Integritetspolicy

Privacy Policy

Modified 30.12.2024

Registrar
Woikoski Oy (3464210-8)
Virransalmentie 2023
52920 Voikoski

Contact person for matters concerning the register
tietosuoja@woikoski.fi

Registry
Access control register

Preparation date
2024-10-08

Legal basis for processing
Legal Obligation

Purpose of processing personal data
Legal bases of processing data is legal obligation. Personnel access and (working hours, if combined) monitoring.

Recipients and recipient groups
The data controller’s personnel and outsourcing partners when applicable.

Data content of the register

Regulatory data sources
System contact persons for units. Access grant applications. Clock-ins at working hour recorders.

Personal data retention period
The data is kept for 10 + 1 years from the end of the employment.

Regulatory data transfers
For the part of working hour monitoring, realisation and deviation reports to supervisors by month of by wage period. Data in the filing system will not be disclosed to third parties unless disclosure is required for the maintenance of employee relations of the payment of wages.

Transfer of data outside the EU or EEA
Data in the filing system will not be transferred outside the EU or the EEA.

Principles of register protection A: Manual data
Manual materials are stored in locked premises. The protection of all data in the filing system is carried out in accordance with the Personal Data Act (523/1999), the regulations and principles of the Information Society Code (917/2014), regulatory provisions, and good data processing practices.

Principles of register protection B: Electronic material
Access to the data stored in the filing system is given only to such persons and in such scope that is required for the purposes of employee supervision, monitoring, payroll tasks or other tasks related to the maintenance of employee
relations. The filing system is kept on a protected server which is located in Finland.

The protection of all data in the filing system is carried out in accordance with the Personal Data Act (523/1999), the regulations and principles of the Information Society Code (917/2014), regulatory provisions, and good data processing practices.

Cookies
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and
personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.

Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.

The following types of data are collected using cookies:

Your rights
A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been
saved. Disabling cookies may affect the functionality of the website.

GOOGLE ANALYTICS
We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or
persons.

Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal
Google account at https://www.google.com/settings/ads Google Analytics -monitoring can be disabled with a Chrome add-on.

Right of inspection, i.e. the right to access personal data
The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed.

The right to transfer data from one system to another
The data subject has the right to transfer his or her own data from one system to
another. The transfer request can be addressed to the registry contact person.

The right to demand correction of information
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator.

The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay. Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.

If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Right to lodge a complaint with a supervisory authority
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.

The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.

Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700, tietosuoja@om.fi, www.tietosuoja.fi/en/

Other rights related to the processing of personal data
The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten after employment is terminated.

Privacy Policy
Modified 28.11.2025

Registrar
Woikoski Oy (3464210-8)
Virransalmentie 2023
52920 Voikoski

Contact person for matters concerning the register
tietosuoja@woikoski.fi

Registry
Camera surveillance register

Preparation date
2024-10-08

Legal basis for processing
Legitimate Interest

Purpose of processing personal data
Legal bases of processing data: the legitimate interest of the data controller. Data is processed as required to investigate possible security anomalies at the premises of the data controller and, in the case of criminal cases, by the
necessary authorities.

The purpose of processing has to do with general safety, such as the investigation and prevention of criminal activity, vandalism, and other types of misconduct on premises owned or monitored by the data controller.

The individuals defined by the controller are legitimate on the basis of their duties or position on the processing of personal data on camera surveillance (eg recordings for viewing and listening to records), as well as administrative
services personell, and possibly individual persons related to solving current matter.

In addition, the employer also has the right to use the registry for the protection of privacy in accordance with Article 17 § 2 of Section 1-3 of the Law on Privacy (759/2004) to conclude the establishment of an employment relationship to the
establishment of an employment relationship, disruption or harassment of harassment or harassment in the Act on Equality between Women and Men (609/1986) in order to identify and demonstrate the harassment and inappropriate behavior referred to in the Occupational Safety Authority (738/2002), as well as to identify the risk or threat of occupational safety or other occupational safety.

Basis of legitimate interest
The data controller’s legitimate interest for processing collected and used personal data is based on the Data Controller’s and it’s employee’s security needs and the freedom to engage in commercial activity.

Recipients and recipient groups
The controller’s own personnel. Information is not regularly disclosed anywhere without a legitimate criterion (the law on the protection of privacy in working life 759/2004). Information is transferred to the police only in special situations
through the criminal reporting procedure in cases where there has been or suspected of an offense or in case of damage if necessary for the insurance company.

