Privacy Policy

Version 1.0Effective Date: 25 March 2020

Introduction

We are committed to respecting your privacy. We will treat any personal data supplied by you as confidential and will only process such data as permitted by applicable legislation. We have prepared this Privacy Policy in accordance with the General Data Protection Regulation (GDPR) and the best international practices in personal data protection.

In this policy we describe how the SPECTA Group (“we” or “SPECTA Group”) processes your (“you”) personal data in the following cases as well as your rights with respect to personal data.

on the website www.specta.com (the “Website”),
while interacting with our existing and potential clients and counterparties,
while interacting with candidates during the recruitment process (collectively – “you”),

The terms for processing cookie files are described in the Cookie Policy. Processing activities related to our employees’ personal data are covered in our internal regulations.

SPECTA Group is headquartered in Russia (Specta Interpak LLC) and includes companies in the EU (Specta Strap Oy in Finland and Specta Ruhr GmbH in Germany), Ukraine, Belarus, Kazakhstan and UAE each of which acts as a data controller.

Specta Interpak LLC (Russia) is an administrator of the Website and a controller of the personal data submitted through the Website.

Contacts

For all questions regarding our data protection and privacy practices, you can contact us at any time at privacy@specta.com.

Content

Which data do we process and for what purposes?
How do we collect your personal data?
Who has access to your personal data?
What are your choices and rights with respect to your personal data?
How do we keep your personal data safe and secure?
How long do we store your personal data?
What are our data processing principles?
How will we notify you about changes to the Privacy Policy?
What will we do if there is a personal data breach?
Detailed list of personal data, purposes, period and legal basis (table)

1. Which data do we process and for what purposes?

We make every effort to make our processing activities transparent and open. We process your personal data for the following purposes:

to communicate with you when you submit requests on the Website:
to send you a newsletter if you have subscribed to it;
to communicate with you after conferences where you have provided us with your contacts;
to search for and communicate with potential clients, counterparties, vendors, business partners or investors;
to find candidates for vacant positions at the SPECTA Group;
to agree on, enter, execute, communicate in relation to and terminate agreements with counterparties;
to protect our legal interests, file legal claims and comply with legal requirements we are subject to;
to maintain the Website, make it more user friendly and use marketing techniques (we use cookie files).

A list of data we process about you, the third parties we share data with and the timeframes during which we process data are specified in the table in Section 10 below.

Should we later decide to use your data in any other way, we will inform you in advance so that you can exercise your rights as a data subject.

We do not process any special categories of data (e.g. data revealing racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, or genetic and biometric data) or data related to criminal convictions or offences.

We do not use your personal data for any automated decision making covered by Article 22 of the GDPR.

Our Website is not designed or directed at children.

2. How do we collect your personal data?

We collect your personal data:

from you directly as Website visitors, when you fill in certain forms on the Website or subscribe to out newsletter;
from you directly or the company you represent if our act as our counterparty or a representative of our counterparty;
automatically from your device, when you visit and navigate our Website on any device;
from third parties (e.g. if someone recommended you for potential cooperation with us).

3. Who has access to your personal data?

As a group headquartered in Russia, we store all your personal data on Russian servers (hosted by Specta Interpak LLC).

We may share your personal data within the SPECTA group, including with companies located in Russia, Germany, Finland, Ukraine, Belarus, Kazakhstan and UAE. This allows us to comply with local laws and ensures that your personal data is consistent, accurate and up-to-date. It also helps to increase the quality and relevance of our products and services.

We share your personal data with third-party service providers as described in the Privacy Policy

We endeavour to cooperate only with those third parties who respect and comply with personal data processing requirements.

4. What are your choices and rights with respect to your personal data?

Subject to applicable legislation, you have the full legal right to:

request from us the personal data we have collected about you and information on how we process your data;
demand modification or erasure of your personal data;
request to restrict the processing of your personal data (blocking);
object to the processing of your personal data;
ask us to transfer your personal data we process to another company, entity or person you deem appropriate (data portability right).

