The Data Controllers: Pistra Oy (0960623-6), Address:
1. Contact in matters relating to the register
Upon a signed request adressed to our Data Protection Officer, we will provide you with a readable copy of the personal data which we keep about you. We may require proof of your identity and may charge a small fee (not exceeding the statutory maximum fee that can be charged) to cover administration and postage. We allow you to challenge the data that we hold about you and, where appropriate in accordance with applicable laws, you may have your personal information: erased, rectified or amended or completed. You have the right to prohibit upon a signed request adressed to our Data Protection Officer delivery of direct advertising, distance selling and direct marketing for marketing and opinion research in connection with your personal data.
2. Name of the Register and Data Protection Officer
User registry of the [Appin nimi tähän] Service.
The personal data collected will be controlled and processed by our Data Protection Officer. Additionally, personal data may be processed or jointly controlled by affiliates of the Data Controller.
3. The purpose of processing personal data
The personal register has been set up to enable relationships among the registered customers of the App, marketing and service development. Information in the register is used to maintain relationships and marketing purposes by all organizations related to operating and maintaining App related Service(s) and to handle the customer relationship between the service provider and users.
4. Content of the register and information collected
Our primary goal in collecting personal data from you is to give you an enjoyable customised experience whilst allowing us to provide services and features that most likely meet your needs. We collect certain personal data from you, which you give to us when using our App and/or registering or subscribing for our products and services. However, we also give you the option to access our sites’ home page without subscribing or registering or disclosing your personal data.
We may collect personal data about you in variety of ways, such as through our Sites and social media channels; at our events; through phone and fax; through job applications; in connection with in-person recruitment; or in connection with our interactions with clients and vendors. We may collect a selection of personal data dependant on the nature of the relationship, including, but not limited to (as permitted under local law):
- contact information (such as name, postal address, email address and telephone number);
- username and password when you register on our Sites;
- information you provide about friends or other people you would like us to contact. (The Controller assumes that the other person previously gave an authorization for such communication) ; and
- other information you may provide to us, such as in surveys or
- through the ”Contact Us” feature on our Sites.
In addition, if you are an associate or job candidate, you apply for a position or create an account to apply for a position, we may collect the following types of personal data (as permitted under local law):
- employment and education history;
- language proficiencies and other work-related skills;
- Social Security number, national identifier or other government-issued identification number;
- date of birth;
- bank account information;
- citizenship and work authorization status;
- benefits information;
- tax-related information;
- information provided by references; and
- information contained in your resume or C.V., information you provide regarding your career interests, and other information about your qualifications for employment.
and where required by law explicit consent has been provided by you:
- disabilities and health-related information;
- results of drug tests, criminal and other background checks.
In addition, we may collect information you provide to us about other individuals, such as information related to emergency contacts.
Personal data is given by the user and collected from the data controller systems during registration and use. Data is gathered from customer’s registrations and notifications during the relationship. The information for the register is gained when the customer connects customer register for the organisations, which are in the concept. Customer register information is stored on the basis of the changes made by customer, when the customer login as well as his creation, editing or removing information. We also collect certain personal data from other group companies to whom you have given information through their websites. Please note that we do not intend to collect any personal data from children under thirteen years of age and no child should submit any personal data to the Site. Should we discover that any such personal data has been delivered to the Site, we will remove that information as soon as possible.
5. Legitimate Interest
The Data Controller may process personal data for certain legitimate business purposes, which includes some of all of the following:
- where the process enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our clients, candidates and associates;
- to identify and prevent fraud;
- to enhance security of our network and information systems;
- to better understand how people interact with our websites;
- for direct marketing purposes;
- to provide postal communications to you which we think will be of interest to you;
- to determine the effectiveness of promotional campaigns and advertising
Whenever we process data for these purposes we will ensure that we keep your rights in high regard and take account of these rights. You have the right to object to such processing, and if you wish to do so please contact our Data Protection Officer]. Please bear in mind that if you exercise your right to object this may affect our ability to carry out and deliver services to you for your benefit.
- Cookies and similar technologies
- remember that you have used our App and/or our Site before; this means we can identify the number of unique visitors we receive to different parts of the App/Site. This allows us to make sure we have enough capacity for the number of users that we get and make sure that the App/Site runs fast enough;
- remember your login session so you can move from one page to another within the Site;
- store your preferences or your user name and password so that you do not need to input these every time you visit the Site/App;
- customise elements of the layout and/or content of the pages of Site/ of our App for you;
- record activity on our App/Site so that we understand how you use our App/Site enabling us to better tailor our content, services and marketing to your needs;
- collect statistical information about how you use the App/Site so that we can improve the App/Site; and
- gather information about the pages on the Site that you visit, and also other information about other websites that you visit, so as to place you in a “market segment”. This information is only collected by reference to the IP address that you are using, but does include information about the county and city you are in, together with the name of your internet service provider. This information is then used to place interest-based advertisements on the Some of the cookies used by our Sites are set by us, and some are set by third parties who are delivering services (such as interest based advertising directed at your market segment) on our behalf.
