Metso Legal and privacy Privacy notice

Privacy Notice

 

This Privacy Notice has been updated on June 20th 2024. It is also available in Chinese, Finnish, Portuguese, Russian and Spanish.

Introduction and contact details

All Metso group companies are committed to protecting your privacy. We will process your personal data only in accordance with relevant data protection and privacy legislation and good data processing practices.

Metso Corporation, or as applicable, the Metso group company that initially collected your personal data and decided the purposes and means for using your data (“Metso” or “we”) is the controller for the personal data concerning Metso customers, website visitors, distributors, suppliers, contractors, job applicants, shareholders, insiders and inventors.

In this Privacy Notice, we tell you about Metso's personal data processing in general and provide you with instructions on how to exercise your rights regarding the processing of your personal data. Data subject specific supplements provide more specific information on what type of personal data we process and what the purposes for processing your personal data are in specific situations.

Contact Information:
Metso Corporation
Rauhalanpuisto 9
02230 Espoo, Finland
privacy(at)metso.com

Why are we processing your personal data, what types of data do we process and on which basis?

By opening a relevant section below, you will find information on which types of personal data we collect and process. Each section will also explain the purposes for processing your personal data and the legal bases for processing.

Customers and distributors

Categories and Sources of Personal Data

We primarily collect personal data directly from you if you are a representative of our customer, potential customer, distributor or our distributor’s customer. You may provide us with personal data for example by contacting us, providing feedback, registering as a user of our digital tools and services, purchasing our products or services, subscribing to our newsletters or other material, or downloading material from us. In some cases, we obtain your personal data from your employer or from public sources such as social media or from our distributor, if you are a representative of our distributor’s customer.

If you are a representative of Metso’s customer, potential customer or distributor, we process the following categories of your personal data:

Your identification and contact details, such as your name, company, job title, job role, email address, telephone number, photo, date of birth, and passport information (when needed e.g., for event participation);

Information on the customer relationship, such as information about your previous purchases of Metso products and services, billing information, communication preferences, event participation information, your product interests, information about the use of Metso products and services, any feedback you have given to us and other relevant information provided by you;

Your account information, such as username, password, and personal preference information in the Metso Login Account or the Preference Center; and

Technical information, such as IP-address, terminal equipment information and device location information (if you have consented to providing location information for a specific application).

Processing Purposes

At Metso, we process the personal data of representatives of our customers, potential customers and distributors for the following purposes:

  • To market and sell our products and services;
  • To deliver our products or services;
  • To manage invoicing and payments;
  • To provide support for sold products and services;
  • To develop our products and services based on feedback and surveys;
  • To provide communication, such as notifications about new features, updates, warranty or other relevant information about the sold product or service;
  • To manage our business relationships;
  • To conduct compliance checks;
  • To organize and manage events such as webinars, conferences and  trainings;
  • To provide and manage our digital services;
  • To measure the effectiveness of our marketing and to provide you with more relevant content;
  • To fulfil our legal obligations.

Legal Basis

We process your personal data only if we have a valid legal basis for doing so. Please find information about the legal basis for our processing purposes below:

Consent

We provide you with our newsletter and other material when you have given your consent to receive them. You may at any time withdraw your consent for receiving newsletters or other material using the 'Unsubscribe | Update Preferences' link included in the email.

Legitimate interest

Processing of your personal data is based on our legitimate interest when it is done for the purposes of marketing, selling and developing of our products and services, or for the purposes of managing business relationships, providing communication and organizing events. It is also in our legitimate interest to measure the effectiveness of our marketing, to deliver our goods and services, to provide you with our digital services, to provide customer support for sold goods and services, and to manage invoices and payments.

Legal obligation

The legal basis for processing is our legal obligation when we are subjected to statutory requirements.

Contract

When we have entered into a contractual agreement directly with an individual, such as a sole trader, the legal basis for processing personal data is performance of a contract for the purposes of delivering our goods and services, providing you with our digital services, providing customer support for sold goods and services, and managing invoices and payments.

