When you visit storaenso.com or any of other websites, Stora Enso Oyj and its affiliates collect certain information that may constitute personal data. This policy explains how Stora Enso collects and uses such information.
This policy applies to all websites of the Stora Enso group, unless a specific website states otherwise. The legally responsible data controller for any personal data collected is Stora Enso Oyj ("Stora Enso") or one of its subsidiaries depending on the type of processing. You may contact Stora Enso at:
Data Privacy/Stora Enso Oyj
IT and Digitalisation
+358 2046 111
When someone visits one of Stora Enso’s websites, Stora Enso collects information on how the visitor uses the websites, what pages he or she visits, for how long, and similar usage statistics. Stora Enso may also collect information on what web browser the visitor used, his or her language settings, which country or area he or she comes from, what website referred him or her to Stora Enso, what local network he or she uses, the visitor’s IP address and similar technical information. We keep track of this information across multiple visits. In most cases , Stora Enso does not seek to identify the person visiting the websites, but some of the data that is collected may allow identifying the person in question.
Note that if you add information to a web form, e.g., to contact Stora Enso, a separate policy may govern the information collected via the form and in any follow-up correspondence (please see storaenso.com/privacy for more details).
Stora Enso collects the above information in order to publish websites and provide the information included therein, to know what information about Stora Enso people find interesting, to optimise the performance, layout and content of the websites and to market products and services of Stora Enso. The legal basis for Stora Enso to collect the information is Stora Enso’s legitimate interest to do this.
Stora Enso generally does not share the information collected with anyone outside the Stora Enso group. The information may, however, be shared within the group.
Stora Enso also uses certain suppliers and contractors, in law referred to as data processors, to whom Stora Enso may transfer the information for limited technical purposes, or who may have access to it as part of the technical services they provide. In the event a data processor has access to any personal data, Stora Enso has, as required by law, entered into written agreement with the data processor ensuring that they treat the data lawfully and in compliance Stora Enso’s instructions and this policy.
Stora Enso may also disclose personal data to government entities and agencies as required by law.
Finally, Stora Enso uses certain third-party analytical services as part of the websites. When you visit one of Stora Enso’s websites, your browser may provide some or all of the above-mentioned information to an analytical service. One of the services Stora Enso uses is Google Analytics. To learn more about Google Analytics and to opt-out of certain Google Analytics data collection practices, please visit this site: https://www.google.com/policies/privacy/partners/.
Note that some of Stora Enso’s third-party analytical services also may set their own cookies. For more information on this, please visit the links provided above.
Note that disabling cookies for Stora Enso’s websites may mean that some features of the websites will be unable to work.
Some of Stora Enso's group entities, data processors and other recipients of personal data may be located outside the European Union or the European Economic Area, where the local data protection laws may be less strict than those adopted in the European Union.
In the event that Stora Enso discloses or transfers personal data outside the EU/EEA, Stora Enso always ensures that appropriate safeguards are applied to protect the data.
In most cases, Stora Enso will do this by including the EU Commission's relevant model clauses into our agreement with the recipient. The clauses ensure that the data is treated fairly outside the EU/EEA. In some cases, however, Stora Enso may also transfer data outside the EU/EEA without including the model clauses. In these cases, either (i) the relevant country has been held to have local data protection laws meeting EU standards (by an adequacy decision of the EU commission) or (ii) the relevant recipient company, if located in the United States, has signed up to the EU-approved Privacy Shield programme. If no adequacy decision exists, Stora Enso in most cases prefer to rely on the model clauses, however.
Stora Enso generally stores the above-mentioned information for about five years from your visit on Stora Enso’s website. Stora Enso may also use the information to put together aggregate-level statistics that are not identifiable personal data – such non-identifiable statistics may be kept indefinitely.
In addition to other legal rights you may have, you may have the following rights in respect of any personal data we collect about you:
Should you wish to exercise any of these rights, you may contact Stora Enso using the contact details provided above. Stora Enso will respond as soon as it is possible, and in any event within a month of your request. If Stora Enso for some reason disagrees with your request, Stora Enso will state our reasons for doing so.
If you feel that Stora Enso has not processed your personal data in a lawful manner, you have a legal right to send a complaint to the data protection supervisor of the EU country where you live or work. You may also send the complaint to the data protection supervisor of the country where you consider that the illegal conduct took place.