Information may also be disclosed to identify and recover the accident at work, harassment or other inappropriate behavior to the supervisor’s leadership of the controller’s organization.

Data content of the register
The register contains the following personal data of the following image material from any of the persons moving in the domain of the data controllers property in the domain of the data controllers property:

1) The appearance of a person and the characteristics of the person
2) Exact time and location of movement on property or in the area of surveillance.

The register saves information always when a person is moving in the camera monitoring area as camera control works with motion detection. The recording camera control is indicated by labeling. The cameras are placed in the
entrances, general premises, paths and yard areas owned / managed by the controller owned / managed by the controller, and for particular control need for certain functional reasons due to particularly vulnerable objects.

Regulatory data sources
As a regular source of information, there are surveillance cameras whose registers describe the registry information, which are the image material transmitted by the cameras of the recording control system.

Personal data retention period
Data collected from surveillance cameras is stored for a period deemed necessary if they contain data relevant for on-going investigations.

After the investigation has been completed, the data are stored for as long as is necessary for conducting relevant legal procedures.

After this the data will be removed. If the retention period becomes a notification of damage or any other offense, the recording is kept in this respect for the period required to determine the crime. The data controller removes the stored personal information when there is no longer any legal basis for their handling. The data controller will regularly evaluate the need for retention of data regularlyin accordance with its internal code of conduct

Regulatory data transfers
Data in the filing system will not be disclosed to third parties unless disclosure is required for upholding security.
If criminal activity is suspected, data may be disclosed to the police.

Transfer of data outside the EU or EEA
Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.

Principles of register protection A: Manual data
Manually processed data are stored in premises that can only be accessed by authorised persons.

Only identifiable individuals employed by the data controller or companies acting on behalf of or under commission by the data controller who have signed confidentiality agreements have access to data stored in the filing system by
means of unique access permissions.

Principles of register protection B: Electronic material
Electronically processed data contained within the filing system are protected with firewalls, passwords and other necessary data security measures in accordance with current methods in the field.

Only identifiable individuals employed by the data controller or companies acting on behalf of or under commission by the data controller who have signed confidentiality agreements have access to data stored in the filing system by
means of unique access permissions.

Automatic processing and profiling
The results of data processing are not used for profiling or other related purposes.

Right of inspection, i.e. the right to access personal data
The data subject has the right to inspect what information about them has been stored in the filing system. The request for data access should be sent to the responsible person of the register. The request must be made in writing and it must be signed by the data subject. A request for data access can also be made in person at the data controller’s place of business. In order to gain access to the data, the data subject should provide information on the place and time of when the recording would have taken place as accurately as possible. The data subject should attach a photo of themselves with the request for data access.

The right to transfer data from one system to another
The data subject has the right to transfer their personal data from one system to another. Request of transfer can be sent to the contact person of the filing system.

The right to demand correction of information
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

The written and signed request for rectification should be sent to the company’s customer service or the personal data filing system’s administrator.

The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay.

Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed. If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter alongto the Data Protection Ombudsman.

Right to lodge a complaint with a supervisory authority
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.

The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.
Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700, tietosuoja@om.fi, www.tietosuoja.fi/en/

Other rights related to the processing of personal data
Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.

Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system.

If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.

Privacy Policy
Modified 08.10.2024

Registrar
Woikoski Oy (3464210-8)
Virransalmentie 2023
52920 Voikoski

Contact person for matters concerning the register
Maarit Könönen, maarit.kononen@woikoski.fi

Registry
Contract register

Preparation date
2024-10-08

Legal basis for processing
Contract

Purpose of processing personal data
Legal bases of processing data is agreement.
The purpose of use for the filing system is to maintain, manage, archive, and process contracts signed with customers and other interest groups as well as to maintain customer relationships. Information can be used to improve the company’s operation, for statistical purposes, and for producing more personalised content. Personal data are processed in accordance with the requirements of the Personal Data Act.

Data in the filing system can be used in the company’s own filing systems for example for targeted advertising without disclosing personal data to external parties. The company may use partners to maintain customer and service relations, which means that part of the data held within the filing system may be transferred onto a partner’s server due to technical requirements. These data will be processed solely for the purpose of maintaining the company’s customer relations using technical interfaces.

Recipients and recipient groups
The data controller’s personnel and outsourcing partners when applicable.

Data content of the register
Contract register contains the following information:

Regulatory data sources
Phone and other electronic methods of communication. Data can also be obtained from subcontractors related to the use or production of a specific service.