Website visitors

Categories and Sources of Personal Data

We collect personal data directly from you as you visit, browse, or otherwise interact on our website. We also collect your information when you subscribe to our newsletters or other material via our website.

If you are a website visitor at metso.com or at any of the websites of Metso Group, we process following categories of personal data about you:

Your identification and contact details (if provided by you), such as your name, company, email address and phone number;

Information on your role and interests (if provided by you), such as role in organization and interest areas regarding industry, products or services or free text communication you provide in connection with submitting a sales inquiry;

Information on how you use our website. We use cookies and web beacons to collect data on how you use our websites and view our marketing emails. This may include for example information on which Metso websites you have visited, how long you stayed on them, which items you clicked on and your IP-address. To know more about the use of cookies, please see our Cookie Notice;

Survey and Feedback information, such as any free text communication you provide in connection with our survey or feedback forms.

Processing Purposes

We will process the personal data of website visitors for the following purposes:

  • To market and sell our products and services;
  • To deliver our products or services;
  • To provide customer support for sold products and services;
  • To manage customer relations;
  • To secure and optimize your website experience;
  • To develop our products and services based on website visitor behavior and customer feedback and surveys;
  • To provide you with our newsletter and other material, if you have subscribed to receiving it;
  • To measure the effectiveness of our marketing and to provide you with more relevant content.

Legal Basis

We process your personal data only if we have a valid legal basis for doing so. Please find information about the legal basis for our processing purposes below:

Consent

We provide you with our newsletter or other marketing emails and material when you have given your consent for receiving them. You may at any time withdraw your consent for receiving newsletters using the 'Unsubscribe | Update Preferences' link included in the email.

Legitimate interest

It is our legitimate interest to secure and optimize our website, to develop our products and services and to market our products and services for you.

Strictly necessary

Strictly necessary

Strictly necessary cookies help make a website navigable by activating basic functions such as page navigation and access to secure website areas. Without these cookies, the website would not be able to work properly.

Data Processor: Salesforce Commerce Cloud
Purpose: Supports the website's technical functions.
Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy
Expiry: a year
Name: CookieConsentPolicy
Provider: service.force.com

Data Processor: Microsoft Azure
Purpose: Required for the website to perform properly.
Data Processor Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
Expiry: Session
Name: ARRAffinity
Provider: .metso.com

Data Processor: Microsoft, ASP.NET
Purpose: Supports the integration of a third-party platform on the website.
Data Processor Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
Expiry: Session
Name: ASP.NET_SessionId
Provider: otp.tools.investis.com

Data Processor: Salesforce
Purpose: Supports the integration of a third-party platform on the website.
Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy
Expiry: a year
Name: LSKey-c$CookieConsentPolicy
Provider: service.force.com

Data Processor: Investis Digital
Purpose:
Data Processor Privacy Policy: https://www.investisdigital.com/privacy-policy
Expiry:7 days
Name: AWSALBTGCORS
Provider: otp.tools.investis.com

Data Processor: Investis Digital
Purpose: Supports the website's technical functions.
Data Processor Privacy Policy: https://www.investisdigital.com/privacy-policy
Expiry: 7 days
Name: AWSALBCORS
Provider: otp.tools.investis.com

Data Processor: Investis Digital
Purpose:
Data Processor Privacy Policy: https://www.investisdigital.com/privacy-policy
Expiry: 7 days
Name: AWSALBTG
Provider: otp.tools.investis.com

Data Processor: Investis Digital
Purpose: Required for the website to perform properly.
Data Processor Privacy Policy: https://www.investisdigital.com/privacy-policy
Expiry: 7 days
Name: AWSALB
Provider: irs.tools.investis.com

Data Processor: Youtube
Purpose: Supports the website's technical functions.
Data Processor Privacy Policy: link to youtube privacy policy
Expiry: -
Name: SOCS
Provider: youtube.com

Functional

Functional

Functional cookies make it possible to save information that changes the way the website appears or acts. For instance your preferred language or region.