We will do our best to fulfil your request in the shortest possible time and in accordance with applicable legislation. In some cases, we may be required to continue storing data for regulatory purposes even though you require us to delete it. Should this be the case, we will inform you about such storage.

If you are not satisfied with our personal data processing activities and/or have any other complaints, contact us (contact details can be found here). You also have the full legal right to lodge a complaint with a supervisory authorities:

in Finland (www.tietosuoja.fi, email: tietosuoja@om.fi);
in Germany (North-Rhine Westphalia) (www.ldi.nrw.de, email: poststelle@ldi.nrw.de).

5. How do we keep your personal data safe and secure?

We are committed to protecting your personal data by using a combination of administrative, technical and physical measures. These safeguards include strict procedures to prevent the unauthorised access, loss or destruction of your personal data both during transmission and once we receive your personal data.

When interchanging data with third parties, we take appropriate organisational and technical measures to protect your personal data. We ensure that such third parties are bound by confidentiality obligations, and they must ensure the security and confidentiality of data.

Unfortunately, no data transmission or storage system is guaranteed to be 100% secure. If you have any reason to believe that your personal data is no longer secure, you should contact us immediately.

6. How long do we store your personal data?

We store your personal data for as long as necessary to fulfill the purposes for which it was collected, except where otherwise required or permitted by law. Once no longer required, your personal data will be securely destroyed or anonymised (so the data no longer identifies you). Periods of storage of personal data are described in the in the table in Section 10 below.

As to the duration of storage of relevant data using cookies, please see our Cookie Policy.

7. What are our data processing principles?

We have the greatest respect for your personal data, so during the collection and processing of them, we strictly adhere to the best business practices and principles of applicable legislation, including:

making the best efforts to process personal data fairly and in a transparent manner.
collecting data only for the predetermined, explicit and legitimate purposes described herein. We do not process data in a manner incompatible with our initial purposes.
collecting only personal data that we deem adequate and relevant and, in a volume, strictly necessary to achieve our purposes.
keeping personal data accurate and, when necessary, up to date. We erase or rectify personal data that is inaccurate without delay.
keeping personal data in a form that identifies you for no longer than necessary for the purposes for which the personal data were collected and processed.
ensuring the appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.

8. How will we notify you about changes to the Privacy Policy?

We reserve the right to modify the Privacy Policy at any time. Any modifications will become effective when we post a modified version of the Privacy Policy on the Website.

If we decide to do so, we will post a notification on the Website. If the modifications are significant, we will provide a more prominent notice when required by applicable law.

9. What will we do if there is a personal data breach?

If there is a personal data breach, we will without undue delay and where feasible, no later than 72 hours after having become aware of it, notify the competent supervisory authority of the personal data breach unless we reasonably decide that such a breach is unlikely to result in any risk to the rights and freedoms of data subjects.

If a data breach is likely to result in a high risk to your rights and freedoms, we will notify you in the following way:

if you provided us with your email address, we will send a communication to your email address
if no email address is specified in your account, we will post a notification on the Website.