Data on the customers’ other activities in the digital environment can be obtained from partner websites, data systems or other digital sources using electronic sign-in (link), cookies or customer-specific identifiers. Data in the contract register are used solely by the company, except when an external service provider is used either to provide added value services or to support credit-related decision-making.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law. A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, outstanding invoices, or debt collection.

Personal data retention period
10 years after the end of the contract.

Regulatory data transfers
Data in the filing system are used solely by the company, except when an external service provider is used either to provide added value services or to support credit-related decision-making.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law.

A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, outstanding invoices, or debt collection.

Transfer of data outside the EU or EEA
Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.

Principles of register protection A: Manual data
Contact information collected during customer events and other manually processed documents containing customer data are stored in a locked and fireproof space after initial processing. Only specific employees who have signed confidentiality agreements have the right to process manually stored customer data.

Principles of register protection B: Electronic material
Only specific employees working for or on behalf of the company have the right to use the contract register and maintain data stored in it. Each specific user has his or her personal username and password. Each user has signed a confidentiality agreement. The system is protected by a firewall to prevent external attacks on the system.

Cookies
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.

Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.

The following types of data are collected using cookies:

Your rights
A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved. Disabling cookies may affect the functionality of the website.

GOOGLE ANALYTICS
We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or persons.

Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal Google account at https://www.google.com/settings/ads Google Analytics -monitoring can be disabled with a Chrome add-on.

Right of inspection, i.e. the right to access personal data
The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed.

The data subject has the right to prohibit the processing of his or her data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service.

The right to transfer data from one system to another
The data subject has the right to transfer his or her own data from one system to another. The transfer request can be addressed to the registry contact person.

The right to demand correction of information
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay.

Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.

If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Right to lodge a complaint with a supervisory authority
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority. The complaint can also be lodged in a member state where you are a permanent resident or where you are employed. Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700, tietosuoja@om.fi, www.tietosuoja.fi/en/

Other rights related to the processing of personal data
Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.

Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system.

If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.

Privacy Policy

Modified 30.12.2024

Registrar
Woikoski Oy (3464210-8)
Virransalmentie 2023
52920 Voikoski

Contact person for matters concerning the register
tietosuoja@woikoski.fi

Registry
Customer register

Preparation date
2024-10-08

Legal basis for processing
Legitimate Interest

Purpose of processing personal data
The purpose of the filing system is the maintenance of the company’s customer register, managing customer orders, data filing and processing, and the maintenance of customer relations.

Information can be used to improve the company’s operation, for statistical purposes, and for producing more personalised content in our online services. Personal data are processed in accordance with the requirements of the Personal Data Act.

Data in the filing system can be used in the company’s own filing systems for example for targeted advertising without disclosing personal data to external parties. The company may use partners to maintain customer and service relationships, which means that part of the data held within the filing system may be transferred onto a partner’s server due to technical requirements. These data will be processed solely for the purpose of maintaining the company’s customer relationships using technical interfaces.

The company has the right to publish data contained in the customer register as an electronic or written list unless the customer especially prohibits this. In this case a list means for example address labels used for direct mail advertising. The customer has the right to prohibit the publication of data by notifying the company’s customer service by email (email address) or by contacting the filing system’s contact person.

Recipients and recipient groups

Regulatory data sources
Data are obtained during a customer’s purchase in a company’s shop, online service or retailer, or from client notifications when a customer uses a service provided by the company.

Data are obtained from registrations made by the customer as well as other notifications received during the course of the customer relationship. Updates to names and contact information are also received from authorities and companies providing update services. Data can also be obtained from subcontractors related to the use or production of a specific service.

Data on the customers’ other activities in the digital environment can be obtained from partner websites, data systems or other digital sources using electronic sign-in (link), cookies or customer-specific identifiers. The data stored in the customer register are used solely by the company, except when an external service provider is used either to provide added value services or to support credit-related decision-making.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law. Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities. A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, outstanding invoices, or debt collection.

Personal data retention period
10 years from the end of the customer relationship.

Regulatory data transfers
The data stored in the customer register are used solely by the company, except when an external service provider is used either to provide added value services or to support credit-related decision-making.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law. A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, outstanding invoices, or debt collection.

Transfer of data outside the EU or EEA
Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.

Principles of register protection A: Manual data
Contact information collected during customer events and other manually processed documents containing customer data are stored in a locked and fireproof space after initial processing. Only specific employees who have signed confidentiality agreements have the right to process manually stored customer data.

The protection and processing of data in the register complies with the provisions and principles of the Data Protection Act, regulations of the authorities and good data processing practice.

