Metso Legal and privacy Privacy notice

Privacy Notice

This Privacy Notice has been updated on May 4th 2023. It is also available in Chinese, Finnish, Portuguese, Russian and Spanish.

Introduction and contact details

All Metso companies are committed to protecting your privacy. We will process your personal data only in accordance with relevant data protection and privacy legislation and good data processing practices.

Metso Corporation (“Metso” or “we”) is the controller for the personal data concerning Metso customers, website visitors, distributors, suppliers, contractors, job applicants, shareholders, insiders and inventors.

In this Privacy Notice, we tell you about Metso's personal data processing in general and provide you with instructions on how to exercise your rights regarding to processing of your personal data. Data subject specific supplements provide more specific information on what kind of personal data we process and what are the purposes for processing personal data about you in specific situations.

Controller Contact Information:
Metso Corporation
Rauhalanpuisto 9
02230 Espoo, Finland
privacy(at)metso.com

Why are we processing your personal data, what types of data we process and on which basis?

By opening a relevant section below, you will find information on which types of personal data we collect and process about you. Each section will also explain what are our purposes for processing your personal data and what are the legal bases for processing.

Customers and distributors

Categories and Sources of Personal Data

We primarily collect personal data directly from you if you are a representative of our customer, potential customer, distributor or our distributor’s customer. You may provide us personal data for example by contacting us, providing feedback, registering as a user of our digital tools and services, purchasing our products or services, subscribing to our newsletters or other material, commenting on content on our website, or downloading material from us. In some cases, we obtain your personal data from your employer or from public sources such as social media or from our distributor, if you are a representative of our distributor’s customer.

If you are a representative of Metso’s customer, potential customer or distributor, we process following categories of personal data about you:

Your identification and contact details, such as your name, company, job title, job role, email address, telephone number, photo, and passport information (when needed e.g. for event participation);

Information on the customer relationship, such as information about your previous purchases of Metso products and services, billing information, communication preferences, event participation information, your product interests, information about the use of Metso products and services, any feedback you have given to us and other relevant information provided by you;

Your account information, such as username, password and personal preference information in Metso Login Account or in Preference Center; and

Technical information, such as IP-address, terminal equipment information and device location information (if you have consented to providing location information for a specific application).

Processing Purposes

At Metso, we process the personal data of representatives of our customers, potential customers and distributors for the following purposes:

  • To market and sell our products and services;
  • To deliver our products or services;
  • To manage invoicing and payments;
  • To provide customer support for sold products and services;
  • To develop our products and services based on customer feedback and surveys;
  • To provide customer communication, such as notifications about new features, updates, warranty or other relevant information about the sold product or service;
  • To manage customer relations;
  • To organize and manage events such as distributor trainings;
  • To provide and manage our digital services such as, Bruno and PumpDim;
  • To measure the effectiveness of our marketing and to provide you with more relevant content;
  • To fulfil our other legal obligations.

Legal Basis

We process your personal data only if we have a valid legal basis for doing so. Please find information about the legal basis for our processing purposes below:

Legitimate interest

Processing of your personal data is based on our legitimate interest when it is done for the purposes of marketing, selling and developing of our products and services, or for the purposes of managing customer relations, providing customer communication and organizing events. It is also in our legitimate interest to measure the effectiveness of our marketing, to deliver our goods and services, to provide you with our digital services, to provide customer support for sold goods and services, and to manage invoices and payments.

Legal obligation

The legal basis for processing is our legal obligation when we are subjected to statutory requirements.

Consent

We provide you with our newsletter and other material when you have given your consent for receiving them. You may at any time withdraw your consent for receiving newsletters or other material using the 'Unsubscribe | Update Preferences' link included in the email.

Contract

When we have entered into a contractual agreement directly with an individual, such as a sole trader, the legal basis for processing personal data is performance of a contract for the purposes of delivering our goods and services, providing you with our digital services, providing customer support for sold goods and services, and managing invoices and payments.

Website visitors

Categories and Sources of Personal Data

We collect personal data directly from you as you visit, browse or otherwise interact on our website. We also collect your information when you subscribe to our newsletters or other material via our website.

If you are a website visitor at metso.com or at any of the websites of Metso group, we process following categories of personal data about you:

Your identification and contact details (if provided by you), such as your name, company, email address and phone number;

Information on your role and interests (if provided by you), such as role in organization and interest areas regarding industry, products or services;

Information on how you use our website. We use cookies and web beacons to collect data on how you use our websites and view our marketing emails. This may include for example information on which Metso websites you have visited, how long you stayed on them, which items you clicked on and your IP-address. To know more about the use of cookies, please see our Cookie Statement;

Survey and Feedback information, such as any free text communication you provide in connection to our survey or feedback forms.

Processing Purposes

We will process the personal data of website visitors for the following purposes:

  • To secure and optimize your website experience;
  • To develop our products and services based on website visitor behavior and customer feedback and surveys;
  • To market our products and services;
  • To provide you with our newsletter and other material, if you have subscribed to receiving it;
  • To measure the effectiveness of our marketing and to provide you with more relevant content.