Data Processor: Salesforce
Purpose: Collects information about the users and their activity on the website. The information is used to analyze user behavior and to deliver personalized content.
Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy
Expiry: a year
Name: BrowserId
Provider: .force.com

Data Processor: Investis Digital
Purpose: Collects information about the users and their activity on the website. The information is used to track and analyze user behavior and to meet individual user needs.
Data Processor Privacy Policy: https://www.investisdigital.com/privacy-policy
Expiry: 7 days
Name: AWSALB
Provider: viz.tools.investis.com

Data Processor: Salesforce
Purpose: Collects information about the users and their activity on the website. The information is used to analyze user behavior and to deliver personalized content.
Data Processor Privacy Policy:https://www.salesforce.com/eu/company/privacy
Expiry: Session
Name: X-Salesforce-CHAT
Provider: d.la2-c1-fra.salesforceliveagent.com<

Analytics

Analytics

Analytics cookies help the website owner understand how visitors interact with the website by collecting and reporting information.

Data Processor: Piwik Pro
Purpose: Collects information about the users and their activity on the website for analytics and reporting purposes.
Data Processor Privacy Policy: https://piwik.pro/privacy-policy
Expiry: 30 minutes
Name: _pk_sesxxx
Provider: www.metso.com

Data Processor: Piwik Pro
Purpose: Collects information about the users and their activity on the website for analytics and reporting purposes.
Data Processor Privacy Policy: https://piwik.pro/privacy-policy
Expiry: a year
Name: _pk_idxxx
Provider: www.metso.com

Data Processor: Microsoft Azure
Purpose: Collects information about the users, which is used for market analytics and reporting purposes.
Data Processor Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
Expiry: a year
Name: ai_user
Provider: www.metso.com

Data Processor: Microsoft Azure
Purpose: Collects information about the users, which is used for market analytics and reporting purposes.
Data Processor Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
Expiry: 30 minutes
Name: ai_session
Provider: www.metso.com

Marketing

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and interesting to the individual user and thus more valuable for publishers and third-party advertisers.

Data Processor: LinkedIn
Purpose: Supports online marketing by collecting information about the users to promote products through partners and other platforms.
Data Processor Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Expiry: a year
Name: bcookie
Provider: .linkedin.com

Data Processor: Piwik Pro
Purpose: Collects information about the users and their activity on the website for analytics and reporting purposes.
Data Processor Privacy Policy: https://piwik.pro/privacy-policy
Expiry: 30 minutes
Name: stg_traffic_source_priority
Provider: www.metso.com

Data Processor: Piwik Pro
Purpose: Collects information about the users and their activity on the website for analytics and reporting purposes.
Data Processor Privacy Policy: https://piwik.pro/privacy-policy
Expiry: a year
Name: stg_returning_visitor
Provider: cloud.mc.metso.com

Data Processor: Youtube, Google
Purpose: Collects information about the users and their activity on the website. The Information is used to track and analyze user behavior, to meet the individual user needs and to deliver targeted advertising.
Data Processor Privacy Policy: https://policies.google.com/technologies/partner-sites?hl=en
Expiry: 6 months
Name: VISITOR_PRIVACY_METADATA
Provider: .youtube.com

Data Processor: Twitter
Purpose: Supports online marketing by collecting information about the users to promote products through partners and other platforms.
Data Processor Privacy Policy: https://twitter.com/en/privacy
Expiry: 2 years
Name: muc_ads
Provider: .t.co

Data Processor: Twitter
Purpose: Supports online marketing by collecting information about the users to promote products through partners and other platforms.
Data Processor Privacy Policy: https://twitter.com/en/privacy
Expiry: 2 years
Name: personalization_id
Provider: .twitter.com

