Data Protection Policy
Siili Solutions Oyj
Last updated 25 May 2018
This Data Protection Policy provides general information about our (Siili Solutions Oyj, Finnish Business ID 1979903-5) data protection and privacy. Please note, that other companies belonging to the same group of companies with us apply their own data protection, privacy and related informational practices and should always be verified separately.
We understand and appreciate the importance of your personal data and its protection as part of your privacy. We will duly protect the integrity of your personal data, whether concerning you independently or in relation to your company, services or products.
OUR DATA PROTECTION PRINCIPLES
In all our personal data processing activities we observe and implement the following mandatory data protection principles:
- Lawfulness and fairness of processing: personal data in our control is processed according to all applicable data protection laws. In particular, we recognize the evolving legislative environment in Europe and our preparation for the upcoming EU general data protection regulation and related national implementations in EU member states are well in progress. We respect your and our other data subjects' right to informational self-determination and always provide a fair opportunity to influence to the processing of personal data.
- Transparency and openness of processing: collection, use, retention and other personal data processing as well as the limits of the processing will be made transparent to you and our other data subjects. All data protection information and communication will be designed to be easily understandable and accessible. Especially the data controller identities and purposes of uses of the personal data in our control will be clearly informed.
- Proper definition of purposes of uses and exclusivity of purpose: personal data in our control will only be processed in accordance with purposes of uses that are always defined and documented in advance and given to the information of you and our data subjects as required by the law. Our processing of personal data shall never be incompatible with the original purposes of uses (exclusivity of purpose).
- Personal data minimisation: we collect and process only adequate, relevant and necessary personal data. We assess regularly the necessity of personal data in our control.
- Personal data accuracy: personal data in our control must not be erroneous, incomplete or obsolete. We take necessary actions to rectify or delete inaccurate personal data in our control.
- Storage limitation: all personal data in our control is stored and processed for only such period that the applicable laws allow and, in any case no longer than is necessary considering the exclusivity of purpose principle. Personal data retention rules and retention time periods are planned in advance.
- Data security: we protect the personal data in our control by adequate organisational measures and technical arrangements against unauthorized and illegal processing as well as against unintentional (accidental) amendments, deletions, disclosures and other similar processing activities.
- Accountability: we ensure that all our personal data processing in compliant with these data processing principles. Furthermore, as necessary, we will support this compliance with appropriate documentation.
OUR DATA PROTECTION RESPONSIBILITIES
As a starting point, data protection is a subject common to all our personnel. Besides this general understanding, we have assigned data protection ownership within our senior management. On operational level, we have appointed a data protection manager (accessible at dataprotection(at)siili.com) to address daily data protection matters as well as to lead longer term data protection planning and compliance control.
As necessary, we have also access to legal support from experts specializing to data protection and privacy matters. We provide data protection training to our personnel as part of their tasks.
The supervisory authority having jurisdiction over our personal data processing is Finnish Data Protection Ombudsman – the official website is available at www.tietosuoja.fi.
OUR DATA FILES AND FURHER DETAILED INFORMATION
We arrange and process personal data in our control in separate data files. These data files are logical entities, each containing personal data of a specific group of individuals being our stakeholders or otherwise of interest to us. Our most important data files hold personal data of our:
- employee candidates - Employee Candidate Data Protection Statement;
- customer and vendor contact persons - Customer Contact Data Protection Statement.
For further information concerning our data protection please email us at dataprotection [at] siili.com