Close

Privacy statement

ETTEPLAN’S PRIVACY STATEMENT

Etteplan strives to continuously develop its communications and marketing processes, which is why this privacy statement is also regularly updated. Etteplan reserves the right to make changes to this privacy statement and encourages you to read this privacy statement from time to time to be informed of any amendments.

Data controller and contact information

The data controller of the personal data processed is Etteplan Oyj, Ensimmäinen Savu, FI-01510 Vantaa, Finland, tel. +358 10 3070. Security incidents and data protection infringements are to be reported to [email protected]

Web site users

When the purpose of processing personal data is analysis, development and performance measurement of website usage and marketing the legal basis of processing is:

1) Legitimate interest:

The need for companies to market, analyze and improve the use of their services is generally recognized as a legitimate interest. In particular, given the nature of the data being processed, the significance of the processing for the rights and freedoms of the data subject is considered to be immaterial.

2) Consent:

Consent is always requested case by case, and the content of the consent is explained clearly and in detail. The data subject has the right to withdraw his / her consent at any time. Withdrawal of consent shall not affect the validity of the processing prior to the withdrawal.

Your personal data is being stored up to two years. In addition to other personal information you provide, the categories of personal data we process include cookie, browsing history and browser characteristics. Regular recipients of your personal information are IT service providers and digital marketing agencies, as well as analytics and tracking service providers.

Job seekers and consultants

When the purpose of processing personal data is recruitment the legal basis of processing is:

1) Legitimate interest:

In business, cooperation with customers and employees is a necessary and, therefore, legitimate interest. Processing of personal data in context of a customer relationship or job search is in the interest of the data subject.

2) Consent:

Consent is always requested case by case, and the content of the consent is explained clearly and in detail. The data subject has the right to withdraw his / her consent at any time. Withdrawal of consent shall not affect the validity of the processing prior to the withdrawal.

Your personal data is being stored up to one year and the retention period for the selected person will comply with the staff privacy statement. In addition to other personal information you provide, the categories of personal data we process include notes, diplomas, working history, name, education, suitability assessment, job applications, communication archives, contact information and employer. Regular recipients of your personal information are IT service providers, customers and recruiting companies.

Marketing prospects

When the purpose of processing personal data is marketing communications and marketing targeting the legal basis of processing is legitimate interest. The need for companies to market, analyze and improve the use of their services is generally recognized as a legitimate interest. In particular, given the nature of the data being processed, the significance of the processing for the rights and freedoms of the data subject is considered to be immaterial.

Your personal data is being stored up to two years. In addition to other personal information you provide, the categories of personal data we process include notes, name, communication archives, contact information and employer. In addition to yourself, your personal information may be provided to us by marketing companies. Regular recipients of your personal information are IT service providers.

Customers and their personnel

When the purpose of processing personal data is doing business and working with customers the legal basis of processing is legitimate interest. In business, cooperation with customers and employees is a necessary and, therefore, legitimate interest. Processing of personal data in context of a customer relationship or job search is in the interest of the data subject.

Your personal data is being stored up to 10 years after the end of the cooperation. In addition to other personal information you provide, the categories of personal data we process include notes, information about appointments and contacts, name, information related to the cooperation, communication archives, systems usage history, contact information, employer and payment data. In addition to yourself, your personal information may be provided to us by customers. Regular recipients of your personal information are IT service providers, customers and payment service providers, as well as analytics and tracking service providers.

Visitors

When the purpose of processing personal data is business security the legal basis of processing is legitimate interest. Businesses must ensure the security of their premises. Security is in the best interest of most visitors and does not significantly threaten their rights and freedoms.

Your personal data is being stored up to 3 months (videos as needed in special situations). In addition to other personal information you provide, the categories of personal data we process include history, name, video recordings, car registration number, employer and host. Regular recipients of your personal information are IT service providers and security partners.

Data subject’s rights

Data subjects have the following rights. Etteplan follows Etteplan subject access request (SAR) policy while helping the data subjects to exercise their rights.

  1. The right to obtain information on the personal data concerning him or her.
  2. The right to have any incorrect, incomplete or otherwise inaccurate personal data erased, corrected or blocked.
  3. The right to cancel your consent to processing your personal data and to object, on legitimate grounds, to the processing of all or any part of your personal data.
  4. The right to lodge a complaint with a supervisory authority.

The provisions of applicable national laws or agreements between Etteplan and the data subject may in certain cases limit the above-mentioned rights.

Etteplan wishes to remind data subjects that data subjects can exercise their rights by contacting Etteplan via the contact details indicated in this privacy statement.

Transfer of personal data

Etteplan is an international organization whose business operations, IT systems and administrative processes transcend national borders. Etteplan may use resources and processors that reside wholly or partially outside the borders of European Union or European Economic Area (EEA). Such transfer is always based on lawfully binding mechanism of transfer, such as the Bilateral Data Transfer Agreement between Etteplan subsidiaries, model clauses or international agreement between European Union and the 3rd country or opinion of European Union on “Adequacy of the protection of personal data in non-EU countries”.

Information security

Etteplan does not generally collect sensitive information (e.g., ethnic background, race, religion, political beliefs, sexual orientation, health-related information). Etteplan is committed to protecting your privacy in accordance with the applicable laws concerning data protection and protection of privacy. Etteplan endeavors to prevent and minimize the information security risks related to our systems and services by using the appropriate technical measures (taking into account the nature of the personal data).

Such measures include, e.g. use of firewalls, protected servers and encryption, user right management, careful selection and training of the persons processing the data and other technically and commercially reasonable measures to appropriately protect your personal data against unauthorized use and disclosure. Etteplan may also take necessary backup copies and resort to other similar means to prevent any inadvertent damage to or destruction of your personal data and to ensure the uninterrupted functioning of the services.