(EU regulation 2016/679)
- ControllerArdor Oy
Konsantie 31, 21260 Raisio FINLAND
Business ID: 2175980-9
- Person responsible for the registerHenri Hyvärinen, CEO
+358 40 523 7576
- Name of the registerEmployee register
- Information content of the registerThe personal data register of employees contains information about Controller’s own employees, agency workers, employees of Controller’s subcontractors and jobseekers. The following data can be processed: first and last names, Finnish personal identity number or date of birth, foreign personal identity number or date of birth, home address, telephone number and e-mail address, employment-related information, bank details, statistical information, possible trade union and debt enforcement documents, information and documentation on skills, permits and qualifications, tax number, passport (copy) documentation, work permit (copy) documentation and A1 certificate documentation.
Which data is processed, depends on the category of employee.
- Purpose of the processing of personal data and the legal basis for the processingThe legal basis and purpose of the processing of the personal data is:
– the contractual relationship between the data subject and the Controller
– execution of the Controller’s legal obligations.
The employee register contains information on employees that is necessary for establishing and maintaining an employment relationship between the Controller and the job seeker and for fulfilling the Controller’s statutory obligations.
The personal data collected to the register is regularly obtained from the data subject himself or herself. In order to fulfill legal obligations, the personal data on agency workers and employees of subcontractors is also obtained from the staffing agency and from the subcontractor.
- Recipients or groups of recipients of personal data
The personal data will not be disclosed to third parties, with the exception of the Controller’s co-operation partners who process the data on behalf of the Controller, on the basis of a co-operation agreement between the parties, such as salary calculations and accounting offices.The personal data is disclosed to the authorities to the extent permitted and bound by existing legislation.
The personal data is disclosed in connection with various systems in connection with the cloud services of various providers, in which case the system provider acts as a collector of personal data in accordance with EU General Data Protection Regulation. These systems include e.g. email system, cloud storage services, financial management system or software and employee time tracking system or software.
- Transfer of personal data to a third country Personal data will not be disclosed outside the EU or the EEA.
If, exceptionally, the personal data is disclosed outside the EU or the EEA, in such a case, the requirements of data protection legislation shall be complied with in the transfer of data and, for example, standard contractual clauses of the European Commission shall be used when agreeing on the transfer of data with those processing the personal data; or the Controller ensures that the transfer of data is based on specific criteria, such as the data subject’s consent.
- Personal data retention period
- The rights of data subjects in the processing of personal dataRight to inspect the data and right to the rectification
The data subject has the right to inspect what data concerning them has been recorded in the personal data register and to receive a copy of the data. The data subject must send the inspection request by email to the Person responsible for the register. The Controller rectifies, erases or complements personal data that is incorrect or unnecessary of its own accord or at the demand of the data subject.
Right to restriction of processing
The data subject has the right to obtain from the Collector restriction of processing of data if the data subject, for example, contests the accuracy of the personal data;
the processing is unlawful, but the data subject opposes the erasure of the personal data and requests the restriction of its use instead; or the Controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
Right to erasure
The data subject has the right to have the Controller erase data concerning him or her for example if the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; the data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing; the personal data has been processed unlawfully; or the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Right to data portability
The data subject has the right to receive the personal data that he or she has provided to a controller in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller. The right to data portability may not have an adverse effect on the rights and freedoms of others.
Right to withdraw consent
The data subject has the right to withdraw his or her consent to the processing of personal data by notifying the Controller by e-mail.
Right not to be subject to a decision based solely on automated processing
The data subject has the right to demand human involvement in decisions that concern him or her. Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Right to object
The data subject has the right to object to the processing of his or her personal data if the data is processed for the purposes of the compelling legitimate interests pursued by the controller or a third party.
Right to lodge a complaint with the supervisory authority
The data subject shall have the right to lodge a complaint on the processing of personal data with the supervisory authority, which is in Finland Data Protection Ombudsman.
Changes to the data protection practice