Last updated: March 27, 2019
In this section we describe the personal data we collect.
(i) Data you provide to us
When you use the Website or otherwise communicate with us, we collect information that you provide to us directly. For example, we collect information in the following circumstances: when you send us business inquiries or comments and when you otherwise communicate with us.
The information you provide to us directly may include, without limitation, information that may, in certain circumstances, constitute personal data. If you wish to send business inquiries, comments, and questions through the Website, we may collect the following information:
(ii) Data collected automatically
The Website may automatically collect the following information from you that in certain circumstances, alone or in connection with other data, may constitute personal data:
(iii) Data retention
We use the personal data collected directly from you for the following purposes:
We use the data collected automatically for the following purposes:
Personal data is processed pursuant to our legitimate interest as stipulated in Article 6(1)f of the General Data Protection Regulation. The legitimate interests are the abovementioned purposes i.e. our business activities, customer service, direct marketing purposes, aim to prevent fraud in addition to ensuring the network and information security of our IT-systems. Suominen considers that with respect to the aforementioned purposes, there are no such fundamental rights or freedoms of data subjects that would override the legitimate interest of the data controller.
We do not sell, lease, rent or otherwise disclose the personal data collected from the Website to third parties unless otherwise stated below.
The personal data collected may be disclosed in the following manner:
(i) Personal data you provide to us directly
We may disclose personal data you provide to us on the Website with the following categories of third parties:
(ii) Data collected automatically
The data collected automatically on the Website may be disclosed to the following categories of third parties:
According to the General Data Protection Regulation, you have the following rights regarding your personal data:
According to GDPR article 77, you are entitled to lodge a complaint with the supervisory authority concerning the processing activities carried out by us. Such complaint may be lodged in particular, in the member state of your habitual residence or place of work or where the alleged infringement took place.
If you wish to exercise your rights, contact us via email to firstname.lastname@example.org. We will use all reasonably available resources to respond to any such request without undue delay.
The security of personal data is important to us. We take reasonable technical and organizational measures to protect personal data about you from unauthorized access or against loss, misuse or alteration by third parties. Despite these efforts to store personal data collected on and through the Website and otherwise by us in a secure operating environment that is not available to the public, we cannot guarantee the security of personal data during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third-parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against, loss, misuse, or alteration by third parties.
Some elements of the Website and/or our products and services may be hosted on servers located in countries outside your own country. If you are located outside the EU/EEA area, the laws applicable to the protection of personal data in such countries may be different from those applicable in your home country. In particular, if you are located within the European Union, please note that personal data collected by us may in some instances be transferred outside the European Union/European Economic Area. To the extent personal data is transferred outside the EU/EEA area, Suominen has appropriate security measures in place in order to protect the personal data, such as internal processing agreements and standard contractual clauses of the European Commission. You consent to personal data about you being transferred outside your own country and, where applicable, outside the European Union.
The Website is not directed to children younger than thirteen (13) years of age. We do not intend to collect personal data from children under 13. If you are under 13, please do not use the Website and do not send any information about yourself to us.
1. DATA CONTROLLER
Suominen Oyj, (”Suominen”)
Suomisentie 11, PL 25
Suominen processes personal data pursuant to data controller’s legitimate interest as determined in article 6(1)f of the General Data Protection Regulation (EU 2016/679 “GDPR”). The legitimate interest of Suominen is the necessity of processing personal data of potential employees as well as to maintain a register of data subjects who have applied to Suominen. The application may be open or intended to a specific position.
Personal data is collected from application forms and open applications in addition to personal data acquired from interviews. The register includes:
Suominen will store all personal data collected in connection with the recruiting for up to 6 months from receiving the application. Suominen regularly review its registers in order to remove personal data where processing is no longer needed for the abovementioned purposes.
Personal data is collected directly from the applicants, their school, employment or other certificates in addition to their references, job interview, human resources department of Suominen and the supervisor making the recruiting decision.
Personal data may also be disclosed to affiliates of Suominen in other countries.
Suominen may outsource any services (or parts thereof) regarding the register to a third party. Further, Suominen may disclose personal data to relevant authorities pursuant to applicable laws.
Otherwise personal data is not disclosed to third parties.
Suominen has affiliates outside the EU/EEA region and the personal data in this register may be disclosed to such affiliates of Suominen. Other transfers outside the EU/EEA will be undertaken only within the limits permitted under the applicable data protection laws.
With respect to electronic data:
All electronically stored data is stored on servers provided by third parties. Suominen has appropriate data security measures in place in order to protect all electronic personal data. Suominen will ensure that the registers will not be subject to access by unauthorized persons or unlawful processing or other damage.
With respect to personal data on paper:
Suominen ensures that all papers containing personal data are protected in an appropriate manner and Suominen has sufficient measures in place to monitor any unauthorized access.
In case Suominen is subject to damage, destruction or other similar event that Suominen could not possibly have prevented, Suominen will notify the data subject immediately in accordance with the obligations of the applicable laws. Suominen is not, however, liable for such unpredictable events.
According to the General Data Protection Regulation, data subjects have the following rights regarding their personal data:
According to GDPR article 77, the data subject is entitled to lodge a complaint with the supervisory authority concerning the processing activities carried out by Suominen. Such complaint may be lodged in particular, in the member state of his or her habitual residence or place of work or the alleged infringement took place.
If the data subject wishes to exercise his or her rights, he or she should contact the Controller via email to email@example.com. Suominen will use all reasonably available resources to respond to any such request without undue delay.