Registry and Privacy Statement

 

This is the Registry and Privacy Statement of the EU’s General Data Protection Regulation (GDPR). Created on 30/5/2018. Last modified 24/2/2021.

Registrar

wCargo Oy, FI1821718-7, Rahtitie 2, 01530 VANTAA

wcargo@wcargo.eu, 043 8244 061 FI, ENG 043 8244 0615 ENG, RU

Registry name

MyELS kuljetushallintajärjestelmä/ wCargo Oy:n asiakastietorekisteri

 

Description of customer groups

The register contains personal information about wCargo Oy's customers and their shipments and orders.

The register also contains business and personal information collected from other regular sources (for example website visitors and potential customers who have left contact requests).

 

Purpose of the register

The information is used to identify the customer and manage access rights. Also, the information is used for the execution of customer transport orders and additional services, for the maintenance and development of the relationships with customers, for the preparation of the necessary accounting, for marketing and service sales purposes.

The personal information can be used:

• To provide our company´s services
• To implement the services of our company
• To notify the sender of the delivery of the consignment
• For transport company employees to control the process
• To manage, maintain and develop the partnerships between the company and customers
• To file a claim for damages or compensation
• To enable the contacts required by customer services
• For customer´s opinions and market research
• For the development of our business
• For marketing and advertising
• In matters related to complaints
• For billing

Legal framework and the reason to process personal details

Legal basis for the processing of personal data under the EU General Data Protection Regulation

• the data subject has given consent to the processing of his or her personal data for one or more specific purposes (we process personal data on the basis of consent when a natural person / company takes an order, answers questions or sends a contact request via the forms on our website or directly by e-mail / telephone)
• processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract (we process the information provided by the data subject for the conclusion of the agreement or on the basis of a contractual relationship)
• processing is necessary for compliance with a legal obligation to which the controller is subject (we store and process customer data, for example, for our accounting purposes in accordance with the accounting act)
• processing is necessary for the purposes of the legitimate interests pursued by the controller (we respond to customer contact requests and, in service cases process customer information. In addition, we use visitor tracking information from our websites to improve business and improve customer service)

Registry content

The purpose of the processing of personal data is to implement the services chosen by the customer, to manage and maintain the customer relationship between the customer, to process and archive transport orders, to communicate with customers, to maintain the customer relationship, to sell and market.

The data is not used for automated decision making or profiling.

Certain technical information is normally collected as part of your use of the Services. Such information includes, for example, IP address, hours of operation, the information about devices and other technical information transmitted by the browser or otherwise collected in connection with the Services. When you use the Service or otherwise interact with us through telecommunications networks, your telecommunications operator may send us certain additional information, such as your mobile phone subscription number, as a normal part of your communications. See also "Using Cookies" below.

MyELS - the transport management system and wCargo Oy's customer data register contain the following information about customers and website visitors:

• Registration Information: Username and Password
• Type of sender and recipient: business or private
• First and last name of the data subject
• Registered company / organization
• Addresses of the data subject
• Postal code of the registered person, country
• Email address of the registrant
• Phone number of the registrant
• Business ID / VAT of the registrant
• Personal identification number of the data subject
• Website addresses
• Billing and payment information
• Ordering information
• Cancellation information
• Vendor and partner information
• Other information related to customer relationship and ordered services and transportation services
• Website user emails
• Permissions and Consents of the Website User
• Website user email addresses (via contact forms)
• Website user phone numbers (via contact forms)
• First and last name of the website user (via contact forms)
• User credentials, such as clicking links

Data retention period

The data retention period is legal

in the email archive for seven years

in the accounting material for seven years

MyELS - in the transport system and in the company's customer register, personal data is stored for as long as it is needed to implement the contract with the customer, to develop or to implement the customer service.

Sources of information

The information stored in the company's customer register is obtained from the customer e.g. by e-mail, telephone, through social media services, contracts, customer meetings, and other situations in which a customer discloses their information.

If necessary, we collect information from public sources, such as the trade register and the business register (YTJ and TIEKE), as well as from other parties that provide information on business decision-makers. The information we collect from these sources includes business information as well as contact information for business decision makers, such as name, email address, and phone number.

Google Analytics Registry data content

Our website https://ruspostexpress.eu uses the Google-Analytics visitor tracking service.

These links will give you enough information about how Google uses your information.

https://policies.google.com/privacy

Terms of Service | Google Analytics – Google

https://support.google.com/analytics/answer/6004245

We collect information on our website for analysis and development, as well as for marketing and advertising targeting. We comply with all applicable laws, procedures, and regulations regarding the collection of visitor data.

Legislation to be complied with

Privacy setting (EU) 2016/679

Data protection directive (EU) 2016/680, 2016/681

Electronic communications privacy act (917/2014)

Privacy Act (1050/2018)

Regular disclosures to third parties and Disclosure of information and transferring the data outside EU or ETA

Customer data is disclosed to transport companies and payment service operators. These organizations process personal information according to transportation orders. Any such communication to third parties related to the provision of the service shall be specifically mentioned in connection with the subscription to the service.

The information may be disclosed to the authorities in statutory cases.

Finnish Customs is an authority to which personal data is disclosed in accordance with a statutory obligation to perform its public task. Customs shall process personal data in accordance with the applicable data protection rules and for the purposes of the processing. Customs is responsible for the security of personal data in accordance with the law. Further information is available on the customs website https://tulli.fi/tietosuoja.

