Privacy Notice

Privacy Notice – workseed.fi

Last updated: 31.3.2022

Workseed Oy (”Company”) undertakes to follow good data protection practices. The purpose of this document is to notify data subjects of the privacy principles and practices assocaited with the Company’s website. Personal data is used here to refer to all data by which an individual person can be identified.

This Privacy Notice relates to personal data processed in connection with the Company’s website. For more information concerning personal data processing relating to the Company’s Workseed service, please see: https://www.workseed.fi/static_edu/privacypolicy_en.pdf

 

1. Data controller and processors

The data controller for personal data processed in connection with the website is Workseed Oy (business ID 2733384-1), address Oppilaankatu 4, 53100 Lappeenranta, Finland. For personal data related inquiries, contact: support@workseed.fi.

The following third parties process personal data relating to the website as data processors subject to separate written data processing agreements:

  • SaaS platform provider, currently Microsoft Azure

2. Categories of personal data and the basis for processing the data

Personal data is processed on the Company’s website pursuant to the EU General Data Protection Regulation (”GDPR”) and applicable national data protection legislation. Personal data is only processed for the purposes stated below, and there is always a lawful basis for processing subject to the applicable data protection legislation. Providing personal data is not required in order to use the website.

The following categories of personal data are processed in connection with the website:

Category of personal data Reason for processing Lawful basis for processing Removal of personal data
Name and contact details of person filling in contact request
Answering contact request, handling sales process, customer management
Performance of contract (GDPR Article 6(1)(b))
Within 2 months of end of sales process or client no longer being a customer of the Company
Marketing the services of the Company (provided appropriate marketing consent is given or marketing is otherwise permitted)
Legitimate interests of Company (GDPR Article 6(1)(f))
Within 2 months of end of sales process or client no longer being a customer of the Company
Possible personal data entered in connection with personal note sent with contact request
Answering contact request, handling sales process
Performance of contract (GDPR Article 6(1)(b))
Within 2 months of end of sales process or client no longer being a customer of the Company
IP addresses of website visitors
Anonymisation of the IP addresses of website visitors for the use of Google Analytics
Legitimate interests of Company (GDPR Article 6(1)(f))
IP addresses cease to be personal data after succesful anonymisation

3. Non-personal data

In addition to the personal data mentioned above, the Company also processes data that does not identify individual users, and therefore does not fall within the scope of data protection legislation. The company, e.g., uses cookies, the use of which is described here: x. The Company also uses Google Analytics. However, Google Analytics is used in such a way that a part of the IP address of visitors is masked so that they cannot be used to identify individual users, and therefore this does not amount to the processing of personal data.

4. Security

Personal Data will be protected by reasonable security safeguards against accidental loss, unauthorized processing, the destruction of, or use or modification of, or unauthorized disclosure of the personal data. The Company employs appropriate technical and organizational security measures in order to protect the personal data. The safeguards the Company employs, such as limiting its personnel’s and subcontractors’ access to personal data and encryption of data, are proportionate to the likelihood and severity of any potential harms or threats, the sensitivity of the personal data, and the context in which it is held as well as development of security technologies.

6. Rights of data subjects

Under the General Data Protection Regulation (”GDPR”), the data subject has the following rights with regards to Personal Data, as more closely specified in Articles 15-21 of the GDPR:

  1. Right of access: the data subject has the right to request confirmation of whether his or her personal data is processed in connection with the website, and access to that personal data.
  2. Right of rectification: the data subject has the right to request the data controller to rectify any inaccurate or incomplete personal data concerning her or him held by or processed in connection with the website.
  3. Right of erasure: the data subject has the right to request that personal data concerning her or him is erased where it is no longer necessary for the purpose for which it was collected or processed, where she or he objects to the processing and there are no overriding legitimate grounds for processing, where her or his personal data is being unlawfully processed, or where personal data must be erased in order to comply with relevant legislation.
  4. Right of restriction: the data subject has the right to request restriction of processing of her or his personal data where the accuracy of the personal data is contested, where processing is unlawful or where the personal data is no longer needed by the data controller but she or he legitimately opposes the erasure of the personal data, or where she or he objects to the processing and it has not yet been verified whether legitimate grounds exist for the processing.
  5. Right to object: the data subject has the right to object to the processing of her or his personal data where the processing is based on the legitimate interests of the data controller or third parties as specified in Section 2.

The data subject has the right the right to contact the competent data protection authority and file a complaint regarding the processing of her or his personal data. With regards to Finland, the competent data protection authority is the Data Protection Ombudsman (www.tietosuoja.fi/en/home).

7. Transfers outside the EU/EEC

Personal Data relating to the website is only transferred or processed outside the EU/EEC pursuant to sufficient safeguards under Article 49 of the EU General Data Protection Regulation, such as an adequacy decision by the European Commission, or subject to standard contractual clauses approved by the European Commission. Data subjects have the right to receive a description of the data transferred subject to standard contractual clauses, as well as the measures undertaken to mitigate personal data risks in connection with the use of the standard contractual clauses.

8. Changes to the Privacy Notice

This Privacy Notice may be amended from time to time by posting an updated version to the website, after which the updated version shall apply. In the event there are substantial changes to the Privacy Notice, the Company may notify data subjects by other means, for example via email.