Register databases in Isoharja Oy
1 NAME OF REGISTRY
Registry database for Isoharja Oy (later Isoharja), consisting of following parts:
● customer register
● project database
● recruiting applications
● register for other web queries
2 REGISTRY OWNER
3 RESPONSIBLE PERSON FOR REGISTRY
The person responsible for the registry is Eero Vainionpää.
His responsibilities for ensuring that the registry is used for intended purposes include:
● check access rights frequently
● ensure proper security measures (including security updates)
● ensure that database users have adequate instructions for using the registry
4 RESPONSIBLE PERSON FOR REGISTRY DETAILS
The person responsible for registry details is CTO Eero Vainionpää.
His responsibilities are to maintain access rights for users, give out information about the registry and inform customers about their rights for checking and updating their data.
5 THE PURPOSE OF THE REGISTRY
The registry contains a database of Isoharja’s customers and partners, both companies and persons for maintaining business relationships.
The registry is used for producing services for customers and partners. The registry data is also used for marketing and dissemination targeting companies and persons. Anonymous usage data is used for research and statistics.
The registry is also used for project management, processing recruiting applications and other data received from webforms applicable for our operations.
6 REGISTRY DATA
The data stored in the registry consists of the following details:
● first and last names
● company or organization and department name
● address details
● phone, mobile numbers
● email addresses
● internet addresses
● target language
● customer history, log data
● recruiting application information
● information in attachments
● all additional details given through webforms
The register consists of several parts and not all parts contain the previous details.
7 REGISTRY DATA SOURCES
The data is received directly from customers: companies, organizations and private
persons. Additionally public databases may be used as source.
8 PERSONAL DATA SHARING GUIDELINES
Personal data will not be shared with third parties otherwise than permitted by current legislation. The data is stored in both EU/ETA server facilities as well as facilities outside the EU/ETA region. Isoharja maintains contracts with all of its service providers and data processors which state that they will adhere to EU General Data Protection Regulations. Anonymous data (excluding names and identifying details) may be exported for research purposes.
9 REGISTRY USAGE
The registry is accessed, maintained, and edited by Isoharja personnel. Access to the registry is restricted and only available with a personal account and password combination. The account username is granted when access to the registry is opened and will be closed when the employees’ contract is terminated or if the employee is assigned to a different role in Isoharja.
10 THE REGISTRY IN RELATION TO OTHER PERSONNEL REGISTERS
The registry is solely for Isoharja’s use. Any updates will be performed by data submitted by customers or data available via public access.
All data in the registry is used only by Isoharja. Several service providers provide servers and storage space where the registry is stored. Servers are in secure facilities with no unauthorized access.
12 STORAGE OF PERSONAL DETAILS, REGISTRY DATA, ARCHIVING AND DISPOSAL OF DATA
Registry data is stored on a usage basis, archiving is not in use. The data is stored for the period for which the data is needed for the registry. Any expired data is deleted manually.
13 INFORMING REGISTERED PERSONS
In connection with signing up for events, newsletters or providing personal details
14 RIGHT TO INSPECT, CORRECT OR REMOVE PERSONAL DATA
Persons have the right to inspect, correct or remove their stored data by request. The registry does not have classified person data. Person data is usually validated when entered (either through public databases or other public sources) or periodically.
Companies or persons can request correcting their data by request to the register owner.
Requests can be made at this address:
The request will be replied to as soon as possible and then carried out. The registry does not include data for which these requests cannot be carried out.
15 RIGHT TO NON-DISCLOSURE
No data is exported or disclosed from the registry without written consent from the
customer company or person.
16 REGISTRY MANAGEMENT
Eero Vainionpää is the owner and maintainer of the registry.
The maintainer is responsible for
● usage policy and data model of the registry, granting access rights, informing registered persons, responding to requests for data inspection and maintaining data integrity
● technical administration of the registry
● security, archiving and backups, also any data deletions
● naming any additional responsible persons for the registry
17 INTERNAL INSTRUCTIONS AND TRAINING
Internal usage guidelines are maintained separately. Training is provided regularly