Data Processor: Facebook
Purpose: Identifies browsers for the purposes of providing advertising and site analytics services.
Data Processor Privacy Policy: https://www.facebook.com/privacy/explanation
Expiry: 3 months
Name: _fbp
Provider: .metso.com

Data Processor: Piwik Pro
Purpose: Collects information about the users and their activity on the website for analytics and reporting purposes.
Data Processor Privacy Policy: https://piwik.pro/privacy-policy
Expiry: a year
Name: stg_last_interaction
Provider: www.metso.com

Data Processor: LinkedIn
Purpose: Collects information about the users and their activity on the website. The information is used to track and analyze user behaviour and to deliver targeted advertising.
Data Processor Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Expiry: 3 months
Name: li_sugr
Provider: .linkedin.com

Data Processor: LinkedIn
Purpose: Supports online marketing by collecting information about the users to promote products through partners and other platforms.
Data Processor Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Expiry: a day
Name: lidc
Provider: .linkedin.com

Data Processor: Facebook
Purpose: Facebook's primary advertising cookie, used to deliver, measure and improve the relevancy of ads.
Data Processor Privacy Policy: https://www.facebook.com/privacy/explanation
Expiry: 3 months
Name: fr
Provider: .facebook.com

Data Processor: Youtube, Google
Purpose: Collects information about the users and their activity on the website through embedded video players with the purpose of delivering targeted advertising.
Data Processor Privacy Policy: https://policies.google.com/technologies/partner-sites?hl=en
Expiry: Session
Name: YSC
Provider: .youtube.com

Data Processor: Youtube, Google
Purpose: Collects information about the users and their activity on the website through embedded video players with the purpose of delivering targeted advertising.
Data Processor Privacy Policy: https://policies.google.com/technologies/partner-sites?hl=en
Expiry: 6 months
Name: VISITOR_INFO1_LIVE
Provider: .youtube.com

Data Processor: Google Marketing Platform 
Purpose: Used for online marketing by collecting information about the users and their activity on the website. The information is used to target advertising to the user across different channels and devices.
Data Processor Privacy Policy: https://policies.google.com/technologies/partner-sites?hl=en
Expiry: 15 minutes
Name: test_cookie
Provider: .doubleclick.net

Data Processor: Google Marketing Platform 
Purpose: Used for online marketing by collecting information about the users and their activity on the website. The information is used to target advertising to the user across different channels and devices.
Data Processor Privacy Policy: https://policies.google.com/technologies/partner-sites?hl=en
Expiry: a year
Name: IDE
Provider: .doubleclick.net

Data Processor: LinkedIn
Purpose: Supports online marketing by collecting information about the users to promote products through partners and other platforms.
Data Processor Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Expiry: 6 months
Name: li_gc
Provider: .linkedin.com

Data Processor: Google
Purpose: Supports the integration of a third-party platform on the website to deliver targeted advertising.
Data Processor Privacy Policy: https://policies.google.com/technologies/partner-sites?hl=en
Expiry: 3 months
Name: _gcl_au
Provider: .metso.com

Data Processor: Youtube, Google
Purpose: Collects information about the users and their activity on the website through embedded video players with the purpose of delivering targeted advertising.
Data Processor Privacy Policy: https://policies.google.com/technologies/partner-sites?hl=en
Expiry: 2 years
Name: CONSENT
Provider: .youtube.com<

Data Processor: LinkedIn
Purpose: Supports online marketing by collecting information about the users to promote products through partners and other platforms.
Data Processor Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Expiry: a month
Name: UserMatchHistory
Provider: .linkedin.com

Data Processor: LinkedIn
Purpose: Supports online marketing by collecting information about the users to promote products through partners and other platforms.
Data Processor Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Expiry: a year
Name: bscookie
Provider: .www.linkedin.com

