Privacy Statements

This Privacy Statement describes how Nokian Tyres in the context of its business process the personal data of consumers and corporate business contacts (“customer”). Protection of customer’s privacy is important to us. Nokian Tyres is committed to processing personal data transparently and in compliance with applicable data protection laws. 

CONTROLLER AND CONTACT INFORMATION 

Nokian Tyres plc is the controller of our customers’ personal data. Any questions regarding our customers’ privacy can be directed to us: 

Nokian Tyres plc 
Privacy 
Pirkkalaistie 7 
37100, Nokia, FINLAND 
[email protected] 

PURPOSES OF PROCESSING, CATEGORIES OF PERSONAL DATA & LEGAL BASIS 

CUSTOMER – CORPORATE BUSINESS CONTACT 

Personal data is primarily obtained in situations where a corporate customer has acquired products or services from Nokian Tyres or when a corporate business contact has registered into our digital services. Personal data is processed for the following purposes:  

• To deliver products and services for our corporate customers.   

Personal data processed for this purpose includes contact information, billing information and other information that customer or employee of a customer has provided us during the provision of our products. 

• To maintain business relationship with our corporate customers in context of customer service and communication, managing customer meetings and leads.  

Personal data processed for this purpose includes information related to customer service such as contact information, information submitted via surveys and feedback forms, information about participation to events and campaigns, newsletter subscriptions or other data provided to us in the context of customer service requests. Phone calls to customer service are recorded in order to ensure the quality of customer service.  

• To develop our products and services in context of customer surveys and reviews, and website analytics.  

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers, data related to our customers online activity and preferences, and data that might be inferred. Usually, the personal data will be aggregated, or other ways anonymised for compiling statistics and reports for business and product development. More information about our practice regarding cookies is available here.  

• To sell and market our products and services such as online and postal advertisement. 

Personal data processed for this purpose includes contact information, behavioural information, terminal equipment identifiers, online identifiers and purchase information. Collected personal data is further processed in order to create target audiences and offer targeted content. Targeted content is always based on segments or audiences and not on our customers individual behaviour.  

• To provide Nokian Tyres Dealer Services for our corporate customers. 

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers and information related to identity management such as authorization information.  

• To organize and manage customer events such as trade fairs and Nokian Tyres product launches.  

Personal data processed for this purpose includes contact information and travel and accommodation information.  

• Fulfilling statutory obligations and any other official rules and regulations 

Personal data processed for this purpose includes any information relevant regarding a statutory requirement.  

Legal basis for processing our corporate customer’s personal data is always one of the following:  

• Consent 

With regards to newsletter subscription, we process personal data only if a customer has given consent for it. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

• Contract 

We process our corporate customer’s personal data on a contractual basis when providing our Marketing Toolbox -service.  

• Legal Obligation 

In relation to fulfilling our statutory obligations the legal basis of processing is our legal obligation.  

• Legitimate interest 

We process personal data based on our legitimate interest in the context of developing, selling, marketing, delivering and providing our products and services, to maintain business relationship with our customers, and to organize and manage customer events. 

To ensure that a significant and pertinent relationship exists between Nokian Tyres and a customer, and to demonstrate that our legitimate interest does not cause any significant intrusion of our customers’ privacy, or any other undue impact on interests and rights, we assess the processing with balancing tests. More information on the balancing test can be requested by contacting [email protected]. 

PURPOSES OF PROCESSING, TYPES OF PERSONAL DATA & LEGAL BASIS 

CONSUMER CUSTOMER 

Personal data is primarily obtained during the sign-up for our services, when ordering our publications such as newsletters, or in connection with our surveys and competitions. In addition, personal data may also be obtained and derived from service use. We process personal data for the following purposes:  

• To deliver newsletter and other publications to recipients who have subscribed to receiving these. 

Personal data processed for this purpose includes contact information such as contact information, terminal equipment identifiers and behavioural information.   

• To provide customer service for our consumer customers 

Personal data processed for this purpose includes information related to customer service such as contact information, information submitted via feedback forms or other data provided to us in the context of customer service requests. Phone calls to customer service are recorded in order to ensure the quality of customer service.  

• To market and advertise our products and services such as online and postal advertisement.   

