Privacy Policy

PRIVACY POLICY

Processing of the personal data of IISY Oy’s customers, representatives of customers and potential customers as well as the personal data of cooperation partners and representatives of partners

WHO PROCESSES YOUR DATA?

IISY Oy (Business ID: 2855140-2)
Address: Karaportti 1, 02610 Espoo

WHO CAN YOU CONTACT IN QUESTIONS RELATED TO DATA PROTECTION?

If you have any questions related to data protection or you wish to exercise your rights, you may contact:

Antti-Jaakko Alanko
[email protected]
Tel: +358 406 404 667

WHAT PERSONAL DATA DO WE PROCESS?

If you are our customer, a representative of our customer or potential customer, our cooperation partner or our cooperation partner’s representative, we process the following personal data:

  • First and last name
  • Email address
  • Postal address
  • Telephone number
  • Employing company/organisation
  • Position within the company or organisation / duties
  • Communications with you
  • Information on our meetings

If you are our customer or a representative of our customer or potential customer, we also process the following personal data:

  • Data on your participation in our events
  • Your marketing consents and prohibitions
  • Information on newsletter and blog subscriptions
  • Information you have provided on a contact form or otherwise

If you have access to our FREESICLOUD cloud service, we process the following data:

  • Email address
  • Password to the FREESICLOUD cloud service
  • Logs on the use of the service

If you visit our website (www.iisy.fi, www.iisycloud.fi), we will process data collected by means of cookies on, inter alia, from where you are visiting our website, which parts of our website you are visiting, and which browser you are using. More information on the use of cookies is provided in our Cookie Policy.

FOR WHAT PURPOSES AND ON WHAT GROUNDS DO WE PROCESS YOU PERSONAL DATA?

We process your personal data in order to manage your customer relationship or the customer relationship between us and the company you represent. We also process your personal data for analysing, planning and developing our business and services.

In addition, we process your personal data for planning, targeting, sending, developing and carrying out marketing and organising client events.

If you are our co-operation partner or represent such a partner, we process your data for the purposes of co-operation.

The basis for the processing of personal data is a customer relationship or the preparation of a contract, or our legitimate interest based on an actual or potential contractual relationship. Sending of blog posts or electronic direct marketing may be based on your consent.

FROM WHERE DO WE OBTAIN YOUR PERSONAL DATA?

We collect personal data primarily from yourself. We can also receive your data from the company you represent, our partner or our customer.

If you are a representative of our customer or potential customer, we might also have obtained your information from a website, other public sources or a commercial operator providing information on companies and their representatives.

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We do not share personal data with outsiders except where required by Finnish legislation or authorities.

In the processing of personal data, we can use the following service providers which process your personal data on our behalf:

  • IT system providers and other IT service providers;
  • billing service providers;
  • communication service providers;
  • service providers for website maintenance; and
  • providers of marketing services.

JOINT CONTROLLERS

We and Facebook Ireland are joint controllers in relation to our company page. We have entered into the Controller Addendum with Facebook Ireland (https://www.facebook.com/legal/controller_addendum ) to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the joint processing. We have agreed that we provide you with the information given in this section and we have agreed that between us and Facebook Ireland, Facebook Ireland is responsible for enabling your rights under Articles 15-20 of the GDPR with regard to your personal data stored by Facebook Ireland. The contact details of Facebook Ireland and its Data Protection Officer can be found in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy. When you enter into our Facebook page via Facebook link on our website or visit, like or comment our Facebook/Instagram page or follow our Instagram page we process jointly your data to collect user information. This user information is collected for marketing purposes and to develop our Facebook/Instagram page and services. That further information on how Facebook Ireland processes personal data, including the legal basis Facebook Ireland relies on and the ways you can exercise your rights against Facebook Ireland, can be found in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy.

We and LinkedIn Ireland are joint controllers in relation to our LinkedIn page. We have entered into the Controller Addendum with LinkedIn Ireland (https://legal.linkedin.com/pages-joint-controller-addendum ) to determine the respective responsibilities for compliance with the obligations under the GDPR with regard to the joint processing. We have agreed that between us and LinkedIn Ireland, LinkedIn Ireland is responsible for enabling your rights pursuant to the GDPR with regard to your personal data stored by LinkedIn Ireland. The contact details of LinkedIn Ireland and its Data Protection Officer as well as information on the processing of personal data carried out by LinkedIn Ireland including your rights towards LinkedIn Ireland can be found in LinkedIn Ireland’s Data Protection Policy at https://www.linkedin.com/legal/privacy-policy . When you visit, like or comment our LinkedIn page we process jointly your data to collect user information. This user information is collected for marketing purposes and to develop our LinkedIn page and services.

DO WE TRANSFER YOUR PERSONAL DATA TO A THIRD COUNTRY?

We use in marketing and customer administration tools where your data is stored in the data servers located in the USA. We do not transfer personal data outside the EU or the EEA otherwise. The data transfers are based on the standard contractual clauses of the European Commission.

