S Group retail trade partner and supplier register

Updated 1.12.2025Data ControllerSuomen Osuuskauppojen keskuskunta SOK Postal address: PL 1, 00088 S-RYHMÄ Telephone: 010 76 8011 (switchboard) Visiting address: Fleminginkatu 34, 00510 Helsinki Business ID 0116323–1Contact details of the Data Protection Officertietosuojavastaava@sok.fiContact details of the Data controller's representativeJanne Hörkkä, aok.tuotetiedot.market@sok.fiPurpose of processing personal dataThe purpose of processing personal data stored in the Partner and supplier register is to maintain contact, share information, and implement collaboration with grocery and non-food retail suppliers, service providers, partners, and other stakeholders in S Group. S Group refers to cooperatives and SOK with its subsidiaries.Grounds for processing personal dataThe processing of personal data of contact persons for partners and suppliers is based on the contact person’s consent concerning cooperation between the supplier and SOK or a cooperative, or on a commercial agreement.The personal data we processWe process the following data concerning contact persons:

Name
Telephone number
Email address
Employer and title within the company
Communication with the contact person
User ID

Who processes your personal data?We process personal data in S Group's electronic data systems and services for the purposes specified in this statement. We work with external service partners to provide system and support services. Personal data may be transferred to these service partners to the extent necessary for carrying out actions within the scope of the assignment.We ensure that our partners maintain an adequate level of personal data protection as required by law. Personal data is transferred to consulting and reporting partners, as well as IT service providers, for the purpose of delivering the service. We may also disclose personal data to authorities within the limits permitted and required by applicable law, for example when responding to official information requests from authorities. Contact person data may also be disclosed to other organizations within the S Group to ensure operational flexibility and the quality of contact person data, or to execute a contract.Transfers of personal data to third countries or international organizations and applied security measuresWe do not transfer personal data outside the EU or ETA.Retention period for personal data or criteria for determining the retention period We retain the personal data described in this statement only for the duration and to the extent that the contractual relationship with the partner or supplier exists, or the consent remains valid and the contact person is employed by the partner or supplier, and the data is available for activities related to the stated processing purposes. We regularly delete expired data.Data subject rights You can exercise your rights by contacting the data controller’s representative mentioned in this statement.Right to information The data subject has the right to know what data is collected, what purposes the data is used for, the grounds for processing, and to whom the data is disclosed.The data subject has the following rights:

Right to access the data and to correct inaccurate data through the supplier portal or via the data controller's representative.
Right to erasure of data when there is no other statutory basis for retaining the data.
Right to restrict processing.
Right to object.
Right to data portability (for data processed automatically).
Right to withdraw consent.
Right to be informed of a personal data breach.

If the data subject wishes to exercise their rights or obtain more information about the processing of their personal data, they can contact the data controller mentioned in this statement. Additional information concerning rights can be found on the page Your rights – S-ryhmän tietosuojasivusto. The data subject also has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data violates applicable data protection legislation. In Finland, this supervisory authority is the Data Protection Ombudsman.Effects of processing personal data and a general description of technical and organizational security measuresWe carefully protect personal data throughout its entire lifecycle by using appropriate data protection and information security measures. System suppliers process personal data in secure server facilities. Only designated employees of companies acting on behalf of and for SOK, as well as S Group employees whose job description it includes, have the right to use the contact person register and maintain its data. Access to personal data is restricted, and all personnel are bound by a duty of confidentiality. In S Group, we protect personal data, inter alia, through proactive risk management and security planning, and by using telecommunications safeguards and secure facilities, as well as access control and security systems. After initial processing, physical documents containing personal data are stored in locked and fireproof storage facilities. Granting and monitoring of access rights is controlled. We regularly train personnel involved in the processing of personal data and ensure that also the employees of our partners understand the confidential nature and importance of secure handling of personal data. We carefully select our subcontractors. We continuously update our internal policies and guidelines. If personal data ends up in the wrong hands despite our protective measures, there is a risk it could be misused. Should we detect such an event, we will begin to investigate it without delay and aim to prevent any damage. We will notify relevant authorities and affected individuals of any data breach in accordance with legal requirements.