Eilakaisla privacy statement
This privacy statement applies to the user and customer register, marketing register and job applicant and employee register of Eilakaisla Oy’s (“Eilakaisla” or “we”) services and websites (“Services”).
Our privacy statement describes how we process personal data concerning our customers and potential customers or their representatives who use our Services (hereinafter referred to as “Customers”, “Data Subjects”, “Job Applicants” and “Employees”).
We may update this privacy statement if necessary due to changes in the way of processing information or for any other reason. We will not make any significant changes to this privacy statement or restrict the rights of Customers under this privacy statement without giving notice of such changes.
Please note that this privacy statement applies to the processing of personal data by Eilakaisla as a data controller. As a data processor, Eilakaisla may process certain personal data in connection with the provision of the Services on behalf of the Customer, in which case the Customer in question is considered to be the data controller. In this case, such processing of data is subject to the Customer’s privacy statement or other documentation by which the Data Subjects are informed about processing by the data controller.
Contact details of the data controller
Customers and potential customers
Data transfers and disclosures
Contact details of the data controller
Name: Eilakaisla Oy
Business ID: 0105926-6
Postal address: Keilasatama 5, FI-02150 Espoo, Finland
Customers and potential customers
AsiakastiedotCustomer data is personal data that Eilakaisla collects directly from the Customer. Eilakaisla collects and processes the following customer data:
• name and contact details (including usernames)
• organisation and status
• email address
• preferred language of communication and method of contact
• billing and payment information
• information about the assignment and use of the Services or interest in our Services
• marketing prohibition and marketing consent
• campaigns targeted at the Data Subject and benefits offered and their use
• communication and the related material between the Customer/potential customer and Eilakaisla
Most of the customer data is obtained directly from the Customer during registration or during the use of the Service. In addition, personal data may be collected and updated from operators providing personal data services and from public registers.
Basis and purpose of processing customer data
We process personal data in order to fulfil our contractual obligations towards our Customers and our legal obligations.
We also process personal data based on our legitimate interest to conduct, maintain and develop our business and to establish and maintain customer relationships. When we process personal data on the basis of our legitimate interest, we compare our legitimate interests with the Customer’s right to privacy (the balance test).
Some parts of the Services may request the Customer’s consent for processing their personal data. In such cases, the Customer may withdraw their consent at any time.
Eilakaisla processes personal data for the following purposes:
To provide our Services and fulfil our contractual obligations
We process personal data to provide our Customers with Eilakaisla’s Services and to fulfil our contractual obligations towards our Customers, as well as to conduct, maintain and develop our business.
For example, we use the information to process payment transactions and to provide job applicants with the necessary information from the Customer’s job advertisement.
For customer communication and marketing
We may process personal data to contact our Customers in relation to our Services and to notify them of changes to our Services as well as to market our Services. If the Customer contacts us via our customer service chat, we use the information provided to answer questions and solve any problems and to process messages.
When a Customer consents to the public recommendation of our services through a Trustmary survey, we may publish the information provided by the Customer with their consent in the form provided by the Customer on our website and to use it to market our services. In addition, the contact details provided by the customer in this connection may be stored in our customer register.
To improve quality and analyse trends
We may process information about the use of our Services in order to improve their quality by, for example, analysing various trends in the use of the Services. For this purpose, we only use such aggregated information that does not identify individuals where possible.
Data retention period
Customer data is stored only for the duration of the customer relationship, unless applicable legislation requires a longer retention period.
Job applicants
The information in the job applicant register is collected directly from the Job Applicant. The information processed may include:
- basic information about the person (name, date of birth, contact details)
- information on education, work experience and skills
- a possible job application, curriculum vitae and photo
- job seeking information concerning the Job Applicant
- information related to personal and aptitude assessments
- personal credit information that may be obtained where permitted or required by law, as well as other information specified in the application process.
Purpose and reason for processing the personal data of job applicants
Personal data is processed in accordance with the applicable legislation:
- at the request of the Job Applicant or for the implementation of a contract in which the Job Applicant is involved, or for the implementation of pre-contractual measures at the request of the Job Applicant
- based on a customer or employment relationship, membership or other comparable relationship and, within a group, with respect to information about the group’s job applicants
- where processing is necessary, for the payment of a service, data processing or other comparable purposes at the request of the data controller.
Data retention period
The Job Applicant may request that all their information is deleted if there is no justification for retaining the information. If the Job Applicant is employed through Eilakaisla Oy, Eilakaisla Oy will retain the statutory information relevant to the establishment and maintenance of the employment relationship in its register.
Eilakaisla Oy will retain the information of those who have logged in to its service until there is no reason to retain it.
