At E. Hartikainen Oy, we are committed to complying with the EU General Data Protection Regulation (GDPR) and all other applicable privacy laws, and to processing your personal data in accordance with good information management practices.
E. Hartikainen Oy,
Pamilonkatu 37,
80130 Joensuu,
Business ID 9210103-5
Contact information for matters concerning the register:
tietosuojavastaava@hartikainen.com
This privacy notice describes how we process your personal data when you visit our website or contact us via our website.
The privacy notice for job applicants can be found here: https://ehartikainenoymaarakennus.teamtailor.com/privacy-policy
|
PURPOSE OF PROCESSING AND LEGAL BASIS |
EXAMPLES OF DATA CONTENT |
|
MANAGEMENT OF THE CUSTOMER RELATIONSHIP AND CONTACT The primary purpose of processing personal data is to manage the customer relationship between us and you or the company you represent, including communication, requesting feedback, or other correspondence with you. The lawful basis for processing personal data is our contract with you or the company you represent, or our legitimate interest. In most cases the legitimate interest is based on our customer or similar relationship. Right to object. When your personal data is processed on the basis of legitimate interest, you may in certain situations have the right to object to the processing of your personal data. (See section 6.) |
|
|
MARKETING AND ANALYTICS We use your personal data for marketing purposes and to inform you about services provided by E. Hartikainen. We combine data about you with information we have received from previous contacts with you or from public sources. We also use your personal data for market research and customer surveys. The lawful basis for processing personal data is our legitimate interest grounded in our business operations and freedom to conduct a business, namely to collect and analyse meaningful information to better understand our customers and to develop our services. Right to object. When your personal data is processed on the basis of legitimate interest, you may in certain situations have the right to object to the processing of your personal data. (See section 6.) With the consent you give to cookies, we track site traffic, user dwell time, click paths and events. Analytics helps us understand the user experience and improve user satisfaction. You can read more about cookies: Use of cookies on the website. We also process personal data to develop and improve the website or our own services, or to support development of our partners’ services. Processing of browsing and user activity data on the website and its sharing with named third parties is based on the consent you have given. |
|
|
WEBSITE MAINTENANCE AND SECURITY We process your personal data for purposes related to maintaining and administering the website, including: Maintenance and production of website content Prevention and correction of errors Ensuring the information security of the website and services Prevention and investigation of fraud The lawful basis for processing personal data is our legitimate interest grounded in our business operations and freedom to conduct a business. Based on legitimate interest we may collect and analyse necessary information, for example about website performance, to develop our operations. We also have a legitimate interest in ensuring an appropriate level of information security for the website and the services offered. Right to object. When your personal data is processed on the basis of legitimate interest, you may in certain situations have the right to object to the processing of your personal data. (See section 6.) With the consent you give to cookies we may process your personal data for measuring and analysing website usage. You can read more about cookies: Use of cookies on the website |
|
|
CONDUCTING ONLINE SURVEYS AND PROCESSING FEEDBACK We process your personal data to conduct online surveys, collect feedback, analyse it and handle responses for the purpose of measuring customer satisfaction and improving services. The lawful basis for processing personal data depends on each survey: either the consent you have provided or our legitimate interest in collecting feedback to improve the quality and functionality of the services you use. Right to object. When your personal data is processed on the basis of legitimate interest, you may in certain situations have the right to object to the processing of your personal data. (See section 6.) |
|
We use various partners in our operations to whom personal data may be disclosed depending on the situation and the purpose of processing. When we disclose personal data, we take into account applicable legal requirements, such as our confidentiality obligations. We enter into appropriate data processing agreements with all our partners. Our partners are committed to processing personal data securely and confidentially.
Depending on the situation our partners may act as independent controllers or as processors of personal data, in which case personal data is processed only for the purposes specified by E. Hartikainen.
Personal data may be disclosed to the following groups of recipients:
We utilise IT systems and data centre services in our operations, to which we transfer personal data for processing and storage.
We utilise advertising and analytics providers in our operations, through which the data we collect is used to develop the usability of our services, monitor visitor numbers and target marketing.
Some of our service providers operate internationally, so in certain cases personal data may be transferred outside the European Economic Area (EEA). In such cases the level of protection of your personal data may be lower than the level guaranteed by the EU General Data Protection Regulation. However, we strive to implement the necessary measures to ensure that the protection of your personal data complies with the requirements of the EU General Data Protection Regulation.
These measures include, for example, ensuring that the recipient of the personal data is certified under the EU–U.S. Data Privacy Framework. In addition, we use the European Commission’s standard contractual clauses as part of the agreements we make with parties to whom we transfer personal data to third countries. More information on the EU–U.S. Data Privacy Framework is available here: https://www.dataprivacyframework.gov/s/ and on the standard contractual clauses here: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_fi.