Legal Basis

We process your personal data only if we have a valid legal basis for doing so. Please find information about the legal basis for our processing purposes below:

Legitimate interest

It is our legitimate interest to secure and optimize our website, to develop our products and services and to market our products and services for you.

Consent

We provide you with our newsletter or other marketing emails and material when you have given your consent for receiving them. You may at any time withdraw your consent for receiving newsletters using the 'Unsubscribe | Update Preferences' link included in the email.

Suppliers and contractors

Categories and Sources of Personal Data

We collect personal data primarily directly from our suppliers and contractors in the context of different supplier and contractor agreements. In some cases, we obtain your personal data from your employer.

If you are a representative of our supplier or contractor, we process following categories of personal data about you:

Your identification and contact details, such as your name, company, title, position, email address and phone number, photo;

Information on the partnership relation, such as billing information, contractual information.

Processing Purposes

We will process the personal data of representatives of our suppliers and contractors for the following purposes:

  • To procure products and services from you;
  • To manage invoicing and payments;
  • To manage the supplier or contractor relationship;
  • To otherwise enable us to fulfil our legal obligations.

Legal Basis

We process your personal data only if we have a valid legal basis for doing so. Please find information about the legal basis for our processing purposes below:

Legitimate interest

It is our legitimate interest to process your personal data in order to manage the supplier relationship, to procure products and services from you, and to manage invoices and billing.

Legal obligation

The legal basis for processing is our legal obligation when we are subjected to statutory requirements.

Contract

When we have entered into a contractual agreement directly with an individual, such as an individual consultant, the legal basis for processing personal data is performance of a contract for the purpose of procuring products or services.

Job applicants

Categories and Sources of Personal Data

We primarily collect personal data directly from you as you contact us when applying for a job. We obtain information about you from third parties only if you have given your consent to it. In some cases, we obtain your personal data from public sources such as social media. We process the following categories of personal data about job applicants:

Your identification and contact details, such as name, birthdate, address, email address and phone number;

Job application information, such as your work history, education history, application, certifications and your photo;

Information related to background checks, if required by a specific position;

Recruitment process communication, such as emails and job interview notes;

Login details, including your username.

Processing Purposes

We process the personal data of job applicants for the following purposes:

  • To carry out our recruitment process, including tasks such as:

- evaluating and assessing your interests and qualifications against our career opportunities;

- contacting you and setting up interviews;

- conducting possible background checks;

- contacting third party references to evaluate your previous performance; and

- keeping records relating to our hiring process.

  • To fulfil our legal obligations and rights related to recruitment process.

Legal Basis

We process your personal data only if we have a valid legal basis for doing so. Please find information about the legal basis for our processing purposes below:

Legitimate interest

It is in our legitimate interest to process your personal data in order to carry out our recruitment process.

Contract

Based on your request to be employed by us, we may process your personal data in order to take the necessary steps to enter into employment contract with you.

Legal obligation

We process your personal data based on a legal obligation whenever it is necessary for a statutory requirement related to recruitment process.

Consent

When necessary, we may obtain information about you from third parties if you have given your consent to it.

Visitors – Shareholders – Insiders – Inventors

Categories and Sources of Personal Data

Visitors:

Metso companies collect personal data directly from you as you provide it for visiting Metso premises or contacting us.

Your identification and contact details, such as name, email address, phone number and company;

Premise visiting information, such as visiting location and time and possible camera surveillance recordings, depending on location.

Shareholders:

We collect personal data directly from you as a shareholder and from the Finnish book-entry system. We process following categories of personal data about you:

Information needed for shareholder register, such as name of the shareholder (or of a proxy representative), personal identity code, contact details, payment information, tax information, number of Metso Corporation shares held by you as a shareholder.

Insiders:

We collect personal data directly from you as an insider and from relevant publicly available sources such as the Finnish Trade Register. We process following categories of personal data about you:

Your identification and contact details, such as name, address, email address and phone number.

Inventors:

We collect personal data directly from you in connection to any communication and collaboration with you as an inventor. We process following categories of personal data about you:

Your identification and contact details, such as name, address, email address and phone number;

Information needed for compensation, such as bank account details.

Processing Purposes

Visitors:

We process the personal data of visitors for the following purposes:

  • To secure and control access to Metso premises;

Shareholders:

We process the personal data of shareholders for the following purposes:

  • To enable shareholders of Metso Corporation to register for statutory Annual and Extraordinary General meetings.

Insiders:

We process the personal data of insiders for the following purposes:

  • To maintain a statutory insider register.

Inventors:

We process the personal data of inventors for the following purposes:

  • To register and manage Metso’s intellectual property and intellectual property rights;
  • To manage payments related to inventions.

Legal Basis

We process your personal data only if we have a valid legal basis for doing so. Please find information about the legal basis for our processing purposes below:

Legitimate interest

We process your personal data based on our legitimate interest when we process it for the purposes of securing and controlling access to Metso premises, registering and managing Metso’s intellectual property and intellectual property rights, and for the purpose of managing payments related to inventions.

