Privacy Policy (Other)
Privacy policy and information about the processing of your personal data if you are a potential, existing or former customer, business partner or supplier, represent a government agency, are a job applicant or are someone else who interacts with us.
1. What is a privacy policy?
1.1 In our privacy policy we explain who is responsible for the personal data processing that takes place in our organisation. We also describe which personal data about you is processed when we receive data about you or when you provide data to us in various situations, how we process the personal data, why we do it and on what legal basis we justify the processing. We also explain which external parties may be processing personal data about you. You also receive information about your rights when it comes to our processing of your personal data and about how you can proceed to exercise your rights.
1.2 We will only process the personal data about you that is necessary for the purposes set out in this privacy policy. We have procedures describing how we store and anonymise personal data in order to make sure on an ongoing basis that your personal data will always be correct and relevant. You can read more below about how processing takes place and which data is processed.
2. Important terms
2.1 Here are explanations of some important terms that can be useful to know in order to understand our privacy policy:
a. “Personal data” means any data that relates to a natural person who can be directly or indirectly identified with the aid of this data; for example a name, an ID number such as a personal ID number, location data, an online identifier such as an IP address or one or more factors that are specific to the natural person’s identity.
b. “Processing” means a measure or a combination of measures carried out with personal data; for example collection, registration, organisation, structuring, storage, processing or modification, production, reading, use, disclosure through transfer, dissemination or provision in another way, adjustment or merging, restriction, erasure or destruction.
c. “Controller” is the party that either solely or in conjunction with another party determines the purpose and means of the processing of personal data and is responsible for ensuring that the processing takes place in accordance with applicable data protection regulations.
d. ”Data protection regulations” GDPR stands for the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) and is a European data protection regulation that became directly applicable on 25 May 2018 for all Member States, but also for those countries that in any way process personal data belonging to a natural person in the EU/EEA. The purpose of GDPR is to protect the personal data of natural persons. In addition to the aforementioned regulation, Finland has also enacted supplementary legislation (Tietosuojalaki 1050/2018). When we mention “the data protection regulations” in this privacy policy, we refer to both of the above regulations.
3. Who is responsible for the processing and do you guarantee that personal data is handled securely?
3.1 Axactor Finland Oy, corporate ID number 1606758-4, is the controller for the processing of your personal data in certain cases, in communication and in relation to those who are any of the following data subjects:
a. Representative of a potential, existing or former customer, business partner or supplier;
b. Representative of a government agency;
c. Job applicant; or
d. Anyone else, e.g. a visitor to our website, the representative of a debtor or a close relative of an employee of ours.
In this text, Axactor Finland Oy is referred to as “we” and those who are any of the data subjects described above as “you”.
3.2 We are obliged to carry out appropriate technical and organizational measures in order to guarantee and be able to show that our processing takes place in accordance with the data protection regulations. We have carried out many appropriate measures in order to guarantee that unauthorized parties do not gain access to your personal data.
4. From where we collect your personal data
4.1 If you represent a potential, existing or former customer, business partner or supplier
We gain access to your personal data primarily directly from you or from the company or the organisation you represent. Either if you are in contact with us on behalf of your company or your organisation, or if you are designated by your employer as a representative of the company or organisation that you represent. We also have access to your personal data from companies that are part of the Axactor Group. If we believe that you are representing a potential customer, we may also obtain your personal data from the Internet, public registers or social media. If you interact with us via our website, personal data may be obtained from there.
4.2 If you represent a government agency
If you represent a government agency, we gain access to your personal data primarily because you yourself make contact with us as an element of performing your job. We may also access your personal data because this is found on a website belonging to the government agency you represent or you are responding in a case that we are conducting with the agency that you represent. We may also access your personal data that someone passes on to us because this person has been in contact with you in a case that concerns this person and in which we are involved.
4.3 If you are a job applicant
We have access to your personal data primarily because you apply for a job with us via someone who works for us, a general email address of ours or via a recruitment agency. Please note that we are not always the controller of your personal data if we gain access to your personal data when we have hired a recruitment agency to fill a position that we have advertised; in this case the recruitment agency is the controller. We may also access your personal data via our suppliers that provide personal or competence testing services or from a reference you have provided. We may also access your personal data from social media such as, for example, LinkedIn, Facebook, Google+ or Instagram if we believe that you might be considered for a position that we have advertised.