Principles of register protection B: Electronic material
Only specific employees working for or on behalf of the company have the right to use the customer-owner or customer register and maintain data stored in it. Each specific user has his or her personal username and password. Each user has signed a confidentiality agreement.

The system is protected by a firewall to prevent external attacks on the system. The protection and processing of data in the register complies with the provisions and principles of the Data Protection Act, regulations of the authorities and good data processing practice.

Cookies
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.

Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.

The following types of data are collected using cookies:

Your rights
A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved. Disabling cookies may affect the functionality of the website.

GOOGLE ANALYTICS
We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or persons.

Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal Google account at https://www.google.com/settings/ads Google Analytics -monitoring can be disabled with a Chrome add-on.

Right of inspection, i.e. the right to access personal data
The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed.

The data subject has the right to prohibit the processing of his or her data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service.

The right to transfer data from one system to another
The data subject has the right to transfer his or her own data from one system to another. The transfer request can be addressed to the registry contact person.

The right to demand correction of information
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay. Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.

If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Right to lodge a complaint with a supervisory authority
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.

The complaint can also be lodged in a member state where you are a permanent resident or where you are employed. Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700, tietosuoja@om.fi, www.tietosuoja.fi/en/

Other rights related to the processing of personal data
Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.

Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system.

If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.

Privacy Policy

Modified 08.10.2024

Registrar
Woikoski Oy (3464210-8)
Virransalmentie 2023
52920 Voikoski

Contact person for matters concerning the register
Maarit Könönen, maarit.kononen@woikoski.fi

Registry
Invoicing register

Preparation date
2024-10-08

Legal basis for processing
Consent

Purpose of processing personal data
Legal bases of processing data is legitimate interest. The purpose of use for the filing system is to enable the delivery of invoices to customers.

Data can be used for the purposes of developing the company’s business activities. The customer has the right to prohibit the publication of data by notifying the company’s customer service by email (email address) or the filing system’s contact person.

Recipients and recipient groups
The data controller’s personnel and outsourcing partners when applicable.

Data content of the register

Invoicing register contains the following information:

Regulatory data sources
Data are obtained during a customer’s purchase or order from a company’s shop, online service or retailer or from client notifications when a customer uses a service provided by the company.

Data are obtained from registrations made by the customer as well as other notifications received during the course of the customer relationship. Updates to names and contact information are also received from authorities and companies providing update services. Data can also be obtained from subcontractors related to the use or production of a specific service. The data stored in the invoicing register are used solely by the company, except when an external service provider is used to provide added value services or invoicing services, or to support credit-related decision-making.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law. Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities. A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, outstanding invoices, or debt collection.

Personal data retention period
10 years from the end of the customer relationship.

Regulatory data transfers
The data stored in the invoicing register are used solely by the company, except when an external service provider is used either to provide added value services or to support credit-related decision-making.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law.

A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, outstanding invoices, or debt collection.

Transfer of data outside the EU or EEA
Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.

Principles of register protection A: Manual data
Contact information collected during customer events and other manually processed documents containing customer data are stored in a locked and fireproof space after initial processing. Only specific employees who have signed confidentiality agreements have the right to process manually stored customer data.

Principles of register protection B: Electronic material
Only specific employees working for or on behalf of the company have the right to use the invoicing register and maintain data stored in it. Each specific user has his or her personal username and password. Each user has signed a confidentiality agreement. The system is protected by a firewall to prevent external attacks on the system.

Cookies
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.

Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.

The following types of data are collected using cookies:

Your rights
A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved. Disabling cookies may affect the functionality of the website.

GOOGLE ANALYTICS
We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or persons.

Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal Google account at https://www.google.com/settings/ads Google Analytics -monitoring can be disabled with a Chrome add-on.

Right of inspection, i.e. the right to access personal data
The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed.

The data subject has the right to prohibit the processing of his or her data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service.

The right to transfer data from one system to another
The data subject has the right to transfer his or her own data from one system to another. The transfer request can be addressed to the registry contact person.

The right to demand correction of information
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay. Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.

If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Right to lodge a complaint with a supervisory authority
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.

The complaint can also be lodged in a member state where you are a permanent resident or where you are employed. Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700, tietosuoja@om.fi, www.tietosuoja.fi/en/

Other rights related to the processing of personal data
The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.

Privacy Policy

Modified 30.12.2024

Registrar
Woikoski Oy (3464210-8)
Virransalmentie 2023
52920 Voikoski

Contact person for matters concerning the register
tietosuoja@woikoski.fi

Registry
Newsletter register

Preparation date
2024-10-08

Legal basis for processing
Legitimate Interest

Purpose of processing personal data
The purpose of use for the filing system is to promote business operations, create new customer relationships and to communicate with potential customers.

