Mies tuo hyötyjätteitä ekopisteelle, jossa kameravalvonta.

Privacy policy in waste management

We process personal data according to the principles set by the EU data protection regulation GDPR.

Rosk’n Roll Oy Ab
Munkkaanmäki 51, 08500 Lohja
tietosuoja@rosknroll.fi

Rosk’n Roll Oy Ab is responsible for organising statutory waste management services at properties and collection points for the residents of the municipalities where the company operates. We act as a data controller for the personal data that we collect on the customers of our property-specific waste management and waste stations and on other data subjects who have a relevant connection to our operations. As a data controller, we are responsible for the personal data that we store and their processing.

In this document, we go over the principles that we comply with when processing personal data.

In addition to data protection practices, we also maintain privacy policies concerning the processing of our customers’ personal data. You can find our up-to-date privacy policies here.

The purposes and basis for the processing of personal data

We process personal data to organise statutory waste management and deliver products and services, for customer communications, customer and stakeholder relationship management, development, analysis and marketing purposes as well as to develop our products and services.

We process personal data to fulfill a legal obligation and on the basis of a legitimate interest, consent or a contract.

The processed personal data

We only collect data that is necessary for the aforementioned purposes of processing from our data subjects.

This information includes:

contact information, such as a name, address, social security number, phone numbers and e-mail addresses
registration information used in connection with electronic services, such as a user ID, username and other unique identification
any permissions and consents
information concerning the customer relationship, such as billing and payment information as well as service information and information regarding the emptying of waste containers
property information, such as information concerning the ownership of the property, its purpose of use, number of apartments and location
identification information collected at waste stations with regard to waste deliveries, such as the registration number of a vehicle
recordings from the surveillance cameras used at collection points and waste stations in exceptional situations

Our sources of data

The regular sources of data of our customer register include:

The customers themselves, who provide us data directly to our system or with a form, via e-mail, phone or other similar means
The processor of the register (a debt collection agency, regional Waste Management Board, enforcement authority), who inputs the data
Surveillance cameras

The regular sources of data of our personnel register include:

The tax administration, employment relationship registers, pension insurance company
The processor of the register (for example, an accident insurance company)
The data subjects, in other words, the employees of our company

The stakeholder register has no regular sources of information. Data is collected or received primarily from the data subjects themselves.

Personal data may also be collected and updated based on the information received from authorities and companies that offer services providing personal data, such as authorities and companies that offer services for updating contact details, including:

• Digital and Population Data Services Agency/Population Information System, Posti’s address information system, contact detail registers maintained by phone companies and other similar private and public registers.

Period for storing data

We store the data subject’s data in accordance with the applicable legislation and only to the extent that it is necessary for the purposes defined in the section “The purposes and basis for the processing of personal data”. We may be required to retain some of our customer’s personal data for a period of time required by legislation in order to comply with accounting or other compelling legislation even after the customer relationship or the legal basis for the processing of personal data has ended. After we are no longer required to retain the data, the personal data shall be erased in an appropriate and secure manner.

The processors of personal data

The employees of the controller process personal data in accordance with the applicable data protection legislation. We may also outsource the processing of personal data to a third party, in which case we will ensure through contractual measures that the processing of personal data complies with the applicable data protection legislation and is in accordance with these data protection practices. These third parties may include system suppliers, for instance.

Transfer of data outside the EU or the European Economic Area

As a rule, data is not transferred outside the EU and the European Economic Area. However, databases located in Norway form an exception to this rule if a separate agreement has been made on data transfers that ensures the same level of data protection as in the EU.

Disclosures of data

We do not sell or rent the data subject’s information to third parties. We may only regularly disclose data to third parties in the following cases:

we may disclose data in the manner required by requests submitted by competent authorities or other parties on the basis of the legislation in force at the time.
we may disclose data for use in statistical, scientific or historical research provided that the data has first been rendered in a way that the data subject can no longer be identified based on the information.
we regularly disclose data to the municipal Waste Management Board to carry out official waste management duties; to invoice delivery services (such as Vitec Oy), debt collection agencies and regional enforcement authorities to carry out debt collection and billing for waste management.

Your rights as a data subject

As a data subject, you have various means of influencing the processing of your personal data, and you have the right to know what personal data is being retained concerning you. As a rule, we shall carry out your request within one month.

You should address your requests signed and in writing to the following address:

Rosk’n Roll Oy Ab/tietosuoja, Munkkaanmäki 51, 08500 Lohja

You can also deliver your request via e-mail at tietosuoja@rosknroll.fi

Your rights include (the extent of your rights depends based on processing of your personal data and as such, the rights listed below may not apply to you in all situations):

right to be informed of the personal data that is being stored in the register
right to have inaccurate personal data rectified
right to have your personal data erased or to limit their processing under certain conditions
right to prevent your data from being used for direct marketing and to oppose the processing of personal data
right to transfer your data to another system when, for example, moving to an area where another company is responsible for organising waste management services
right to withdraw your consent to store your data when some of your data has been registered based on a specific consent that you have given.
In case a potential dispute concerning the processing of your personal data cannot be amicably solved between us, you have the right to take the matter to be resolved by a data protection authority.

