Employee Data Protection Statement

Last Updated: 9.4.2021

Siili Solutions Plc and its subsidiaries ("Siili", also "we", "us", "our"; Finnish Business ID 1979903-5) place the highest value on protecting your personal data. As your employer, Siili is the data controller of your personal data in the context described in this Employee Data Protection Statement ("Statement"). As a data controller Siili is responsible for your personal data processing and defines the purposes and means for the processing of your personal data.

This Statement explains our commitment to keeping your personal data ("Employee Data") confidential and secure. Specifically, the Statement informs you on our Employee Data processing practices in connection with your employment with Siili ("Employment"). Employee Data processing in Siili Employment IT tools, used e.g. for maintaining your basic contact and competence information, belongs to the scope of this Statement.

Siili processes your Employee Data always in accordance with all applicable laws. 

Please read this Statement carefully before committing to Employment. By committing to Employment and/or by submitting (directly or indirectly) your Employee Data to us, you express your understanding to the processing of your Employee Data in accordance with this Statement. Otherwise, we expect that you will not commit to Employment with us and not to provide or cease providing us with your Employee Data. Please note that absence or non-availability of your Employee Data prevents or may prevent us from committing to the Employment from our side.

Lawfulness of Processing of Your Employee Data

Processing of your Employee Data by us is based on:

  • Employment contract (or other similar service relationship contract) existing between you and us;
  • Our mandatory legal obligations (i.a. labor law);
  • Your consent (i.a. Employee Data collected from third parties); or
  • Siili’s legitimate interests (i.a. ensuring information security).


The Employee Data subject may at any time withdraw the consent to which the processing or part of processing of Employee Data is based on.

Siili Data Collection Methods and Sources of Personal Data

Committing to the Employment requires you to personally submit to us certain Employee Data. Besides the utilization of our digital Employee Data collection methods, depending on the Employment, we may also collect all or certain Employee Data from you in a phone call, in connection with your performance assessments or with other non-computerized means common in connection with Employment.

Additionally, but always informing you in advance and only with your expressly given consent, we may also collect your Employee Data from any public sources (e.g. online profiles), third parties (e.g. travel agents, insurance companies, banks, etc.), our own employees and/or other persons providing services for us (including trainings, courses or assessments) you might relate to, be required to be in connection with or participate to during your Employment.

Employee Data Siili Collects and Processes

Basic Employee Data typically collected and processed by us consists mostly of your name and contact details, your position in our organisation, your education and skills, curriculum vitae as well as necessary information for executing payroll activities and fulfilling our other employer obligations. When providing us with information about a third-party individual (such as information of your family member identified as your emergency contact), you are responsible for ensuring that you have attained all such third-party consents possibly required for providing us with the information as stipulated by the law. 

In addition, we may collect other types of Employee Data necessary for your Employment.

We may also collect and process certain Employee Data belonging to special categories ("Sensitive Employee Data", defined generally in data protection legislation to be personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sex life) to ensure our compliance with any of our mandatory legal employer requirements and obligations. Typically, we may collect and process Sensitive Employee Data in form of health data for ensuring legal compliance in connection with occupational health matters. If the case so requires, we shall request your explicit consent to processing of such Sensitive Employee Data. 

Furthermore, when you use any Siili IT tools and applications, we may automatically track certain personal data concerning you, such as the internet protocol (IP) address, the source of visit and the type of your web browser even prior to explicitly requesting any of your Employee Data described above.

Identification and general Employee Data attributes we may process include the following:

  • Name information;
  • Personal ID number;
  • Personal contact information (both private and business): telephone, e-mail, mailing address;
  • Curriculum vitae;
  • Photos;
  • Education;
  • Key competences;
  • Bank account;
  • Salary and agreed benefits (incl. salary details);
  • Employment start date;
  • Title and role;
  • Tribe manager name;
  • Family info / contact person (i.e. for emergency contact purpose);
  • Time and attendance management records;
  • Absences and holidays;
  • Healthcare info;
  • Employee questionnaire answers;
  • Travel expenses
  • Technical information (i.a. IP address, log files and limited behavioral data, facility and system surveillance information when applicable); and
  • Other information which you provide in connection with a business purpose of Siili.

Siili Purposes of Employee Data Processing

We process your Employee Data only in connection with your Employment. The primary purpose of processing of your Employee Data is:

  • Fulfilling Siili's employer responsibilities and obligations (especially but not limited to those related to our human resources function) towards you, our other employees and authorities.

 

In detail, the purposes for processing and use of the Employee Data include the following items:

  • Personnel data management;
  • Management of organisation structures;
  • Performance, talent and rewards management and development;
  • Learning and training management and development;
  • Payroll (incl. salaries, benefits and vacations) and working time control;
  • Management of occupational accidents, injuries and diseases;
  • Health and wellbeing management;
  • Insurance management;
  • Travel and expense handling;
  • Communication;
  • Reporting and analytics;
  • Enabling business processes (i.a. customer work and R&D);
  • Enabling support functions (i.a. identity management activities);
  • Fulfilling of mandatory employer duties, employment matters and rights of employees and employers as well as responsibilities towards authorities; and
  • Ensuring and improving workplace and information security.

 

Your Employee Data will not be used for direct marketing or for any other purpose than those described above in this Statement.