Collected data are used to create and maintain new customer relationships as well as carry out other business-related tasks. The basis of processing is legitimate interest.

Basis of legitimate interest
The data controller’s legitimate interest allows the direct B2B marketing of products and services that are related to the recipient’s area of responsibility within their company.

The data controller’s legitimate interest for processing collected and used personal data is based on the company’s direct marketing needs and the freedom to engage in commercial activity.

Direct marketing is considered a legitimate interest in accordance with the EU General Data Protection Regulation

Recipients and recipient groups
The data controller’s personnel and outsourcing partners when applicable.

Data content of the register

The register may contain the following information:

Data concluded from use data analytics (inferred data), including

Regulatory data sources

Personal data retention period
Personal data are stored for only the duration that is necessary for the abovementioned purposes of processing in accordance with current legislation. Email messages related to targeted direct marketing and use data related to the company’s website are automatically deleted at regular intervals.

Regulatory data transfers
The data stored in the register is used solely by the data controller and its employees, except when an external service provider is used either to provide added value services or to support credit-related decision-making. Data will not be disclosed to external parties or to the data controller’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law.

A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, matters related to the management of the customer relationship, outstanding invoices, or debt collection.

Transfer of data outside the EU or EEA
Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.

Principles of register protection A: Manual data
Manually processed documents containing customer data (e.g. printed emails or their attachments, printed online forms or other similar documents) are, after initial processing, stored in a locked and fireproof space.

Only specific employees who have signed confidentiality agreements have the right to process manually stored customer data. The protection of all data in the filing system is carried out in accordance with the regulations and principles of the Data Protection Act, regulatory provisions, and good data processing practices.

Principles of register protection B: Electronic material
Only specific employees working for or on behalf of the organisation have the right to use for example workstations whose software can be used to maintain data on potential customers. Each specific user has their personal username and password. Each user has signed a confidentiality agreement.

The system is protected by a firewall to prevent external attacks on the system, and workstations are protected by relevant security software. The protection of all data in the filing system is carried out in accordance with the regulations and principles of the Data Protection Act, regulatory provisions, and good data processing practices.

Cookies
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.

Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.

The following types of data are collected using cookies:

Your rights
A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved. Disabling cookies may affect the functionality of the website.

GOOGLE ANALYTICS
We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or persons.

Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal Google account at https://www.google.com/settings/ads Google Analytics -monitoring can be disabled with a Chrome add-on.

Right of inspection, i.e. the right to access personal data
The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed.

The data subject has the right to prohibit the processing of his or her data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service.

The right to transfer data from one system to another
The data subject has the right to transfer his or her own data from one system to another. The transfer request can be addressed to the registry contact person.

The right to demand correction of information
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay. Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.

If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Right to lodge a complaint with a supervisory authority
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.

The complaint can also be lodged in a member state where you are a permanent resident or where you are employed. Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700, tietosuoja@om.fi, www.tietosuoja.fi/en/

Other rights related to the processing of personal data
Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.

Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system. If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.

Privacy Policy
Modified 30.12.2024

Registrar
Woikoski Oy (3464210-8)
Virransalmentie 2023
52920 Voikoski

Contact person for matters concerning the register
tietosuoja@woikoski.fi

Registry
Prospects, potential customers

Preparation date
2024-10-08

Legal basis for processing
Legitimate Interest

Purpose of processing personal data
Legal bases of processing data is legitimate interest.

The purpose of use for the filing system is to promote business operations, create new customer relationships and to communicate with potential customers.

Collected data are used to create and maintain new customer relationships as well as carry out other business-related tasks.

Basis of legitimate interest
Establishing and negotiating customer relationship and other activities related to the data controller’s business. The data controller’s legitimate interest for processing collected and used personal data is based on the company’s direct marketing needs and the freedom to engage in commercial activity. Direct marketing is considered a legitimate interest in accordance with the EU General Data Protection Regulation.

Recipients and recipient groups
The data controller’s personnel and outsourcing partners when applicable.

Data content of the register
Personal data filing system contains the following information:

Regulatory data sources
Data are collected from email messages and business cards received from customers as well as during phone conversations and face-to-face meetings with customers. Data can also be received from interest groups, such as mass communication, marketing or contact forms on the company website.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law. Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities. A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, matters related to the management of the customer relationship, outstanding invoices, or debt collection.

Personal data retention period
Personal data are stored for only the duration that is necessary for the abovementioned purposes of processing in accordance with current legislation.