Data Processor: Adform
Purpose: Supports the integration of a third-party platform on the website to deliver targeted advertising.
Data Processor Privacy Policy: https://site.adform.com/privacy-center/platform-privacy/product-and-services-privacy-policy
Expiry: a month
Name: C
Provider: .adform.net

Data Processor: LinkedIn
Purpose: Collects information about the users and their activity on the website. The Information is used to track and analyze user behavior, to meet the individual user needs and to deliver targeted advertising.
Data Processor Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Expiry: a month
Name: AnalyticsSyncHistory
Provider: .linkedin.com<

Data Processor: Google
Purpose: Remember your recent searches, your previous interactions with an advertiser's ads, or search results, and your visits to an advertiser's site to show you customized ads on Google.
Data Processor Privacy Policy: https://policies.google.com/technologies/partner-sites?hl=en
Expiry: 2 years
Name: CONSENT
Provider: .google.com

Data Processor: Adform
Purpose: Supports the integration of a third-party platform on the website to deliver targeted advertising.
Data Processor Privacy Policy: https://site.adform.com/privacy-center/platform-privacy/product-and-services-privacy-policy
Expiry: 2 months
Name: uid
Provider: .adform.net

Strictly necessary

Strictly necessary

Data Processor: Salesforce Commerce Cloud

Purpose: Detects a user’s login state on the client side.

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: Session

Name: __Secure-has-sid

Provider: service.force.com

 

Data Processor: Salesforce Commerce Cloud

Purpose: Used for security protections.

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: Session

Name: clientSrc

Provider: service.force.com

 

Data Processor: Salesforce Commerce Cloud

Purpose: Used to apply end-user cookie consent preferences set by our client-side utility.

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: 1 year

Name: CookieConsentPolicy

Provider: service.force.com

 

Data Processor: Salesforce Commerce Cloud

Purpose: Provides a unique ID for guest users in Experience Cloud sites. Expires one year after the user’s last visit to the site.

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: 1 year

Name: guest_uuid_essential_(.*)

Provider: service.force.com

 

Data Processor: Salesforce Commerce Cloud

Purpose: Used to redirect requests to an instance when bookmarks and hardcoded URLs send requests to a different instance.

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: Session

Name: Inst

Provider: service.force.com

 

Data Processor: Salesforce Commerce Cloud

Purpose: Stores the last logged in org for redirecting requests. Used for logging whether the cookie is present in site and community guest-user requests.

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: 1 year

Name: oid

Provider: service.force.com

 

Data Processor: Salesforce Commerce Cloud

Purpose: Session ID and login-as session ID. In this case, the cookies are copied to the response and cause the target URL to rebuild appropriately in a proxy situation.

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: Session

Name: RSID

Provider: service.force.com

 

Data Processor: Salesforce Commerce Cloud

Purpose: Session ID

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: Session

Name: sid

Provider: service.force.com

 

Data Processor: Salesforce Commerce Cloud

Purpose: Used to detect and prevent session tampering.

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: Session

Name: sid_Client

Provider: service.force.com

Functional

Functional

Data Processor: Salesforce Commerce Cloud

Purpose: Used to store the user language preference for language detection and localized user experience.

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: 1 year

Name: PreferredLanguage(.*)

Provider: service.force.com

Analytics

Analytics

Data Processor: Salesforce Commerce Cloud

Purpose: Used to track a guest shopper's browsing activity.

Data Processor Privacy Policy: https://www.salesforce.com/eu/company/privacy

Expiry: 1 year

Name: cqcid

Provider: service.force.com

 

Data Processor: Piwik Pro

Purpose: Collects information about the users and their activity on the website for analytics and reporting purposes.

Data Processor Privacy Policy: https://piwik.pro/privacy-policy

Expiry: 30 minutes

Name: _pk_ses(.*)

Provider: portal.metso.com

 

Data Processor: Piwik Pro

Purpose: Collects information about the users and their activity on the website for analytics and reporting purposes.