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers, behavioural data, data related to our customers online activity and preferences, and data that might be inferred from other data we collect. Collected personal data is further processed in order to create target audiences and offer targeted content. Targeted content is always based on segments or audiences and not on our consumer customers’ individual behaviour. More information about our practice regarding cookies is available here.  

• To offer our services such as Aramid guarantee or Nokian Tyres’ Satisfaction Promise.  

Personal data processed for this purpose includes contact information, vehicle and tire information and purchase information.  

• To organize competitions and draws for our consumer customers. 

Personal data processed for this purpose includes contact information and possible competition specific information. 

• To develop our products and services based on our customers feedback, product reviews and online activity. 

Personal data processed for this purpose includes contact information, terminal equipment identifiers, online identifiers, behavioural data, customer feedback and product reviews. More information about our practice regarding cookies is available here.  

• Fulfilling statutory obligations and any other official rules and regulations 

Personal data processed for this purpose includes any information relevant regarding a given statutory requirement.  

Legal basis for processing our consumer customer’s personal data is always one of the following:  

• Consent 

With regards to newsletter subscription, we process personal data only if a customer has given consent for it. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

• Contract 

Legal basis for processing is contract when we process personal data for the purpose of organizing competitions or draws, or with regards to product guarantees where processing is necessary for a contractual relationship and enforcing the service contract.   

• Legal Obligation 

In relation to fulfilling our statutory obligations the legal basis of processing is our legal obligation.  

• Legitimate interest 

We process personal data based on our legitimate interest to develop our products and services, to provide customer service, and to market and advertise our products and services.  

To demonstrate that our legitimate interest does not cause any significant intrusion into our customer’s privacy, or any other undue impact on interests and rights, we assess the processing with balancing tests. More information on the balancing test can be requested by contacting [email protected].  

PERSONAL DATA TRANSFERS AND DISCLOSURES 

Personal Data Transfers 

As a global company, Nokian Tyres uses subcontractors and service providers to operate our business efficiently. For example, we use subcontractors to carry out campaigns and direct marketing or service providers for payment and billing management.  

The processing of personal data in relation to our subcontractors is always commissioned by Nokian Tyres and the other parties will act only on our behalf as personal data processors. Such processing is always protected with contractual arrangements to ensure that our service providers and partners process our customers’ personal data in accordance with the laws and good data processing practices.  

In a case our subcontractor or service providers is located outside the European Union (EU) or the European Economic Area (EEA) we ensure the adequate level of protection of our customers’ personal data with appropriate safeguards by using standard contractual model clauses approved by the European Commission or another valid mechanism provided under applicable legislation.

Personal Data Disclosures  

We only disclose personal data that is strictly necessary for complying with the statutory requirement. Example, when we give assistance in investigations of accidents, we need to disclose relevant information to support the investigative authorities.  

We might disclose personal data to other companies within Nokian Tyres group. This usually happens for the purposes of customer service, customer relationship management and marketing.  

In a case we sell, merge or otherwise re-arrange our business operations or assets, we need to disclose personal data to purchaser or prospective seller or buyer of such business or assets in compliance with applicable laws. In such a case we process personal data based on our legitimate interest to ensure our business continuity. In case a customer objects to such processing, the purchaser of our business may not be able to provide services anymore.  

SECURITY OF PERSONAL DATA  

We use technical and organisational measures to ensure the security of personal data from loss, misuse or other similar unlawful access. Such methods include the use of firewalls, encryption technologies and safe server premises. Access to personal data is limited on “need-to-know” basis and controlled by system access rights, as well as through granting and controlling access rights.  

In the event of a personal data breach, we will notify local supervisory authorities and everyone whose personal data may have been endangered in accordance with applicable legislation.  

DATA SUBJECT RIGHTS  

As a responsible company we want to be open and transparent on the processing of our customers’ personal data. This means we give our customers the opportunity to control the processing of personal data.  

Right of Access. Customers have the right to receive a confirmation whether we are processing their personal data, what personal data we process about them and to receive a copy of their personal data.  

Right to Rectification. In case personal data of our customers is inaccurate or incomplete, customers have the right to request rectification or completion of their data.  

Right to Restrict Processing. Customers have the right to request restriction by contesting the accuracy of their personal data. In such a situation, the processing activities are restricted for the period of time taken to verify the accuracy of personal data.  

