Stora Enso Website Privacy and Cookie Policy

When you visit or any of other websites, Stora Enso Oyj and its affiliates collect certain information that may constitute personal data. This policy explains how Stora Enso collects and uses such information.

This policy applies to all websites of the Stora Enso group, unless a specific website states otherwise. The legally responsible data controller for any personal data collected is Stora Enso Oyj ("Stora Enso") or one of its subsidiaries depending on the type of processing. You may contact Stora Enso at:

Data Privacy/Stora Enso Oyj
IT and Digitalisation
Imatra Mills
55800 IMATRA


+358 2046 111

What information do we collect?

When someone visits one of Stora Enso’s websites, Stora Enso collects information on how the visitor uses the websites, what pages he or she visits, for how long, and similar usage statistics. Stora Enso may also collect information on what web browser the visitor used, his or her language settings, which country or area he or she comes from, what website referred him or her to Stora Enso, what local network he or she uses, the visitor’s IP address and similar technical information. We keep track of this information across multiple visits. In most cases , Stora Enso does not seek to identify the person visiting the websites, but some of the data that is collected may allow identifying the person in question.

Stora Enso collects the information directly from the visitor’s browser and connection. Stora Enso also uses cookies to collect some of the information (please see more details on cookies below). 

Note that if you add information to a web form, e.g., to contact Stora Enso, a separate policy may govern the information collected via the form and in any follow-up correspondence (please see for more details).

Why does Stora Enso collect the information and on what basis?

Stora Enso collects the above information in order to publish websites and provide the information included therein, to know what information about Stora Enso people find interesting, to optimise the performance, layout and content of the websites and to market products and services of Stora Enso. The legal basis for Stora Enso to collect the information is Stora Enso’s legitimate interest to do this.

What information does Stora Enso share with others?

Stora Enso generally does not share the information collected with anyone outside the Stora Enso group. The information may, however, be shared within the group.

Stora Enso also uses certain suppliers and contractors, in law referred to as data processors, to whom Stora Enso may transfer the information for limited technical purposes, or who may have access to it as part of the technical services they provide. In the event a data processor has access to any personal data, Stora Enso has, as required by law, entered into written agreement with the data processor ensuring that they treat the data lawfully and in compliance Stora Enso’s instructions and this policy.

Stora Enso may also disclose personal data to government entities and agencies as required by law.

Finally, Stora Enso uses certain third-party analytical services as part of the websites. When you visit one of Stora Enso’s websites, your browser may provide some or all of the above-mentioned information to an analytical service. One of the services Stora Enso uses is Google Analytics. To learn more about Google Analytics and to opt-out of certain Google Analytics data collection practices, please visit this site:

How does Stora Enso use cookies?

Stora Enso uses cookies to collect some of the abovementioned information. A cookie is a small text file saved by your browser onto your computer or other device. Stora Enso generally does not use cookies to specifically identify anyone (as explained above), but to separate one user from the other. This allows Stora Enso to, e.g., keep track of a visitor moving around on the websites even if Stora Enso does not know who that user is. Without cookies, Stora Enso would not be able to provide features such as logging-in or remembering language, country or other preferences.

Note that some of Stora Enso’s third-party analytical services also may set their own cookies. For more information on this, please visit the links provided above.

Where relevant, you may withdraw your consent for Stora Enso to use cookies at any time by managing your preferences via this link: Set your cookie preferences

You can also use your browser settings to disable use of cookies on Stora Enso’s websites. Your web browser may also allow you more fine-grained control of which cookies you want to permit and which you want to block – check your browser’s settings or manual.

Note that disabling cookies for Stora Enso’s websites may mean that some features of the websites will be unable to work.

Where does Stora Enso transfer information?

Some of Stora Enso's group entities, data processors and other recipients of personal data may be located outside the European Union or the European Economic Area, where the local data protection laws may be less strict than those adopted in the European Union.

In the event that Stora Enso discloses or transfers personal data outside the EU/EEA, Stora Enso always ensures that appropriate safeguards are applied to protect the data.

In most cases, Stora Enso will do this by including the EU Commission's relevant model clauses into our agreement with the recipient. The clauses ensure that the data is treated fairly outside the EU/EEA. In some cases, however, Stora Enso may also transfer data outside the EU/EEA without including the model clauses. In these cases, either (i) the relevant country has been held to have local data protection laws meeting EU standards (by an adequacy decision of the EU commission) or (ii) the relevant recipient company, if located in the United States, has signed up to the EU-approved Privacy Shield programme. If no adequacy decision exists, Stora Enso in most cases prefer to rely on the model clauses, however.

How long does Stora Enso store the information?

Stora Enso generally stores the above-mentioned information for about five years from your visit on Stora Enso’s website. Stora Enso may also use the information to put together aggregate-level statistics that are not identifiable personal data – such non-identifiable statistics may be kept indefinitely.

Yours rights as a data subject

In addition to other legal rights you may have, you may have the following rights in respect of any personal data we collect about you:

  • To ask that Stora Enso provides you a copy of any identifiable personal data concerning you as well as certain information about how Stora Enso processes your personal data.
  • To ask that Stora corrects any incorrect or deficient identifiable personal data Stora Enso holds concerning you.
  • To ask that Stora Enso erases any such identifiable personal data concerning you that Stora Enso does not have a legal basis to hold.
  • To ask that Stora Enso, instead of erasing data in the above situation, restricts further processing of the data while still keeping a copy.
  • To ask that Stora Enso similarly restricts processing of the data while you await Stora Enso’s response to another lawful request by you that Stora Enso stops processing data concerning you.
  • To object, on grounds relating to your particular situation, to Stora Enso having a sufficient legitimate interest to collect some specific identifiable personal data concerning you.
  • To object to Stora Enso using personal data concerning you for direct marketing purposes.

Should you wish to exercise any of these rights, you may contact Stora Enso using the contact details provided above. Stora Enso will respond as soon as it is possible, and in any event within a month of your request. If Stora Enso for some reason disagrees with your request, Stora Enso will state our reasons for doing so.

If you feel that Stora Enso has not processed your personal data in a lawful manner, you have a legal right to send a complaint to the data protection supervisor of the EU country where you live or work. You may also send the complaint to the data protection supervisor of the country where you consider that the illegal conduct took place.