Data Processor Privacy Policy: https://piwik.pro/privacy-policy

Expiry: a year

Name: _pk_id(.*)

Provider: portal.metso.com

 

Data Processor: Piwik Pro

Purpose: Collects information about the users and their activity on the website for analytics and reporting purposes.

Data Processor Privacy Policy: https://piwik.pro/privacy-policy

Expiry: 30 minutes

Name: stg_traffic_source_priority

Provider: portal.metso.com

 

Data Processor: Piwik Pro

Purpose: Collects information about the users and their activity on the website for analytics and reporting purposes.

Data Processor Privacy Policy: https://piwik.pro/privacy-policy

Expiry: a year

Name: stg_returning_visitor

Provider: portal.metso.com

 

Data Processor: Piwik Pro

Purpose: Collects information about the users and their activity on the website for analytics and reporting purposes.

Data Processor Privacy Policy: https://piwik.pro/privacy-policy

Expiry: a year

Name: stg_last_interaction

Provider: portal.metso.com

Suppliers and contractors

Categories and Sources of Personal Data

We collect personal data primarily directly from our suppliers and contractors in the context of different supplier and contractor agreements. In some cases, we obtain your personal data from your employer.

If you are a representative of our supplier or contractor, we process following categories of personal data about you:

Your identification and contact details, such as your name, company, title, position, email address, phone number, photo, date of birth.

Information on the partnership relation, such as billing information and contractual information.

Processing Purposes

We will process the personal data of representatives of our suppliers and contractors for the following purposes:

  • To procure products and services from you;
  • To manage invoicing and payments;
  • To manage the supplier or contractor relationship;
  • To conduct compliance checks;
  • To otherwise enable us to fulfil our legal obligations.

Legal Basis

We process your personal data only if we have a valid legal basis for doing so. Please find information about the legal basis for our processing purposes below:

Legitimate interest

It is our legitimate interest to process your personal data in order to manage the business relationship, to procure products and services from you, and to manage invoices and billing.

Legal obligation

The legal basis for processing is our legal obligation when we are subjected to statutory requirements.

Contract

When we have entered into a contractual agreement directly with an individual, such as an individual consultant, the legal basis for processing personal data is performance of a contract for the purpose of procuring products or services.

Job applicants

Categories and Sources of Personal Data

We primarily collect personal data directly from you as you contact us when applying for a job. We obtain information about you from third parties only if you have given your consent to it. In some cases, we obtain your personal data from public sources such as social media. We process the following categories of personal data about job applicants:

During the recruitment process, we mainly collect personal data provided voluntarily by you in the recruitment system or in your application. Such data may include:

Your personal identification data, such as name, gender (if provided), and birthdate;

Your contact details, such as address, email, phone number;

Job application information, such as your CV, application, and certifications containing information about your work and educational history, language skills and motivation;

Your photo, if provided by you in the application;

Your login details, including your username;

Information related to background checks, if required by a specific position;

Information related to assessments or tests, if necessary due to a specific position or local requirements;

In addition, we may also obtain information about you from other sources, such as:

  • Your references, that you have provided in your application;
  • Employees who have interviewed you;
  • Assessment providers, when assessments have been conducted as part of the recruitment;
  • Recruitment process communication, such as emails and job interview notes.

As a part of the recruitment process we may use automated decision-making through prescreening questions to determine your eligibility based on essential criteria of the role.

Processing Purposes

We process the personal data of job applicants for the following purposes:

  • To carry out our recruitment process, including tasks such as:
    • evaluating and assessing your interests and qualifications against our career opportunities;
    • contacting you and setting up interviews;
    • conducting possible background checks, assessments, or tests;
    • contacting third party references to evaluate your previous performance;
    • keeping records relating to our hiring process; and
    • asking your feedback about our recruitment process.
  • To fulfil our legal obligations and rights related to the recruitment process.