Right to Object. Customers have the right to object to the processing of their personal data. Our customers have the right to object the processing of their personal data for the purposes of direct marketing at any time.  

Right to be Forgotten. Customers have the right to request their personal data to be erased. In some cases, there may still be an overriding purpose for processing and retaining personal data e.g. in order to fulfil legal obligations or for the warranty needs.  

Right to Data Portability. Customers have the right to request their personal data in machine-readable format in situations where we process personal data based on contract or consent. This only applies to personal data customers have provided us with.  

Right to Withdraw a Consent. Customers have the right to withdraw their consent at any time. Customers can withdraw their consent for direct electronic marketing purposes by using “unsubscribe link” at the end of the received email message.  

If customers consider that the processing of personal data infringes their rights, customers may contact the supervisory authority and lodge a complaint about our processing of personal data.  

Any questions or requests regarding above mentioned rights can be sent via email to [email protected].  

RETENTION PERIODS 

Personal data is retained as long as is necessary for the purpose they were collected for, or until we receive a request for erasure – unless we have a legal obligation to retain it for a longer period. The retention period of personal data is determined by the following criteria: 

• If a customer has a Dealer Service account with us, we will retain personal data while your account is active or for as long as needed to provide services to customer.  

• For guarantees and other product related programmes we need to retain personal data for the duration of the validity of the guarantee or programme in each specific case and in any case until any possible claims towards Nokian Tyres have expired. 
• For purposes of organizing competitions or draws, personal data will be retained until the competition has ended and all the following measures has been carried out. More information on retention periods is always provided in the competition terms. 
• When a customer has subscribed into receiving electronic direct marketing communications, we process personal data for those purposes as long as their subscription remains in force. In case a customer withdraws their consent, we will discontinue the processing of personal data and erase personal data if there is no other valid purpose for processing. 

Any questions regarding retention periods of our customers’ personal data can be sent via email to [email protected].  

REVISIONS TO THIS PRIVACY STATEMENT  

We are continuously developing our services and this privacy statement is subject to changes. Changes may also be based on changes in legislation. We recommend our customers to visit this privacy statement in regular basis in order to keep track of possible changes. 

In this privacy statement for Nokian Tyres’ whistleblowing channel, we describe the personal data that Nokian Tyres Group companies (hereinafter “Nokian Tyres” or “we”) may process in the whistleblowing channel, for what purposes we process the personal data, to whom we may disclose this information, as well as your rights regarding personal data that is processed in the whistleblowing channel.  

Nokian Tyres has a defined whistleblowing process for investigating reports made to its whistleblowing channel. Personal data of various data subjects may be processed during the investigation. Data subjects usually involve the person making a report (“the whistleblower”) and the person mentioned in a report (“the alleged wrongdoer”). Depending on the case under investigation, personal data of the investigator and witnesses may also be processed.

We are continuously developing our operations, and this privacy statement is subject to changes. Changes may also be based on changes in legislation. We recommend our data subjects to visit this privacy statement in regular basis in order to keep track of possible changes.

Protection of data subjects’ privacy is important to us. Nokian Tyres is committed to processing personal data transparently and in com­pliance with applicable da­ta pro­tec­tion laws.

 

Controller and Contact Information

The whistleblowing channel is used in all Nokian Tyres group companies. The controller for whistleblowing reports submitted in the group level channel is Nokian Tyres plc. The whistleblower may also choose to submit the report to certain local companies defined in the whistleblowing channel, instead using the group level channel. In such case the controller is the local company to whom the report is submitted.

 

Any questions regarding our privacy practices can be directed to us at:

 

Controller for group channel:

Nokian Tyres plc

Privacy

Pirkkalaistie 7

37100, Nokia, FINLAND

[email protected]

 

Controllers for country-specific channels:

Nokian Heavy Tyres Ltd

Privacy

Pirkkalaistie 7

37100, Nokia, FINLAND

[email protected]

 

 

Nokian Tyres Europe Operations S.R.L

c/o Nokian Tyres

Privacy

Pirkkalaistie 7

37100, Nokia, FINLAND

[email protected]

 

Nokian Tyres s.r.o.

c/o Nokian Tyres

Privacy

Pirkkalaistie 7

37100, Nokia, FINLAND

[email protected]

 

Vianor Oy

c/o Nokian Tyres

Privacy

Pirkkalaistie 7

37100, Nokia, FINLAND

[email protected]

 

Vianor AB

c/o Nokian Tyres

Privacy

Pirkkalaistie 7

37100, Nokia, FINLAND

[email protected]

 

Purposes of Processing & Legal Basis

The purpose of the whistleblowing channel is to allow employees and external stakeholders to report concerns about a misconduct at Nokian Tyres, including violations of our Code of Conduct or other policies, without the risk of retaliation.