Regulatory data transfers
The data stored in the register are used solely by the company and its employees, except when an external service provider is used either to provide added value services or to support credit-related decision-making.

Data will not be disclosed to external parties or to the company’s partners except for purposes related to credit applications, debt collection or invoicing as well as in situations required by law.

A data subject’s personal data will be removed upon the data subject’s request unless such removal is prohibited by legislation, matters related to the management of the customer relationship, outstanding invoices, or debt collection.

Transfer of data outside the EU or EEA
Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.

Principles of register protection A: Manual data
Manually processed documents containing customer data (e.g. printed emails or their attachments, printed online forms or other similar documents) are, after initial processing, stored in a locked and fireproof space. Only specific employees who have signed confidentiality agreements have the right to process manually stored customer data.

Principles of register protection B: Electronic material
Only specific employees working for or on behalf of the company have the right to use for example workstations whose software can be used to maintain data on potential customers. Each specific user has his or her personal username and password. Each user has signed a confidentiality agreement. The system is protected by a firewall to prevent external attacks on the system, and workstations are protected by relevant security software.

Cookies
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer of files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.

Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.

The following types of data are collected using cookies:

Your rights
A user visiting our website has the right to prohibit the use of cookies at any time by changing his or her browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved. Disabling cookies may affect the functionality of the website.

GOOGLE ANALYTICS
We collect user statistics from our website using the Google Analytics service, the purpose of which is to monitor site activity, improve site functionality and develop marketing. The data collected cannot be linked to individual users or
persons.

Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal
Google account at https://www.google.com/settings/ads Google Analytics -monitoring can be disabled with a Chrome add-on.

Right of inspection, i.e. the right to access personal data
The data subject has the right to check what data has been stored about them in the filing system. The request for access must be made in writing or from a verifiable email address. The data subject has the right to prohibit the processing and disclosure of their data for the purposes of direct marketing, distance marketing or opinion polls by contacting the data controller’s customer service.

The right to transfer data from one system to another
The data subject has the right to transfer his or her own data from one system to another. The transfer request can be addressed to the registry contact person.

The right to demand correction of information
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay. Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.

If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Right to lodge a complaint with a supervisory authority
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority. The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.

Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700, tietosuoja@om.fi, www.tietosuoja.fi/en/

Other rights related to the processing of personal data
Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.

Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system. If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.

Privacy Policy
Modified 08.10.2024

Registrar
Woikoski Oy (3464210-8)
Virransalmentie 2023
52920 Voikoski

Contact person for matters concerning the register
Maarit Könönen, maarit.kononen@woikoski.fi

Registry
Recruitment register

Preparation date
2024-10-08

Legal basis for processing
Legitimate Interest

Purpose of processing personal data
Legitimate interest.

Recipients and recipient groups
The data controller’s personnel and outsourcing partners when applicable.

The name and contact information of an employee’s potential referrer may also
be stored in the filing system.

Regulatory data sources
Data stored in the filing system comes from the data subject.

Personal data retention period
Recruitment information is kept for 24 months, after which the information is destroyed in a secure manner.

Regulatory data transfers
Data in the filing system will not be disclosed to third parties unless it is necessary for recruitment or entry into employment.

Transfer of data outside the EU or EEA
Data in the filing system will not be transferred outside the EU or the EEA.

Principles of register protection A: Manual data
Recruitment informations are stored in a locked cabinet to which only the archivist has access.

All other data related to the filing system is only kept in electronic format, and data are only processed electronically. Access to the data stored in the filing system is given only to such persons and in such scope that is required for the purposes of recruitment and other tasks related to start employment relationship. The filing system is kept on a protected server which is located in Finland.

The protection of all data in the filing system is carried out in accordance with the Personal Data Act (523/1999), the regulations and principles of the Information Society Code (917/2014), regulatory provisions, and good data processing practices.

Principles of register protection B: Electronic material
Access to the data stored in the filing system is given only to such persons and in such scope that is required for the purposes of recruitment and other tasks related to start employment relationship. The filing system is kept on a protected server which is located in Finland.

The protection of all data in the filing system is carried out in accordance with the Personal Data Act (523/1999), the regulations and principles of the Information Society Code (917/2014), regulatory provisions, and good data processing practices.

Right of inspection, i.e. the right to access personal data
The data subject has the right to check what data has been stored about him or her in the filing system. A request for data access must be given in writing by contacting the company’s customer service or the filing system’s contact person either in Finnish or English. The request for data access must be signed. The data subject has the right to prohibit the processing of his or her data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service.

