Subcontractor Data Protection Statement
Date of entry into force: 9.11.2021
Siili Solutions Plc and its subsidiaries ("Siili", also "we", "us", "our"; Finnish Business ID 1979903-5) place the highest value on protecting your personal data. This Subcontractor Data Protection Statement ("Statement") explains our commitment to keeping your personal data ("Subcontractor Data") confidential and secure. Further, it describes how we process your Subcontractor Data in connection with cooperation between you and Siili ("Cooperation"). Siili is the data controller of your Subcontractor Data. Hence, Siili is responsible for your personal data processing and defines the purposes and means for the processing of your Subcontractor Data.
Siili processes your Subcontractor Data always in accordance with all applicable laws.
Please read this Statement carefully before committing to Cooperation. By committing to Cooperation, you express your understanding to our processing of your Subcontractor Data in accordance with this Statement. Otherwise, we expect that you will discontinue Cooperation and not to provide or cease providing us with your Subcontractor Data. Please note that the absence of your Subcontractor Data might prevent Siili from Cooperation with you.
Lawfulness of Processing of Your Subcontractor Data
The processing of your Subcontractor Data by us is legally based on:
- Contractual relationship either with you or with the subcontractor company you work for; and/or
- Obligations and rights of Siili based on mandatory laws; and/or
- Your consent; and/or
- Our legitimate interest (e.g., to assess your suitability for acting as our subcontractor).
Additionally, we may exceptionally need to collect and process certain Subcontractor Data belonging to special categories (see section "Subcontractor Data Siili Collects and Processes" below) – such personal data can be collected and processed by us:
- With your explicit consent only.
You have the right to withdraw your consent at any time. To do so, please contact us by sending an email to firstname.lastname@example.org.
Data Collection Methods and Sources of Subcontractor Data
If you wish to work as a subcontractor for Siili, you or the company you work for or any party representing you is required to submit to us your Subcontractor Data. This mainly occurs through completing and submitting a web form available in our subcontractor portal or sending an e-mail to the contact persons who take care of our subcontractor network. Additionally, your Subcontractor Data collection may also occur interactively with you or someone that represents you in a phone call, business meeting, or with other non-computerized means.
Additionally, but always informing you in advance and only with your expressly given consent, we may also collect your Subcontractor Data from employees of Siili and/or other persons or parties providing services for Siili.
Finally, our data collection may also occur by collecting digital information concerning your behavior within any digital services of Siili.
Subcontractor Data Siili Collects and Processes
Basic Subcontractor Data typically collected and processed by us consists mostly of your name, home and business address and your other contact details, such as email addresses and telephone numbers. We collect also information linking you to the company you work for such as the company name and your position or title in it. We also need your Subcontractor Data concerning e.g. your CV, seniority level, education and skills, language skills and location.
Depending on the case, we also collect any necessary information related to Cooperation between you and Siili, including information necessary for invoicing. Such information includes information on projects and assignments where you and Siili have acted together. We may also collect information on your business feedback and interests and expectations towards Siili or a customer’s feedback of your work in an assignment.
Furthermore, when you use any Siili IT tools and applications, we may collect certain personal data concerning you, such as the internet protocol (IP) address, the source of visit and the type of your web browser even prior to explicitly requesting any of your Subcontractor Data described above.
We do not generally collect or process any Subcontractor Data belonging to special categories, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or data concerning health or sex life. If there would be a need to collect this type of personal data, we would ask your explicit consent to processing such data.
Purposes of Processing
We process your Subcontractor Data to enable Cooperation and to take care of our responsibilities and obligations towards you, our customers and the authorities.
In detail, the purposes for processing and use of the Subcontractor Data include the following items:
- Subcontractor data management;
- Assessing subcontractor potential and suitability of a candidate;
- Performance, talent and rewards management and development;
- Learning and training management and development;
- Working time control;
- Enabling business processes (i.a. customer work and R&D);
- Reporting and analytics;
- Collecting and processing feedback from customer companies or from you;
- Enabling support functions (i.a. identity management activities);
- Ensuring and improving workplace and information security;
- Supporting wellbeing;
- Securing compliance with all applicable laws as well as establishing and exercising Siili legal rights (including claims) and defending Siili against legal claims.
Your Subcontractor Data will not be used for any other purpose than those described in this Statement.
