PRIVACY STATEMENT FOR CUSTOMERS
Last updated 23.3.2018
This Privacy Statement (hereinafter ”Statement”) informs you how HR4 Group Oy and its subsidiary companies collects, uses or shares your personal data in connection with the Service provided (”Service”) and/or website www.hr4.fi. Please read this Statement carefully before you start using the Service or browsing the website.
1. DATA CONTROLLER
The data controller in accordance with the applicable data protection law is HR4 Group Oy and its subsidiary (hereinafter together ” , ”we”, ”us” or ”our”). HR4 Group Oy and its subsidiary is responsible for ensuring that your personal data is processed in compliance with this Statement and applicable data protection laws.
Contact details of the data controller:
HR4 Group Oy and its subsidiary companies
Business ID: 1976197-7
Address: Keilaniementie 1, 02150 Espoo
Phone: +358 10 778 1700
Name of the person responsible for data protection:
Address: Keilaniementie 1, 02150 Espoo
We are part of Accountor Group. Contact details of Group Data Protection Officer:
Päivi Konttila-Lokio, Data Protection Officer
Address: Keilaniementie 1, 02150 Espoo, Finland
2. COLLECTION OF PERSONAL DATA
We may collect your personal data through different means. As a rule, we process personal data, which
- is provided by you when you communicate or do business with us e.g. when you buy our Service or register to our Service, subscribe to our newsletters or contact us requesting offers or information;
- is generated when using our Service or visiting our website e.g. when you log into the Service; and
- is obtained from other sources, where permitted by applicable law e.g. Finnish Registration Office, The Business Information System or post office registers.
You are not required to provide any personal data to us, but if you decide not to do so, it is possible that we will not be able to provide our Service to you.
The personal data we collect includes e.g. the following categories of data:
- basic information, such as name, your title and relation to a company you represent and contact details (email, address and phone) as well as language preferences;
- information relating to customer relationship, such as Service and order details, payment details, billing information, marketing permissions and prohibitions;
- customer interaction, customer contacts and replies as well as entries on the use of individuals’ rights;
- personal data generated in connection with the use of our Service or browsing our website e.g. user IDs, passwords, authentication details, time stamps and log data on the usage of Service, data collected by means of cookies and similar technologies through websites (device ID and type, operating system and application settings); and
- other data, which is based on your consent and defined in detail when your consent is asked.
3. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
We collect, process and use only personal data, which is needed for operational purposes, efficient customer care and relevant commercial activities.
Your personal data is processed for the following purposes:
1. Service provision and managing your customer relationship
The primary purpose of collecting personal data is to provide and deliver the Service to you. In order to do so we manage and maintain the customer relationship between us and you or the company you represent. In this case, our processing of personal data is based on the contract between you or the company you represent and us.
We may contact you to inform you about new features of the Service or to promote and sell other associated services. We may use your personal data also for market research and customer surveys. In this respect, processing of personal data is based on our legitimate interest to provide you information as part of the Service and to promote our services to you. You may object to direct marketing at any time (please see section 8 of this Statement).
3. Service development, information security and internal reporting
We also process personal data to ensure the security of the Service and the website, to improve the quality of the Service and the website as well as to develop new features to the Service. We may also generate internal reports based on personal data in order to provide relevant information to our management to operate our business appropriately. In these cases, the processing of personal data is our legitimate interest to ensure that our Service and the website have an adequate level of data security, and that we have sufficient and relevant information at hand to develop our Service and to manage our business.
4. Compliance with laws
We may be obliged to process personal data in order to meet our statutory obligations e.g. in relation to accounting or to fulfil authorities’ (e.g. tax authority) requests as required by law.
5. Other purposes you have consented to
If you have consented to processing your personal data to any other purposes, we are entitled to process personal data accordingly.
4. TRANSFERS AND DISCLOSURES OF PERSONAL DATA
We may disclose personal data to other Accountor Group companies within the limits of applicable law and for the purposes indicated in this Statement, including marketing their products and services to you. Personal data may also be transferred within Accountor Group for internal administrative purposes, such as for the purposes of management reporting, and for operating our business effectively, such as for the purposes of using centralized ICT systems. Disclosures of personal data within Accountor Group are based on our legitimate interests to enable efficient business operations and customer relationship management as well as to inform our customers of relevant services of other Accountor Group companies.
We may also disclose personal data to third parties:
• when permitted or required by law, e.g. to comply with requests by competent authorities or related to legal proceedings;
• when our trusted service providers process personal data on behalf of us and under our instructions. We will control and be responsible for the use of your personal data at all times;
• if we are involved in a merger, acquisition, or sale of all or a portion of our assets;
• when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request; and
• with your consent to parties the consent relates to.
5. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU/EEA
We may transfer your personal data outside the EU or the European Economic Area when our trusted service providers working for us are established there. In these cases, we will take the appropriate steps to provide appropriate safeguard mechanisms for international data transfers as required by applicable European data protection laws, such as the EU General Data Protection Regulation (679/2016).
For example, our marketing service provider transfers personal data to the United States during the course of them providing services to us. The service provider has ensured an adequate level of protection for personal data by self-certifying to the Privacy Shield Framework. To learn more about the Privacy Shield Framework, please see [https://www.privacyshield.gov/welcome].
7. RETENTION OF PERSONAL DATA
Your personal data will be retained only for as long as necessary to fulfill the purposes defined in this Statement.
Most of your personal data will be retained during the course of your customer relationship with HR4 Group Oy and its subsidiary. Some personal data might be retained after your customer relationship with us has ended, if required or allowed by applicable laws. For example, after our relationship has ended, we typically store personal data that are necessary to response on requests or claims under applicable provisions concerning statute of limitations, or we may store your personal data, to the extent necessary, in order to respect your request not to receive direct marketing from us.
When your personal data is no longer required by law or rights or obligations by either party, we will delete your personal data.
8. YOUR RIGHTS
You have a right to access personal data we process about you. You may access, correct, update, change or ask removal of your personal data at any time. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Statement and may also be required by law. Thus, such personal data may not be removed.
You have a right to object for certain processing. To the extent required by applicable data protection law, you have a right to restrict data processing.
You have a right to data portability, i.e. right to receive your personal data in a structured, commonly used machine-readable format and transmit your personal data to another data controller, to the extent required by applicable law.
If our processing of your personal data is based on a consent, you have a right to withdraw the consent at any time. We will no longer process your personal data on the purposes consented, unless there is another legal ground available for the processing.
Please send above-mentioned requests to us at email@example.com.
If you think there is a problem with the way we are handling your personal data, you have a right to file in a complaint to your national data protection authority in the EU/EEA. You can find contact details of the data protection authority here: http://www.tietosuoja.fi/en/index.html
We maintain security measures (including physical, electronic, and administrative measures) that are appropriate to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, we limit access to personal data to authorized employees and service providers who need to know the information in the course of their work tasks.
Please be aware that, although we endeavour to provide appropriate security measures for personal data, no security system can prevent all potential security breaches. If a security breach occurs, we will inform you in accordance with applicable laws.
10. CHANGES TO THIS STATEMENT
We may change this Statement from time to time. If we make any changes to this Statement, we will let you know it on our website, where you will also find the latest version of this Statement.
11. CONTACT US
If you have any questions regarding this Statement or the personal data we process about you, please contact us at firstname.lastname@example.org.