Purposes of processing personal data:

• Investigating reports made to the whistleblowing channel
• Preventing, identifying and   investigating   suspected criminal offences, irregularities and violations or other actions in breach of EU or national laws, or our internal policies, within a work-related context.

We will process your personal data based on the following legal grounds:

• If the subject of the whistleblowing report is a suspected violation that falls within the scope of EU Whistleblower Directive^[1] (“Directive”), the legal basis for processing is legal obligation.
• If the subject of the whistleblowing report is a suspected violation that falls out of the scope of the Directive, the legal basis for processing is our legitimate interest to monitor compliance with applicable laws and Nokian Tyres’ Code of Conduct and other guidelines. In this respect, we will always determine case by case whether our interests are not overridden by the interests, fundamental rights and freedoms of the data subjects involved.
• As a general rule, no special categories of personal data are processed in the whistleblowing channel. However, if under exceptional circumstances, the report and investigation relate to special categories of personal data, the legal basis for such processing is that it is necessary for the purposes of carrying out the obligations and exercising the specific rights of Nokian Tyres, or that the processing is necessary for the establishment, exercise or defence of legal claims.

 

Sources & Categories of Personal Data

Initially personal data is primarily obtained through the whistleblowing channel (via a specific whistleblowing service). Depending on the case under investigation, the whistleblowing team may request information and expertise from other individuals or authorities within or outside Nokian Tyres.

In most cases the personal data processed in connection to the whistleblowing channel includes:

• Data received via whistleblowing report such as name and contact details of the whistleblower (unless report is made anonymously) and the alleged wrongdoer, and a description of the suspected misconduct. Due to the nature of the whistleblowing channel and varying case contexts, the received data can vary significantly on each case. Depending on the received report, processed personal data can also include special categories of personal data.
• Data obtained through investigative measures such as employment information, records of working hours, witness testimonies and case relevant information from public registers or other public or internal information.

The whistleblowers are instructed to not include any non-relevant personal data in the report, such as health status, political or religious beliefs or sexual orientation.

 

Personal Data Transfers and Disclosures

 

Personal data transfers

The whistleblowing service we use for our whistleblowing channel is managed by our external subcontractor Navex WhistleB, which processes personal data on behalf of Nokian Tyres to the extent necessary to provide the service related to the whistleblowing channel. In this case, the data processing activities apply to the personal data that emerges in connection with the whistleblowing report and any related clarifications and communication.

The investigation of a report made is primarily outsourced to the group parent company and the whistleblowing team. Depending on the case and provided that it is necessary to conduct the investigation, we may also involve other expert individuals from within or outside the group companies to whom the  identity of the whistleblower (if the report has not been made anonymously) or other persons referred to in the report may be provided (subject to local laws). Such expert individual is also bound to confidentiality.

The processing by subcontractors is protected with contractual arrangements to ensure that our subcontractors process personal data in accordance with the laws and good data processing practices to maintain high integrity of the investigation.

Personal data processed in connection with the whistleblowing channel is not, in principle, transferred outside the European Union or the European Economic Area. If a data transfer is necessary, for example in connection with an investigation related to a whistleblowing report or other follow-up measures, it will only be carried out if the conditions for data transfer set by data protection regulations are met.

 

Personal Data Disclosures

In principle, personal data related to the whistleblowing channel is not disclosed by Nokian Tyres to third parties, except when the processing, clarification or bringing under investigation of the whistleblowing report or, for example, a request for information from an authority necessarily requires it.

In these cases, the data may be disclosed, within the limits permitted by law, to the preliminary investigation or other competent authorities insofar as is justifiably necessary. Before disclosing data, we make sure that there is a legal basis for the disclosure, and that the disclosure takes place in compliance with the applicable regulatory obligations. 