4.4 If you are anyone else, such as a visitor to our website or a close relative of an employee of ours
We use so-called cookies. A cookie is a small text file that is sent to your browser and is also placed on your computer, tablet or mobile phone when you visit a website. It can be used to remember information about your visit to the website and is used, for example, to track your behaviour on the website. You can find out more about how we use cookies in our Cookies Policy. If you are a relative of an employee of ours, we have collected your personal data from that person or if, for example, you are a representative of a debtor or have a relationship with us in some other way, we process your data because you yourself have submitted it to us.
5. Which personal data we process, the reasons for processing it and the legal basis
5.1 If you represent a potential customer, business partner or supplier
5.1.1 Purpose and intention
a. To create a new customer, partner or supplier relationship. We process your personal data so that we can contact and communicate with you as a representative of a potential customer, business partner or supplier to Axactor, e.g. in a discussion about a potential collaboration or when we respond to questions you have put to us. We may also send news, information and other marketing to you in order to market Axactor to your company or your organisation if we believe that you might be interested in studying it.
5.1.2 Personal data
a. To create a new customer, partner or supplier relationship. The personal data we process for the stated purpose is your name, your email address, your phone number, the company or organisation to which you belong, title and information you submit in your communication with us. We may also process personal data such as personal ID number/coordination number or similar identification that may be found in, for example, a passport or other ID document, in order to be able to fulfil our obligations associated with, for example, money-laundering legislation. We may also process personal data such as, for example, a photo of you if you have visited our premises; this is for security reasons for our employees.
5.1.3 Legal basis
a. To create a new customer, partner or supplier relationship. The legal basis for processing your personal data for the stated purpose is Axactor’s legitimate interest in contacting and communicating with and marketing ourselves to you as a representative of a potential customer, business partner or supplier who we believe may be interested in initiating a customer, business or supplier relationship and in the event that you visit our premises, personal data such as a photo of you is processed for security reasons (balancing of interests). It may also be that the processing is necessary so that we are able to fulfil our legal obligations, e.g. in respect of money-laundering legislation. We can also ask for your consent to be able to send marketing for a longer period than would otherwise have been possible. See more about this under the heading “How long do we store your personal data?”
5.2 If you represent an existing or former customer, business partner or supplier
5.2.1. Purpose and intention
a. To negotiate, initiate and manage the customer, business or supplier relationship. We process your personal data to the extent that it is necessary to negotiate, initiate and manage the customer, business or supplier relationship with the company or organisation that you represent, including communicating with you or your company or your organisation.
b. To send marketing. In order to send news, information and other marketing to you when we believe that you are or might be interested in studying it.
c. Handling any complaints or legal claims. We process your personal data so that we can handle any complaints or legal claims in which your company or organisation is involved.
d. To resume a former customer, business or supplier relationship. If you represent a company or organisation that was formerly a customer, business partner or supplier of Axactor, we may communicate with you in order to resume a former relationship.
5.2.2. Personal data
a. To negotiate, initiate and manage the customer, business or supplier relationship. The personal data we process for the stated purpose is your name, your email address, your phone number, the company or organisation to which you belong, title and the personal data that emerges in communication with you. To manage the collaboration and to comply with the Finnish Accounting Act, we also process your personal data that appears on the invoice if you are quoted as reference on an invoice. We may also process personal data such as personal ID number/coordination number or similar identification that may be found in, for example, a passport or other ID document, in order to be able to fulfil our obligations associated with, for example, money-laundering legislation. We may also process personal data such as, for example, a photo of you if you have visited our premises; this is for security reasons for our employees.
b. To send marketing. The personal data we process for the stated purpose is your name, your email address, your phone number, the company or organisation to which you belong and title.
c. Handling any complaints or legal claims. The personal data we process for the stated purpose is your name, your email address, your phone number, the company or organisation to which you belong, title and information about your company’s or organisation’s complaint or legal claim.
d. To resume a former customer, business or supplier relationship. The personal data we process for the stated purpose is your name, your email address, your phone number, the company or organisation to which you belong and title.
5.2.3. Legal basis
a. To negotiate, initiate and manage the customer, business or supplier relationship. The legal basis for processing your personal data for the stated purpose is Axactor’s legitimate interest in being able to manage the customer relationship and the agreement with your company or organisation and to communicate with you as a representative of our customer, business partner or supplier, and in the event that you visit our premises, personal data such as a photo of you is processed for security reasons (balancing of interests). The processing of personal data on your company’s or organisation’s invoice takes place in order to fulfil Axactor’s legal obligations to store data in accordance with, for example, the Finnish Accounting Act or money-laundering legislation.
b. To send marketing. The legal basis for processing your personal data for the stated purpose is Axactor’s legitimate interest in marketing ourselves to you as a representative of a company or organisation that we believe may be interested in receiving news, information and other marketing from us (balancing of interests). We can also ask for your consent to be able to send marketing for a longer period than would otherwise have been possible. See more about this under the heading “How long do we store your personal data?”
c. Handling any complaints or legal claims. The legal basis for the stated purpose is Axactor’s legitimate interest in being able to establish, exercise or defend a possible complaint or legal claim in which you are involved as the representative of our existing or former customer, business partner or supplier (balancing of interests).
e. To resume a former customer, business or supplier relationship. The legal basis for processing for the stated purpose is Axactor’s legitimate interest in trying to market ourselves to our former customers, business partners or suppliers (balancing of interests).