Examples of situations in which your personal data may be transferred outside the European Economic Area.
|
SITUATION IN WHICH A TRANSFER MAY OCCUR |
MEASURES WE SEEK TO MAINTAIN A HIGH LEVEL OF PERSONAL DATA PROTECTION |
|
An IT system or cloud service used in the processing of personal data is located on a server outside the European Economic Area |
The European Commission’s decision on the EU–U.S. Data Privacy Framework. The adequacy decision enables transfers of EU personal data to organisations certified under the DPF. The company is certified under the Data Privacy Framework, so the DPF is the primary transfer mechanism for transfers of personal data. Alternatively, the standard contractual clauses drawn up by the European Commission are used as attachments to agreements concluded with partners. |
|
Remote updates or maintenance carried out from outside the EU to an IT system or cloud service located on a server within the EU that contains personal data |
The European Commission’s decision on the EU–U.S. Data Privacy Framework. The adequacy decision enables transfers of EU personal data to organisations certified under the DPF. The company is certified under the Data Privacy Framework, so the DPF is the primary transfer mechanism for transfers of personal data. Alternatively, the standard contractual clauses drawn up by the European Commission are used as attachments to agreements concluded with partners. |
Data protection legislation guarantees you various rights in relation to the processing of personal data.
You may request us to exercise the rights below by sending your request to the address shown in section 1 of this privacy notice.
You will receive a response to your request no later than one month after we have received your request. In exceptional circumstances we may extend the time limit by up to two months. To respond to your request we will verify your identity.
However, we wish to point out that the rights guaranteed by legislation are not unlimited. For example, we may not be able to delete data if the law applicable to us requires retention of personal data.
Opting out of marketing and removal from mailing lists. You always have the right to object to the processing of your personal data for direct marketing purposes. Every marketing email we send includes an option to unsubscribe from mailing lists. You may also contact us by email and tell us that you do not wish to receive marketing.
Right to access your data. You always have the right to obtain confirmation of whether we process your personal data. If we process your personal data, you always have the right to access your data and to obtain a copy of that data from us.
Right to rectification of your personal data. If you consider that the personal data we process are incorrect, incomplete or outdated, you may request that we rectify such personal data.
Right to erasure of your personal data. You may request that we erase your personal data. Please note, however, that we may not necessarily be able to erase data for which there remains a justified need to retain, such as a statutory obligation.
Right to object to and restrict the processing of your personal data. You have the right to object to the processing of your personal data. This does not, however, mean a general right to object to all processing of your personal data. You may object to the processing of your personal data on grounds relating to your particular situation when the processing is based on the controller’s or a third party’s legitimate interest.
We have the right to continue processing personal data notwithstanding your objection, if we have compelling legitimate grounds for the processing. Such a ground may be, for example, the establishment, exercise or defence of legal claims or the investigation of misuse.
Right to data portability. You have the right to receive in a machine-readable format the personal data you have provided to us and which are processed automatically and where processing is based on your consent or on a contract between us.
Right to lodge a complaint with a supervisory authority. If you suspect that we have for example processed your personal data unlawfully, you always have the right to lodge a complaint with the supervisory authority.
The Office of the Data Protection Ombudsman supervises the legality of personal data processing in Finland. You can find its contact details here: https://tietosuoja.fi/etusivu
We respect your privacy, and the secure processing and storage of your personal data is important to us. We protect your personal data appropriately with technical and organisational measures against unauthorised and unlawful processing and against accidental loss, destruction or damage.
Measures implemented in the protection of personal data include the following
Access limitation. Access to personal data is permitted only to named, authorised personnel whose duties require it. Personal data is accessible only with appropriate access rights.
Agreements. Persons processing data are bound by confidentiality obligations and have signed confidentiality agreements. In addition, our contractual partners who process personal data are committed to ensuring the security of personal data.
Staff training and instruction. We have provided comprehensive data protection training and instructions to our entire staff.
Technical protection of data. Personal data and the systems that process them are protected, for example, by firewalls. We also monitor events related to personal data processing and aim to detect related anomalies automatically. Data is protected from external parties and we use secure connections for all data communications.
E. Hartikainen Oy retains personal data only for as long as the data are necessary for the purposes described in this privacy notice and for the implementation of the service agreed between the parties.
E. Hartikainen Oy updates the data if the data subject notifies us of changes to the data.
You can read more about cookie retention periods here: Use of cookies on the website.
We continuously develop our services and the ways in which personal data are processed described in this notice may take new forms as our business evolves, which may lead to changes in this privacy notice. Changes may also be based on amendments to legislation. We keep this notice up to date and recommend reviewing its content regularly. We will notify about more significant changes to personal data processing in our communications.
