The personal data register of Upsert Oy's personnel and recruitment in which information is stored concerning the employment relationship of each employee and information collected in connection with recruitment.
The purpose of processing personal data is to maintain statutory information on the personnel, to develop the company's services by utilising the expertise of the personnel, to collect information on events in the company for the personnel and to assist with managing customer relationships. In addition, information on candidates for jobs are stored in the register for the company's recruitment purposes. Personal data is collected on the person's consent to fulfil the company's statutory obligations. The person has the right to withdraw his or her consent at any time.
The following information, to the extent deemed necessary, is stored in the register:
Regular sources of information include the registered person him/herself and various registers maintained by the authorities, such as the population register and tax administration.
Personal data is considered information in confidence, and the personnel have the obligation to maintain secrecy. The company may transfer the data within the limits of the obligations of the currently valid legislation. The data can only be transferred to the authorities, trade unions and other parties which by law have the right to receive the data, and in a restricted way to the clients of the company for the business purposes of the company. In addition, the data can be transferred to partners in conjunction with outsourcing, when the transfer is necessary for managing statutory obligations, such as calculation of salaries, bookkeeping and related assisting duties.
The data shall not be transferred outside the European Union or the European Economic Area unless it is deemed absolutely necessary for managing a customer relationship or other highly important and justifiable business reason.
The data controller shall arrange the information security of the register in a generally acceptable manner and aim, using appropriate technical solutions, to prevent unauthorised access to both its information systems maintained by IT services and the manually maintained and stored materials. Instructions on using the register have been prepared, the users of the register shall be trained and the use of the register monitored on a regular basis.
Only the data controller and the employees of the companies acting as its agents shall have access to the data contained in the register. Access to the register data maintained by IT services requires the user to enter his or her personal user ID and password. The persons processing the data have access rights granted by the data controller to the extent that suffice their needs.
The data subject has the right to view the data stored about him or her in the register. A signed request to view the data must be sent in writing to the Data Protection Officer. The request to view the data can also be submitted in person at the data controller's office.
The data subject has the right to require a personal data item in the register to be rectified, erased or complemented if, considering the purpose of the processing, the information is faulty, unnecessary, incomplete or outdated. A written and personally signed or corresponding request for rectification presented in a certified document must be submitted to the Data Protection Officer. The person submitting the request for rectification must prove his or her identity.
The data controller shall, on its own initiative and without undue delay, also rectify any personal data that it has found to be faulty, unnecessary, incomplete or outdated.
When permitted by regulation, the data subject also has the right to require erasure of his or her data.
The data subject has the right to prohibit the processing and transfer of his or her personal data. A written and personally signed or corresponding request for using the right to prohibit presented in a certified document must be submitted to the Data Protection Officer. The person requesting the right to prohibit must present proof of his or her identity.
To the extent you yourself have given us data which will be processed based on your consent, you have the right to receive such data mainly in machine-readable form as well as the right to transfer this data to another data controller.
The personal data shall be stored for a period defined in legislation valid each time, which will also continue after the end of the employment contract.
If, in your opinion, we have not acted in compliance with the applicable data protection regulation, you have the right to lodge a complaint with the competent supervisory authority.