PRIVACY STATEMENT

SOL companies’ customer and marketing register

Personal Data Act, 523/99, Section 10

EU General Data Protection Regulation 2016/679 (GDPR)

Prepared 25 May 2018

1.1. Introduction

This Privacy Statement covers the collection and use of information for SOL companies’ (SOL Palvelut Oy, SOL Henkilöstöpalvelut Oy, SOL Pesulapalvelut Oy and SOLEMO Oy; together hereinafter referred to as “SOL”) customer and marketing register. SOL is committed to protecting the rights of individuals and to keeping your personal data safe.

This Privacy Statement describes how SOL collects, uses, stores and protects personal data. No information in the register is disclosed to external parties.

SOL reserves the right to amend and update this Privacy Statement. Changes will be communicated to data subjects where required by law.

Please read this Privacy Statement form before starting to use the website. By using this website, you agree to the processing of your personal data and to the use of cookies in the manner and for the purpose described in this Privacy Statement.

1.2. Data controller, contact details and data protection officer
_______________________________________________________________

Name and contact information of the data controller:

SOL Palvelut Oy (Business ID 2160299-1)

Vanha talvitie 19A

FI-00580 HELSINKI

+358 20 5700 700

Data protection officer:

Riitta Sirviö riitta.sirvio@sol.fi

Requests related to data subject rights: tietosuoja-asetus@sol.fi

1.3. Grounds for processing personal data
_______________________________________________________________

Personal data is processed for customer communication purposes, for maintaining the partnership register, for handling, managing and developing partnership relations, for the purposes of executing the rights and obligations of the partner and SOL, as well as for analysis and statistics purposes. Existing personal data may be updated based on feedback received from data subjects or upon their request or based on other registers, such as the subcontractor register.

Personal data may be deleted if so requested by data subjects or due to the termination of partnership as long as there is no legal or technical obstacle to this.

1.4. Description of the personal data concerning customers to be collected
_______________________________________________________________

We collect and process data solely for defined purposes. In principle, we collect data from data subjects themselves. We receive data directly from our customers, for instance, when they subscribe to the newsletter, call for a tender, participate in occasions, meetings or events, take part in votes or competitions, or contact us by phone, email, SMS or in another manner.

This data may include:

basic data:

name, job title, email address, street address, business sector

company information

  • company details, such as name, business ID, domicile
  • contact person and user details of the company (name, address, phone number, place of business, email address, business sector information and job title)
  • order details
  • contract and tender details
  • invoice and payment details
  • customer feedback and contact details
  • customer history, such as service changes, customer contacts as well as tender, order and agreement information
  • direct marketing bans and consents
  • comments and likes on our website and social media
  • competition replies
  • data entered for survey and research purposes. Data collected on the use of the website

In addition to the data obtained directly from the user, we collect information on how and when our website (www.sol.fi) is being used. Data is collected through the use of cookies and other similar technologies. We are unable to identify individual website users.

Personal data may be connected with cookies if a user provides his/her personal data, for instance, by filling in a contact request form on our website or by subscribing to our newsletter. Furthermore, personal data may be connected to cookies if a user arrives at our website using a link provided on a marketing message sent by us.

1.5. Description of the categories of recipients of personal data
_______________________________________________________________

SOL may disclose personal data contained in the register to the extent permitted and required by the current legislation.

1.6. Transfer of personal data outside the EU and the EEA
_______________________________________________________________

Data is stored in Finland. As a general rule, no data is transferred outside the EU or the EEA. If at some point, in order to perform the service, it is necessary to transfer data outside the EU or the EEA, the data controller shall ensure by contractual means the adequate level of protection for personal data and its processing as required by legislation and by conducting separate data transfer evaluations prior to the transfer.

1.7. Description of storage periods and deletion of personal data
_______________________________________________________________

All personal data contained in the register is stored as confidential. SOL retains personal data for as long as it is needed for the purpose for which it was collected and processed or as long as required by law and regulatory requirements concerning data storage.

1.8. Description of data protection
_______________________________________________________________

SOL ensures the information security of personal data processing as well as the reliability, integrity and availability of personal data by technical and organisational means in compliance with SOL Group’s information security principles. The databases in which data is stored are protected against unauthorised access from the outside with technical and physical measures.

Digital registers are protected by passwords, and user rights are restricted according to the duties of the persons using the register. Backup copies are regularly taken of all data saved in the register.

1.9. Data processors
_______________________________________________________________

SOL uses reliable service providers to support it in personal data processing, for instance in performing system administration and development tasks and in providing services. These experts process personal data according to the mandate received from SOL. Data processing is carried out in accordance with current legislation, which is ensured by contractual arrangements.

1.10. Reports related to audits
_______________________________________________________________

According to SOL, the systems in which the register is being processed have not been audited by supervisory authorities.

1.1. Rights of the data subject
_______________________________________________________________

Data subjects have the following rights:

  • Right to request from the controller access to their personal data and inspect the data on them that is stored in the register.
  • Right to request from the controller rectification or erasure of such personal data or restriction of processing.

If data is inaccurate or incomplete, data subjects have the right to request rectification of such data, unless constrained by law. Data subjects have the right to request the erasure of personal data concerning them if they withdraw their consent from the processing of personal data and there is no other legal basis for the processing.

  • Right to object to processing if there is no other acceptable reason for the processing or if the processing is against the law. Data subjects always have the right to object to processing of personal data for direct marketing purposes and opt out from the newsletter subscription.
  • Right to data portability. Data subjects have the right to receive the personal data concerning them, which they have provided to the controller, in a machine-readable format and the right to transmit that data to another controller, where transfer is secure and technically possible.
  • Right to lodge a complaint with a supervisory authority. If data subjects consider that the processing of their personal data infringes the applicable legislation, they have the right to lodge a complaint with the supervisory authority.

The above mentioned shall not apply where and insofar as data subjects already have the information. If data subjects wish to exercise any of the above-mentioned rights, requests are always evaluated case by case and responded to no later than one month after receiving the request. Requests shall be submitted by email tietosuoja-asetus@sol.fi or by phone +358 20 5700 700.

Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information necessary to ensure fair and transparent processing in respect of the data subject.