Employees
The information in the employee register is collected directly from the Employee. The information processed may include:
- basic information about the person (name, date of birth, contact details, social security number)
- information on education, work experience and skills
- a possible job application and curriculum vitae
- job seeking information concerning the Job Applicant
- information related to personal and aptitude assessments
- employment information (job title, starting date and estimated ending date of employment, company using the assignment, contact details of the next of kin)
- basic payroll information
- monitoring of working hours and annual holiday data, travel and expense invoices, etc.
- information on the employee’s health
- any personal credit information that may be obtained
- where permitted or required by legislation, other information specified in relation to the employment relationship.
Purpose and basis for processing the personal data of employees
Personal data is processed in accordance with the applicable legislation:
- on the basis of an employment relationship or other relevant reason and, within a group, with respect to information on the group’s employees.
- where processing is necessary, for the payment of a service, data processing or other comparable purposes at the request of the data controller.
Data retention period
Eilakaisla Oy will retain the information relevant for the establishment and maintenance of an employment relationship in the register until there is no reason to retain the information.
Transfers and disclosures of data
We store the personal data in the European Economic Area and do not disclose or transfer it outside the European Economic Area.
Recipients of personal data
We do not share personal data with third parties outside of the Eilakaisla organisation unless one of the following circumstances prevails.
Sharing is necessary due to the uses stated in this privacy statement
To the extent that third parties need to have access to personal data in order to perform the Services, Eilakaisla has taken appropriate contractual and organisational measures to ensure that the processing of personal data is carried out solely for the purposes stated in this privacy statement and in accordance with applicable laws and regulations.
For legal reasons
We may disclose personal data to third parties outside the Eilakaisla organisation if access to and use of personal data is reasonably necessary:
- to comply with any applicable law, regulation, and/or court order
- to detect, prevent or deal with fraud or security or technical problems
- to protect the interests or property of Eilakaisla and our Customers, Job Applicants and Employees or to ensure their safety or to protect their public interest in accordance with legislation. If possible, we will notify the parties of such transfers and processing.
- The personal data of Employees stored in the register is disclosed to authorities with a legal right to obtain information from the register, such as tax authorities, pension companies, insurance companies or the employers’ association and similar, in accordance with valid legislation and statutory obligations.
For authorised service providers
We may disclose personal data or allow access to authorised service providers that provide services to us (including subcontractors that provide us with data storage, sales, marketing and customer support services). In accordance with the commitments contained in our contracts with our service providers, service providers may use the personal data they receive through Eilakaisla only for the purposes specified in the contracts. When processing data, our service providers undertake to comply with the requirements of data protection legislation for data processors.
For other legitimate reasons
If Eilakaisla is a party to a merger, asset deal or other acquisition, we may disclose personal data to a third party involved in the acquisition. However, we will ensure that all personal data remains confidential. In this case, we will inform our Customers about the transfer as soon as is reasonably possible if the Customer’s personal data is affected by the transfer or their personal data is processed according to a different privacy statement.
With explicit consent
We may disclose personal data to third parties outside of Eilakaisla’s organisation for reasons other than those mentioned above, when we have the express consent of the Customer, Job Applicant or Employee. With the consent of the Job Applicant or the Employee, Eilakaisla Oy may disclose certain personal data required for a specific job to the customer company that has given the assignment for which the applicant is a candidate.
The Customer, Job Applicant or Employee has the right to withdraw their consent at any time.
Analytics and cookies
Eilakaisla may use cookies and other technologies to collect analytics data when you visit our Services. You can read more about our cookie policy here: https://www.eilakaisla.fi/en/cookies
Our services use Google Analytics and other web analytics tools to compile analytics data and reports about our visitors’ use of our website in order to improve our Services. For additional information, see the website of Google Analytics.
We use Leadoo’s user tracking to track how our users navigate our website and combine this data with user data that is collected, for example, through chat interactions. Leadoo uses ETag tracking, which is different from cookie-based tracking, combining data from several user sessions. Please see Leadoo Marketing Technologies Oy’s privacy statement (https://leadoo.com/privacy-policy/) to learn more about what the system tracks. In GDPR terms, we act as the data controller and Leadoo as the data processor. If you do not want to be tracked, you can clear your browser’s cache. To learn more about how Leadoo works, see https://leadoo.com/privacy-policy-processor/
Data protection
We use administrative, organisational, technical and physical safeguards to protect the personal data we collect and process. The measures we take include data encryption, passwords, firewalls, secure spaces and systems that are protected by restricted access rights. Our security measures are designed to maintain an appropriate level of confidentiality, integrity, usability, recoverability and fault tolerance. We regularly test our Services, systems and other equipment for vulnerabilities.