7. Regular destinations of disclosed data and use of information collected by us
Regular destinations: Personal data is not shared with third parties. Exceptionally information may be disclosed to authorities if the data controller is obliged to do so pursuant to mandatory legislation. Data can be used for targeted marketing within the service, but the personal data will not be released out of the system. Where, as part of our Site services, we enable you to upload information or materials on our Site/App, we may monitor the post proces. If you are a registered user (e.g. a subscriber or taking a trial), when you log on, this places a cookie on your machine. This enables your access to content and services that are not publicly available. Once you are logged on, the actions you take – for example, viewing an document – will be recorded (subject to any necessary consents). We may use technology or a service provider to do this for us. This information may be used for one or more of the following purposes: to fulfil our obligations to you and to improve the efficiency, quality and design of our Site(s) and Services.
We collect and use the data gathered for the following purposes (as permitted under Finnish law):
a) providing workforce solutions and connecting people to work; b) creating and managing online accounts; c) processing payments; d) managing our client and vendor relationships; e) where permitted under law and consistent with the Data Controller’s Cookie and Advertising Notice (which is incorporated herein by reference), to send promotional materials, alerts regarding available positions and other communications; f) where permitted under law to communicating about, and administering participation in, special events, promotions, programs, offers, surveys, contests and market research; g) responding to individuals’ inquiries and claims; h) operating, evaluating and improving our business (including developing, enhancing, analyzing and improving our services; managing our communications; performing data analytics; and performing accounting, auditing and other internal functions); i) protecting against, identifying and seeking to prevent fraud and other unlawful activity, claims and other liabilities; and j) complying with and enforcing applicable legal requirements, relevant industry standards, contractual obligations and our policies.
All processing will be carried out based on adequate legal grounds which may fall into a number of categories, including:
a) consent or an explicit consent from the data subject, where required by applicable law; b) to ensure that we comply with a statutory or contractual requirement, or a requirement necessary to enter into a contract e.g. processing your personal data to ensure that your wages and taxes are paid. c) it is essential and necessary for the legitimate interest of the Data Controller e.g. letting the user access the website to be provided with the services offered.
In addition to the activities listed above, if you are an associate or job candidate and you apply for a position or create an account to apply for a position, as permitted under local law, we use the information described in this privacy notice for the following purposes:
a) Providing you with job opportunities and work; b) providing HR services to you, including administration of benefit programs, payroll, performance management and disciplinary actions; c) providing additional services to you, such as training, career counselling and career transition services; d) assessing your suitability as a job candidate and your associate qualifications for positions; and e) performing data analytics, such as (i) analyzing our job candidate and associate base; (ii) assessing individual performance and capabilities, including scoring on work-related skills; (iii) identifying skill shortages; (iv) using information to match individuals and potential opportunities, and (v) analyzing pipeline data (trends regarding hiring practices).
We also may use the information in other ways for which we provide specific notice at or prior to the time of collection.
8. Transfer of data outside the EU or EEA
9. Data protection principles
The register is protected by technical and organizational measures. The system is encrypted and protected by a firewall preventing access to third-party systems and data to ensure the preservation of backup. Manual data will not be created from customer register. The registry information is stored on servers and systems that are protected by firewalls, passwords and other technical means. Access to personal data is granted only if it is necessary for data processing. Only the Data Controller’s Data Protection Officer or Data Controller’s commissioned and acting on behalf of the Data Protection Officer are set up to use and maintain the whole register. Each defined user has their own personal username and password, as well as to professional secrecy. Each company, which belongs to the service, has access only to it own customer register. In order to ensure the appropriate security and confidentiality of the personal data, we apply to the following security measures:
- Encryption of data in transit;
- Strong user authentication controls;
- Hardened network infrastructure;
- Network monitoring solutions
- We store in our systems the personal data we collect in a way that allows the identification of the data subjects for no longer than it is necessary in light of the purposes for which the data was collected, or for which that data is further processed. We determine this specific period of time by taking into account: a) the necessity to keep stored the personal data collected in order to offer services established with the user; b) in order to safeguard a legitimate interest of us as described in the purposes; c) the existence of specific legal obligations that make the processing and related storage necessary for specific period of times.
- Your Rights as Data Subject
- When required by applicable law, a data subject can exercise under Articles 15 to 22 of the GDPR the following specific rights:
a) Right of access: A data subject has the right to access his or her personal data concerning which in order to verify that his or her personal data is processed in accordance to the law. b) Right to rectification: A data subject has the right to request the rectification of any inaccurate or incomplete data held about him or her, in order to protect the accuracy of such information and to adapt it to the data processing. c) Right to erasure: A data subject has the right to request that the Data Controller erases information about him or her and to no longer process that data. d) Right to restriction of processing: A data subject has the right to request that the Data Controller restricts the processing of his or her data. e) Right to data portability: The data subject has the right to request the data portability meaning that the data subject can receive the originally provided personal data in a structured and commonly used format or that the data subject can request the transfer of the data to another Data Controller. f) Right to object: The data subject who provide a Data Controller with personal data has the right to object, at any time to the data processing on a number of grounds as set out under GDPR without needing to justify his or her decision. g) Right not to be subject of automated individual decision-making: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, if such profiling produces a legal effect concerning the data subject or similarly significantly affects him or her. h) Right to lodge a complaint with a supervisory authority: Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes GDPR.
Whenever the processing is based on the consent, as under art.7 of the GDPR, the data subject may withdraw their consent at any time.
If you require more information about the processing of your personal data, please contact our Data Protection Officer.