1 NAME OF REGISTRY Registry database for Isoharja Oy (later Isoharja), consisting of following parts: ● customer register ● project database ● recruiting applications ● register for other web queries
2 REGISTRY OWNER Isoharja Oy Mannerheimintie 109 00280 Helsinki www.isoharja.fi
3 RESPONSIBLE PERSON FOR REGISTRY The person responsible for the registry is CTO Eero Vainionpää.
His responsibilities for ensuring that the registry is used for intended purposes include: ● check access rights frequently ● ensure proper security measures (including security updates) ● ensure that database users have adequate instructions for using the registry
4 RESPONSIBLE PERSON FOR REGISTRY DETAILS The person responsible for registry details is CTO Eero Vainionpää. His responsibilities are to maintain access rights for users, give out information about the registry and inform customers about their rights for checking and updating their data.
5 THE PURPOSE OF THE REGISTRY The registry contains a database of Isoharja’s customers and partners, both companies and persons for maintaining business relationships.
The registry is used for producing services for customers and partners. The registry data is also used for marketing and dissemination targeting companies and persons. Anonymous usage data is used for research and statistics.
The registry is also used for project management, processing recruiting applications and other data received from webforms applicable for our operations.
6 REGISTRY DATA The data stored in the registry consists of the following details:
● first and last names ● title ● company or organization and department name ● address details ● phone, mobile numbers ● email addresses ● internet addresses ● target language ● customer history, log data ● recruiting application information ● information in attachments ● all additional details given through webforms The register consists of several parts and not all parts contain the previous details.
7 REGISTRY DATA SOURCES The data is received directly from customers: companies, organizations and private persons. Additionally public databases may be used as source.
8 PERSONAL DATA SHARING GUIDELINES Personal data will not be shared with third parties otherwise than permitted by current legislation. The data is stored in both EU/ETA server facilities as well as facilities outside the EU/ETA region. Isoharja maintains contracts with all of its service providers and data processors which state that they will adhere to EU General Data Protection Regulations. Anonymous data (excluding names and identifying details) may be exported for research purposes.
9 REGISTRY USAGE The registry is accessed, maintained, and edited by Isoharja personnel. Access to the registry is restricted and only available with a personal account and password combination. The account username is granted when access to the registry is opened and will be closed when the employees’ contract is terminated or if the employee is assigned to a different role in Isoharja.
10 THE REGISTRY IN RELATION TO OTHER PERSONNEL REGISTERS The registry is solely for Isoharja’s use. Any updates will be performed by data submitted by customers or data available via public access.
11 SECURITY All data in the registry is used only by Isoharja. Several service providers provide servers and storage space where the registry is stored. Servers are in secure facilities with no unauthorized access.
12 STORAGE OF PERSONAL DETAILS, REGISTRY DATA, ARCHIVING AND DISPOSAL OF DATA
Registry data is stored on a usage basis, archiving is not in use. The data is stored for the period for which the data is needed for the registry. Any expired data is deleted manually.
13 INFORMING REGISTERED PERSONS
14 RIGHT TO INSPECT, CORRECT OR REMOVE PERSONAL DATA
Persons have the right to inspect, correct or remove their stored data by request. The registry does not have classified person data. Person data is usually validated when entered (either through public databases or other public sources) or periodically.
Companies or persons can request correcting their data by request to the register owner.
The request will be replied to as soon as possible and then carried out. The registry does not include data for which these requests cannot be carried out.
15 RIGHT TO NON-DISCLOSURE No data is exported or disclosed from the registry without written consent from the customer company or person.
17 INTERNAL INSTRUCTIONS AND TRAINING Internal usage guidelines are maintained separately. Training is provided regularly