The network and equipment on which the registry is located are protected by a firewall and other appropriate technical measures, such as encryption. The information on our website is protected by a secured SSL or TLS 1.2 connection. Data concerning Employees’ health and other sensitive data is stored separately from other personal data.
The personal data contained in the register is kept confidential. The data controller has instructed its organisation about the use of the register, and access to the personal register has been limited in such a manner that only those data controller’s employees who have the right to use the data stored in the information system can access and use it. Accessing the systems requires personal credentials from each user of the register.
The data controller requires that all its IT service providers maintain confidentiality and appropriate data security, as well as commit to the principles of the data protection regulation.
Manual material is stored in a locked space and is only available to those with the right to access the information.
If, despite the data security measures, a data security breach occurs that is likely to have an adverse effect on the privacy of the Data Subjects, we will inform the Data Subjects and other affected parties of the breach as required by applicable legislation and, if required by applicable data protection legislation, to the authorities as soon as possible.
Whistleblowing Directive
To ensure the anonymity of reports, we use the First Whistle service purchased from Juuriharja Oy that complies with the Whistleblowing Directive. More detailed information about the operation of their service can be found on their website: https://firstwhistle.juuriharja.fi/. The First Whistle reporting channel provides an opportunity to report suspected abuses such as improper conduct or fraudulent, improper, dishonest, unlawful or reckless conduct or behaviour. The reporting channel is not intended for disagreements or complaints. In such cases, pleasecontact our HR Consultants directly.
You can submit a report via the reporting channel anonymously, but in order to speed up the resolution of the matter, we encourage you to report the suspected violations openly under your own name and contact details. All reports are treated with absolute confidentiality.
Reports submitted via the reporting channel are available to separately specified members of Eilakaisla. When the report has been resolved or the related data is no longer needed, information related to persons or identification data will be deleted.
You can find Eilakaisla’s reporting channel that complies with the Whistleblowing directive here: https://www.firstwhistle.fi/eilakaisla
Rights of the Data Subject
Right of access
The Data Subject has the right to access their own personal data that we process. In some services, the Data Subject can view the data they have entered by logging in to the service. The Data Subject may also contact us and we will provide them with the personal data we have collected about them.
Right to withdraw consent
If the processing is based on consent given by the Data Subject, the Data Subject may withdraw their consent at any time. Withdrawing the consent may restrict the Data Subject’s ability to use our Services. The withdrawal of consent does not affect the lawfulness of the processing of personal data carried out prior to the withdrawal. The Customer may withdraw their consent regarding marketing communications via the unsubscribe link in the messages and otherwise by sending a free-form e-mail confirming the withdrawal to privacy@eilakaisla.fi.
Right to request rectification of data
The Data Subject has the right to require us to correct or supplement any inaccurate or outdated personal data retained by us. The Data Subject may correct or update some of their personal data through the user account in the Services.
Right to request deletion
The Data Subject may ask us to delete their personal data from our systems. We will take the action requested unless we have a legitimate reason not to delete the information.
Right to object
The Data Subject may object to the processing of their personal data if we process personal data, for example, on the basis of a legitimate interest. We will stop processing the data, except in situations where we can demonstrate that there is a significant and legitimate reason for the processing that overrides the interests, rights and freedoms of the Data Subject, or the processing is necessary for the establishment, exercise or defence of a legal claim.
If the Data Subject objects to the processing of their data for direct marketing purposes, we will immediately stop processing their personal data.
Right to restrict the processing of data
The Data Subject may ask us to restrict the processing of their personal data, for example, when a request for deletion, correction or objection is being processed and/or when we have no legitimate grounds to process the data. However, a request to restrict processing may restrict the Data Subject’s ability to use our Services.
Right to data portability
The Data Subject has the right to receive their personal data from us in a structured and commonly used format and the right to transfer the data independently to a third party.
Right to lodge a complaint with the supervisory authority
If the Data Subject considers that their data have been processed incorrectly, they have the right to lodge a complaint with the supervisory authority. In Finland, this supervisory authority is the Office of the Data Protection Ombudsman: https://tietosuoja.fi
Exercise of rights
The above rights can be exercised by sending a separate signed document to: privacy@eilakaisla.fi. The document must contain the following information: Full name, address, e-mail address and telephone number of the Data Subject. We may request the submission of additional information necessary for proving the identity of the Data Subject and, in some cases, in order to ensure the identity of the Data Subject, the identity must be checked primarily at Eilakaisla’s head office at Mikonkatu 8 or, if agreed, at the offices of Eilakaisla’s subsidiaries.
We may reject requests that are unreasonably frequent, excessive or clearly unfounded.