Legal Basis

We process your personal data only if we have a valid legal basis for doing so. Please find information about the legal basis for our processing purposes below:

Consent

If you give your consent, we may obtain information about you from third parties if and when necessary.

If you give your consent, we will also process your personal data for consideration with other potential positions within Metso and keep you informed of potential career opportunities that suit your profile.

Legitimate interest

It is in our legitimate interest to process your personal data in order to carry out our recruitment process.

Contract

Based on your request to be employed by us, we may process your personal data to take the necessary steps to enter into an employment contract with you.

Legal obligation

We process your personal data based on a legal obligation whenever it is necessary for a statutory requirement related to the recruitment process.

Visitors – Shareholders – Insiders – Inventors

Categories and Sources of Personal Data

Visitors:

Metso companies collect personal data directly from you as you provide it when visiting Metso premises or contacting us. Such data collected may include:

Your identification and contact details, such as name, email address, phone number, photo, car registration number, and company;

Premise visiting information, such as visiting location and time and possible camera surveillance recordings, depending on the location.

Shareholders:

We collect personal data directly from you as a shareholder and from the Finnish book-entry system. We process following the categories of personal data about you:

Information needed for shareholder register, such as name of the shareholder (or of a proxy representative), personal identity code, contact details, payment information, tax information, number of Metso Corporation shares held by you as a shareholder.

Insiders:

We collect personal data directly from you as an insider and from relevant publicly available sources such as the Finnish Trade Register. We process the following categories of personal data about you:

Information needed for the insider register, such as name, home address, email address phone number, date of birth, national identification number, if applicable, the insider’s function and reason for being an insider, and the issuer’s name and address.

Inventors:

We collect personal data directly from you in connection with any communication and collaboration with you as an inventor. We process the following categories of personal data about you:

Your identification and contact details, such as name, address, email address and phone number;

Information needed for compensation, such as bank account details.

Processing Purposes

Visitors:

We process the personal data of visitors for the following purposes:

  • To secure and control access to Metso premises;

Shareholders:

We process the personal data of shareholders for the following purposes:

  • To enable shareholders of Metso Corporation to register for statutory Annual and Extraordinary General Meetings.

Insiders:

We process the personal data of insiders for the following purposes:

  • To maintain a statutory insider register.

Inventors:

We process the personal data of inventors for the following purposes:

  • To register and manage Metso’s intellectual property and intellectual property rights;
  • To manage payments related to inventions.

Legal Basis

We process your personal data only if we have a valid legal basis for doing so. Please find information about the legal basis for our processing purposes below:

Legitimate interest

We process your personal data based on our legitimate interest when we process it for the purposes of securing and controlling access to Metso premises, registering and managing Metso’s intellectual property and intellectual property rights, and for the purpose of managing payments related to inventions.

Legal obligation

We process your personal data based on a legal obligation when we process it for the purpose of registering to statutory shareholder meetings and for the purpose of maintaining a statutory insider register.

Who can process your personal data?

At Metso, your personal data is processed only by personnel who are authorized to do so based on their role. Your personal data is processed by third parties only in the following situations which apply to transfers and disclosures of personal data:

Service Providers

We use service providers to manage and operate our business. Service providers are needed for various purposes, such as payment and invoice management, carrying out marketing activities and providing our online services. These service providers are only allowed to process your personal data based on our instructions and use it only for purposes defined by Metso. Such processing is always regulated by data processing agreements in order to ensure that all our service providers keep your personal data safe and process it only in accordance with applicable legislation.

Disclosures of Personal Data

In certain situations, we have to disclose your personal data to another controller, who will use that personal data for its own purposes. Such disclosure of personal data can happen for example to authorities when Metso is obliged to do so based on a statutory requirement.

If re-arrangements in our business operations would happen, your personal data might have to be disclosed to relevant stakeholders of that re-arrangement. 

Sharing Data Within Metso Corporation

Additionally, Metso may disclose and transfer your personal data within the Metso group of companies. Where such intra-group transfers or disclosures take place, Metso is ensuring the security and confidentiality of your personal data by using Intra-Group Data Transfer Agreements.