The right to transfer data from one system to another
The data subject has the right to transfer his or her own data from one system to another. The transfer request can be addressed to the registry contact person.

The right to demand correction of information
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

A written request for rectification, signed by hand, should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay. Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.

If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Right to lodge a complaint with a supervisory authority
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority. The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.

Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700, tietosuoja@om.fi, www.tietosuoja.fi/en/

Other rights related to the processing of personal data
Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.

Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system. If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.

Privacy Policy
Modified 30.12.2024

Registrar
Woikoski Oy (3464210-8)
Virransalmentie 2023
52920 Voikoski

Contact person for matters concerning the register
tietosuoja@woikoski.fi

Registry
Website visitors

Preparation date
2019-04-11

Legal basis for processing
Legitimate Interest

Purpose of processing personal data
The purpose of the filing system is to ensure the security of the company’s website. Collected data (IP address) is only used in the event investigations related to faults or data breaches. The basis of processing is legitimate interest of the data controller.

Basis of legitimate interest
The data controller’s legitimate interest for processing collected and used personal data is based on the freedom to engage in commercial activity.

Recipients and recipient groups
Limited, authorised personnel of the website administration server provider.

Data content of the register
Personal data filing system contains the following information:

Regulatory data sources
Data are obtained from the customer when they visit the organisation’s website.

Personal data retention period
The data are never separately removed from the webserver.

Regulatory data transfers
The data contained in the filing system is only available to the company, except when an external service provider is used, in which case the service provider in question is given access to the data. Data are not disclosed outside the company or its partners, except in the case of investigations related to data breaches or other similar events.

Transfer of data outside the EU or EEA
Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.

Principles of register protection B: Electronic material
Only specific employees working for or on behalf of the company have the right to use the website administration server. Each specific user has their personal username and password. Each user has signed a confidentiality agreement. The system is protected by a firewall to prevent external attacks on the system.

Cookies
We use cookies on our website. A cookie is a small text file that is sent to and stored on the user’s computer. Cookies do not cause any harm to the user’s computer or files. The primary purpose for the use of cookies is to improve and personalise a visitor’s user experience on our website as well as to analyse and improve the functionality and content of our site.

Data collected with cookies can also be used in targeted communication and marketing as well as optimising marketing activities. Visitors cannot be identified based solely on cookies. However, data collected with cookies can be linked with possible data received from the user in other situations, for example when the user fills in a form on our website.

The following types of data are collected using cookies:

Your rights
A user visiting our website has the right to prohibit the use of cookies at any time by changing their browser settings. Most browser software give the option of disabling cookies and of removing cookies that have already been saved. Disabling cookies may affect the functionality of the website.

GOOGLE ANALYTICS
Usage statistics are collected from the website using the Google Analytics service, the purpose of which is to monitor site activity as well as to develop the site and its marketing. The data collected cannot be linked to individual users or persons.

Additionally, we collect Google Analytics Demographics data, which includes for example the age and gender of the visitor as well as topics of interest. Settings related to the collection of these data can be changed using your personal Google account at https://www.google.com/settings/ads Google Analytics monitoring can be disabled with a Chrome add-on.

Automatic processing and profiling
The results of data processing are not used for profiling or other related purposes.

Right of inspection, i.e. the right to access personal data
The data subject has the right to check what data has been stored about them in the filing system. Request for access must be made in writing by contacting the company’s customer service or the contact person of the filing system in Finnish or English. The request for data access must be signed.

The data subject has the right to prohibit the processing of their data and its disclosure for the purposes of direct marketing, distance marketing or opinion polls by contacting the company’s customer service. The data controller has the right to issue an invoice if costs are incurred by carrying out the request.

The right to transfer data from one system to another
The data subject has the right to transfer their personal data from one system to another. Request of transfer can be sent to the contact person of the filing system.

The right to demand correction of information
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.

The written and signed request for rectification should be sent to the company’s customer service or the personal data filing system’s administrator. The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay.

Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed. If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Right to lodge a complaint with a supervisory authority
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority. The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.

Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700, tietosuoja@om.fi, www.tietosuoja.fi/en/

Other rights related to the processing of personal data
Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.

Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system. If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.

The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.

Privacy Policy
Modified 30.12.2024

Registrar
Woikoski Oy (3464210-8)
Virransalmentie 2023
52920 Voikoski

Contact person for matters concerning the register
tietosuoja@woikoski.fi

Registry
WB reporting channel register

Preparation date
2024-10-08

Legal basis for processing
Legal Obligation

Purpose of processing personal data
Based on the contents of the report, the legal basis is one of the following:
– legal obligation (reported data falling under the scope of the directive) or
– legitimate interest (reported data falling outside the scope of the directive).