For making declarations (export and import), the following information must be provided to customs:

• Company / individual names
• Company / individual contact information
• LY ID, personal ID
• Addresses provided by the customers
• Details of the goods (description of the goods, tariff headings, weight of the goods, price of the goods and other information needed to complete the import and export declaration)
• Invoicing information
• Other important information provided by the customer for customs clearance

From outside the EU, the Russian Post is a transport company and our official partner. The transfer of personal data outside the European Union or the European Economic Area takes place in the case of the transfer of consignments to the Russian side, Russian customs, and the transport of consignments on Russian territory via the Russian Post. Only this sufficient and necessary information will be provided to Russian customs outside the EU for transport orders entered the MyELS system or provided by the customer for the transport order. Outside the EU, Russian Customs and the Russian Post legally operate, which delivers orders from wCargo Oy's customers in Russia.

https://www.e-disclosure.ru/politika-obrabotki-i-zashchity-personalnyh-dannyh

https://customs.gov.ru/

The principles of securing the registry

Digitally processed personal data is protected and stored in customer information systems, which access is restricted only to persons who needs such data to perform work duties. These people have personal usernames and passwords.

Personal information is protected from outside users and the using of member information is monitored. A member of the MyELS transport order system has a personal username and password protection. Personal data sent outside the transport system is encrypted. Used workstations and storage media are encrypted.

The register shall be handled with due care and the information processed by the information systems shall be adequately protected. When registry information is stored on Internet servers, the physical and digital security of their hardware is adequately addressed. The controller shall ensure that the data stored, as well as the access rights to the servers and other information critical to the security of personal data are treated confidentially and only by the employees whose job description it includes.

The MyELS transport order system does not process data from registered persons for any purpose other than to ensure customer service and the completion of the service ordered by the customer, unless specifically approved in writing by the registrar.

 

The right to access and right to correct personal data

The data subject has the right at any time to object to the processing of his personal data for direct marketing purposes. The registrant may grant wCargo channel-specific direct marketing consents and prohibitions (e.g., prohibit email marketing emails).

In addition, the data subject is, in principle, entitled at any time, in accordance with applicable data protection law:

• to be informed about the processing of their personal data;
• the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement;
• the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies;
• the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information;
• opposes the processing of his or her personal data on the basis of his or her specific personal situation, in so far as the processing of personal data is based on a legitimate interest of the undertaking;
• Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 of GDRP relating to the transfer;
• obtain his personal data in machine-readable form and transfer such data to another controller, provided that the data subject has himself provided such personal data to the company, the company processes such personal data with the data subject's consent and the processing is automatic; and
• the data subject shall have the right to obtain from the controller restriction of processing where one of the following applies

        a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
        b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
        c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
        d) the data subject has objected to processing pursuant to Article 21(1) of GDRP pending the verification whether the legitimate grounds of the controller override those of the data subject.

 

 

The data subject must submit a request for the exercise of the above right in accordance with the “contacts” section of this privacy statement. The company may ask the registrant to clarify his request in writing and to verify the identity of the registrant before processing the request. The company may refuse to comply with the request on the grounds provided for by the applicable law.

The right to appeal to the supervisory authority

Each data subject has the right to lodge a complaint with the relevant supervisory authority or the supervisory authority of the Member State of the European Union where the data subject is domiciled or employed if the data subject considers that his or her personal data have not been processed in accordance with applicable data protection law.

Use of cookies

When you visit to our website, the information may be placed on your device so that we can identify your device as a text file known as a "cookie". The purpose of using cookies is to provide you with benefits such as eliminating the need for a password frequently during a session. Cookies are also used for traffic analysis and anonymous demographic profiling so that we can improve our Services. If you want to delete or block cookies from your browser, you have the full right to do that. You should familiarize yourself with your browser settings, as the steps are always browser specific. However, it is important to note that if you choose to do so, it may affect the efficient use of the services. Allowing cookies will ensure a smoother use of our website.

Our company uses the following cookies:

• Login and activity cookie (for example, saving settings at login)
• Analytics cookies (Google Analytics, this information helps the company to improve the performance of the site)
• Targeted or advertising cookies (Facebook and Google, cost-effective use of advertising, do not contain personal information)

Other websites to which there are possible links collect and use cookies according to their needs. The user of the website must himself accept the cookies of each website himself. If the user does not consent to the collection of information about him, the use of that site must be stopped immediately.

 

Payment transaction information

Paytrail Oyj acts as a payment intermediary and collecting payment service provider and is an authorized payment institution. Paytrail Oyj will appear as the payee on your bank or credit card statement. Paytrail Oyj forwards the payment to the merchant. Contact the website where the payment was made.

Paytrail Oyj

Innova 2, Lutakonaukio 7

40100 Jyväskylä

Puh. +358 207 181 830

Y-tunnus 2122839-7

 

Contacts

Requests regarding the exercise of the data subject's rights and questions about this privacy statement and other contacts should be made by e-mail to the company at wcargo@wcargo.eu. The data subject may also contact or submit a request for verification in person or you can write to the address below:

wCargo Oy

Rahtitie 2, 01530 Vantaa

A review request means that at any time a visitor to the site can request a review of what information about him or her is stored in the customer register.

 

Changes to this Privacy Statement

This privacy statement may be updated if it is necessary, for example when legislation changes.

This Privacy Statement was last updated on February 24, 2021.