Sharing Customer Data with Distributors

Metso’s distributor business model may require us to share certain customer contact data with our distributors to facilitate business operations.

Our distributor agreements contain data protection clauses, ensuring that our distributors keep your personal data safe and process it only in accordance with applicable legislation.

Data Transfers

In cases where your personal data is transferred outside of the European Union (EU), the European Economic Area (EEA) and the UK, we ensure the protection of your personal data by using applicable safeguards.

Protective measures

Metso uses robust technical and organizational measures to protect the confidentiality, integrity and availability of your personal data. Our information security controls ensure protection from unauthorized viewing, modification, dissemination, or destruction and provide the necessary recovery mechanisms from accidental or malicious destruction, alteration or loss. We use role-based access controls to ensure that your personal data is processed only by appropriate personnel. Your personal data processed by Metso is protected with state-of-the-art information security technologies. Protective measures also include data protection related guidelines, procedures and respective training for employees in order to ensure secure and lawful processing of personal data.

How long do we process your personal data?

By default, we store personal data only as long as is necessary for the purposes it was collected for. When personal data is no longer needed for the purpose it was originally collected for it will be deleted or anonymized, unless we have a legal obligation to retain data for a longer period. This means that the retention periods we have defined for your personal data vary depending on the processing purpose, type of personal data, and local requirements.

Here are a few examples of personal data retention periods:

  • Customers’ and suppliers’ personal data is stored for as long as is needed for maintaining the customer or supplier relationship.
  • Storing website visitors’ personal data depends on the cookies in use. For more information, see our Cookie Notice.
  • If you have subscribed to receiving marketing communications from us, we store your personal data for electronic direct marketing purposes for as long as you withdraw your consent for personal data processing.
  • Job applicants’ personal data is in most cases stored for one year. However, varying local legal requirements may apply.

What are your rights as a data subject?

As a data subject you have certain rights, which help you control your own personal data and affect the way it is being processed. In this section, we provide you with information about your rights as a data subject. If you wish to exercise your rights, please contact us by email at privacy(at)metso.com.

Please note that as a registered user, you may access and amend your contact details and other profile information at any time through the Metso Preference Center or other Metso service where you have a user account registered.

Right of Access

You have the right to obtain confirmation as to whether your personal data is being processed by us and to know what personal data we process about you. If you wish, you may request a copy of such data.

Right to Rectification

If your personal data is incorrect or incomplete, you have the right to request for rectification or completion of your personal data. 

Right to be Forgotten

You have the right to request your personal data to be erased. In such a case we will delete your personal data unless we have a legal obligation or other overriding reason to retain your data. Please note that after deletion of your personal data, Metso may not be able to provide you or your employer company with the products, services or information you have inquired about or ordered.

Restriction of Processing, Right to Object, Data Portability and Withdrawal of Consent

In certain situations, you have the right to request us to restrict the processing of your personal data, for example if personal data concerning you is inaccurate. Based on your situation, you may also have the right to object to the processing of your personal data, in which case we will evaluate if there are any compelling legitimate grounds for continuance of processing. You may always object to processing for the purpose of direct marketing. In some cases, you may also have the right to data portability.

In cases where the processing of your personal data is based on your consent, you have the right to withdraw your consent for processing at any time.

We will do our best to resolve any issue you might have related to our processing of your data through negotiations. However, if you consider that our processing infringes your rights as a data subject, you have the right to file a complaint to your local supervisory authority.

Can this Privacy Notice be changed?

There will be updates to this Privacy Notice whenever changes or developments in our business operations require so. The up-to-date version of the Privacy Notice can always be found on this Website. We recommend you revisit this Privacy Notice from time to time to review any possible changes. If any substantial changes in the way Metso collects or processes your personal data occur, we will post a notice of such a change on our website.