Registry information

Register databases in Isoharja Oy

1 NAME OF REGISTRY

Registry database for Isoharja Oy (later Isoharja), consisting of following parts:
● customer register
● project database
● recruiting applications
● register for other web queries

2 REGISTRY OWNER

Isoharja Oy
Mannerheimintie 109
00280 Helsinki
www.isoharja.fi

3 RESPONSIBLE PERSON FOR REGISTRY

The person responsible for the registry is Eero Vainionpää.

His responsibilities for ensuring that the registry is used for intended purposes include:
● check access rights frequently
● ensure proper security measures (including security updates)
● ensure that database users have adequate instructions for using the registry

4 RESPONSIBLE PERSON FOR REGISTRY DETAILS

The person responsible for registry details is CTO Eero Vainionpää.
His responsibilities are to maintain access rights for users, give out information about the registry and inform customers about their rights for checking and updating their data.

5 THE PURPOSE OF THE REGISTRY

The registry contains a database of Isoharja’s customers and partners, both companies and persons for maintaining business relationships.

The registry is used for producing services for customers and partners. The registry data is also used for marketing and dissemination targeting companies and persons. Anonymous usage data is used for research and statistics.

The registry is also used for project management, processing recruiting applications and other data received from webforms applicable for our operations.

6 REGISTRY DATA

The data stored in the registry consists of the following details:

● first and last names
● title
● company or organization and department name
● address details
● phone, mobile numbers
● email addresses
● internet addresses
● target language
● customer history, log data
● recruiting application information
● information in attachments
● all additional details given through webforms
The register consists of several parts and not all parts contain the previous details.

7 REGISTRY DATA SOURCES

The data is received directly from customers: companies, organizations and private
persons. Additionally public databases may be used as source.

8 PERSONAL DATA SHARING GUIDELINES

Personal data will not be shared with third parties otherwise than permitted by current legislation. The data is stored in both EU/ETA server facilities as well as facilities outside the EU/ETA region. Isoharja maintains contracts with all of its service providers and data processors which state that they will adhere to EU General Data Protection Regulations. Anonymous data (excluding names and identifying details) may be exported for research purposes.

9 REGISTRY USAGE

The registry is accessed, maintained, and edited by Isoharja personnel. Access to the registry is restricted and only available with a personal account and password combination. The account username is granted when access to the registry is opened and will be closed when the employees’ contract is terminated or if the employee is assigned to a different role in Isoharja.

10 THE REGISTRY IN RELATION TO OTHER PERSONNEL REGISTERS

The registry is solely for Isoharja’s use. Any updates will be performed by data submitted by customers or data available via public access.

11 SECURITY

All data in the registry is used only by Isoharja. Several service providers provide servers and storage space where the registry is stored. Servers are in secure facilities with no unauthorized access.

12 STORAGE OF PERSONAL DETAILS, REGISTRY DATA, ARCHIVING AND DISPOSAL OF DATA

Registry data is stored on a usage basis, archiving is not in use. The data is stored for the period for which the data is needed for the registry. Any expired data is deleted manually.

13 INFORMING REGISTERED PERSONS

In connection with signing up for events, newsletters or providing personal details
through a webform, the customer is informed of their rights to their data that is stored into the registry. This Privacy Policy is accessible on Isoharja website

14 RIGHT TO INSPECT, CORRECT OR REMOVE PERSONAL DATA

Persons have the right to inspect, correct or remove their stored data by request. The registry does not have classified person data. Person data is usually validated when entered (either through public databases or other public sources) or periodically.

Companies or persons can request correcting their data by request to the register owner.

Requests can be made at this address:
tietosuoja@isoharja.fi

The request will be replied to as soon as possible and then carried out. The registry does not include data for which these requests cannot be carried out.

15 RIGHT TO NON-DISCLOSURE

No data is exported or disclosed from the registry without written consent from the
customer company or person.

16 REGISTRY MANAGEMENT

Eero Vainionpää is the owner and maintainer of the registry.
The maintainer is responsible for

● maintaining the Privacy Policy and description of the registry
● usage policy and data model of the registry, granting access rights, informing registered persons, responding to requests for data inspection and maintaining data integrity
● technical administration of the registry
● security, archiving and backups, also any data deletions
● naming any additional responsible persons for the registry

17 INTERNAL INSTRUCTIONS AND TRAINING

Internal usage guidelines are maintained separately. Training is provided regularly