You can read more about your rights as a data subject on the website of the Office of the Data Protection Ombudsman.

Principles of securing the register

Manual data on the register are stored in secure premises. Digitally stored and processed data are stored in databases protected by firewalls, passwords and other technical measures. The databases are located in supervised premises that can only be accessed by those who need to access the information to carry out their work tasks.

Changes to these data protection practices

Our practices may change as we develop our services or as a result of a change in legislation. We keep the contents of our privacy policies updated with regard to the processing of your personal data to ensure that you will always have the most accurate and up-to-date information on how we operate.

The last update was made on December 17, 2021.

The privacy policy statements below include privacy policies. The content of the privacy policies can be altered by publishing a new version online. Therefore we recommend that you consult our privacy policy statements on a regular basis.

Controller

Rosk’n Roll Oy Ab (2447281-1)
Munkkaanmäki 51, 08500 Lohja
Puh. 020 637 7010
tietosuoja@rosknroll.fi

Contact person in matters concerning the register

Tuija Klaus
Teollisuustie 4, 06150 Porvoo
Tel. 020 637 7073
tietosuoja@rosknroll.fi

Name of the register

Purpose of processing personal data

Surveillance cameras are used at the recycling and mixed waste points maintained by Rosk’n Roll.

Data is processed for the purposes of inspecting the collection points for maintenance reasons, investigating and preventing cases of littering, misuse and vandalism and proving liability in the case of damages. Only the data that is relevant for the purposes listed above is collected.

People are notified of the surveillance with signs in the areas where the system is in use.

Data contained in the register

The register consists of digital surveillance recordings taken by the surveillance cameras at the recycling and mixed waste points. The system stores images of the litter outside the waste containers as well as people and vehicles that move in the immediate vicinity of the recycling and mixed waste points.

Regular sources of data

The surveillance cameras used at recycling and mixed waste points.

Recipients of data

No information is disclosed to third parties unless otherwise required by applicable law. Data may be disclosed to the police or authorities, where necessary.

Transfer of data outside the EU or the EEA

No data is transferred outside the EU or the EEA.

Period for storing personal data

The data collected to the register is stored as a recording for a period of four weeks, after which the data is automatically erased from the databases. During the storage period, the storage time may be extended when necessary for the purposes of, e.g. investigating a case of misuse. In such cases, any data relevant to the issue in question can be retained for as long as necessary, after which the data is erased.

Principles of securing the register

The data security of the register as well as the confidentiality, integrity and usability of personal data is guaranteed through appropriate technical and organisational measures.

Right to inspect your data and to have it rectified

The data subject has the right to inspect the data concerning them that has been stored in the register.

You can deliver your request to inspect or have your data rectified as a written and signed letter to the following address: Rosk’n Roll Oy Ab , Munkkaanmäki 51, 08500 Lohja. You can also deliver the request via e-mail at tietosuoja@rosknroll.fi

Rosk’n Roll Oy Ab may ask the data subject to specify their request, and, if necessary, the identity of the data subject can be authenticated prior to initiating any other measures.

Right to have your data erased

The data subject has the right to have personal data concerning them erased without undue delay, providing that

the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
the data subject withdraws the consent on which the processing was based, and there is no other legal basis for the processing of their personal data;
the processing of personal data has been unlawful; or
the personal data must be erased for compliance with a legal obligation in Union or national law.

Right to restriction of processing

The data subject has the right to restrict the controller’s processing of their data if

the data subject contests the accuracy of their personal data;
the processing is unlawful but the data subject opposes the erasure of their data and demands for their use to be restricted instead;
the controller no longer needs the personal data in question for processing purposes but the data is required by the data subject for the establishment, exercise or defence of a legal claim.

Right to withdraw consent

At any given time, the data subject has the right to withdraw their consent to process their personal data. This action has no impact on the legality of any prior processing of their personal data that was based on the data subject’s consent.

Right to data portability

The data subject has the right to receive the personal data they have provided for the controller in a structured, commonly used and machine-readable format, and they have the right to transmit those data to another controller.

Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of their personal data violates applicable data protection legislation.

Contact with regard to the rights of the data subject

All of the questions and requests to Rosk’n Roll Oy Ab concerning the processing of personal data and the rights of the data subject should be delivered via e-mail at

tietosuoja@rosknroll.fi. The questions and requests may also be delivered as a signed and written letter to Rosk’n Roll /Tietosuoja, Munkkaanmäki 51, 08500 Lohja.

Rosk’n Roll Oy Ab may ask the data subject to specify their request, and, if necessary, the identity of the data subject can be authenticated prior to initiating any other measures.