We have defined retention periods for your Subcontractor Data based on mandatory legal requirements and industry common practices. Retention periods vary considerably depending on the nature and use of Subcontractor Data. If you need more detailed information on retention periods, please contact us directly by using contact information below for further advice.
Notwithstanding the above, the retention of your Subcontractor Data may be extended due to existing or imminent need of Siili to establish, exercise or defend itself against legal claims.
Disclosures and Transfers
We will not disclose your Subcontractor Data except as provided in this section or when you have given your consent.
We do not generally disclose any Subcontractor Data to be independently used by other data controllers outside Siili unless required by mandatory law (such as the authorities). As an exception, personal data related to Siili Academy training (i.a. participation and course information) can be disclosed to our trusted business partners for provisioning training certifications and maintaining information on them. Also customer assignments, in which you participate or may participate as our subcontractor, may require disclosures to our customers (such as your CV information).
We may transfer your Subcontractor Data to/from other Siili Group companies or to/from third parties (e.g. subcontractors) who process Subcontractor Data on behalf of us for the purposes described in this Statement. In this way, we do not release the Subcontractor Data from our effective control.
If Subcontractor Data is transferred to/from external data processors (subcontractors or vendors including other companies belonging to Siili) to be processed on behalf of Siili, appropriate data processing agreements, as required by the applicable laws, are executed to secure lawful and appropriate processing of Subcontractor Data.
As we operate internationally, due to necessary technical and practical requirements, your Subcontractor Data may be processed by other Siili companies or subcontractors located outside the European Union or European Economic Area (incl. Switzerland). Hence, countries to which your Subcontractor Data may be sent to or accessed from may have a data protection standard differing from the country in which we are located. In all such situations involving such international transfers of Subcontractor Data, the processing of Subcontractor Data shall be in accordance with applicable legislations (e.g. justified by EU Commission standard contractual clauses and supplementary measures, if necessary) and our data processing policies and instructions.
We may also need to share your Subcontractor Data with a purchaser or potential purchaser of our business. Such sharing does not occur regularly, but should it be necessary, we will share only smallest possible amount of your Subcontractor Data and always in the limits of applicable legislation.
We may provide aggregate statistics about our subcontractor companies and related persons to reputable third parties, but these statistics are anonymized and will not include your Subcontractor Data.
Subcontractor Data is protected by organisational and technical measures against accidental and/or unlawful access, alteration, and destruction or other processing including unauthorized disclosure and transfer of Subcontractor Data.
Such measures include (without limitation) proper firewall arrangements, malware detection, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) providing and implementing IT systems and services are retained.
Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Personnel processing Subcontractor Data as part of their tasks is trained and properly instructed in data protection and data security matters.
We do not make decisions about you through automated decision-making.
At any time, you have the right to:
- Gain access to your Subcontractor Data and receive a copy of your Subcontractor Data and related supplementary information concerning Subcontractor Data processing as required by the law;
- Verify the accuracy of your Subcontractor Data and at your request, have your incomplete, inaccurate or outdated Subcontractor Data modified or erased;
- Subcontractor Data is not any more necessary in relation to the purposes of Siili data processing;
- The Subcontractor Data have been unlawfully processed by Siili;
- The data subject withdraws consent on which the processing of Subcontractor Data is based and where there is no other legal ground for the processing;Under certain circumstances, be forgotten by us with regards certain Subcontractor Data if;
- The processing has been based solely on legitimate interests of Siili which the data subject has objected and no overriding legitimate grounds for the processing have been established;
- Under certain circumstances, have the processing of your Subcontractor Data restricted;
- The data subject contests the accuracy of the Subcontractor Data;
- The processing is unlawful, and the data subject opposes the deletion of such Subcontractor Data;
- Siili no longer needs the Subcontractor Data for its purposes of uses, but Subcontractor Data are required by the data subject for the establishment, exercise or defense of legal claims;
- Receive your Subcontractor Data which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller; and
- Lodge a complaint with a supervisory authority (in Finland Data Protection Ombudsman).
Also, at any time, you have the right to:
- Withdraw your consent to processing of your Subcontractor Data.
To use your rights, contact us by sending an e-mail to email@example.com. However, the request may be declined or restricted when allowed or required under the law.
New Versions of This Statement
We may change or amend this Statement as necessary and recommend, therefore, that you revisit this Statement regularly.
Siili Contact Information
If you want to contact us in data protection related matters, please send us an e-mail at firstname.lastname@example.org.