In a case we sell, merge or otherwise re-arrange our business operations or assets, we need to disclose personal data to purchaser or prospective seller or buyer of such business or assets in compliance with applicable laws. In such a case we process personal data based on our legitimate interest to ensure our business continuity.

 

Security of Personal Data

Nokian Tyres´ whistleblowing channel is based on a secure and encrypted platform managed by an external service provider, Navex WhistleB, which ensures the appropriate data protection and information security of the whistleblowing channel.

To ensure the anonymity of the whistleblower sending the message, the service provider deletes all meta data, including IP addresses. The whistleblower also remains anonymous in the subsequent dialogue with responsible receivers of the report.

Access to messages received through our whistleblowing channel is restricted to members of the whistleblowing team with the authority to handle whistleblowing cases. Members of the whistleblowing team are appointed by the President and CEO. The user rights for accessing systems that contain personal data are personal, and the use of the rights is monitored. Individuals that process personal data are bound by, in addition to the statutory obligation of secrecy, a separate non-disclosure agreement. Their actions are logged in the whistleblowing channel.  

In the event of a personal data breach, we will notify local supervisory authorities and everyone whose personal data may have been endangered in accordance with applicable legislation.

 

Data Subject Rights

As a responsible company we want to be open and transparent on the processing of personal data. This means we give our data subjects the opportunity to control the processing of personal data. However, because of the nature of the processing in whistleblowing investigations, we have the right to derogate from exercising the data subjects’ rights in certain situations based on legal grounds.

 

Right of Access. Data subjects have the right to receive a confirmation whether we are processing their personal data, what personal data we process about them and to receive a copy of their personal data. Legislation, the rights and freedoms of other individuals and other special grounds my limit your right to access some of your personal data. The right to access the personal data can be partially or completely restricted if and to the extent that is necessary and proportionate to ensure the accuracy of the report or to protect the identity of the whistleblower, or if providing the information could hinder the investigation. 

Right to Rectification. In case personal data of our data subjects regarding the whistleblowing process is inaccurate or incomplete, data subjects have the right to request rectification or completion of their data.

Right to Restrict Processing. Data subjects have the right to request restriction by contesting the accuracy or lawfulness of their personal data. In such a situation, the processing activities are restricted for the period of time taken to verify the accuracy of personal data. The right to restriction of processing is assessed on a case-by-case basis. In cases which are likely to have legal effects on the data subject, the data may still be processed, subject to the establishment, exercise or defense of legal cases, compliance with laws or for the protection of the rights of another natural or legal person or, despite the request for restriction of the data subject.

Right to Object. Data subjects have the right to object to the processing of their personal data, when the processing is based on our legitimate interest. The objections are assessed on case-by-case basis and we may restrict the data subjects’ right to object the personal data processing, for instance, for the establishment, exercise or defence of legal claims.

Right to be Forgotten. Data subjects have the right to request their personal data to be erased. In some cases, there may still be an overriding purpose for processing and retaining personal data e.g. to fulfil legal obligations or for another legal basis, such as the establishment, exercise or defence of legal claims.

If data subjects consider that the processing of personal data infringes their rights, they may contact the supervisory authority and lodge a complaint about our processing of personal data.

 

Any questions or requests regarding above mentioned rights can be sent via email to [email protected].

 

Retention Periods

Personal data is retained as long as is necessary for the purpose they were collected for, or until we receive a request for erasure – unless we have a legal obligation or legitimate interest to retain it for a longer period. We erase or anonymize the data when their retention period expires.   

The personal data will be processed and retained as long as necessary to process and investigate the whistleblowing report, or, if applicable, as long as necessary to initiate sanctions or to meet any legal or financial requirement or to exercise or defence of legal claims. In any case, if judicial or disciplinary proceedings are initiated, the personal data provided will be kept until those proceedings are definitively closed. If not otherwise determined in local applicable laws, Nokian Tyres retains all received whistleblowing reports and their related material, which have been seen as significant for the investigation or conclusion of investigation, including any possible summaries or document listings, for five years from the date on which the case has been resolved or deemed not to require further investigative measures.

 

Any questions regarding retention periods of our data subjects’ personal data can be sent via email to [email protected].

 

 

[1] Directive (EU) 2019/1937 of the European Parliament and of the Council on the protection of persons who report breaches of Union law