5.3 If you represent a government agency
5.3.1 Purpose and intention
a. To manage communication with the government agency that you represent. We process your personal data to the extent that it is necessary in order to manage any communication we have with the authority you represent – either because you yourself made contact with us, Axactor made contact with the government agency you represent or because someone else has made contact with you in a case involving Axactor.
5.3.2 Personal data
a. To manage communication with the government agency that you represent. The personal data we process for the stated purpose is your name, your email address, your phone number, the company or organization to which you belong, title and the personal data that emerges in communication with you or the government agency you represent. If you visit us we may also process personal data such as, for example, a photo of you if you have visited our premises; this is for security reasons for our employees.
5.3.3 Legal basis
a. To manage communication with the government agency that you represent. The legal basis for processing your personal data for the stated purpose is Axactor’s legitimate interest in being able to manage any communication we have with the government agency you represent and, if necessary, to establish, exercise or defend a possible legal claim. If you visit our premises, personal data such as photos of you is also processed with the support of the same legal basis (balancing of interests). The processing of your personal data may also take place in order to fulfil Axactor’s legal obligations to store data, for example, in accordance with the Finnish Debt Collection Act and the Finnish Office of the Data Protection Ombudsman’s guidelines.
5.4 If you are a job applicant
5.4.1 Purpose and intention
a. Evaluate, negotiate and enter into an employment or consultancy arrangement. We process your personal data to the extent necessary to evaluate, negotiate and enter into an employment or consultancy arrangement with you because you yourself have applied to Axactor or because we believe that you may be interested in a post or assignment that we are offering.
b. Handle complaints, objections or legal claims. We may also process your personal data to the extent necessary in the event that you have lodged a legal claim against us or in the event that you have contacted us otherwise with a complaint or objection.
c. Handle any legal obligations in order to combat criminal activity. We are sometimes also obliged to process your data and to share this when we are audited or in order to combat, control or prove fraud, money-laundering and other criminal activities.
5.4.2 Personal data
a. Evaluate, negotiate and enter into an employment or consultancy arrangement. To be able to achieve the stated purpose, we process personal data such as your name, your personal ID number, your postal address, your email address, your phone number and other personal data that emerges in communication with you such as, for example, gender, photographs, professional background such as your education and previous employers, as well as claims relating to salaries and benefits.
b. Handle complaints, objections or legal claims. To be able to achieve the stated purpose, we need to process personal data such as your name, your personal ID number, your postal address, your email address, your phone number and other personal data that emerges in communication with you or another party.
c. Handle any legal obligations in order to combat criminal activity. We process personal data such as your name, your personal ID number, your postal address, your email address, your phone number and other personal data that emerges in communication with you and that is necessary for achieving the stated purpose.
5.4.3 Legal basis
a. Evaluate, negotiate and enter into an employment or consultancy arrangement. The legal basis for processing your personal data for the stated purpose is Axactor’s legitimate interest in being able to achieve the stated purpose (balancing of interests).
b. Handle complaints, objections or legal claims. The legal basis for achieving the stated purpose is Axactor’s legitimate interest in being able to handle any complaints or objections, or to establish, exercise or defend a possible legal claim that you may exercise (balancing of interests).
c. Handle any legal obligations in order to combat crime. The legal basis for processing your personal data in accordance with the stated purpose is that we have legal obligations to process it in order to, for example, combat fraud or other criminal activities.
5.5 If you are anyone else, such as a visitor to our website or a close relative of an employee of ours
5.5.1 Purpose and intention
a. To communicate with you. We process your personal data to the extent necessary in order to communicate with you because, for example, you are a referee for someone applying for a job with us, you are a close relative of someone who is employee of ours, you are the representative of a debtor who is registered with us or you have a relationship with us in some other way that creates a purpose in being able to communicate with you.
b. To develop and enhance our website and service. We also process personal data so that we can develop and enhance our website and also our service delivery. This takes place via so-called cookies, which you can read more about in our Cookies Policy.