Retention

We have defined retention periods for your Employee Data based on mandatory legal requirements and industry common practices. Retention periods vary considerably depending on the nature and use of Employee Data. If you need more detailed information on retention periods, please contact us directly by using contact information below for further advice. 

Notwithstanding the above, the retention of your Employee Data may be extended due to existing or imminent need of Siili to establish, exercise or defend itself against legal claims.

Disclosures and Transfers

We will not disclose your Employee Data except as provided in this section or when you have given your consent to the disclosure of your Employee Data in a specific context.

We do not generally disclose any Employee Data to be independently used by other data controllers outside Siili unless required by mandatory law (such as to tax, employment and other authorities as well as to banks, insurance companies and other financial institutions). As exceptions, business travel arrangements may require disclosing your Employee Data to our related trusted business partners, such as airlines and accommodation providers, as well as our business assignments, in which you participate or may participate as our employee, may require limited disclosures to our customers (such as your CV information). 

We may transfer your Employee Data to Siili affiliate companies or to third parties (e.g. subcontractors) which process Employee Data on behalf of us for the purposes described in this Statement. In this way, we do not release the Employee Data from our effective control. 

If Employee Data is transferred to external data processors (subcontractors or vendors) to be processed on behalf of Siili, appropriate contractual arrangements (such as data processing agreements), as required by the applicable laws, are executed to secure lawful and appropriate processing of Employee Data.

As we operate internationally, due to the necessary technical and practical requirements your Employee Data may be processed by Siili affiliate companies or subcontractors located outside the European Union or European Economic Area (incl. Switzerland). Hence, countries to which your Employee Data may be sent to or accessed from may have a data protection standard differing from the country in which you are situated. In all such Employee Data transfer situations, the processing of Employee Data shall be in accordance with applicable legislations (e.g. justified by EU Commission standard contractual clauses and supplementary measures if necessary) and our applicable data processing policies and instructions. 

We may also need to share your Employee Data with a purchaser or potential purchaser of our business (or part of it). Such sharing does not occur regularly, but should it be necessary, we will share only smallest possible amount of your Employee Data and always in the limits of applicable legislation. 

We may provide aggregate statistics about our employees and Employment to reputable third parties, but these statistics are anonymized and will not include your Employee Data.

Security

Employee Data is protected by organisational and technical measures against accidental and/or unlawful access, alteration, and destruction or other processing including unauthorized disclosure and transfer of Employee Data.

Such measures include (without limitation) proper firewall arrangements, malware detection, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) provide us with and implement IT systems.

Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Personnel processing Employee Data as part of their tasks is trained and properly instructed in data protection and data security matters.

Automated Decision-Making

We do not make decisions about you through automated decision-making.

Use of Cookies

We may occasionally place information on your computer which allows us to recognize your computer. This information is commonly known as a “cookie”. Typically, cookies enable collection of certain information regarding your computer, including your IP address, your computer’s operating system, your browser type and the address of any referring sites. Cookies are intended to improve the availability and quality of the Employment. We will only use cookies on your consent (apart from strictly necessary ones which enable the website to function). A separate Cookie Statement explains the cookies in detail (references to Statement above and below also include the contents of the Cookie Statement unless otherwise stated case by case). In case of possible discrepancy, the information provided in the Cookie Statement prevails over information of this Statement.

Your Rights Concerning Employee Data Processing

At any time, you have the right to:

  • Gain access to your Employee Data and receive a copy of the Employee Data and related supplementary information concerning Employee Data processing as required by the law;
  • Verify the accuracy of your Employee Data and at your request, have your incomplete, inaccurate or outdated Employee Data modified or erased;
  • Under certain circumstances, be forgotten by us with regards certain Employee Data if;
    • Employee Data are no longer necessary in relation to the purposes of Employee Data processing;
    • The Employee Data subject withdraws consent on which the processing of Employee Data is based and where there is no other legal ground for the processing;
    • Employee Data must be erased for compliance with a legal obligation in EU or member state law to which Siili is subject; or
    • The Employee Data have been unlawfully processed by Siili;
  • Have the processing of your Employee Data restricted under certain circumstances if; 
    • The Employee Data subject contests the accuracy of the Employee Data;
    • The processing is unlawful, and the Employee Data subject opposes the erasure of the Employee Data and requests the restriction instead; or
    • Siili no longer needs the Employee Data for the purposes of uses, but Employee Data are required by the data subject for the establishment, exercise or defense of legal claims;
  • Receive your Employee Data which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller; and
  • Lodge a complaint with a supervisory authority (Finnish Data Protection Ombudsman). 


Also, at any time, you have the right to:

  • Withdraw your consent (if any) to processing of certain Employee Data of you. 


Please note that the withdrawal of your consent as well as absence or non-availability of your Employee Data, fully or partially, prevents or may prevent us from committing to the Employment from our side. 

We recommend that you exercise these rights by accessing to your user profile in our online Employment tools provided that such access is available for you. You may also contact your Siili manager directly or other of us to the contact information provided below or send us an e-mail at dataprotection@siili.com in order to use your rights. However, the request may be declined or restricted when allowed or required under the law. 

New Versions of This Statement

We may change or amend this Statement as necessary, and therefore we recommend that you revisit this Statement regularly.

Siili Contact Information

If you want to contact us in data protection related matters (concerning your Employment or in general), please send us an e-mail at dataprotection@siili.com