Register and Privacy Policy This is the register and privacy policy of SunUra Ltd, in accordance with the Data Protection Act (5.12.2018/1050) and the General Data Protection Regulation (GDPR) of the EU. Prepared on 2.4.2018. Last updated on 1.10.2022.
- Data Controller SunUra Ltd info@sunura.fi 0408010831
- Contact Person for the Register Kimmo Laitinen CEO +358 44 974 3236 kimmo.laitinen@sunura.fi
- Register Name and Registered Individuals Register of Employment Services: Individuals participating in the services, individuals providing services, stakeholders in the services, and potential users of the services.
- Legal Basis and Purpose of Processing Personal Data The purpose of processing personal data is the management of SunUra Ltd’s customer and stakeholder relationships, informing customers and stakeholders, analyzing customer data, and conducting research activities. Data is not used for automated decision-making or profiling. The legal basis for processing personal data under the General Data Protection Regulation is legitimate interest. The processing of data is based on fulfilling the company’s contractual obligations and realizing the company’s legitimate interests.
- Register Data Content For individuals participating in the service, the register contains necessary information for service provision, including: name, contact details (phone number, email address, and street address), personal identification number, education and work history, employment path, CV, video CV, necessary job applications during the service, and any other information provided by the customer related to their employment. For employees, information necessary for employment management is collected, such as personal identification number, job title, start and end dates of employment, occupational health care, information required for monitoring working hours and annual leave, bank account number, and information related to the payment of trade union membership fees. Additionally, other information related to employment that legislation requires or allows to be collected. In the register of stakeholders and potential customers, information may be processed, including the contact details of stakeholders’ representatives, such as name, position in the organization, phone, email, address, and information required for organization billing. Additionally, collected information includes communication history and marketing consent. The data content of personal information in the register is retained as long as there is a legal basis for retention. After this period, personal information is either destroyed or anonymized. Contact details from personal information are retained for customer follow-up and, with the customer’s consent, for marketing purposes. Employee personal data is retained for the period required by law.
- Regular Data Sources The information to be stored in the register is obtained from the customer and their representatives from the TE Administration or municipal officials, as well as from messages sent via web forms, email, phone, social media services, contracts, customer meetings, and other situations where the customer provides their information.
- Regular Disclosures of Data and Transfer of Data Outside the EU or EEA Data stored in the register may be processed by SunUra Ltd’s staff and other individuals with the necessary access rights for performing their duties. Electronic register data may also be accessed, if necessary, by the data protection officer and individuals managing information systems. Data is not routinely disclosed to other parties. Data may be published or transferred as agreed with the customer. Register information is not transferred or disclosed outside the EU or EEA.
- Principles of Register Protection Care and diligence are followed in the processing of the register, and information processed through information systems is appropriately protected. When register information is stored on Internet servers, the physical and digital security of the hardware is adequately ensured. The data controller ensures that stored information, as well as server access rights and other information critical to the security of personal data, are handled confidentially and only by employees whose job description includes such responsibilities.
- Right of Inspection and Right to Request Correction of Information Every individual in the register has the right to check the information stored about them in the register and request the correction of any incorrect information or completion of any incomplete information. If a person wishes to check the information recorded about them or request corrections, the request must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller responds to the customer within the time frame specified in the EU data protection regulation (usually within a month). The registered individual has the right to be informed if their personal data has been accessed by parties or individuals not defined in this document.
- Other Rights Related to the Processing of Personal Data Individuals in the register have the right to request the deletion of their personal data from the register (“right to be forgotten”). Similarly, individuals in the register have other rights under the General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The registered individual has the right to bring the processing of their personal data to the attention of the supervisory authority. The data controller responds to the customer within the time frame specified in the EU data protection regulation (usually within a month).