5.5.2 Personal data
a. To communicate with you. The personal data we process for the stated purpose is your name, your email address, your phone number, the company or organisation to which you belong, title and the personal data that emerges in communication with you or your company or organisation. We may also process other kinds of personal data that you yourself provide in communication with us.
b. To develop and enhance our website and service. The personal data we process for the stated purpose is, for example, localisation data such as your IP address or GPS data, online identifiers such as an IP address through the location of the cookie, and your behaviour on our website. See more detailed information about which personal data we may process in our Cookies Policy.
5.5.3 Legal basis
a. To communicate with you. The legal basis for processing your personal data for the stated purpose is Axactor’s legitimate interest in being able to achieve the stated purpose (balancing of interests).
b. To develop and enhance our website and our service. Axactor will only process your personal data for the stated purpose if you have given your consent for the processing.
5.6 Balancing of interests
As we have stated above, we process some of your personal data with the support of a balancing of interests as the legal basis for the processing activity. The balancing of interests means that we perform an assessment through which have concluded that our legitimate interest in performing the processing activity outweighs your interest in our not processing your personal data. What constitutes a legitimate interest is described above. If you want to find out more about how we performed this assessment, you are welcome to contact us. You will find our contact details under “Feel free to contact us”.
6. Special categories of personal data
6.1 Special personal data means personal data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data, biometric data to clearly identify a natural person or data about health or about a natural person’s sex life or sexual orientation.
6.2 Unless otherwise agreed with you or if the processing is necessary for the establishment, exercising or defence of legal claims, we will not process special personal data about you.
6.3 If you are applying for a job at Axactor we may under certain circumstances process special personal data, such as data about ethnic origin or information about gender, to help us make sure that we have a diverse group of candidates and employees.
6.4 If you attend an Axactor event we may ask you to tell us about allergies or similar issues that are relevant for your well-being when you attend.
7. How long do we store your personal data?
7.1 We process your personal data for as long as it is necessary to fulfil the above purposes in order to process the information. This does not apply, however, if storage is required by law for longer than the purpose requires.
7.2 Other items of personal data that are not necessary in order to fulfil the above purposes but that you voluntarily disclose to us and for which you have given us consent to use will be processed for as long as the data is required for its purpose, although never beyond the time when you withdraw your consent.
7.3 The processing of anonymised data, i.e. data that cannot be linked directly or indirectly to a natural person, is not covered by the limitations described in this privacy policy.
8. To whom may your personal data be disclosed?
8.1 The personal data about you that we process will be processed primarily within Axactor and companies in the same Group as us, although it may also be passed on to external recipients. These recipients only have access to your personal data in order to carry out their assignment and to meet their commitments to us. Nor do these recipients have the right to use the personal data for any other purposes than those described in this privacy policy. If we use a processor to process your personal data for us, we make sure that we have concluded what is referred to as a data protection agreement with them so that we can guarantee that your personal data will be processed correctly and securely. Your personal data is shared with, among others, the following recipients:
a. We share your personal data with our suppliers such as, for example, our agents, lawyers, consultants who have committed to help us with, for example, our business processes, and other suppliers in areas such as printing and postal services. If you are a job applicant, these suppliers may also be our recruitment agencies or suppliers that provide services in the area of competence and personality testing.
b. We share your personal data with our IT suppliers in order to have an effective IT structure and to manage data storage services.
c. Government agencies so that we can fulfil, for example, our legal obligations by such means as combating money-laundering or other criminal activities.
8.2 If you would like to find out more about how and why your personal data is shared with these recipients, you can contact us via the contact details provided under “Feel free to contact us”.
9. Where is your personal data stored?
9.1 As we are part of the Axactor Group, we may transfer your personal data to another country. Your personal data is stored primarily in IT infrastructure on our premises or provided by one of our processors. In cases where your personal data is transferred to another country, we make sure that there are appropriate protective measures in order to comply with the data protection regulations.
9.2 The personal data will as a rule be handled and stored within the EU/EEA. In the event that we need to handle legal claims in a country outside the EU/EEA, the data may, however, be transferred to this country. We also use third-party suppliers outside the EU/EEA that may access your data, including but not limited to the USA. We will never transfer your personal data outside the EU/EEA without guaranteeing the security and protection of your personal data. We therefore make sure that all recipients have signed the EU’s standard clauses in order to justify the transfer and to make sure that the country in question guarantees satisfactory protection in accordance with the data protection regulations. We may also transfer your personal data if it is required by law.