Data processing is based on legislation on whistleblower protection and the socalled “whistleblowing directive” of the EU, and processing is carried out for the purposes of preventing and investigating malpractice, crimes and other similar breaches.

Basis of legitimate interest
Legitimate interest is based on a relationship between the data controller and the data subject: the reporter is either an employee of the data controller, contractor or a stakeholder or similar as defined in the WB directive.

Personal data categories concerned
Name of the person being reported and other information on their conduct as well as the name of the reporter, unless the report was made anonymously. The processing may involve a high risk, depending on the contents of the report.
This risk has been assessed in more detail in the reporting channel register impact assessment, which can be found in the “impact assessments” section of the Easy GDPR service.

Recipients and recipient groups
The data controller’s own personnel and, when required for more in-depth investigations, a dedicated external partner whose GDPR compliance has been assessed and with whom other measures in accordance with article 28 have been carried out. Data may also be disclosed to the police or other authorities in situations where a crime has occurred or is suspected.

Data content of the register
The register contains the following information:
– name of reporter
– name of person being reported
– information provided by the reporter in connection to the report.

Personal data that is clearly not relevant for the processing of the report will not be collected, or if such data is collected by mistake, it will be removed without delay.

Regulatory data sources
From the data subjects themselves, meaning the reporters.

Personal data retention period
Data in the filing system are stored for as long as is required for providing proof of innocence for the data controller.

Regulatory data transfers
As a rule, data stored in the register are not disclosed to third parties, with the exception of specifically selected, GDPR compliant partners required for the investigation of reports with whom any measures required by article 28 have been carried out.

Transfer of data outside the EU or EEA
Data in the filing system will not be transferred outside the EU or the EEA.

Principles of register protection A: Manual data
Data related to the reporting channel register are primarily stored in an electronic format, and data are only processed electronically. Access to the data stored in the filing system is given only to such persons and in such scope that is required for the purposes of processing the reports, monitoring, or other tasks related to the reports.

The protection of all data in the filing system is carried out in accordance with the regulations and principles of the Data Protection Act, regulatory provisions, and good data processing practices.

Principles of register protection B: Electronic material
Access to the data stored in the filing system is given only to such persons and in such scope that is required for the purposes of processing the reports, monitoring, or other tasks related to the reports.

The filing system is kept on a protected server which is located in Finland. The protection of all data in the filing system is carried out in accordance with the regulations and principles of the Data Protection Act, regulatory provisions, and good data processing practices.

Automatic processing and profiling
The data is not used for automated decision-making or other similar assessment, and the processing does not cause any harm or consequences for the data subject.

Right of inspection, i.e. the right to access personal data
The data subject who is the subject of a report does not have the right of access to their data if the provision of this data could hinder the investigation of suspected misconduct.

If a phone line or other audio messaging system that does not contain a recording feature is used as a reporting channel, the data controller has the right to draw up detailed minutes on the discussion between the reporter and the person responsible for processing the report. In such a case, the reporter has the right to check and rectify the minutes drawn up of the discussion as well as to confirm them with their signature.

The right to transfer data from one system to another
The data subject does not have the right to transfer data if the provision of this data could hinder the investigation of suspected misconduct or endanger whistleblower protection.

The right to demand correction of information
The reporter has the right to check and rectify, for example, the minutes drawn up of a discussion as well as to confirm them with their signature. A request for rectification may also be denied. If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter along to the Data Protection Ombudsman.

Right to restriction
The data subject has the right to request that the processing of their personal data is restricted, for example, if data stored in the filing system is erroneous, as long as this does not hinder the investigation of suspected misconduct or endanger whistleblower protection. In such a case, data processing is restricted until the data controller has verified the accuracy of the data.

Right to object
The data subject does not have the right to object to data processing if this could hinder the investigation of suspected misconduct or endanger whistleblower protection.

Right to lodge a complaint with a supervisory authority
If the data subject considers that an infringement of the General Data Protection Regulation has occurred in the processing of their personal data, they have the right to lodge a complaint with a supervisory authority. The complaint can also be lodged in a member state where the data subject is a permanent resident or where they are employed.

Contact information for the national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700, tietosuoja@om.fi, www.tietosuoja.fi/en

Other rights related to the processing of personal data
The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten after employment is terminated, unless such a prohibition would hinder a criminal investigation or potentially endanger whistleblower protection.