paf has taken the necessary and reasonable legal, technical and organisational measures to ensure that the level of protection is the same as in the EU/EEA. When transferring personal data to a country outside the EU/EEA, the level of protection is guaranteed either by decision of the EU Commission that the country in question ensures an adequate level of protection or the EU’s standard contractual clauses. Other appropriate safeguards are approved code of conduct in the recipient country and the application of internal binding company regulations. In cases where Paf transfers personal data to countries outside the EU/EEA, processing is primarily supported by EU standard contractual clauses.

5. Duration of storage

Paf does not store your information longer than it is necessary for the purposes for which the Personal Data are processed. In general, Paf stores IP-addresses up to seven days, thereafter the IP-addresses are erased.

Communication with Paf through email, telephone or by other communication channels, Paf may store the information as long as it is needed in order to fulfil the purpose of the communication.

Paf may store your information for a longer period of time if required by law and/or regulation, and if the information is included in an ongoing legal process.

6. Your rights

Right to access your personal data

You are entitled to access your personal data, i.e. a record of what personal data Paf is processing about you, provided that the data does not affect the rights and freedoms of others, or access to personal data is forbidden due to legal requirements. Please note that in cases where Paf receives a request for access to personal data, Paf may request further information from you requesting access to your personal data, to ensure effective handling of the request and disclosure of the personal data to the correct person.

Right to rectification

You are entitled to have incorrect personal data that concerns you rectified as well as within the stated purpose, to supplement incomplete personal data.

Right to object and restriction of processing

You are entitled to object to the processing of your personal data where processing is conducted for legitimate business reasons, unless Paf has a compelling reason to continue the processing, for example security purposes.

In the event you dispute the accuracy of your personal data or you have made an objection to the processing, have the right to require the processing of your personal data to be restricted.

Right to be forgotten

You are entitled to request that Paf delete or remove all or some of your personal data, for example, if the personal data is no longer required for the purposes it was collected or otherwise processed. Paf may deny your request if the processing is based on a law requirement or for a compelling legitimate interest.

Withdrawal of consent

In the event Paf relies on your consent to process your personal data, you have the right to withdraw or decline your consent at any time. Please note that the withdrawal of consent does not affect the legality of the processing that takes place before the consent is withdrawn.

Right to lodge a complaint

If you consider that Paf’s processing of your personal data does not comply with applicable data protection laws, you may submit a complaint to the Finnish Data Protection Ombudsman.

7. Cookies

Paf uses different types of cookies and by accepting the use of cookies will allow us to store data and information on your browsing habits. It will also allow us to recognise you and the way you use our Website and improve your experience while you navigate through the Website

Some of the cookies used on this Website are so called third party cookies which are placed by external companies that Paf purchases services from, for example Google Analytics. 

Necessary cookies

Necessary cookies are essential for the website to function properly. This category only includes cookies that ensure basic functionalities and security features of the website. These cookies do not store any directly identifying information. Please be aware that you accept these essential cookies by using this Website. Paf would not be able to provide this Website without these cookies. 

Other Cookies

The below categories of cookies will be stored in your browser only if you have given your consent. You can change your settings at any time. Kindly note that by opting out it may affect your browsing experience. 

Analytics cookies

The website uses Google Analytics cookies to track the website’s performance and help us to make the site better.

Marketing cookies

Cookies for marketing that are used to remind you of us later and for example give you information about career opportunities.

Managing cookie settings

Analytics and marketing cookies will not be installed on your browser without your consent. You also have the possibility to change the cookie settings at any point, should you wish to do so. Just click on the Cookie Settings in the downright corner of the Website. 

You can also allow, block or delete cookies installed on your device via the settings in your web browser at any time. All web browsers show information on cookies so that the user can see which cookies have been installed and remove them.

If you deactivate or remove cookies please be aware that deactivating the use of cookies may affect your user experience, for example, the functions on the Website may be impaired.

Note that the changes you make in your web browser relating to cookies may affect all websites you visit, not just our pages, unless you disable or remove cookies individually.

In order to deactivate or remove cookies on your device, click “Tools” or “Settings” in the menu. For more information on settings relating to cookies in your web browser, see “Help” under the main menu.

8. Security

Paf has taken all necessary and appropriate steps to protect your personal data from unauthorised Paf has taken all necessary and appropriate steps to protect your personal data from unauthorised procedures such as unlawful or unauthorised processing, which includes theft, deletion, alteration, disclosure and transfer of personal data. These measures include the greatest possible restriction of the circle of people that has the right to the personal data and limitation of the ability of the authorised persons to make changes as well as technical barriers to infringement, including encryption during transmission and storage, firewalls and strict requirements for passwords.