HOW LONG DO WE STORE YOUR PERSONAL DATA?

We will store the personal data for as long as is necessary for the purposes for which they are processed or for complying with our legal obligations. We regularly review the necessity of keeping the data and delete data when they no longer are necessary for the purpose they were collected.

If you have subscribed to our blog or consented to electronic direct marketing, we will send you blog posts or electronic direct marketing until you withdraw your consent.

WHAT RIGHTS DO YOU HAVE?

You can contact [email protected] to exercise your rights

Right of access

You have the right to obtain from us a confirmation as to whether we process personal data concerning you. You also have the right to access personal data concerning you as well as information on the processing of your personal data as set out in the General Data Protection Regulation.

If you exercise your right to access the information, we will provide you with a copy of the personal data we process. If you request multiple copies, we may charge a reasonable fee for them based on administrative costs.

Right to rectification

You have the right to request us to rectify any incorrect data without undue delay. You also have the right to have incomplete personal data completed by providing a supplementary statement.

Right to erasure

You have the right to obtain from us the erasure of personal data concerning you without undue delay if:

  • your personal data are no longer needed for the purposes for which they were collected or otherwise processed;
  • you withdraw consent on which the processing is based and there are no other legal grounds for the processing of such data;
  • you object to the processing of your personal data on ground relating to your particular situation and there are no legitimate grounds for processing, or you oppose the processing of your personal data for direct marketing purposes;
  • we have processed personal data unlawfully; or
  • personal data have to be erased for compliance with a legal obligation we are subject to.

Right to restriction of processing

You have the right to obtain from us restriction of processing so that your personal data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another person if:

  • you contest the accuracy of your personal data, in which case we will restrict processing for a period enabling us to verify the accuracy of your personal data;
  • we process your personal data unlawfully and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need your personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
  • you have objected to the processing of your personal data on grounds relating to your particular situation and you wait for the verification whether our legitimate grounds override the grounds of your objection.

Right to data portability

You have the right to receive the personal data provided to us by you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller if

  • our processing is carried out by automated means; and
  • the processing is based on your consent or is necessary for the performance of our agreement or for the implementation of pre-contractual measures upon your request.

The right to data portability is limited to conduct which does not adversely affect the rights and freedoms of others.

Right to object to processing of personal data

You have the right to object to the processing of your personal data on grounds relating to your particular situation if there are no legitimate grounds for the processing.

Further, you have the right to object to the processing of your personal data for direct marketing purposes and to cancel ordered blog. You can prevent the sending of electronic direct marketing, customer letter or blog by clicking the adjacent link cancel subscription.

RIGHT TO WITHDRAW CONSENT

To the extent that the processing of personal data is based on your consent, you have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing we have carried out prior to withdrawal.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

You have the right to lodge a complaint with the Data Protection Ombudsman if you think that your rights under the General Data Protection Regulation have been infringed in the processing of the personal data. The supervising authority in Finland is Data Protection Ombudsman (www.tietosuoja.fi ).

HOW DO WE ENSURE DATA SECURITY IN THE PROCESSING OF PERSONAL DATA?

We ensure data securityas required in the law. The systems containing your personal data are secured by personal user credentials, passwords and user rights.

Any materials maintained manually are in premises to which unauthorised access is prevented.

Only those of our personnel who need to process your personal data to perform their working duties have access to your personal data.

PRIVACY POLICY

Processing of personal data of IISY Oy’s job applicants

WHO PROCESSES YOUR DATA?

IISY Oy (Business ID: 2855140-2)
Address: Karaportti 1, 02610 Espoo

WHO CAN I CONTACT IN QUESTIONS RELATED TO DATA PROTECTION?

If you have any questions related to data protection or you wish to exercise your rights, you may contact:

Antti-Jaakko Alanko
[email protected]
Tel: +358 406 404 667

WHAT PERSONAL DATA DO WE PROCESS?

We process the following information concerning you:

  • Basic information, such as name, date of birth, home address and other contact information
  • Job application and other information related to the job application process, such as language skills, information on education and qualifications, information on personal assessment and aptitude tests, credit information if permitted or required by law
  • Information provided by referees mentioned by you
  • Information related to the progress of the recruitment and possible selection process

FOR WHAT PURPOSES AND ON WHAT GROUNDS DO WE PROCESS YOU PERSONAL DATA?

We process your personal data for preparing an employment contract on your request, for recruitment measures and for suitability assessment.

The basis for the processing of your personal data is the preparation and conclusion of your employment or service contract. The right to process your personal data is based partly on the legitimate interests arising out of the recruitment process.

Your personal data may also be processes on the basis of consent insofar as required under legislation, for example for conducting personal and suitability assessment.

FROM WHERE DO WE OBTAIN YOUR PERSONAL DATA?

We collect personal data primarily from yourself.

Data may also be collected from your referee and a recruitment consultant.

We may also collect your personal data from other sources with your consent, unless it is question of checking credit information to establish your reliability, in which case no consent is required.

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We do not share personal data with outsiders except where required by Finnish legislation or authorities.