10. Are you the subject of profiling or automated decisions?
10.1 Profiling means the automatic processing of personal data that is used to assess certain personal properties in a natural person, in particular in order to analyse or predict, for example, this person’s financial situation, personal preferences, interests and location.
10.2 If you are defined as a data subject in this privacy policy, you will not be the subject of profiling or automated decisions as described in the data protection regulations.
11. Your rights
11.1 You have certain rights in respect of the processing of your personal data; these are described in more detail below. To exercise your rights or submit any questions you might have about your rights, you are welcome to contact us via the contact details provided under “Feel free to contact us”.
a. Access. You have the right to receive a confirmation of whether we are processing your personal data, and if we are doing so you also have the right to receive information about how we are processing this and to receive a copy of your personal data. To be more specific, this means that you have the right to receive information about why we are processing your personal data and how we performed a possible balancing of interests in order to process your personal data, which categories of personal data we are processing, which parties we are sharing your personal data with, how long we store your personal data and criteria for performing the assessment of the storage time, what rights you have, from which parties we receive your personal data (if we did not receive it from you) and whether the processing of your personal data includes any automated decision-making, so-called profiling, and whether your personal data has been transferred to a country outside the EEA, and in such cases how we guarantee the satisfactory security of your personal data. For any additional copies over and above those that you have the right to receive free of charge, we will make an administrative charge corresponding to the costs we incur in sending the additional copies to you.
b. Rectification. You have the right to the rectification of any incorrect personal data relating to you and to ask us to supplement any incomplete personal data.
c. Erasure (the right to be forgotten). In certain circumstances you have the right to request the erasure of your personal data. Such circumstances exist, for example, if the personal data is no longer necessary for the purposes for which it was collected or processed, or if you withdraw your consent on which the processing was based and there is no other legal basis for the processing activity.
d. Restriction. You also have the right to request that we restrict our processing of your personal data. Such circumstances exist, for example, if you are contesting the correctness of the data or if the processing is illegal and you object to the personal data being erased but instead request a restriction in the use of the personal data.
e. Data portability. You have the right to ask us to transfer some of your personal data that we hold about you to another company or your organisation in a structured, commonly used and machine-readable format (data portability). The right to data portability applies for personal data that you have submitted to us and where processing is based on your consent and is automated. You also have the right to transfer the personal data directly from us to another controller if this is technically possible.
f. Objection. You have the right at any time to object to the processing of your personal data that is based on a balancing of interests and specifically to our processing your personal data for marketing purposes. Find out more about what a balancing of interests means above. In certain cases, however, you do not have the right to object to processing on the basis of a balancing of interests (e.g. because we must store your personal data). This is the case if we can present binding, legitimate reasons that outweigh your interests, rights and freedoms, or if it is taking place in order to establish, exercise or defend legal claims.
g. Withdraw consent. You have the right to withdraw all or part of consent given for the processing of your personal data. The withdrawal of your consent takes effect once the withdrawal has taken place.
h. Submit complaints. You also have the right to submit complaints in respect of our processing of your personal data; see more about this under “Your right to submit a complaint”.
12. Your right to submit a complaint
12.1 Axactor Finland Oy, corporate ID number 1606758-4, takes privacy seriously. We therefore take very great care to ensure that your personal data will always be processed in a correct, secure way. If you have any questions about our processing of personal data, please feel free to contact us.
12.2 If you believe that our processing of personal data is incorrect, you have the right to submit a complaint to the Finnish Office of the Data Protection Ombudsman, which is the supervisory authority in Finland. More information is available at https://tietosuoja.fi/.
13. Feel free to contact us
13.1 If you would like to exercise your rights as described above or have any other questions about how we process your personal data, please contact us (Axactor Finland Oy, corporate ID number 1606758-4) as follows:
a. Post. Axactor Finland Oy, Porkkalankatu 20 aA, 00180 Helsinki.
b. Phone. Customer service can be contacted on tel. +358 14 362 3300.
c. Email. Customer service may be contacted at palvelu@axactor.fi and our data protection officer at petri.anttila@axactor.com.
13.2 Bear in mind that email can be the subject of unauthorised eavesdropping, unauthorised additions and amendments, computer viruses or other kinds of manipulation. Before you send any confidential information to us, you should carefully consider the risks associated with sending sensitive information by email.
14. Changes to this privacy policy
14.1 We are constantly developing our services. We may therefore need to update our privacy policy from time to time. All changes to this privacy policy will be made available on our website, www.axactor.com/fi.
This privacy policy was adopted by Axactor on 17.09.2020.