Legal obligation

We process your personal data based on a legal obligation when we process it for the purpose of registering to statutory shareholder meetings and for the purpose of maintaining a statutory insider register.

Who can process your personal data?

At Metso, your personal data is processed only by personnel who are authorized to do so based on their role. Your personal data is processed by third parties only in the following situations which apply to transfers and disclosures of personal data:

Service Providers

We use service providers in order to manage and operate our business. Service providers are needed for a variety of purposes, such as payment and invoice management, carrying out marketing activities and providing our online services. These service providers can only process your personal data based on our instructions and use it only for purposes defined by Metso. Such processing is always regulated by data processing agreements in order to ensure that all our service providers keep your personal data safe and process it only in accordance with applicable legislation.

In cases where your personal data is transferred to service providers outside of the European Union (EU) and the European Economic Area (EEA), we ensure the protection of your personal data by using European Commission’s Standard Contractual Clauses. Where applicable, transfers of personal data to service providers outside of the EU and EEA can also be secured by relying on an adequacy decision adopted by the European Commission.

Disclosures of Personal Data

In certain situations, we have to disclose your personal data to another controller, who will use that personal data for its own purposes. Such disclosure of personal data can happen for example to authorities when Metso is obliged to do so based on a statutory requirement.

If re-arrangements in our business operations would happen, your personal data might have to be disclosed to relevant stakeholders of that re-arrangement. 

Sharing Data Within Metso Corporation

Additionally, Metso may disclose and transfer your personal data within the Metso group of companies. Where such intra-group transfers or disclosures take place, Metso is ensuring the security and confidentiality of your personal data by using Intra-Group Data Transfer Agreements.

Protective measures

Metso uses robust technical and organizational measures to protect the confidentiality, integrity and availability of your personal data. Our information security controls ensure the protection of it from unauthorized viewing, modification, dissemination, or destruction and provide the necessary recovery mechanisms from accidental as well as malicious destruction, alteration or loss. We use role-based access control to ensure that your personal data is processed only by appropriate personnel. Your personal data processed by Metso is protected with state-of-the-art information security technologies. Protective measures also include data protection related guidelines and procedures trained to employees in order to ensure secure and lawful processing of your personal data.

How long do we process your personal data?

By default, we store personal data only as long as is necessary for the purposes it was collected for. When personal data is no longer needed for the purpose it was originally collected for it will be deleted or anonymized, unless we have a legal obligation to retain data for a longer period. This means that the retention periods we have defined for your personal data vary depending on the processing purpose, type of personal data, and local requirements.

Here are a few examples of personal data retention periods:

  • Customers’ and suppliers’ personal data is stored for as long as is needed for maintaining the customer or supplier relationship.
  • Storing website visitors’ personal data depends on the cookies in use. For more information, see our Cookie Statement.
  • If you have subscribed into receiving marketing communications from us, we store your personal data for electronic direct marketing purposes for as long as you withdraw your consent for personal data processing.
  • Job applicants’ personal data is in most cases stored for one year. However, local exceptions may apply, such as when applying to our German entities the personal data is stored for 780 days.

What are your rights as a data subject?

As a data subject you have certain rights which help you to control your own personal data and to affect the way it is being processed. In this section, we provide you information about your rights as a data subject. If you wish to use your rights, please contact us by email at privacy(at)metso.com.

Please note that as a registered user, you may access and amend your contact details and other profile information at any time through Metso Preference Center or other Metso service where you have a user account registered.

Right of Access

You have the right to obtain confirmation as to whether or not your personal data is being processed by us and to know what personal data about you we process. If you wish, you may request for a copy of such data.

Right to Rectification

If your personal data is incorrect or incomplete, you have the right to request for rectification or completion of your personal data. 

Right to be Forgotten

You have the right to request your personal data to be erased. In such a case we will delete your personal data unless we have a legal obligation or other overriding reason to retain your data. Please note that after deletion of your personal data, Metso may not be able to provide you or your employer company the products, services or information you have inquired or ordered.

Restriction of Processing, Right to Object, Data Portability and Withdrawal of Consent

In certain situations, you have the right to request us to restrict the processing of your personal data, for example if personal data concerning you is inaccurate. Based on your particular situation, you may also have the right to object the processing of your personal data, in which case we will evaluate whether there are any compelling legitimate grounds for continuance of processing. You may always object processing for the purpose of direct marketing. In some cases, you may also have the right to data portability.

In cases where the processing of your personal data is based on your consent, you have the right to withdraw your consent for processing at any time.

We will do our best to resolve any issue you might have related to our processing of your data through negotiations. However, if you consider that our processing infringes your rights as a data subject, you have the right to file a complaint to your local supervisory authority.

Can this Privacy Notice be changed?

There will be updates to this Privacy Notice whenever changes or developments in our business operations require so. The up-to-date version of the Privacy Notice can always be found on this Website. We recommend that you revisit this Privacy Notice from time to time in order to review any possible changes. If any substantial changes in the way Metso collects or processes your personal data occur, we will post a notice of such change on our website.