In the processing of personal data, we can use the following service providers which process your personal data on our behalf:

  • IT system providers and other IT service providers; and
  • communication service providers.

DO WE TRANSFER YOUR PERSONAL DATA TO A THIRD COUNTRY?

We do not transfer personal data outside the EU or the EEA.

HOW LONG DO WE STORE YOUR PERSONAL DATA?

We will store the personal data for as long as is necessary for the purposes for which they are processed or for complying with our legal obligations. For example, the periods for filing a suit set out in legislation and employer’s obligations will be taken into account in the storage periods.

We will store your personal data for at least one year after making the decision to hire a person for the applied position. Cold contact cover letters will be stored for one year after their receipt unless you have separately consented to longer storage.

WHAT RIGHTS DO YOU HAVE?

You can contact [email protected] to exercise your rights.

Right of access

You have the right to obtain from us a confirmation as to whether we process personal data concerning you. You also have the right to access personal data concerning you as well as information on the processing of your personal data as set out in the General Data Protection Regulation.

If you exercise your right to access the information, we will provide you with a copy of the personal data we process. If you request multiple copies, we may charge a reasonable fee for them based on administrative costs.

Right to rectification

You have the right to request us to rectify any incorrect data without undue delay. You also have the right to have incomplete personal data completed by providing a supplementary statement.

Right to erasure

You have the right to obtain from us the erasure of personal data concerning you without undue delay if:

  • your personal data are no longer needed for the purposes for which they were collected or otherwise processed;
  • you withdraw consent on which the processing is based and there are no other legal grounds for the processing of such data;
  • you object to the processing of your personal data on ground relating to your particular situation and there are no legitimate grounds for processing;
  • we have processed personal data unlawfully; or
  • personal data have to be erased for compliance with a legal obligation we are subject to.

Right to restriction of processing

You have the right to obtain from us restriction of processing so that your personal data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another person if:

  • you contest the accuracy of your personal data, in which case we will restrict processing for a period enabling us to verify the accuracy of your personal data;
  • we process your personal data unlawfully and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need your personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
  • you have objected to the processing of your personal data on grounds relating to your particular situation and you wait for the verification whether our legitimate grounds override the grounds of your objection.

Right to data portability

You have the right to receive the personal data provided to us by you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller if

  • our processing is carried out by automated means; and
  • the processing is based on your consent or is necessary for the performance of our agreement or for the implementation of pre-contractual measures upon your request.

The right to data portability is limited to conduct which does not adversely affect the rights and freedoms of others.

Right to object to processing of personal data

You have the right to object to the processing of your personal data on grounds relating to your particular situation if there are no legitimate grounds for the processing.

RIGHT TO WITHDRAW CONSENT

To the extent that the processing of personal data is based on your consent, you have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing we have carried out prior to withdrawal.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

You have the right to lodge a complaint with the Data Protection Ombudsman if you think that your rights under the General Data Protection Regulation have been infringed in the processing of the personal data. The supervising authority in Finland is Data Protection Ombudsman (www.tietosuoja.fi ).

HOW DO WE ENSURE DATA SECURITY IN THE PROCESSING OF PERSONAL DATA?

We ensure data securityas required in the law. The systems containing your personal data are secured by personal user credentials, passwords and user rights.

Any materials maintained manually are in premises to which unauthorised access is prevented.

Only those of our personnel who need to process your personal data to perform their working duties have access to your personal data.

COOKIE POLICY

1 SAVED DATA AND WHAT COOKIES ARE USED FOR

We (IISY Oy, Business ID: 2855140-2, address: Karaportti 1, 02610 Espoo) use cookies and other similar technologies on our websites www.iisy.fi and www.iisycloud.fi A cookie is a small text file that can be placed on your device when you visit a website.

With the cookies, we collect information on the terminal devices you use and your behaviour on our website, such as information on from what page you have accessed our website, what your IP address is, which browser and browser version you are using, and which part of our website you have been browsing and when. We use this information to enable the operation of the website (e.g. sending of a contact form), to analyse the website (e.g. web analytics and development of the website) and to target and optimise advertising.

2 HOW YOU CAN AFFECT THE USE OF COOKIES

When you enter our website, a selection bar appears at the bottom of the site where you can choose whether to accept cookies or not.

You can also disable cookies at any time by changing your browser settings. You may also remove existing cookies if you so wish.

3 THIRD PARTIES

In addition to our own cookies, our website contains cookies from third parties such as social media services, analytics providers and providers of advertising technology.

Some of the third parties process cookie data for their own purposes as data controllers (e.g. social media services and Google). The third parties’ own terms apply to such cookies. E.g. Google’s privacy policy is available here: https://policies.google.com/privacy?hl=fi.

4 COOKIE DURATION

Some of the cookies we use are session cookies, in which case cookie data is deleted once the browser is closed. Some of the cookies we use are persistent cookies, in which case cookie data will remain on your device even after the browser is closed. In general, persistent cookies will remain on the device for 1-24 months.