10. Detailed list of personal data, purposes, period and legal basis (table)

No.	Purpose	List of personal data	Third parties (not SPECTA Group)	Period of processing	Legal basis
1.	To communicate with you when you submit requests at the Website:
	when you submit a “contact us” form when you submit a form in the “catalogues” section	Name Email address Phone number Company Country	No	Within 6 months from the receipt, if the request does not require legal actions Within 3 years from last communication, if the request requires legal actions	Legitimate interest to answer your question and communicate with you (Art. 6 para. 1f GDPR).
	when you use the “send a link to email” form	Email	No	Until sending a link to the email
2.	To send you a newsletter if you subscribed to it, analyse conversion of mailings	Full name Email address Phone number Position Company Country and city Information on the opening of e-mails and links contained in e-mails with newsletters	Service provider of the tool for e-mail marketing	Unless you withdraw your consent or opts out	Legitimate interest or consent depending on whether we have business relations with you as a client or a counterparty (Art. 6 para. 1a or 1f GDPR)
3.	To communicate with you after conferences and expositions or other social events where you provided us with your contacts or business card	Full name E-mail Phone number Position Company Country, city	No	3 years	Legitimate interest or consent depending on whether you provided your data via a standard form (Art. 6 para. 1a or f GDPR)
4.	To search for and communicate with potential clients, counterparties, vendors, business partners or investors	Full name Email address Phone number Position Company	No	3 years	Legitimate interest (Art. 6 para. 1f GDPR)
5.	To analyse and respond to incoming requests, claims or other correspondence	Full name Position Company	No	Within 6 months from the receipt, if the request does not require legal actions Within 3 years from last communication, if the request requires legal actions	Legitimate interest (Art. 6 para. 1f GDPR)
6.	To find candidates for vacant positions at the SPECTA Group	Information in CVs (e.g. full name, email address, phone number, date of birth, qualification)	No	During the evaluating and 2 weeks after the decision is made	Legitimate interest (Art. 6 para. 1a or f GDPR)
7.	To agree on, enter, execute, communicate in relation to and terminate agreements with counterparties	Full name Email address Phone number Position Date of birth Details of passport or other ID (if you sign an agreement) Details on PoA or other ground for the authorities (if any)	No	During the period of contract validity or supply	Legitimate interest (Art. 6 para. 1a or f GDPR)
8.	To comply with tax, accounting, customs, currency control requirements	Full name Position Company name Email address Phone Date of birth Details of passport or other ID, including ID number, date of issuance and issuing authority Details of the PoA or decision on appointment of the general director (No, date, powers granted) Details of the agreement signed	Tax, customs, other authorities, courts as the case may be	Within the validity of the agreement / execution of supply and up to 10 years after its termination	Legitimate interest (Art. 6 para. 1a or f GDPR)
9.	To protect our legal interest, file legal claims, comply with national law or execute requests of authorities, courts, law enforcement officials	Full name Email address Phone number Position Date of birth Number of an identity document and information on the granting Requisites of the power of attorney	Authorities, courts, law enforcement officials as the case may be	Within the validity of the agreement / execution of supply and up to 3 years from the contract termination date	Legitimate interest (Art. 6 para. 1a or f of GDPR)
10.	To maintain the Website, to improve it and make it more user friendly, to analyse how you interact with our Website, to present you content and advertising in line with your preferences	Cookie files (technical, analytical, marketing)	Google LLC (Google Analytics) Yandex LLC (Yandex. Metrica) AddToAny	Depending on the cookie type (in line with our Cookie Policy)	Legitimate interest or consent depending on cookie type (Art. 6 para. 1a or f GDPR)

Cookie	Duration	Description
lang_code	Session cookie	Stores a language preference for the visitor
pll_language	One year	Stores a language preference for the visitor

Cookie	Duration	Description
OTZ	One month	Aggregates analysis of website visitors
yandexuid	A few years	Identifies site users
ymex	One year	Identifies site users
_ga	2 years	Aggregates analysis of website visitors
_gid	One day	Aggregates analysis of website visitors
_ym_d	One year	Stores the date of the first visit of the website
_ym_isad	One year	Detects any used ad blockers
_ym_uid	One year	Distinguishes visitors

Cookie	Duration	Description
1P_JAR	One month	Gathers website statistics and tracks conversion
DSID	A few days	Links visitors activities on other devices they have previously logged into using a Google account
GPS	A few days	Registers a unique ID on mobile devices to enable tracking based on geographical GPS location
i	One year	Identifies site users
IDE	390 days	Builds a profile of visitors interests in order to show relevant & personalised advertising
SIDCC	One year	Collects information about how visitors use the website and any advertising that visitors may have seen before visiting the website, in addition to being used to help customise advertising on Google properties by remembering most recent searches, previous interactions with an advertiser's ads or search results and visits to an advertisers website.
VISITOR_INFO1_LIVE	5 months	Aggregates analysis of video visitors
yabs-sid	Session cookie	Serves to measure and analyze the traffic of the website
YSC	Session cookie	Tracks views of embedded videos